Technical – Bootlin

Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM

Today, we are happy to announce the first release of a brand new open-source project: sbom-cve-check, a lightweight CVE analysis tool for your Software Bill of Materials (SBOM). Written in Python, with minimal dependencies, and a very simple workflow in mind, sbom-cve-check will parse your SBOM (SPDX v2.2 or SPDX v3.0 currently supported), and using publicly available databases of security vulnerabilities, will generate a report of known security vulnerabilities affecting the software components listed in your SBOM.

This tool will be presented tomorrow, on December 2 at 3:40 PM during the Yocto Project Virtual Summit 2025.12 during a talk titled sbom-cve-check: Lightweight Python tooling for out-of-build CVE analysis of SPDX3 SBOMs, presented by Bootlin engineers Benjamin Robin and Olivier Benjamin.

Continue reading “Announcing sbom-cve-check, a lightweight CVE analysis tool for your SBOM”

Linux 6.18 released, Bootlin contributions inside

Penguin coding, AI generated The 6.18 version of the Linux kernel has just been released, and as usual we recommend our readers to look at the 6.18 merge window coverage by LWN.net (part 1, part 2) to get the best overview of the major changes in this release.

On our side, we contributed a total of 77 patches to this kernel release, and our engineers who work as maintainers review/merged 111 patches from other contributors.

Continue reading “Linux 6.18 released, Bootlin contributions inside”

Bootlin at Capitole du Libre 2025

The 2025 edition of Capitole du Libre took place in Toulouse, France on November, 15th and 16th this year, and as in previous years, Bootlin was actively involved through a variety of contributions.

The Capitole du Libre is a major conference about Free Software in the south of France, even attracting people from other countries. This is an important opportunity for local actors to meet and share their interests and contributions to Open Source Software.

Continue reading “Bootlin at Capitole du Libre 2025”

Snagboot v2.5 released

Version 2.5 of Snagboot was released last week! The updates in this version mostly target snagrecover, with two brand new SoC families supported! Let’s take a look at what’s new.

Continue reading “Snagboot v2.5 released”

Support for Yocto buildtools added to upstream Kas

Yocto Buildtools in Kas Bootlin has recently contributed to the Kas project by adding support for Yocto Project’s Buildtools. In this blog post, we will give an overview of what Kas is, what Buildtools are, why an integration of Buildtools was deemed useful and relevant, and how to use it.

Continue reading “Support for Yocto buildtools added to upstream Kas”

Bootlin engineer Luca Ceresoli speaks at Linux Day 2025 in Bergamo, Italy

Bootlin is happy to share that our engineer Luca Ceresoli will be speaking at Linux Day 2025 in Bergamo, Italy, on Saturday, October 25, 2025.

Luca’s talk, titled “Software updates on embedded Linux devices” (“Aggiornamenti software su dispositivi embedded Linux”), will take place from 14:00 to 15:00.

About the talk

Many of the electronic products we use every day are powered by Linux, even when we don’t see it. Like PCs, these embedded devices also need software updates to fix bugs and improve functionality. However, unlike PCs, they must perform these updates automatically and reliably, without any user intervention.

In his presentation, Luca will explain one of the most widely used techniques for achieving this: A/B updates. He will describe what they are, how they work, and the most common tools used to implement them in embedded Linux systems.

This talk is a great opportunity for developers and engineers interested in the practical challenges of maintaining and updating Linux-based devices in the field.

About Linux Day

Linux Day is an annual, nationwide event organized across Italy to promote the use and understanding of free and open-source software. Many cities host talks, workshops, and meetups aimed at both newcomers and experienced developers. The Bergamo edition continues this tradition with a full day of technical sessions, community engagement and an install party.

Meet Luca and Bootlin

If you’re attending Linux Day Bergamo 2025, don’t miss Luca’s session! Don’t hesitate to meet Luca to talk about what we do at Bootlin and open job positions!

Adding support for the MAX7360 keypad controller in the Linux kernel

MAX7360 Among all activities I’ve been doing at Bootlin during the past few months, one has been to add support for the Maxim MAX7360 Key-Switch Controller and LED Driver/GPIOs chip to the Linux kernel. Together with my colleague Kamel Bouhara, we developed Linux kernel device drivers to support it and upstreamed them to the mainline kernel. The full set of drivers have been merged in the upstream Linux kernel, and will be available in the upcoming Linux 6.18 release.

In this blog post, we will share some details on how this hardware works, and how it is now supported by the Linux kernel.

Continue reading “Adding support for the MAX7360 keypad controller in the Linux kernel”

Updated Buildroot support for STM32MPU platforms, ST BSP v6.1

Bootlin is an authorized partner of ST The buildroot-external-st project is an extension of the Buildroot build system with ready-to-use configurations for the STMicroelectronics STM32MP1 and STM32MP2 platforms.

More specifically, this project is a BR2_EXTERNAL repository for Buildroot, with a number of defconfigs that allow to quickly build embedded Linux systems for the STM32MPU Discovery Kit platforms and Evaluation board. It’s a great way to get started with Buildroot on those platforms.

Today, we are happy to announce an updated version of this project, published under the branch st/2025.02.5 at https://github.com/bootlin/buildroot-external-st.

Continue reading “Updated Buildroot support for STM32MPU platforms, ST BSP v6.1”

The Dwarves Beneath the Kernel: Forging BTF for eBPF

This blog post is the third installment in our eBPF blog post series, following our posts about eBPF selftests and eBPF trampolines.

In the previous blog post, we discussed how eBPF trampolines are dynamically generated to allow hooking tracing programs to functions’ entry and/or exit. Each trampoline is tailored specifically for the target function on which we want to hook programs: it is then able to read the function context (e.g. function arguments and return value) and to pass those to the hooked programs. However there is one detail that we did not address: how does the trampoline generator know exactly about the function layout? To be able to generate trampolines that can read and store the function arguments, the trampoline generator needs many details about each argument: the location (a register? If so, which one? Or maybe it is on the stack? And if so, at which offset?) and its size. Parsing the function machine code is not enough to learn about those, and even if it was, compiler optimizations would obfuscate this kind of info even more. What if besides the actual executable code, the kernel image could be bearing some data about its internal functions? In this post, we will dive into the DWARF debug information format, and the BPF Type Format (BTF) derived from it to support such a purpose.

Continue reading “The Dwarves Beneath the Kernel: Forging BTF for eBPF”

Linux 6.17 released, Bootlin contributions inside

Penguin coding, AI generated Linux 6.17 was released a bit over a week ago, and as usual LWN.net gave the best summary of the new features and important changes in this release: part 1, part 2.

As usual, Bootlin contributed to this kernel, with a total of 98 patches authored by Bootlin engineers, but also another 94 patches that were reviewed/merged by Bootlin engineers, mostly by Alexandre Belloni (RTC and I3C maintainer, reviewed/merged 58 patches), Miquèl Raynal (MTD co-maintainer, reviewed/merged 20 patches) and Grégory Clement (Marvell EBU platform maintainer, reviewed/merged 8 patches).

Continue reading “Linux 6.17 released, Bootlin contributions inside”