Embedded Linux

Running Wayland Clients as Non-Root Users

by Burkhard Stubert
2025/08/112025/10/27

Many embedded Linux systems use a Wayland compositor like Weston for window management. Qt applications act as Wayland clients. Weston composes the windows of the Qt applications into a single window and displays it on a screen. I still have to find a Yocto layer that does not start Qt applications as root. This violates the cybersecurity principle that every application should only run with the least privileges possible. Let us figure out how to run Qt applications as non-root users and make our system more secure.

by Burkhard Stubert
2025/07/222025/10/27
5 Comments

Once we have removed an item from a BitBake variable, we cannot re-append it. The evaluation of the following three assignments of the variable BB_VAR yields the same result, no matter in which order the assignments are executed.

# Code under someone else's control
BB_VAR ?= "x z"
BB_VAR:remove = "a y"

# Code under our control
BB_VAR:append = " y"

### Result: BB_VAR = "x z" instead of "x y z"

The commands for updating u-boot using an A/B strategy

Updating U-Boot with an A/B Strategy

by Burkhard Stubert
2024/05/132025/10/28
5 Comments

Unlike consumer devices, machines, ECUs or medical devices are in the field for 15 or more years. There inevitably comes the time in their life, when you must update their boot loader. I’ll show you how to do this from an embedded Linux system running on an NXP iMX8M Plus. You can adapt the method to other SoCs and use it for OTA updates, as well.

by Burkhard Stubert
2024/03/122025/11/02

How hard can it be to write a Yocto recipe for building a Qt application with CMake? Actually, it turns out to be pretty hard. I have seen my fair share of slow-and-dirty workarounds (nothing is ever quick with Yocto, not even the diry workarounds) how to force the Qt application into the Linux image and onto the device. Over the years, I turned my own slow-and-dirty workarounds into a hopefully quick-and-clean solution. Here it comes.

by Burkhard Stubert
2023/03/202025/10/28
3 Comments

We keep the source code of our applications and libraries in private repositories. Quite a few SoM and terminal makers do the same with their Yocto layers and their additional software. We typically use a Docker container to build the whole embedded Linux system with Yocto. Hence, we must be able to clone and update private repositories from the container.

by Burkhard Stubert
2023/02/042025/10/27
3 Comments

We can build the Qt versions from 6.2 to 6.5 with the meta-qt6 layer for the Yocto versions 3.1 to 4.1. This is a big time saver.

Embedded Linux

Running Wayland Clients as Non-Root Users

DISTRO_FEATURES:append After DISTRO_FEATURES:remove Has No Effect

Updating U-Boot with an A/B Strategy

A Yocto Recipe for Qt Applications Built with CMake

Accessing Private Git Repositories from Docker Containers

Compatibility between Yocto and Qt 6 Versions