Back in December 2025, we announced the release of sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM).
Since the release announcement, the project has continued its development, and in this blog post, we wanted to share a number of updates about this project: a new 1.1.0 release, a new meta-sbom-cve-check layer, possible integration into the Yocto Project, and a talk at FOSDEM.
Linux 6.19 was just released yesterday, and as usual we recommend reading LWN.net articles to have a nice high-level overview of the new features brought by this release: part 1, part 2. Kernelnewbies also has a nice article.
On our side, with 160 commits it is a very strong release for our team. According to statistics, this puts Bootlin as the top 15 contributing company for this release. In addition to the patch we authored, several Bootlin engineers reviewed/merged patches from other contributors: most notably, Alexandre Belloni merged/reviewed 52 patches for the RTC and I3C subsystems, Luca Ceresoli reviewed 18 patches, Miquèl Raynal merged/reviewed 34 patches for the MTD subsystem.
Continue reading “Linux 6.19 released, Bootlin contributions inside”
The UP Board family of platforms, developed by AAEON, is a series of compact, high-performance single-board computers (SBCs) widely used in the industry and embedded applications. They combine high-performance Intel processors with versatile I/O through a 40-pin Raspberry Pi-like header. At its core, an FPGA manages pin functionality, routing, and direction, enabling flexible use as I2C, UART, or GPIO. Supporting this setup in Linux is uniquely challenging and fascinating, and we were recently involved in bringing support for these I/Os upstream, successfully closing a story that had been open for seven years!
Continue reading “Upstreaming of the AAEON UP board IO expansion Linux kernel driver”
Today, we are happy to announce the first release of a brand new open-source project: sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Written in Python, with minimal dependencies, and a very simple workflow in mind, sbom-cve-check will parse your SBOM (SPDX v2.2 or SPDX v3.0 currently supported), and using publicly available databases of security vulnerabilities, will generate a report of known security vulnerabilities affecting the software components listed in your SBOM.
This tool will be presented tomorrow, on December 2 at 3:40 PM during the Yocto Project Virtual Summit 2025.12 during a talk titled sbom-cve-check: Lightweight Python tooling for out-of-build CVE analysis of SPDX3 SBOMs, presented by Bootlin engineers Benjamin Robin and Olivier Benjamin.
Continue reading “Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM”
The 6.18 version of the Linux kernel has just been released, and as usual we recommend our readers to look at the 6.18 merge window coverage by LWN.net (part 1, part 2) to get the best overview of the major changes in this release.
On our side, we contributed a total of 77 patches to this kernel release, and our engineers who work as maintainers review/merged 111 patches from other contributors.
Continue reading “Linux 6.18 released, Bootlin contributions inside”
The 2025 edition of Capitole du Libre took place in Toulouse, France on November, 15th and 16th this year, and as in previous years, Bootlin was actively involved through a variety of contributions.
The Capitole du Libre is a major conference about Free Software in the south of France, even attracting people from other countries. This is an important opportunity for local actors to meet and share their interests and contributions to Open Source Software.
Version 2.5 of Snagboot was released last week! The updates in this version mostly target snagrecover, with two brand new SoC families supported! Let’s take a look at what’s new.
Bootlin has recently contributed to the Kas project by adding support for Yocto Project’s Buildtools. In this blog post, we will give an overview of what Kas is, what Buildtools are, why an integration of Buildtools was deemed useful and relevant, and how to use it.
Continue reading “Support for Yocto buildtools added to upstream Kas”
Bootlin is happy to share that our engineer Luca Ceresoli will be speaking at Linux Day 2025 in Bergamo, Italy, on Saturday, October 25, 2025.
Luca’s talk, titled “Software updates on embedded Linux devices” (“Aggiornamenti software su dispositivi embedded Linux”), will take place from 14:00 to 15:00.
Many of the electronic products we use every day are powered by Linux, even when we don’t see it. Like PCs, these embedded devices also need software updates to fix bugs and improve functionality. However, unlike PCs, they must perform these updates automatically and reliably, without any user intervention.
In his presentation, Luca will explain one of the most widely used techniques for achieving this: A/B updates. He will describe what they are, how they work, and the most common tools used to implement them in embedded Linux systems.
This talk is a great opportunity for developers and engineers interested in the practical challenges of maintaining and updating Linux-based devices in the field.
Linux Day is an annual, nationwide event organized across Italy to promote the use and understanding of free and open-source software. Many cities host talks, workshops, and meetups aimed at both newcomers and experienced developers. The Bergamo edition continues this tradition with a full day of technical sessions, community engagement and an install party.
If you’re attending Linux Day Bergamo 2025, don’t miss Luca’s session! Don’t hesitate to meet Luca to talk about what we do at Bootlin and open job positions!
Among all activities I’ve been doing at Bootlin during the past few months, one has been to add support for the Maxim MAX7360 Key-Switch Controller and LED Driver/GPIOs chip to the Linux kernel. Together with my colleague Kamel Bouhara, we developed Linux kernel device drivers to support it and upstreamed them to the mainline kernel. The full set of drivers have been merged in the upstream Linux kernel, and will be available in the upcoming Linux 6.18 release.
In this blog post, we will share some details on how this hardware works, and how it is now supported by the Linux kernel.
Continue reading “Adding support for the MAX7360 keypad controller in the Linux kernel”
