Linux Format - UK (2020-03)

48 LXF260 March 2020 http://www.linuxformat.com

INTERVIEW Kate Stewart

started getting involved in the project, and

they actually built a board for it. So this is

it, it’s called the Reel Board (see http://

bit.ly/LXF26reel), and they’ve made them

available to some of the developers as well.

They’ve added a new module

connection to the back of it so that it can

run other sims – it’s running Nordic right

now. You can put applications on it, and

then by pressing the buttons on it you

can interact and communicate with other

Reel Boards by Bluetooth Mesh. It’s got a

variety of sensors that are useful as well.

These kind of smart badges have

applications in companies and hospitals

and things like that. It’s a good prototype

to start developing for.

LXF: I have a little E Ink screen for the

Raspberry Pi, it’s pretty fun to do things

with that, but small batteries don’t really

last long with the Pi.

KS: Exactly. So with this new module, once

you plug it in you can extend some of the

peripherals you’re communicating with for

prototyping work. You could add Ethernet

or things like that. I’ve actually only just

got this today, so I haven’t played with it

yet. For the Embedded Linux Conference

they’ve even donated a few of these

boards as prizes.

The fact that we’re seeing boards like

the Reel Board emerging with Zephyr on

them by default, when they’re sending

out the BSPs (board support packages)

and SDKs means that we’re going to see

a lot more Zephyr products coming out.

The SDK for the Nordic Thingy 91 is also

Zephyr by default, so I think we’re at the

tipping point.

We knew we’d have to go there bit by

bit, and that’s exactly what we’ve been

doing. We’ve tried to do it in a responsible

way and being community friendly as we

go along. We all designed the Reel Board,

and we actually got to name it. Our logo

is this kite and then you’ve got a reel

attached to it, so that’s quite fun.

I think there’s another version in

prototype mode, so if you go down to the

STMicros booth and ask to see the Zephyr

board you can see a different model.

LXF: Security and safety are key issues

nowadays, and I was just (last issue)

talking to my new friend Greg Kroah-

Hartman about the Core Infrastructure

Initiative (CII), in particular the badging

program. I do like badges, but I digress. I

gather Zephyr just earned one?

KS: Yes, everyone likes badges. One of

the things that was done, probably about

four years ago, was to try and figure out

what pieces of software are key to our

infrastructure. So they did a survey of

flytipping. So there’s all these really weird,

interesting new applications that are

coming up with Zephyr, and that part of

the community is growing really nicely too.

LXF: Is it the case that people in the IoT

space often start out with Linux, then

they run into all these constraints and

Zephyr turns out to be a better fit?

KS: Well, I think Linux is definitely good in

a lot of the IoT space. But there’s places

where you want to have the communication

down to the sensors. And that’s not really

an option with Linux, it doesn’t really get

any smaller than 2MB. So we can’t use

it, but we want to have the same level of

security and best practices around the

solution at the end point. Because if your

endpoint is compromised it’s [potentially

putting] garbage into your ecosystem, so

any analytics you do on that data, well you

know what happens – garbage out.

With Zephyr we’re making sure we’ve

got those secure endpoints, that we’re

catching all the security updates. We have

an active security team now, and have

been filing CVEs. In fact the 1.14.1 release

came out last month – the first point

release since our LTS – if you look at it

you’ll find we’ve got two certifications for

Bluetooth – there’s two QDIDs on it. So

people using Zephyr with Bluetooth will

find that a lot of their work has been done

for them. We also put a CVE out with that

release (CVE-2019-9506).

LXF: And I gather a big 2.0.0 release just

happened, as well as the 1.14 LTS?

KS: It did, yes! With the Linux kernel you

have the in-development tree where new

code is added, and the important work

there gets backported to the LTS release

• bug fixes and security updates mostly.
  We’ve taken that model and applied it to
  Zephyr. We’re trying to learn from Linux.

LXF: So you’ve got a fancy-looking smart

name badge there. Tell me about it

KS: Haha. A couple of years ago PHYTEC

several open source projects, and as part

of that survey they came up with some

criteria for what best practices are and are

not. From that they developed this online

badging program, where you can self-

assess. So that CII program was about to

be launched and Zephyr was about to be

launched, so we thought “Let’s go for it”.

We got to passing pretty quickly,

because we wanted to follow best

practices. And then all of a sudden we

stopped passing, so we were like “What

happened?”. Well we’d changed our

infrastructure and a lot of our links weren’t

working, and the assessment process

caught us. Which I consider a good sign,

as the system works. Anyway we sorted

that. Then later the CII introduced silver

and gold level badges, so we strived for

gold, basically. And now if you go on

the website (https://bestpractices.

coreinfrastructure.org/en/projects)

you’ll see that Zephyr is one of only four

gold badge-holders. So we managed to get

there before Linux did.

What it’s doing is publicly documenting

the process the project follows, providing

evidence that shows where those

processes are and making sure best

practices are followed.

We’re very much focused on how we

can get a good secure story emerging,

from the trusted root to the sensors to

the edge and to the cloud. We’re probably

going to work with the Eclipse folks on

some reference systems. There’s a variety

of other ecosystems that are active in

the IoT sphere that I’d like Zephyr to have

better interactions with.

LXF: How did you get into open source?

KS: I was at Motorola, and Apple had just

pulled out of using PowerPC chips. We

needed to sell our PowerPC boards into

48 LXF260March 2020 4446March 20789627

INTERVIEW Kate Stewart

started getting involved in the project, and

they actually built a board for it. So this is

it, it’s called the Reel Board (see http://

bit.ly/LXF26reel), and they’ve made them

available to some of the developers as well.

They’ve added a new module

connection to the back of it so that it can

run other sims – it’s running Nordic right

now. You can put applications on it, and

then by pressing the buttons on it you

can interact and communicate with other

Reel Boards by Bluetooth Mesh. It’s got a

variety of sensors that are useful as well.

These kind of smart badges have

applications in companies and hospitals

and things like that. It’s a good prototype

to start developing for.

LXF: I have a little E Ink screen for the

Raspberry Pi, it’s pretty fun to do things

with that, but small batteries don’t really

last long with the Pi.

KS: Exactly. So with this new module, once

you plug it in you can extend some of the

peripherals you’re communicating with for

prototyping work. You could add Ethernet

or things like that. I’ve actually only just

got this today, so I haven’t played with it

yet. For the Embedded Linux Conference

they’ve even donated a few of these

boards as prizes.

The fact that we’re seeing boards like

the Reel Board emerging with Zephyr on

them by default, when they’re sending

out the BSPs (board support packages)

and SDKs means that we’re going to see

a lot more Zephyr products coming out.

The SDK for the Nordic Thingy 91 is also

Zephyr by default, so I think we’re at the

tipping point.

We knew we’d have to go there bit by

bit, and that’s exactly what we’ve been

doing. We’ve tried to do it in a responsible

way and being community friendly as we

go along. We all designed the Reel Board,

and we actually got to name it. Our logo

is this kite and then you’ve got a reel

attached to it, so that’s quite fun.

I think there’s another version in

prototype mode, so if you go down to the

STMicros booth and ask to see the Zephyr

board you can see a different model.

LXF: Security and safety are key issues

nowadays, and I was just (last issue)

talking to my new friend Greg Kroah-

Hartman about the Core Infrastructure

Initiative (CII), in particular the badging

program. I do like badges, but I digress. I

gather Zephyr just earned one?

KS: Yes, everyone likes badges. One of

the things that was done, probably about

four years ago, was to try and figure out

what pieces of software are key to our

infrastructure. So they did a survey of

flytipping. So there’s all these really weird,
interesting new applications that are
coming up with Zephyr, and that part of
the community is growing really nicely too.

LXF: Is it the case that people in the IoT
space often start out with Linux, then
they run into all these constraints and
Zephyr turns out to be a better fit?
KS: Well, I think Linux is definitely good in
a lot of the IoT space. But there’s places
where you want to have the communication
down to the sensors. And that’s not really
an option with Linux, it doesn’t really get
any smaller than 2MB. So we can’t use
it, but we want to have the same level of
security and best practices around the
solution at the end point. Because if your
endpoint is compromised it’s [potentially
putting] garbage into your ecosystem, so
any analytics you do on that data, well you
know what happens – garbage out.
With Zephyr we’re making sure we’ve
got those secure endpoints, that we’re
catching all the security updates. We have
an active security team now, and have
been filing CVEs. In fact the 1.14.1 release
came out last month – the first point
release since our LTS – if you look at it
you’ll find we’ve got two certifications for
Bluetooth – there’s two QDIDs on it. So
people using Zephyr with Bluetooth will
find that a lot of their work has been done
for them. We also put a CVE out with that
release (CVE-2019-9506).

LXF: And I gather a big 2.0.0 release just
happened, as well as the 1.14 LTS?
KS: It did, yes! With the Linux kernel you
have the in-development tree where new
code is added, and the important work
there gets backported to the LTS release

• bug fixes and security updates mostly.
  We’ve taken that model and applied it to
  Zephyr. We’re trying to learn from Linux.

LXF: So you’ve got a fancy-looking smart
name badge there. Tell me about it
KS: Haha. A couple of years ago PHYTEC

several open source projects, and as part

of that survey they came up with some

criteria for what best practices are and are

not. From that they developed this online

badging program, where you can self-

assess. So that CII program was about to

be launched and Zephyr was about to be

launched, so we thought “Let’s go for it”.

We got to passing pretty quickly,

because we wanted to follow best

practices. And then all of a sudden we

stopped passing, so we were like “What

happened?”. Well we’d changed our

infrastructure and a lot of our links weren’t

working, and the assessment process

caught us. Which I consider a good sign,

as the system works. Anyway we sorted

that. Then later the CII introduced silver

and gold level badges, so we strived for

gold, basically. And now if you go on

the website (https://bestpractices.

coreinfrastructure.org/en/projects)

you’ll see that Zephyr is one of only four

gold badge-holders. So we managed to get

there before Linux did.

What it’s doing is publicly documenting

the process the project follows, providing

evidence that shows where those

processes are and making sure best

practices are followed.

We’re very much focused on how we

can get a good secure story emerging,

from the trusted root to the sensors to

the edge and to the cloud. We’re probably

going to work with the Eclipse folks on

some reference systems. There’s a variety

of other ecosystems that are active in

the IoT sphere that I’d like Zephyr to have

better interactions with.

LXF: How did you get into open source?

KS: I was at Motorola, and Apple had just

pulled out of using PowerPC chips. We

needed to sell our PowerPC boards into