Services

We help teams ship reliable embedded Linux products. Engagements range from short audits to full product programs.

BSP & Platform Bring-up

• Bootloader configuration (U-Boot, Barebox)
• Kernel configuration, device tree, overlays
• Yocto layers, Debian/CIP customization
• Build reproducibility, SBOM and licensing
• Secure boot, measured boot, dm-verity

Drivers & Kernel

• Custom Linux device drivers
• Real-time tuning (PREEMPT_RT), low latency
• Debugging and profiling (ftrace, eBPF, perf)
• Power management and thermal design
• Upstreaming strategy and submissions

Applications & Middleware

• C/C++ daemons and services (systemd)
• Python tooling and REST/gRPC microservices
• IPC (DBus, sockets), shared memory, queues
• Industrial protocols, fieldbus and IO
• OTA update systems (swupdate, Mender, RAUC)

Security & Compliance

• NIS2 readiness: gap analysis, risk assessment, controls, policies, and incident response playbooks
• Secure and measured boot chains: Trusted Firmware-A, U-Boot/FIT, verified boot, dm-verity
• ARM TrustZone partitioning and OP-TEE: TA development, secure storage, key handling, and services
• Trusted Firmware configuration (TF-A/TF-M) and platform bring-up for SoC security features
• Cryptography and key management: PKCS#11 providers, TPM 2.0 (tpm2-tss, tpm2-tools), sealed secrets
• Attestation and identity: EK/AK provisioning, device attestation and trust establishment
• Secure update lifecycle: anti-rollback counters, rollback protection, integrity and authenticity
• Operational security: SBOM generation, vulnerability management, audit logging and monitoring

DevOps & Quality

• CI/CD for BSPs and firmware
• Containerized developer environments
• Hardware-in-the-loop testing
• Security audits and hardening
• Documentation and knowledge transfer