Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM).
Since the release announcement, the project has continued its development, and in this blog post, we wanted to share a number of updates about this project: a new 1.1.0 release, a new meta-sbom-cve-check layer, possible integration into the Yocto Project, and a talk at FOSDEM.
Linux 6.19 was just released yesterday, and as usual we recommend reading LWN.net articles to have a nice high-level overview of the new features brought by this release: part 1, part 2. Kernelnewbies also has a nice article.
On our side, with 160 commits it is a very strong release for our team. According to statistics, this puts Bootlin as the top 15 contributing company for this release. In addition to the patch we authored, several Bootlin engineers reviewed/merged patches from other contributors: most notably, Alexandre Belloni merged/reviewed 52 patches for the RTC and I3C subsystems, Luca Ceresoli reviewed 18 patches, Miquèl Raynal merged/reviewed 34 patches for the MTD subsystem.
Continue reading “Linux 6.19 released, Bootlin contributions inside”
FOSDEM being the biggest and most exciting open-source conference in Europe, it is a must-go every year for a large number of open-source developers, including engineers at Bootlin, and the upcoming 2026 edition on Jan 31 and Feb 1 will be no exception.
Indeed, no less than 9 Bootlin engineers will be attending: Luca Ceresoli, Louis Chauvet, Jérémie Dautheribes, Thomas Perrot, Thomas Petazzoni, Mathieu Dubois-Briand, Alexis Lothoré, Benjamin Robin and Hervé Codina.
We’re not just attending FOSDEM, we’re also contributing to it, and participating to co-located events:
If you’re attending FOSDEM, don’t hesitate to get in touch!
The UP Board family of platforms, developed by AAEON, is a series of compact, high-performance single-board computers (SBCs) widely used in the industry and embedded applications. They combine high-performance Intel processors with versatile I/O through a 40-pin Raspberry Pi-like header. At its core, an FPGA manages pin functionality, routing, and direction, enabling flexible use as I2C, UART, or GPIO. Supporting this setup in Linux is uniquely challenging and fascinating, and we were recently involved in bringing support for these I/Os upstream, successfully closing a story that had been open for seven years!
Continue reading “Upstreaming of the AAEON UP board IO expansion Linux kernel driver”
Yocto is often seen as fairly complex, and at Bootlin we believe one reason for this perception is the unnecessary complexity of the BSP layers provided by silicon or board vendors, each of which often includes highly custom logic that isn’t needed. That’s why, back in 2023, we released meta-kiss, an example layer demonstrating how simple it can be to support various hardware platforms with Yocto, without relying on any vendor-provided BSP layer.
Since then, we’ve kept this layer up-to-date and added several new features. In this blog post, we’d like to highlight recent significant updates: an upgrade to Yocto Scarthgap, support for the i.MX93 FRDM platform, and the ability to build OP-TEE for the previously supported STM32MP1 platform.
Continue reading “meta-kiss: updates to our simple Yocto layer”
Today, we are happy to announce the first release of a brand new open-source project: sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Written in Python, with minimal dependencies, and a very simple workflow in mind, sbom-cve-check will parse your SBOM (SPDX v2.2 or SPDX v3.0 currently supported), and using publicly available databases of security vulnerabilities, will generate a report of known security vulnerabilities affecting the software components listed in your SBOM.
This tool will be presented tomorrow, on December 2 at 3:40 PM during the Yocto Project Virtual Summit 2025.12 during a talk titled sbom-cve-check: Lightweight Python tooling for out-of-build CVE analysis of SPDX3 SBOMs, presented by Bootlin engineers Benjamin Robin and Olivier Benjamin.
Continue reading “Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM”
The 6.18 version of the Linux kernel has just been released, and as usual we recommend our readers to look at the 6.18 merge window coverage by LWN.net (part 1, part 2) to get the best overview of the major changes in this release.
On our side, we contributed a total of 77 patches to this kernel release, and our engineers who work as maintainers review/merged 111 patches from other contributors.
Continue reading “Linux 6.18 released, Bootlin contributions inside”
The 2025 edition of Capitole du Libre took place in Toulouse, France on November, 15th and 16th this year, and as in previous years, Bootlin was actively involved through a variety of contributions.
The Capitole du Libre is a major conference about Free Software in the south of France, even attracting people from other countries. This is an important opportunity for local actors to meet and share their interests and contributions to Open Source Software.
Version 2.5 of Snagboot was released last week! The updates in this version mostly target snagrecover, with two brand new SoC families supported! Let’s take a look at what’s new.
Bootlin has recently contributed to the Kas project by adding support for Yocto Project’s Buildtools. In this blog post, we will give an overview of what Kas is, what Buildtools are, why an integration of Buildtools was deemed useful and relevant, and how to use it.
Continue reading “Support for Yocto buildtools added to upstream Kas”
