Zephyr Project:

Unlocking Innovation with an

Open Source RTOS

Kate Stewart, The Linux Foundation

Carles Cufi, Nordic Semiconductor
Marti Bolivar, Nordic Semiconductor
Copyright © 2020 The Linux Foundation. Made avaiilable under Attribution-ShareAlike 4.0 International
Zephyr Project
• Open source real time operating system Open Source, RTOS, Connected, Embedded
Fits where Linux is too big
• Vibrant Community participation
• Built with safety and security in mind
• Cross-architecture with broad SoC and Zephyr OS
development board support. 3rd Party Libraries
• Vendor Neutral governance Application Services
• Permissively licensed - Apache 2.0 OS Services
• Complete, fully integrated, highly Kernel
configurable, modular for flexibility
HAL
• Product development ready using LTS
includes security updates
• Certification ready with Auditable
Products Running Zephyr Today

Grush Gaming hereO

Proglove Rigado IoT Gateway Distancer
Toothbrush Smartwatch

Ellcie-Healthy Smart Intellinium Safety Adero Tracking Anicare Reindeer

GNARBOX 2.0 SSD Sentrius
Connected Eyewear Shoes Devices Tracker

GEPS Point Home Alarm RUUVI Node HereO Core Box Safety Pod
Zephyr Supported Hardware Architectures

Cortex-M, Cortex-R
& Cortex-A X86 & x86_64

32 & 64 bit
Xtensa

Coming soon:
Development Boards Shipping with Zephyr Today

Nordic Thingy91 Phytec Reel Board Icarus (Adafruit Feather) - Actinius

Antmicro Badge Phytec Link Board BASE Electronuts Papyr

Board Support – 200+ and growing

Arduino Due Nucleo 103RB Adafruit Feather Nucleo64 L476RG Nucleo F411RE NRF91 pca10090 Nucleo F334R8 Synopsys EMSK

Minnowboard Altera MAX10 Nucleo 401RE Vega Board ARM V2M MPS2 STM3210c Atmel SAM E70 NRF51

NXP FRDM K64F NRF52 Seed Carbon TI Launchpad Wifi BBC Microbit STM32373c Redbear BLE Nano 96b Neon Key

STM32 Olimexino STM Mini A15 Seeed Nitrogen ARM V2M Beetle Zedboard Pulpino NXP FRDM-KW41Z SiFive HiFive1 NXP i.MX RT1050

http://docs.zephyrproject.org/boards/boards.html
Code Repositories
Backports & Keeping
Configurations in Sync

Long Term
Development Support Auditable
Community Safety & Security
“Stable”
Contributions Processes
via DCO

Certifiable
Releases LTS Releases Releases
Zephyr OS: Long Term Support (LTS - 1.14)
It is:
• Product Focused
• Current with latest Security Updates
• Compatible with New Hardware: We will make point releases throughout
the development cycle to provide functional support for new hardware.
• Tested: Shorten the development window and extend the Beta cycle to
allow for more testing and bug fixing
• Supported for 2 years

It is not:
• A Feature-Based Release: focus on hardening functionality of existing
features, versus introducing new ones.
• Cutting Edge
Zephyr OS: Long Term Support (LTS - 1.14)

Delivering bug fixes and latest security updates!

9
Vulnerability Management Process

●Early in 2020 the project received a

bulk vulnerability report
●Highlighted need to better document
vulnerability management processes
●Added vulnerability reporting to project
docs and top level web pages
●Process:
○Embargo period
○Stages issue goes through
○Working with maintainers to see
issues fixed
○Public disclosure at end
Project Security Documentation

●Project Security Overview

●Started with documents from other
projects
●Built around Secure Development,
Secure Design, and Security Certification
●Ongoing process, rather than something
to just be accomplished
CVE Numbering Authority with PSIRT

●PSIRT is Subset of Security Subcommittee

●CNA: CVE Numbering Authority
●Registered with MITRE as the numbering authority for the
project. We issue our own CVEs
●Must satisfy MITRE documentation and process requirements
Recent Security Report

●NCC Group reported ~26 issues

●Critical, High and Medium made
into JIRA tickets
●These have now been fixed
●Embargo is past, everything
updated now in the vulnerability
report page
●Most issues identified resulted in 1
or more CVEs being reported
Results from the Report

●Most issues were fixed in reasonable

time and included in releases
●One issue, recommendation is to
disable
●Increased embargo from 60 to 90 days
○Zephyr isn’t an end product, vendors need
time to incorporate fixes into products
○Zephyr needs alert system to notify vendors
●Continue to improve process
Vulnerability Alert Registry

●For Embargos to work, product

makers need to be notified early
so they can remediate
●Created Vulnerability Registry for
vendors to register to receive
these alerts for free
●Goal: Zephyr to fix issues within
30 days and then give product
makers 60 days before
publication of vulnerability
Zephyr in RTOS Landscape 2020/08/24

#1 #1
Total Total
Contributors Commits

Rank RTOS # Rank RTOS #

1 Zephyr 747 1 Zephyr 43,312
2 mbed OS 612 2 nuttX 38,031
3 RT-Thread 288 3 RIOT 31,144
16
Github Web Traffic

2 weeks of traffic to
github.com/zephyr
code repository as
of 2020/09/22
Growing a Diverse Community!

Lifetime project participation Company Participation

over the last 12 months
• 2016/2: 80
Authors • 2020/9: 766

• 2016/2: 2,806
Commits • 2020/9: 44,306

• 2016/2: 4
Boards • 2020/9: 200+
Vibrant, Active & Global Community
> 4300 Followers on Twitter > 1200 Active on LinkedIn > 325 Members in
WeChat Group

> 1500 Active on Slack

Zephyr: Technology Overview

Ca rle s Cu fí, No rd ic Se m icon d u ctor

Zephyr Ecosystem
Zephyr Community Zephyr “Community” Kernel / drivers

• 3rd Party modules and libraries • Scheduler

• Support for Zephyr in 3rd party projects, Zephyr Project • Kernel objects and services
for example: micro-ROS, Tensorflow • low-level architecture and board support
LITE, Micropython, Jerryscript • power management hooks and low level
Zephyr OS interfaces to hardware
• Peripheral and hardware drivers
Main repository
Zephyr Project
OS Services and Low level APIs
Kernel / drivers
• SDK, west, tools and development
environment
Core modules: vendor HALs, crypto, • Platform specific drivers
AMP,
OSfilesystems
Services
• Additional middleware and features • Generic implementation of I/O APIs
• File systems, Logging, Debugging and IPC
• Device Management and Bootloader Application Services • Cryptography Services
• Networking and Connectivity
• Device Management
Core modules: vendor HALs, crypto,
Zephyr OS AMP, filesystems
Application Services
• Kernel and drivers
• OS services such as IPC, Logging, file • High Level APIs
systems, connectivity stacks, crypto • Access to standardized data models
• High Level networking protocols
Zephyr Repositories
• Ma in (or m a n ife st re p osito ry):
h ttp s://gith u b .com /ze p h yrp ro je ct-rto s/ze p h yr
• Contains all core Zephyr code
• All (or almost) code is Apache v2 licensed
• Exte rn a lly m a in ta in e d co d e is in se p a ra te re p o sito rie s
• Vendor HALs (CMSIS, stm32cube, mcux, nrfx, etc.)
• Crypto (mbedTLS)
• Filesystems (LittleFS, FATFS, etc.)
• Libraries (OpenAMP, LoRA, LVGL, OpenThread, Canopennode, etc.)
• Cle a n se p a ra tion of Ze p h yr-sp e cific co d e a n d 3rd -
p a rty p ro je cts
• Ou r m e ta -tool, we st, m a n a ge s th e re p o s
Build and configuration systems
• Ze p h yr is cro ss-p la tform a n d ca n b u ild , fla sh a n d d e b u g on a ll m a jor
Op e ra tin g Syste m s (Win d o ws, m a cOS, Lin u x)
• CMa ke
• Industry standard build system
• Cross-platform
• Extensible and script-based
• Kcon fig
• Configuration system originally developed for the Linux kernel
• Implemented in Python (so cross-platform)
• De vice tre e
• Standards-based hardware description language
• All references resolved at build-time
• Access from source code via a macro API
 Architecture
Application
• Highly Configurable, Highly Modular
Application

Smart Objects / High Level APIs / Data Models

Services

… LWM2M MQTT HTTP CoAP • Cooperative and Preemptive Threading

DTLS TLS
• Memory and Resources are typically
TCP/UDP statically allocated
Thread
Device
Mgmt

IPv6/IPv4
6LoWPAN • Integrated device driver interface
802.15.4 BLE Wi-Fi CAN ...
OS Services

Low Level API

• Memory Protection: Stack overflow
protection, Kernel object and device driver
permission tracking, Thread isolation
Systems
Logging/

Sensors
Tracing

Settings

Crypto
UART

GPIO

IPC
File
SPI
I2C

...
…

• Bluetooth® Low Energy (BLE 5.1) with both

controller and host, BLE Mesh
Kernel Services / Schedulers
Kernel

Power Management
• 802.15.4 OpenThread
Platform • Native, fully featured and optimized
Radios Sensors Crypto HW Flash networking stack

Fully featured OS allows developers to focus on the application

Kernel and drivers
Flexible and modern RTOS kernel
• Single core, SMP and AMP (via IPM driver) support
• Cooperative and preemptible threads
• Extensive set of synchronization and data-passing primitives
• User mode (userspace):
• Isolates user mode threads from kernel and each other
• Exposes a subset of kernel and driver primitives to user mode threads
• Validates all parameters through system calls
• Efficient device driver model
• Storage of constant driver data in ROM
• Direct access to Devicetree nodes
• Common APIs for all hardware implementations
Native IP Stack
• Build from scratch for Zephyr
• Using Zephyr native kernel concepts
• Dual mode IPv4/v6 stack
• TCP v4/v6, second generation
• DHCP v4; IPv4 autoconf; IPv6 SLAAC; DNS; SNTP
• Multiple network interfaces support
• Time Sensitive Networking support
• 802.1QAV API
• 802.1AS (gPTP, generalized Precision Time Protocol)
• BSD Sockets-based API
• TLS/DTLS supported via setsockopt call
• RAW socket support for IP and non-IP traffic
• Supports IP offloading
• Transparent for application using Socket API
• Compliance and security tested
• >500 automated tests for TCP level using commercial
products like IWL Maxwell Pro
Zephyr Networking Features

High-Level Protocols Supported technologies

• CoAP v1 • Ethernet
• MQTT Client v3.1.1 • Ethernet over USB
• HTTP • WiFi with IP offload
• Native HTTP client • IEEE 802.15.4 with 6Lo
• Server is implemented using
CivetWEB library
• Bluetooth LE with 6Lo
• Websocket client • CANbus with 6Lo
• SOCKS5 • PPP
• LWM2M • Serial modem interface
• Thread
• Supported by OpenThread project
Bluetooth Host and Mesh
• Bluetooth 5.1 compliant
• Low Energy & experimental
Bluetooth Classic
• Multiple HCI transports
• Qualified (as of 1.14.1) for LE
and Mesh
• Can be built separately or
combined with the controller
• Active community developing
upcoming standards
• Mesh & GATT reference stack in
Bluetooth SIG training materials
Bluetooth Low Energy Controller
Second-generation open source BLE software Controller:
• Bluetooth 5.1 compliant and qualified (v1.14.1)
• Split design with Upper and Lower Link Layers
• Support for multiple BLE radio hardware architectures
• Nordic nRF5 on Arm Cortex-M (Arm v6-M, v7-M and v8-M)
• VEGAboard on RISC-V (RV32)
• Proprietary radio and ISA (downstream only)
• Support for both Big and Little-Endian architectures
• Asynchronous handling of procedures in the ULL
• Enhanced radio utilization (99% on continuous 100ms scan)
• Latency resilience: Approx 100uS vs 10uS, 10x improvement over 1st gen
• CPU and power usage: About 20% improvement over 1st gen
• Multiple advertiser and scanner instances
Zephyr USB Device Stack
• Supports multiple MCU families (STM32, Kinetis, nRF, SAM, …)
• USB 2.0 support
• Full and High speed support
• Supported classes:
• CDC ACM, ECM, EEM
• RNDIS
• HID
• Mass Storage
• Bluetooth
• Device Firmware Update
• Tight integration with the RTOS
• Flexible descriptor instancing
• Native execution support for emulated development on Linux
• WebUSB support
Native Execution on a POSIX-compliant OS
• Build Zephyr as native Linux application
• Enable large scale simulation of network
or Bluetooth tests without involving HW
• Improve test coverage of application
layers
• Use any native tools available for
debugging and profiling
• Develop GUI applications entirely on the
desktop
• Optionally connect to real devices with
TCP/IP, Bluetooth, and CAN
• Reduce requirements for HW test
platforms during development
POSIX API on Zephyr
Provides familiar API to non-embedded programmers, Application
especially to Linux developers
Enable re-use (portability) of existing libraries POSIX
POSIX PSE52 BSD Sockets
Middleware
based on POSIX APIs PSE51
File System Networking
• Provides efficient subset appropriate for small
(MCU) embedded systems Zephyr Kernel
• POSIX API subset is increasingly popular
operating system abstraction layer (OSAL) for IoT BSP
• Supports subsets of PSE51, PSE52, and BSD
sockets API Hardware MCU/SoC

POSIX support in Zephyr

https://docs.zephyrproject.org/latest/guides/portability/posix.html
and much more...
• Powerful logging subsystem with multiple backends
• Fully-featured shell for interaction with the system
• Device Firmware Update support via multiple mechanisms
• MCUMgr (UART, BLE, TCP/IP)
• Updatehub (TCP/IP)
• Hawkbit (HTTP)
• Display support with LVGL
• Multiple filesystems and storage mechanisms
• C++ support
Thank you for watching

Ca rle s Cu fí, No rd ic Se m icon d u ctor

Building with Zephyr?

We st o ve rvie w

Ma rti Bo liva r, Nord ic Se m icon d u ctor

Outline: Presenter: Marti Bolivar

- Ze p h yr a n d we st d e ve lo p e r
- Wh a t we ’re d oin g tod a y:
- Overview of what’s available in west
- Good starting points for experimenting and getting help
- He lp fu l if you ’ve a lre a d y go n e th ro u gh th e Ze p h yr Ge ttin g Sta rte d Gu id e
fo r v2.3.0, b u t n ot re q u ire d :
h ttp s://d ocs.ze p h yrp roje ct.o rg/2.3.0/ge ttin g_sta rte d /in d e x.h tm l
What is west?
Ze p h yr’s “m e ta -to o l” o r “swiss a rm y kn ife ,” u se d fo r m a n y co m m on
d e ve lop m e n t wo rkflo ws.

An e xte n sib le com m a n d lin e too l fo r m a n a gin g a Ze p h yr wo rksp a ce :

h ttp s://d ocs.ze p h yrp roje ct.o rg/2.3.0/gu id e s/we st/in d e x.h tm l

Re com m e n d e d b u t n ot re q u ire d :
h ttp s://d ocs.ze p h yrp roje ct.o rg/2.3.0/gu id e s/we st/with o u t-we st.h tm l

De ve lop e d in its o wn git re p o sito ry:

h ttp s://gith u b .com /ze p h yrp ro je ct-rtos/we st
West “proper” vs. Zephyr uses
West “proper” Zephyr’s west usage and
extensions
● Workspace commands
(init , update , etc.) ● Zephyr module integration
● Configuration command ● Extension commands
(config ) (build , flash , debug ,
● APIs for adding extension etc.)
commands (external plug-
ins)

In the west repository In the zephyr repository

Creating a workspace: west init
$ west init - m h t t p s : / / gi t h ub . c om/ z e p hy r p r o j e c t - r t o s / z e ph yr \
- - mr v 2 . 3 . 0 z e p h y r p r o j e c t

Results (simplified) Vocabulary

z e phyr pr oj e c t ● zephyrproject: the west workspace’s top

level directory, or topdir. The . we s t
├── . we s t directory marks the topdir.
│ └── c o n f i g ● zephyr: the manifest repository (in this
example)
└── z e p h y r ● .west/config: the workspace local
└── we s t . y ml configuration file; tells west that “zephyr”
is the manifest repository
● west.yml: the manifest file; says what
other git repositories should be pulled in via
we s t u p d a t e
Manifest file, west.yml
Sim p lifie d con te n ts of
ze p h yr/we st.ym l in v2.3.0.

• remotes : where projects

can be fetched
• projects : a list of git
repositories in the
workspace
• self : configures the
manifest repository
(zephyr) itself
Manifest file semantics
zephyrproject-rtos/zephyr zephyrproject-rtos/<project>

west.yml
manifest:
projects:
- ... zephyrproject-rtos/<project>
-…
- ...

zephyrproject-rtos/<project>

Every element of the projects list is another Git repository that is included in the
upstream Zephyr project distribution.
Updating a workspace: west update
$ west update # r u n i n s i d e t h e “ z e p h y r p r o j e c t ” wo r k s p a c e

Results (simplified) Vocabulary

z e phyr pr oj e c t ● Modules: third-party code with Zephyr

├── b o o t l o a d e r integration, can be integrated into Zephyr
│ └── mc u b o o t applications, device drivers, etc.
├── mo d u l e s ● Includes things like file systems, vendor
│ └── f s HALs, etc.
│ └── f a t f s ● A small number west projects live outside
├── . we s t the modules directory. Currently just the
│ └── c o n f i g mcuboot bootloader and some additional
└── z e p h y r developer tools repositories
└── we s t . y ml
Other workspace commands
Som e a d d ition a l worksp a ce m a n a ge m e n t co m m a n d s:

list p rin t in form a tio n a b o u t p ro je cts in th e we st m a n ife st

manifest slice a n d d ice th e we st m a n ife st
diff "git d iff" fo r o n e o r m o re p ro je cts
status "git sta tu s" fo r o n e o r m o re p ro je cts
forall ru n a com m a n d in o n e o r m o re lo ca l p ro je cts

Fo r a co m p le te list of com m a n d s, in clu d in g e xte n sio n s, ru n :

$ west help
Zephyr extension commands
Som e a d d ition a l Ze p h yr d e ve lo p m e n t e xte n sio n co m m a n d s:

build com p ile ze p h yr a p p lica tio n s

flash fla sh a com p ile d a p p lica tio n to a b o a rd
debug fla sh a n a p p lica tio n a n d e n te r a d e b u gge r (u su a lly GDB)
debugserver fla sh a n a p p lica tio n a n d sta rt a d e b u g se rve r
attach a tta ch a d e b u gge r to a b o a rd with o u t fla sh in g
Most common extension issue
If you see this when running an extension like west build :

west: error: argument <command>: invalid choice: 'build'

(...)

Then you’re not in your workspace, so the extension can’t be found.

See this item on the troubleshooting page:

https://docs.zephyrproject.org/2.3.0/guides/west/troubleshooting.html#invalid
-choice-build-or-flash-etc
West configuration files
● “INI-like” (Python configparser syntax)
● We saw .west/config earlier; that’s the workspace configuration file
● You can also set user- and system-wide configuration values
● Run west config to manage your configuration
● See also: https://docs.zephyrproject.org/2.3.0/guides/west/config.html
Help and troubleshooting
Docu m e n ta tion : West page in the Zephyr guides a n d Troubleshooting
west . Also:
$ west help
List a ll co m m a n d s a n d o n e lin e h e lp fo r e a ch (in clu d in g e xte n sion s).
$ west <command> help
He lp for a sp e cific <co m m a n d >, like west help init
$ west - v <command>
Enable verbose output for <command>, like west - v init
www.zephyrproject.org
Q&A