48 LXF260 March 2020 http://www.linuxformat.com
INTERVIEW Kate Stewart
started getting involved in the project, and
they actually built a board for it. So this is
it, it’s called the Reel Board (see http://
bit.ly/LXF26reel), and they’ve made them
available to some of the developers as well.
They’ve added a new module
connection to the back of it so that it can
run other sims – it’s running Nordic right
now. You can put applications on it, and
then by pressing the buttons on it you
can interact and communicate with other
Reel Boards by Bluetooth Mesh. It’s got a
variety of sensors that are useful as well.
These kind of smart badges have
applications in companies and hospitals
and things like that. It’s a good prototype
to start developing for.
LXF: I have a little E Ink screen for the
Raspberry Pi, it’s pretty fun to do things
with that, but small batteries don’t really
last long with the Pi.
KS: Exactly. So with this new module, once
you plug it in you can extend some of the
peripherals you’re communicating with for
prototyping work. You could add Ethernet
or things like that. I’ve actually only just
got this today, so I haven’t played with it
yet. For the Embedded Linux Conference
they’ve even donated a few of these
boards as prizes.
The fact that we’re seeing boards like
the Reel Board emerging with Zephyr on
them by default, when they’re sending
out the BSPs (board support packages)
and SDKs means that we’re going to see
a lot more Zephyr products coming out.
The SDK for the Nordic Thingy 91 is also
Zephyr by default, so I think we’re at the
tipping point.
We knew we’d have to go there bit by
bit, and that’s exactly what we’ve been
doing. We’ve tried to do it in a responsible
way and being community friendly as we
go along. We all designed the Reel Board,
and we actually got to name it. Our logo
is this kite and then you’ve got a reel
attached to it, so that’s quite fun.
I think there’s another version in
prototype mode, so if you go down to the
STMicros booth and ask to see the Zephyr
board you can see a different model.
LXF: Security and safety are key issues
nowadays, and I was just (last issue)
talking to my new friend Greg Kroah-
Hartman about the Core Infrastructure
Initiative (CII), in particular the badging
program. I do like badges, but I digress. I
gather Zephyr just earned one?
KS: Yes, everyone likes badges. One of
the things that was done, probably about
four years ago, was to try and figure out
what pieces of software are key to our
infrastructure. So they did a survey of
flytipping. So there’s all these really weird,
interesting new applications that are
coming up with Zephyr, and that part of
the community is growing really nicely too.
LXF: Is it the case that people in the IoT
space often start out with Linux, then
they run into all these constraints and
Zephyr turns out to be a better fit?
KS: Well, I think Linux is definitely good in
a lot of the IoT space. But there’s places
where you want to have the communication
down to the sensors. And that’s not really
an option with Linux, it doesn’t really get
any smaller than 2MB. So we can’t use
it, but we want to have the same level of
security and best practices around the
solution at the end point. Because if your
endpoint is compromised it’s [potentially
putting] garbage into your ecosystem, so
any analytics you do on that data, well you
know what happens – garbage out.
With Zephyr we’re making sure we’ve
got those secure endpoints, that we’re
catching all the security updates. We have
an active security team now, and have
been filing CVEs. In fact the 1.14.1 release
came out last month – the first point
release since our LTS – if you look at it
you’ll find we’ve got two certifications for
Bluetooth – there’s two QDIDs on it. So
people using Zephyr with Bluetooth will
find that a lot of their work has been done
for them. We also put a CVE out with that
release (CVE-2019-9506).
LXF: And I gather a big 2.0.0 release just
happened, as well as the 1.14 LTS?
KS: It did, yes! With the Linux kernel you
have the in-development tree where new
code is added, and the important work
there gets backported to the LTS release
- bug fixes and security updates mostly.
We’ve taken that model and applied it to
Zephyr. We’re trying to learn from Linux.
LXF: So you’ve got a fancy-looking smart
name badge there. Tell me about it
KS: Haha. A couple of years ago PHYTEC
several open source projects, and as part
of that survey they came up with some
criteria for what best practices are and are
not. From that they developed this online
badging program, where you can self-
assess. So that CII program was about to
be launched and Zephyr was about to be
launched, so we thought “Let’s go for it”.
We got to passing pretty quickly,
because we wanted to follow best
practices. And then all of a sudden we
stopped passing, so we were like “What
happened?”. Well we’d changed our
infrastructure and a lot of our links weren’t
working, and the assessment process
caught us. Which I consider a good sign,
as the system works. Anyway we sorted
that. Then later the CII introduced silver
and gold level badges, so we strived for
gold, basically. And now if you go on
the website (https://bestpractices.
coreinfrastructure.org/en/projects)
you’ll see that Zephyr is one of only four
gold badge-holders. So we managed to get
there before Linux did.
What it’s doing is publicly documenting
the process the project follows, providing
evidence that shows where those
processes are and making sure best
practices are followed.
We’re very much focused on how we
can get a good secure story emerging,
from the trusted root to the sensors to
the edge and to the cloud. We’re probably
going to work with the Eclipse folks on
some reference systems. There’s a variety
of other ecosystems that are active in
the IoT sphere that I’d like Zephyr to have
better interactions with.
LXF: How did you get into open source?
KS: I was at Motorola, and Apple had just
pulled out of using PowerPC chips. We
needed to sell our PowerPC boards into
48 LXF260March 2020 4446March 20789627
INTERVIEW Kate Stewart
started getting involved in the project, and
they actually built a board for it. So this is
it, it’s called the Reel Board (see http://
bit.ly/LXF26reel), and they’ve made them
available to some of the developers as well.
They’ve added a new module
connection to the back of it so that it can
run other sims – it’s running Nordic right
now. You can put applications on it, and
then by pressing the buttons on it you
can interact and communicate with other
Reel Boards by Bluetooth Mesh. It’s got a
variety of sensors that are useful as well.
These kind of smart badges have
applications in companies and hospitals
and things like that. It’s a good prototype
to start developing for.
LXF: I have a little E Ink screen for the
Raspberry Pi, it’s pretty fun to do things
with that, but small batteries don’t really
last long with the Pi.
KS: Exactly. So with this new module, once
you plug it in you can extend some of the
peripherals you’re communicating with for
prototyping work. You could add Ethernet
or things like that. I’ve actually only just
got this today, so I haven’t played with it
yet. For the Embedded Linux Conference
they’ve even donated a few of these
boards as prizes.
The fact that we’re seeing boards like
the Reel Board emerging with Zephyr on
them by default, when they’re sending
out the BSPs (board support packages)
and SDKs means that we’re going to see
a lot more Zephyr products coming out.
The SDK for the Nordic Thingy 91 is also
Zephyr by default, so I think we’re at the
tipping point.
We knew we’d have to go there bit by
bit, and that’s exactly what we’ve been
doing. We’ve tried to do it in a responsible
way and being community friendly as we
go along. We all designed the Reel Board,
and we actually got to name it. Our logo
is this kite and then you’ve got a reel
attached to it, so that’s quite fun.
I think there’s another version in
prototype mode, so if you go down to the
STMicros booth and ask to see the Zephyr
board you can see a different model.
LXF: Security and safety are key issues
nowadays, and I was just (last issue)
talking to my new friend Greg Kroah-
Hartman about the Core Infrastructure
Initiative (CII), in particular the badging
program. I do like badges, but I digress. I
gather Zephyr just earned one?
KS: Yes, everyone likes badges. One of
the things that was done, probably about
four years ago, was to try and figure out
what pieces of software are key to our
infrastructure. So they did a survey of
flytipping. So there’s all these really weird,
interesting new applications that are
coming up with Zephyr, and that part of
the community is growing really nicely too.
LXF: Is it the case that people in the IoT
space often start out with Linux, then
they run into all these constraints and
Zephyr turns out to be a better fit?
KS: Well, I think Linux is definitely good in
a lot of the IoT space. But there’s places
where you want to have the communication
down to the sensors. And that’s not really
an option with Linux, it doesn’t really get
any smaller than 2MB. So we can’t use
it, but we want to have the same level of
security and best practices around the
solution at the end point. Because if your
endpoint is compromised it’s [potentially
putting] garbage into your ecosystem, so
any analytics you do on that data, well you
know what happens – garbage out.
With Zephyr we’re making sure we’ve
got those secure endpoints, that we’re
catching all the security updates. We have
an active security team now, and have
been filing CVEs. In fact the 1.14.1 release
came out last month – the first point
release since our LTS – if you look at it
you’ll find we’ve got two certifications for
Bluetooth – there’s two QDIDs on it. So
people using Zephyr with Bluetooth will
find that a lot of their work has been done
for them. We also put a CVE out with that
release (CVE-2019-9506).
LXF: And I gather a big 2.0.0 release just
happened, as well as the 1.14 LTS?
KS: It did, yes! With the Linux kernel you
have the in-development tree where new
code is added, and the important work
there gets backported to the LTS release
- bug fixes and security updates mostly.
We’ve taken that model and applied it to
Zephyr. We’re trying to learn from Linux.
LXF: So you’ve got a fancy-looking smart
name badge there. Tell me about it
KS: Haha. A couple of years ago PHYTEC
several open source projects, and as part
of that survey they came up with some
criteria for what best practices are and are
not. From that they developed this online
badging program, where you can self-
assess. So that CII program was about to
be launched and Zephyr was about to be
launched, so we thought “Let’s go for it”.
We got to passing pretty quickly,
because we wanted to follow best
practices. And then all of a sudden we
stopped passing, so we were like “What
happened?”. Well we’d changed our
infrastructure and a lot of our links weren’t
working, and the assessment process
caught us. Which I consider a good sign,
as the system works. Anyway we sorted
that. Then later the CII introduced silver
and gold level badges, so we strived for
gold, basically. And now if you go on
the website (https://bestpractices.
coreinfrastructure.org/en/projects)
you’ll see that Zephyr is one of only four
gold badge-holders. So we managed to get
there before Linux did.
What it’s doing is publicly documenting
the process the project follows, providing
evidence that shows where those
processes are and making sure best
practices are followed.
We’re very much focused on how we
can get a good secure story emerging,
from the trusted root to the sensors to
the edge and to the cloud. We’re probably
going to work with the Eclipse folks on
some reference systems. There’s a variety
of other ecosystems that are active in
the IoT sphere that I’d like Zephyr to have
better interactions with.
LXF: How did you get into open source?
KS: I was at Motorola, and Apple had just
pulled out of using PowerPC chips. We
needed to sell our PowerPC boards into