The Opening Event for the Open Source Firmware Conference 2023

Open-source firmware is revolutionizing the world of technology, offering endless possibilities for creative exploration. This talk will delve into the exciting intersection of open-source firmware and art projects, revealing the power of combining technology and creativity to foster a unique learning experience. Participants will discover how to leverage open-source firmware to create interactive art installations, kinetic sculptures, and more, simultaneously unleashing their creativity and technical prowess.

How the forthcoming "US Cyber Trust Mark" certification may impact firmware development and the devices it is installed on, as well as some of the unique challenges Open Source projects will face in trying to address the certification requirements and process.

Meta has historically used their own BMC code stack, confusingly also called "OpenBMC", but having nearly nothing in common with the Linux Foundation project of the same name. A transition to the Linux Foundation code base is underway and our first production system using that code is a chassis controller named "Bletchley". This talk will discuss the approach we took, collaborating with our JDM, to develop OpenBMC in an "upstream-first" manner.

Arm and 9elements share their progress towards developing a coreboot firmware stack for Arm servers. Showcasing proof of concepts, and discuss the challenges faced when developing a new firmware stack to fit existing software expectations.

Tamago and TinyGo are Go compilers for bare metal; both firmware and small kernels have been written using them. In this talk, I will describe what I have learned by working with these two compilers; discuss the benefits of having the Go runtime available in firmware; provide a demo of each in action; and close by describing how they have turned my preconceptions about firmware languages on their head.

Looking at multiple RISC-V firmware projects and processors, this talk compares how their approaches to providing a RISC-V platform align, such that operating systems and applications can be easily ported across them.

When building an embedded system, there comes a time when you must unplug your debugger and seal the device in a box. Unfortunately, things can still go wrong after this point! The Hubris embedded OS has put a strong emphasis on debuggability, even to the point of writing Humility, an in-house debugger. However, Humility has historically assumed a physical connection to a running microcontroller. As we begin sealing up boxes, we’ve had to develop a range of tricks for mostly-seamless debugging of a network-connected system. Strategies range from forging inter-task IPC messages and calling arbitrary functions over the network, to (safely) reading and decoding memory from the running system, and even using a secondary microcontroller to take a full memory image of the main system for post-mortem debugging!

We will introduce concept to automatically provision OpenSource Firmware (starting from the BMC side) at scale within datacenter. That is a co-presentation between HPE and Scaleway a french cloud service provider

Overview of how to use U-Boot as a coreboot payload and the benefits of doing so

We will present our ongoing work on the System Transparency Authentication Mechanism (STAM), ST's evolving design philosophy and the benefits of transparent systems to service providers.

bit-for-bit identical binaries at the lowest levels

Reproducible Builds enables bit-for-bit identical comparison,
providing a strong link that the binaries used are the result of
building the source code.

Rust has gotten a lot of attention in the embedded space lately, but there's an under-appreciated language feature that can be uniquely enabling for writing drivers and resource-constrained code: async. The async transform takes code written in the usual way -- with loops, function calls, and the like -- and inverts it into an explicit state machine that can be stepped in response to events. This gives developers the benefits of both simple "straight-line" code, such as readability and structured control flow, combined with the benefits of writing explicit state machines by hand, such as lower resource usage compared to threads or nested interrupts for concurrency. But more importantly, it provides something that's hard to achieve in explicit state machines: automatic composition of state machines, with type and lifetime checking.

This talk will propose an embedded-specific way of viewing Rust's async feature, look at how to apply it to solve certain common firmware problems, and touch on the elephant in the room: debugger support. Examples will use the author's open-source async embedded OS, lilos, and a proof-of-concept debugger for embedded async Rust.

sdbusplus generates ergonomic and compile-time type-checked dbus bindings built atop sd-bus. This library is heavily used within the OpenBMC project to provide all IPC between its many userspace processes. This talk will give an overview of how OpenBMC leverages dbus, how sdbusplus facilitates its usage, as well as an introduction on our approach for asynchronous programming with C++ co-routines.

Bytedance's practice about automactic coredump analysis, including
* ipks collection in CI;
* Coredump collections;
* debug_dump tool introduction;
* Integration of alarms and analysis.

This talk is going to tell the tale of a critical security vulnerability that was found a year after launch on the RK3288 ("veyron") family of Chromebooks and allowed bypassing the entire secure boot stack. It will explain the technical details of this vulnerability, why it was overlooked in the first place, the tricky process to mitigate it, and finally give a real answer to this guy's stack overflow question: https://superuser.com/questions/1399681/what-is-the-gpt-header-signature-for

Writing correct firmware requires understanding hardware at the lowest possible level. More frequently than the average programmer, firmware authors may discover fundamental problems with the hardware which must be reported to the manufacturer. Getting resolution of these types of issues can be tedious and frustrating for all parties involved at the best of times. In the worst cases communication may break down between reporter and manufacturer resulting in denial of a problem, obfuscation and poor or no resolution of a problem.

The difficulties in reporting hardware issues stem from many of the cultural issues with traditional proprietary firmware. As with open firmware, there needs to be a better path forward for the industry for hardware issues.

Real-time operating systems (RTOS) can seem complex for beginners. This session aims to simplify this complexity by providing a comprehensive introduction to Zephyr, a user-friendly open source RTOS. We'll explain the foundational RTOS concepts and highlight the specific benefits of Zephyr. We'll then guide attendees through the setup of a Zephyr development environment and the creation of a simple application. Additionally, the session will introduce the vibrant Zephyr community and provide guidance on how to contribute and interact within it. Whether you're a developer, hobbyist, or student, this talk will serve as a valuable launchpad into the world of Zephyr and open source RTOS.

webui-vue, OpenBMC's web-based user interface, allows for customization and styling to meet brand requirements. Custom navigation, adding and removing pages and features, different fonts, and unique colors are all available.

Last year at OSFC in Gothenburg, we revealed ourselves and our radically open source security key - TKey - to the world. A lot has happened since and we are back with an an update.

The Framework 16 laptop has the most flexible input module system of any laptop on the market. The unique design allows endless customization that is powered by open source firmware.

DAPLink is an Open Source firmware from Arm based on CMSIS-DAP. The main goal of CMSIS-DAP is turning microcontrollers into debug probes (SWD, JTAG, SWO). DAPLink adds many features on top (Drag and drop flashing, serial adapter, bootloader updates, WebUSB, etc.) which is why it has been included in many development boards or on discrete entry-level probes. Projects like the BBC micro:bit have shown how the features of DAPLink can be used and extended to go beyond an on PCB debug probe and become an integral part of a project.

In this workshop, you will learn about the current state of the System Transparency project. You will get your hands on the current features and set up a transparent system yourselves.

Deep dive into the currently supported flash layouts, filesystems, and firmware update options in OpenBMC, how to choose which one to use, and how to enable each.

This is a status update on current status of AMD openSIL project, openSIL code base has been upstream on public GitHub, coreboot port for 4th Generation AMD EPYC Processor should be open for review before end of July.

Workshop on getting started with developing apps for TKey.

We will live code a client application and the corresponding device app.

We will mainly use the QEMU model of TKey for debugging purposes and to show how you can start developing right away, but there will be some TKeys available for testing as well.