As Linux Foundation's Zephyr Project Turns Five, Addressing Constrained Device Challenges is More Important Than Ever

Noting nearly 1,000 contributors, 50,000 commits building advanced support for multiple architectures including ARC, Arm, Intel, Nios, RISC-V, SPARC and Tensilica, and more than 250 boards; the Zephyr Project is throwing a virtual party that will run from June 8 – 10 this year.

The first-ever Zephyr Developer Summit is open to the public, free of charge, and full of Zephyr leaders from around the world presenting real-world use cases, best practices, mini-conferences, and more.

Zephyr is an open-source project at the Linux Foundation that builds a safe, secure, and flexible real-time operating system (RTOS) for resource-constrained devices. Led by Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation, a visionary behind the project since day one, participation continues to soar with new members.

Launched in 2016, this first Developer Summit has an "impressive line-up of Zephyr thought leaders and ambassadors for the growing Zephyr community of contributors and users," said Joel Stapleton, Chair of the Zephyr Project Governing Board and Principal Engineer Manager at Nordic Semiconductor.

"The strength of engagement the project has with its members and IoT solution providers reflects the importance of open-source efforts to build secure and safe embedded technologies for increasingly connected applications in industrial, smart home, wearables and energy; and for computing platforms integrating microcontrollers with ever-increasing capabilities and functions," Stapleton continued.

Sample summit sessions include power management, USB support, motor control, user presentations that showcase Zephyr with Renode and TensorFlow Lite and RISC-V, and contributor spotlights for securing MCUBoot, using OPC UA, energy-efficient device testing, and developing hardware. Proposals were reviewed by the Programming Committee, which includes Anas Nashif, Intel; Carles Cufi, Nordic Semiconductor; Jonathan Beri, Golioth; Keith Short, Google; Maureen Helm, NXP; and Olof Johansson, Facebook.

One of the hot topics being discussed at the summit is the U.S. Executive Order on Cybersecurity and how Zephyr helps address the surge in attacks.

Less than a month ago, the United States White House released an Executive Order on Improving the Nation's Cybersecurity that addressed the malicious cyberattacks that have become more frequent in the last few years. In a blog, the Linux Foundation responded how Zephyr RTOS, along with several other projects, has already built some of the support needed for a more secure future.

Zephyr now generates the Software Bill of Materials (SBOMs) automatically during the build, and this capability will be available in the upcoming 2.6 release. It is one of the few open-source projects that is a CVE Numbering Authority (CNA) and has an active Project Security Incident Response Team (PSIRT) that manages responsible disclosure of vulnerabilities to product makers. 

Product creators using Zephyr can sign up for free to be notified of vulnerabilities. 

"SBOMs can communicate details about a software package's contents; being able to understand exactly which source files are included in a resource-constrained software image is key to understanding if it may be vulnerable to an exploit," Stewart said. "SBOMs created by manual processes can often be incomplete, incorrect, or out-of-date as a software package advances. By being able to generate the SBOM during the build, and take it to the source file level, not just the component level, better diagnosis and detection of vulnerable states is possible and addresses some of the best practices mentioned in the EO. Zephyr is being used today in thousands of wearables and other products with constrained environments. By automatically creating SBOMs during builds, the development process becomes easier, more efficient, and improves maintainability in the field."

The Zephyr Project also announced a new array of members, including AVSystem, Golioth, Pat-Eta Electronics, RISC-V, and RISE Research Institutes of Sweden, to its global RTOS ecosystem.

These new members join Adafruit, Antmicro, BayLibre, Eclipse Foundation, Facebook, Fiware, Foundries.io, Google, Intel, Laird Connectivity, Linaro, Memfault, Nordic Semiconductor, NXP, Oticon, Parasoft, SiFive, Synopsys, and teenage engineering, among others.

"We see amazing opportunities for IoT deployments involving resource-constrained devices operating in cellular LPWA networks," said Marcin Nagy, Product Director for IoT, AVSystem. "We are sure that combining the Zephyr RTOS with our expertise in the Lightweight M2M standard will contribute to the acceleration of secure and standards-based IoT launches."

"We can speak at length about the technical merits of Zephyr - the kernel design, native networking, scalable board support model, and so on - but the largest differentiator is the community," says Jonathan Beri, CEO of Golioth. "From chipset vendors to ecosystem players, it feels like we're rising the tide for everyone to make the most secure & reliable open-source RTOS in the market, and we couldn't be more excited to contribute to the project and community."

"We are happy to be part of the Zephyr Project and hope to bring it more into the academic environment, especially within STEM (Science Technology, Engineering, and Mathematics)," said Sanyaade Adekoya, Developer, Programmer, and Lecturer at Pat-Eta Electronics. "It has been challenging to bring RTOSes within the academic research sector and getting them in the hands of undergraduate learners. Our research extends the use of Zephyr RTOS in IoT, Edge Computing, Robotics, Smart and Wearable devices. The Zephyr Project will be a driving platform for our students that will make it easier for them to create ideas, projects, innovations, and more. We look forward to showcasing our students' Zephyr-related projects."

"RISC-V and Zephyr were both designed to drive innovation in the hardware space with open-source technologies that are accessible to everyone," said Mark Himelstein, CTO of RISC-V. "Many of our members are already taking advantage of the flexibility of RISC-V and Zephyr to design end-to-end open-source solutions for resource-constrained devices. We look forward to collaborating with the Zephyr Project to offer even more opportunities for the open-source community to innovate."

"Zephyr RTOS enables us to rapidly prototype Thread wireless networks and is an excellent research platform for our work in IoT security," said Samuel Lindemer, Research Engineer at RISE Research Institutes of Sweden. "The interactive shell and configuration menu make it intuitive for new users, and the open-source community support is unparalleled."

Videos and presentations from the Zephyr Developer Summit will be available on the website. Stay tuned at www.zephyrproject.org for more.