Burkhard Stubert

EU CRA: Essential Requirements Related to Vulnerability Handling

by Burkhard Stubert
2025/04/282025/05/02
4 Comments

According to Annex I Part II of the EU CRA, manufacturers must actively search for vulnerabilities in their embedded devices, fix them and publicly disclose them to their users and the cybersecurity authorities. Manufacturers must implement a process to release their devices without any know vulnerabilities and to keep their devices free of vulnerabilities during the whole product lifetime by providing security updates in a timely manner.

Extracting Microservices from a Modular Monolith

by Burkhard Stubert
2025/04/082025/04/20

When developing the operator terminals for their machines, OEMs must reinvent the wheel over and again. Each OEM implements home-grown solutions for standard features like OTA updates, user authentication, factory installation, machine gateways and IoT gateways. None of these features belong to the OEM’s core business. OEMs could save a lot of time and money, if they could buy these features as ready-made solutions from third-party vendors.

EU CRA: Essential Requirements Related to Product Properties

by Burkhard Stubert
2025/01/172025/05/28
4 Comments

Every manufacturer must implement the essential requirements in Annex 1 Part 1 of the EU CRA in their products. They must also document how they comply with the essential requirements in a conformity assessment. The wording of the essential requirements is very generic and hard to understand. Germany’s Federal Office of Information Security (BSI) published a Technical Guideline (PDF) that translates the legalese of the EU CRA into concrete and actionable requirements. I will add lots of examples from my work with embedded Linux devices to illustrate the requirements.

Embedded Devices Covered by EU Cyber Resilience Act (CRA)

by Burkhard Stubert
2024/11/192025/05/28

Which devices are covered by the EU Cyber Resilience Act (EU CRA)?

An X-ray fluorescence (XRF) analyser connected with the Internet over WiFi.
A metal-sheet bending machine with an Ethernet port, which will only be used in the future.
The harvester ECUs connected over CAN bus.
A camera trap without any connectivity, where updates and photos are exchanged via SD card.
A full-body 3D X-ray scanner used by doctors.

The commands for updating u-boot using an A/B strategy

Updating U-Boot with an A/B Strategy

by Burkhard Stubert
2024/05/132024/05/13
5 Comments

Unlike consumer devices, machines, ECUs or medical devices are in the field for 15 or more years. There inevitably comes the time in their life, when you must update their boot loader. I’ll show you how to do this from an embedded Linux system running on an NXP iMX8M Plus. You can adapt the method to other SoCs and use it for OTA updates, as well.

by Burkhard Stubert
2024/03/122024/11/12

How hard can it be to write a Yocto recipe for building a Qt application with CMake? Actually, it turns out to be pretty hard. I have seen my fair share of slow-and-dirty workarounds (nothing is ever quick with Yocto, not even the diry workarounds) how to force the Qt application into the Linux image and onto the device. Over the years, I turned my own slow-and-dirty workarounds into a hopefully quick-and-clean solution. Here it comes.