IoT and Device Management – Zephyr Project

The Zephyr Developer Summit, hosted under the first-ever Embedded Open Source Summit in Prague, Czech Republic, on June 27-30 included presentations, BoFs, and training designed for real time problem solving and deep discussions. More than 1,300 people registered for the EOSS conference – representing 375 organizations across 56 countries around the globe. Zephyr had 75+ technical sessions (in-person and on-demand) for 3 tracks focused on users of Zephyr, developers contributing upstream, and maintainer-specific topics.

All of the videos from the Zephyr Developer Summit can be found on the Zephyr Youtube Channel. Each week, we’ll highlight a few videos in a blog for easy access. Today, we’re featuring a few sessions focused on IoT and device management including. “IoT Device Management with Zephyr,” “Connecting and Managing Zephyr Devices Remotely Using LWM2M and Eclipse Leshan,” “Management of IoT TinyML Devices,” “Provisioning in Zephyr,” “Boot to Cloud Security Considerations with IoT,” and “Distributed Embedded Systems Using Zephyr.”

“IoT Device Management with Zephyr” – Ryan Erickson, Software Development Engineer at Laird Connectivity

Laird Connectivity’s Canvas™ Device Manager BLE gateway and Sensor firmware was built with Zephyr to provide an open source device management platform for our customers. Customers can take our open source firmware and tailor it for their needs to build a gateway and end sensor solution where the gateways and sensors can be managed 100% remotely from the cloud. The presentation will go through all of the Zephyr subsystems that were used to build a secure IoT solution:

All communication is built on standard protocols
Completely wireless gateway and sensor solution with cellular and BLE connectivity
Gateway cloud communication with LTE-M and/or NB-IoT -LwM2M protocol used to manage gateways and sensors
LwM2M over BLE for sensor to gateway communication
BLE communication encrypted between gateway and sensor with standard PKI practices
LittleFS filesystem to store all settings. Any sensitive data is encrypted in LittleFS
Password protected shell and hardware based protection – prevents tampering with device settings physically
Public-key-infrastructure (PKI) used for cloud connections
Secure boot and secure signed firmware images
All settings configurable at runtime for tailored customer service when manufacturing the hardware.
Remote firmware debugging with Memfault.

Connecting and Managing Zephyr Devices Remotely Using LWM2M and Eclipse Leshan – Julien Vermillard, Architect at EdgeIQ

The number of Zephyr-based connected devices is rising fast, but how can these run safely and efficiently using standards? OMA Lightweight M2M is an IoT protocol for managing intelligent objects. It addresses specific IoT needs: monitoring, configuring, securing, and upgrading devices. It is bandwidth efficient and fits constrained embedded environments while providing friendly and discoverable RESTful API. Zephyr’s built-in LWM2M client can easily be coupled with Eclipse Leshan —a Java library that helps write LWM2M cloud servers and manage them at scale— to build an end-to-end, secure, IoT device management infrastructure. After introducing the LWM2M standards, we will show you how to use the Zephyr LWM2M client with Eclipse Leshan to expose your device capabilities and create a server for managing a fleet of devices and collecting sensor data. We’ll conclude with some insight into what is cooking inside the Leshan project and some examples of it being used commercially within the IoT platform industry.

Management of IoT TinyML Devices – Mieszko Mieruński, Embedded Team Lead at AVSystem

As deployment of TinyML algorithms on resource-constrained embedded devices is relatively cheap in comparison to cloud based ML solutions, we experience a boom of TinyML solutions in versatile use cases including security systems, intelligent lighting, wildlife conservation, early warnings about system failure detection and many others. Despite the quickly growing number of available TinyML projects, existing solutions for MLOps are not well integrated with each other and the rest of the IoT ecosystem. As a result, IoT solution providers are required to integrate multiple communication stacks into their devices, which is challenging for resource-constrained devices. These challenges can be addressed by integration of the LwM2M communication protocol with TinyML solutions. In such a scenario, we obtain a single communication stack that multiplexes OTA updates, telemetry data collection and device management on a single network connection. Mieszko will talk about integration of Edge Impulse ML with LwM2M, how the solution can be standardized, what are the gains of the approach and showcase a demonstration of the whole TinyML operations flow based on Zephyr RTOS to detect system anomalies and failures.

Provisioning in Zephyr– Jared Wolff, Owner of Circuit Dojo LLC

Provisioning devices is one of the most important final steps that you need to complete before deploying your products out into the world. Fortunately Zephyr makes it simple to get devices set up with certificates, pre-shared keys and more. Specifically for this talk, we’ll discuss how we provision our Nordic nRF9160 based devices across different customer projects. We’ll discuss some concepts like Zephyr’s shell and settings APIs. We’ll also touch on writing and running utilities that interface with the device. In the end the attendee will come away with different methods that they can do to make provisioning as painless as possible.

Boot to Cloud Security Considerations with IoT – Kevin Townsend, Distinguished Engineer at Analog Devices

Designing secure IoT systems for resource-constrained embedded systems is a challenge, not because of the limited resources available, but because security needs to be considered from an end-to-end perspective. This means planning for:

A secure boot and firmware update process
The secure flow of data through the system
How do I know the data is trustworthy and hasn’t been tampered with?
How do I know that this comes from the device it claims to?
How can I limit visibility of sensitive data?
Reliable device authentication
Secret management
Secure connectivity to public/private cloud servers

Embedded developers can no longer limit themselves to one specific silo, and need to have basic skills and an understanding of the entire end-to-end, boot-to-cloud and security landscape to make the right design choices to produce a minimally secure system. This presentation tries to lay down some of those key requirements and design choices, and makes suggestions about best practices to follow based on open source software and open standards. This includes generating device-bound, storage-free private keys and UUIDs, mutual TLS, how to encode and transmit data securely and reliably, and bootstrap and X.509 certificate management requirements.

Distributed Embedded Systems Using Zephyr – Yuval Peress, Senior Software Engineer at Google

Embedded computing goes way beyond a single chip. In a given system, it’s likely that several tasks are running concurrently and interacting with each other. In most other computing disciplines these would be called micro-services. With the latest integration of Pigweed’s embedded RPC implementation, it’s now possible to imagine a similar concept in the embedded domain. In such a system design, it’ll be possible to define the task’s interface using a .proto file. During compile time, we can choose how we want the generated code to behave: local vs remote. Having this boundary enables applications to distribute computation across multiple microcontrollers. During the talk, I’ll discuss the benefits of having a proto API boundary and the benefits of running the service locally vs remotely along with the overhead. Additionally, I’ll discuss the benefits of such a modular design on testing. Finally, we’ll walk through a sample application with 2 services. The sample will demonstrate the benefits of:

Being able to develop the services in parallel
Writing tests based on the API boundary (before writing code)
Being able to run the service remotely without additional engineering overhead and minimal performance/memory overhead

Watch the rest of the Zephyr Developer Summit videos here. The schedule and links to the PPT presentations can be found here. Photos from the EOSS can be found here.

For more information about the 2024 event, stay tuned by subscribing to the Zephyr quarterly newsletter or connect with us on @ZephyrIoT, Zephyr Project LinkedIn or the Zephyr Discord Channel to talk with community and TSC members.