FOSDEM 2025, one of the largest open-source software conferences in the world, took place in Brussels, Belgium in February this year. The Good Penguin attended and in this blog post we will share some of our highlights. Exploring Open Source Dual A/B Update Solutions for Embedded Linux – Leon Anavi At The Good Penguin we …
Year: 2025
The Impact of Non-Blocking Consoles (nbcon) on Linux Boot Time
During the Linux boot process, the boot console is responsible for relaying boot messages to the user. On embedded systems this console is often attached to a serial port that can only handle a maximum data rate of a few kilobytes per second which degrades overall boot time. In this post we’ll explore how the …
Building Zephyr RTOS for Raspberry Pi Pico (RP2040)
The Zephyr Project is an open-source real-time operating system (RTOS) focused on embedded and IoT platforms. Zephyr is a Linux Foundation hosted ‘Collaboration Project’, and supports a wide array of devices and architectures. The Raspberry Pi Pico is a microprocessor board developed by Raspberry Pi and is based on their RP2040 chip. The RP2040 is …
Secure Storage with i.MX 95 Verdin EVK using Trusted Keys with OP-TEE
In our previous blog post, we explored securing keys and certificates with Toradex’s recently launched i.MX 95 Verdin Evaluation Kit. We also demonstrated how to build and customise a Yocto reference image for the i.MX 95 Verdin EVK, leveraging OP-TEE and PKCS#11 which you can find here. Another essential aspect of achieving a high level …
Securing Keys and Certificates with i.MX 95 Verdin EVK using PKCS#11 with OP-TEE
Toradex recently launched the i.MX 95 Verdin Evaluation Kit, designed to accelerate next-generation Edge AI, automotive, industrial and medical applications all of which are industries that require high levels of security. An essential aspect of achieving a high level of security is the management and storage of cryptographic keys. This is crucial for authenticating to …
Exploiting a Buffer Overflow Vulnerability for Remote Code Execution in Nginx
Protecting devices from malicious use is often a cat-and-mouse game between security researchers identifying software vulnerabilities (CVEs) and product-makers patching them before attackers can exploit them. As a result, devices can no longer be developed, shipped and forgotten. Instead, manufacturers must commit to keeping those devices up to date and free from critical vulnerabilities for …