Overview: Risk Assessment of the Essential Product Requirements
Overview of my posts and talks about risk assessment of the essential product requirements of the EU Cyber Resilience Act (CRA).
Burkhard Stubert
Latest posts
Running Wayland Clients as Non-Root Users
Many embedded Linux systems use a Wayland compositor like Weston for window management. Qt applications act as Wayland clients. Weston composes the windows of the Qt applications into a single window and displays it on a screen. I still have
DISTRO_FEATURES:append After DISTRO_FEATURES:remove Has No Effect
Once we have removed an item from a BitBake variable, we cannot re-append it. The evaluation of the following three assignments of the variable BB_VAR yields the same result, no matter in which order the assignments are executed. # Code
EU CRA: Start, Length and End of Support Period
Manufacturers must provide security updates during the support period plus 10 years. The length is calculated from average lifetime, component availability and other criteria. The support period starts when the product is placed on the market.
EU CRA: Essential Requirements Related to Vulnerability Handling
The eight requirements define how the manufacturer's process for vulnerability handling must look. They include identifying, addressing and publishing of vulnerabilities as well as timely security updates and generating an SBoM. The post gives practical examples how to do this.
Extracting Microservices from a Modular Monolith
When developing the operator terminals for their machines, OEMs must reinvent the wheel over and again. Each OEM implements home-grown solutions for standard features like OTA updates, user authentication, factory installation, machine gateways and IoT gateways. None of these features
EU CRA: Essential Requirements Related to Product Properties
Embedded systems must satisfy the 13 essential product properties like confidentiality, integrity, availability and access control. Otherwise, they violate the CRA and must not be placed on the market. The post illustrates the product properties with many practical examples.
Embedded Devices Covered by EU Cyber Resilience Act (CRA)
Which devices are covered by the EU Cyber Resilience Act (EU CRA)? * An X-ray fluorescence (XRF) analyser connected with the Internet over WiFi. * A metal-sheet bending machine with an Ethernet port, which will only be used in the future. * The
Updating U-Boot with an A/B Strategy
By default, eMMC storage comes with two boot partitions. Two partitions enable an A/B strategy for U-Boot updates. Moreover, U-Boot can automatically start from the other partition, if the first is corrupt or empty.
A Yocto Recipe for Qt Applications Built with CMake
How hard can it be to write a Yocto recipe for building a Qt application with CMake? Actually, it turns out to be pretty hard. I have seen my fair share of slow-and-dirty workarounds (nothing is ever quick with Yocto,
Ports-and-Adapters Architecture: The Pattern
The ports-and-adapters architecture should be the standard architecture for HMI applications. Its parts are loosely coupled, cohesive, easy to test and easy to extend. We can apply the reverse Conway manoeuvre to create self-dependent teams with minimal dependencies on other
Accessing Private Git Repositories from Docker Containers
Manufacturers keep their proprietary software in private git repositories. During the build, Yocto recipes fetch the private sources from inside a container. This requires a special SSH setup.