Cyber Resilience Act (CRA) – overview

The Cyber Resilience Act (CRA) was adopted by the European Council on October 10, 2024. It was then published in the Official journal of the EU on November 20, 2024 and enters into force today, December 10, 2024. Most of the law will start applying in 3 years, on December 11, 2027.

However, the obligation for manufacturers to report any actively exploited vulnerability or any security incident impacting the security of their product to ENISA will apply from September 11, 2026.
The other parts of the law that will start applying from June 11, 2026 apply to the member states and specify the details of setting up the administrative entities that will assess conformity with the CRA.

At Bootlin, we have been paying close attention to this topic for several reasons. First, the CRA will affect a large number of our clients, as almost every embedded device sold in the EU will need to comply with it. Second, the CRA also affects us directly, for instance as the maintainer of Snagboot.

This post is therefore the first in a series that will present our understanding of the CRA, and clearly lay out what one needs to have in mind in order to be confident of one’s compliance on time.

Continue reading “Cyber Resilience Act (CRA) – overview”

OpenWrt support for STM32MP updated and STM32MP2 added

Bootlin is happy to announce a new release of our OpenWrt feed openwrt-feed-st, which  provides integration of ST’s STM32MP platforms with the OpenWrt build system. This new release openstlinux-6.1-openwrt-master-mpu-v24.06.26 updates the BSP software components and adds support for the new STM32MP2 platform.

Continue reading “OpenWrt support for STM32MP updated and STM32MP2 added”

Upgrading Snagboot to a fully-fledged factory flashing tool

Snagboot is a fully open-source and vendor-agnostic recovery and flashing tool released by Bootlin in 2023. It is composed of snagrecover and snagflash, which respectively run U-Boot on a target platform using USB recovery mode and flash non-volatile storage devices using USB gadgets exposed by U-Boot.

While the combination of snagrecover and snagflash allows to reflash a board during development, it doesn’t fully address the needs of factory flashing: fast processing of multiple boards in parallel, monitoring of individual board statuses during the flashing process, and compatibility with Windows, which is the most often used operating system on factory floors.

Back in March 2024, Texas Instruments contacted Bootlin with a project request: to grow Snagboot into an efficient factory flashing tool. The goal was for factory operators to have a way of efficiently flashing groups of devices using a single user-friendly interface.

While this project could have been executed internally by engineers at Texas Instruments, the team at TI realized the importance of keeping this work agnostic to TI and driving this truly as an Open Source project. We thank TI for partnering with us and sponsoring us to deliver this tool that will cater to the flash writing needs of a variety of small and medium sized manufacturing houses & industry in general.

Consequently, Bootlin is proud to release the 2.0 version of Snagboot, which includes a factory flashing tool that runs on both Windows and Linux!

This tool supports a wide range of platforms from different vendors. All boards using supported SoCs are themselves supported without any extra effort, provided proper U-Boot support exists and USB recovery ports are routed in hardware.

Continue reading “Upgrading Snagboot to a fully-fledged factory flashing tool”

Welcome to Thomas Bonnefille

Thomas BonnefilleWe’re happy to announce that Thomas Bonnefille has just joined the Bootlin engineering team!

Thomas Bonnefille recently graduated from ENSEEIHT, an engineering school based in Toulouse, France. During his studies, he actively participated to 7Robot, the ENSEEIHT robotics club, thanks to which he got involved in his first embedded Linux project: building a robot that ranked 9 out of a hundred participating teams at the French Robotic Cup.

Following this success, Thomas did his final internship at Bootlin, during which he worked on Buildroot, U-Boot and Linux kernel support and drivers for several RISC-V platforms. During his internship, he also got the chance to following many of the training courses offered by Bootlin.

Thomas is now joining our team as a full-time engineer, to work with our growing team based in Toulouse, to help our customers on numerous embedded Linux projects.

Thomas Bonnefille is also the fourth Thomas to work at Bootlin, after Thomas Petazzoni, Thomas Perrot and Thomas Richard! 🙂

Please see Thomas’s Bootlin page and LinkedIn profile.

Linux 6.12 released, Bootlin contributions inside

Linux 6.12 has been released during the past week-end, pretty much as expected after 7 release candidates. As usual, we recommend our readers to go through the amazing LWN.net articles covering the 6.12 merge window (part 1, part 2) to get a high-level overview of the major new features and improvements in this 6.12 release. One of the prominent improvement in this release, as far as the embeded industry is concerned, is obviously the merge of the final bits enabling PREEMPT_RT… which already caused our Real-Time Linux with PREEMPT_RT training course to be updated.

As usual, Bootlin again contributed to this release: with 118 commits merged, we are again in the top 20 contributing companies! Also, in addition to contributing our own code, several of our engineers are also maintainers, and as part of this work those engineers review and merge patches from other contributors. As part of this effort, for this 6.12 release:

  • Alexandre Belloni, as the RTC and I3C subsystems maintainer, merged 29 patches from other contributors
  • Miquèl Raynal, as the MTD subsystem co-maintainer, merged 24 patches from other contributors
  • Grégory Clement, as the Marvell platform maintainer, merged 4 patches from other contributors

Overall, 13 active Bootlin engineers made contributions to this release, which on a total staff of 24 people, means that more than half of our team has contributed to the Linux kernel for 6.12, a good indication of our strong focus on Linux kernel development and upstreaming!

Continue reading “Linux 6.12 released, Bootlin contributions inside”

Bootlin at Capitole du Libre, November 16/17 in Toulouse, France

Capitole du LibreCapitole du Libre is one of the major open-source conferences in France, possibly the most important community-driven open-source conference in France. Coincidentally, it was co-founded over 10 years ago by Bootlin CEO Thomas Petazzoni, but it’s now run by a large group of enthusiast volunteers.

As one of the Bootlin offices is precisely based in Toulouse, and Bootlin is strongly connected to open-source projects and communities, it is natural that Bootlin engineers have been attending Capitole du Libre for pretty much as long as it has existed, and the 2024 edition will be no exception to this rule:

Bootlin is hiring, for both full-time embedded Linux engineer positions, and for embedded Linux engineering internships, so do not hesitate to get in touch during the event to discuss career opportunities at Bootlin!

Additionally, our hardware and electronic design partner and friend Ratiotech will be present, and they are hiring electronic design engineers, get in touch as well!

We’re looking forward to meeting the open-source community at Capitole du Libre, discovering new projects, and learning new things. Join us and attend the event!

Feedback from Open Source Summit Europe 2024: our selection of talks #1

Open Source Summit Europe 2024The Open Source Summit Europe took place about a month ago in Vienna, and a large part of the Bootlin team attended the event, at which we also gave two talks.

At Bootlin, after such conferences, we also have a tradition of highlighting a number of talks we found interesting, and sharing this selection with our readers: we have asked each Bootlin engineer who attended Open Source Summit Europe 2024 to pick one talk they liked, and share a summary.

You’ll find in this first blog post a first selection of 3 talks: with their videos being available, this gives you the ideal playlist for the upcoming cold and rainy evenings!

Continue reading “Feedback from Open Source Summit Europe 2024: our selection of talks #1”

Welcome to Antonin Godard

After Mathieu Dubois-Briand and Olivier Benjamin, a third engineer joined this September our team at our Lyon office in France: we’re happy to welcome Antonin Godard.

After graduating from the french Telecom Paris engineering school in 2020, Antonin spent 4 years at Witekio, exclusively dedicated to embedded Linux system development. He has primarily been involved in Yocto-based projects, designing and architecturing BSPs for various customers and maintaining them. He also has experience with secure boot, CI/CD , CVE analysis, OTA updates and automated testing. Antonin also worked for a year in Witekio’s Seattle office, where he pursued his work on Yocto-based projects for American customers.

Over the years, Antonin got to work with Xilinx Zynq Ultrascale and NXP Layerscape SoCs as well as some experience with i.MX and x86 based-SoCs – for which he got bootloaders (U-boot / Grub), the Linux kernel and various open-source software up and running.

As part of his work at Bootlin, Antonin has already been involved in contributing to the Yocto Project documentation, and he will bring his expertise to help our customers on all embedded Linux topics. See Antonin’s profile on our website for more details.

Once again, welcome Antonin!

2025 internships at Bootlin

We have just published our 2025 internships booklet, documenting the internship topics we are offering to students in engineering who are completing their studies by a final internship.

Since this is mainly targeted at students based in France, who can join our offices in Lyon (France) or Toulouse (France), the internship descriptions are in French.

The topics we are proposing this year are:

  • exploration of Machine Learning solutions for embedded Linux
  • improvement of Snagboot, the universal embedded flashing tool
  • drivers and hardware support in Linux or U-Boot
  • enhancement of Device Tree support in the Linux kernel
  • porting Bootlin training to Qemu
  • evaluation and porting of Bootlin training to a new hardware platform
  • contributions to the Yocto ecosystem
  • contribution to the Buildroot project
  • monitoring the security of Linux BSPs
  • reference implementation of a secure embedded Linux OS
  • Ultra Wide Band (UWB) support in the Linux kernel
  • open topic on embedded Linux or Zephyr



Bootlin welcomes cybersecurity expert Olivier Benjamin

We’re happy to announce that Olivier Benjamin has recently joined the Bootlin engineering team!

For anyone in the tech industry, and especially the embedded industry, it is clear now that security is one of the most important topics of the recent and coming years both from a technical standpoint and from a regulatory standpoint (with regulations such as the CRA). Bootlin has already been helping its customers improve the security of their embedded Linux products by providing expertise on secure boot, encryption, TPM or maintenance of Linux BSPs.

With the arrival of Olivier in our team, we’re really happy to be significantly strengthening our security expertise. Indeed, Olivier has a very strong and solid security background: he started his career at security R&D firm Quarkslab doing embedded device security assessment, then he worked for several years for the french Ministry of Defense reverse engineering security implementation in embedded devices, searching for vulnerabilities and developing proofs of concept. He then joined AWS at Amazon, going through various security roles including incident response as well as looking into security vulnerabilities of concern for the hypervisor and kernel layers of EC2.

In addition to being a security expert, Olivier is also passionate about Linux and Open Source, matching well Bootlin’s DNA. Most notably, Olivier is a contributor to the UBPorts project, looking specifically at the Pine64 native port.

Check out Olivier’s profile on our website for more details. Once again, welcome Olivier!