Security vulnerability tracking tools in Buildroot, Thomas Petazzoni

Buildroot is a popular and easy to use embedded Linux build system, which automates the process of building a cross-compilation toolchain, a Linux kernel image, one or several bootloader images, and a complete set of user-space libraries and applications, all into a ready-to-use root filesystem image.

With the increasing concern around security vulnerabilities affecting embedded systems, and the need to keep them updated, Buildroot has been extended with new tooling for security vulnerability. This tooling allows to monitor the CVEs that affect the packages present in Buildroot.

In this talk, we will introduce the principle of CVEs and CPEs, present the tools now available in Buildroot to help keep track of the security vulnerabilities, show how they can be used for a project and identify the current limitations of this tooling.
#embedded #linux #buildroot #security
Slides: https://bootlin.com/pub/conferences/2021/lee/petazzoni-buildroot-vulnerability-tracking/petazzoni-buildroot-vulnerability-tracking.pdf
Bootlin's embedded Linux system development training course: https://bootlin.com/training/embedded-linux/
Bootlin's Linux kernel driver development training course: https://bootlin.com/training/kernel/
Bootlin's Yocto Project and OpenEmbedded system development training course: https://bootlin.com/training/yocto/
Bootlin's Buildroot system development training course: https://bootlin.com/training/buildroot/
Bootlin's Linux graphics stack training course: https://bootlin.com/training/graphics/
Bootlin Embedded Linux boot time optimization training course: https://bootlin.com/training/boot-time/

Видео Security vulnerability tracking tools in Buildroot, Thomas Petazzoni канала Bootlin