Benjamin Cabé

Zephyr Weekly Update – zspdx is getting some love

Zephyr Weekly Update - January 12, 2024

The Zephyr community is definitely back to full-speed after the short holiday break, and I feel like I really need to re-think the format of these weekly updates so that I can be more efficient in putting them together, while still providing you with more insights than what you’d get from just looking at the git log! Anyways, that’s an implementation detail, and you’re probably here for this week’s update, and not for reading my random thoughts 🙂

A new script to help you migrate boards to v2 model

Last week, I mentioned how Zephyr is transitioning to a new, better, model to describe SoCs and boards. To help with this transition, Gerard Marull has released a script that assists with migrating a group of boards to the new model. (PR #67423)

SBOM generation improvements

Thanks to PR #66182 by Thomas Gagneret, the modules that are composing a Zephyr application are now properly captured as actual packages when generating the SBOM (Software Bill of Materials) files.

##### Package: mbedtls

PackageName: mbedtls
SPDXID: SPDXRef-mbedtls-sources
PackageDownloadLocation: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageLicenseInfoFromFiles: Apache-2.0
FilesAnalyzed: true
PackageVerificationCode: 53b2e7743712704ce9b05f8e17bc4eaba8776ddd

FileName: ./library/aes.c
SPDXID: SPDXRef-File-aes.c
FileChecksum: SHA1: ff7a9b66046c0de1a36bcd7c09a2307fb860aeb4
FileChecksum: SHA256: 5915d2544f3b93ed37f88a22b2d2e795447267119b553619231b75d83457679a
LicenseConcluded: Apache-2.0
LicenseInfoInFile: Apache-2.0
FileCopyrightText: NOASSERTION

...

As a reminder, generating the SBOM files for a Zephyr build, and therefore capturing the fingerprint of all the source files ending up in your application so that you can better assess if you’re impacted by software vulnerabilities further down the road, is something you can do in just a few lines.

New documentation pages

There’s been several substantial and most welcome additions made to the following areas of the documentation:

Boards & SoCs

SoC driver updates

General drivers

Miscellaneous


A big thank you to the 11 individuals who had their first pull request accepted this week, 💙 🙌: @andreeaDumitrache, @pamolloy, @ssnover, @RICCIARDI-Adrien, @jkandasa, @hcd-bdltd, @LukaszMadejGrinn, @walzsi, @Jonathan-Hamberg, @tgagneret-embedded, and @jzipperer-fb.

As always, I very much welcome your thoughts and feedback in the comments below!

If you enjoyed this article, don’t forget to subscribe to this blog to be notified of upcoming publications! And of course, you can also always find me on Twitter and Mastodon.

Catch up on all previous issues of the Zephyr Weekly Update:

Exit mobile version