Yocto

Every Yocto user eventually copies the same handful of tunables into local.conf to make builds bearable. ccache, a parallelism bump, a longer fetch timeout, a couple of PREMIRROR lines, an image-features prune. The recipe gets passed around in chat, lands on a wiki, gets forked into a layer. What rarely gets passed around is the failure mode each line buys you. Every one of these knobs swaps “slow” for “different failure mode”, and the new mode shows up at the worst possible time - mid-fetch on a CI runner, or at link time when the box runs out of memory. ...

TL;DR CRA is a process and design regulation; the risk analysis is the central document and the technical file is the evidence the regulator audits, not a scanner-selection problem. Yocto already emits the build-derivable half: SBOM (create-spdx), CVE scans, license manifests, signing posture. The vendor-committed half - CVD policy, support period, update mechanism, Declaration of Conformity - has to be written by hand. shipcheck reads a Yocto build plus product.yaml, pivots findings by CRA Annex, and drafts your Annex VII technical file and DoC. The received wisdom is wrong Read any CRA compliance article from a security vendor and you will see the same shape of pitch: run a scanner, triage the CVEs, generate an SBOM, ship. The regulation becomes a scanner-selection problem, and whichever product the vendor sells happens to be the right scanner. ...

At the end of March 2026 I was laid off from Linaro as part of a round of cuts. After 3.5 years working on upstream kernel enablement, embedded security, and CI/CD infrastructure for ARM-based platforms, it came as a surprise - but I am using the time well. What I have been doing since The upstream work did not stop. I currently have three active patch series under review: An 18-patch WiFi 7 series on linux-wireless@ adding full support for the MediaTek MT7927 (Filogic 380) to the mt76/mt7925 driver. The series is at v4, community-tested across 10+ hardware platforms with 9 Tested-by tags from ASUS, Lenovo, Foxconn, and AMD. Phoronix covered it: MediaTek MT7927 WiFi 7 Linux Support Coming Together. ...