Search results
Sep 7, 2020 · O blog do Sergio Prado é um site dedicado a temas como sistemas embarcados, Linux embarcado, Android e RTOS. Veja artigos, palestras, eventos e notícias sobre segurança, hardware hacking, containers e muito mais.
Feb 20, 2024 · Sergio Prado is a blogger who writes about embedded systems, Linux, RTOS and security topics. He shares his knowledge and experience on various topics such as random numbers, kernel debugging, TPM, RPMB, SBOM, encryption and Android.
My name is Sergio Prado and I am from São Paulo, Brazil. I have been working with embedded systems development for more than 25 years. I am active in the embedded systems community in Brazil and collaborate with several open source projects, including Buildroot, Yocto Project and the Linux kernel.
- What Is Sbom?
- Why Do We Need Sbom?
- How An SBOM Looks like?
- The SPDX Standard
- Producing SPDX Files
- How to Consume SPDX files?
BOM (Bill of Materials) is a familiar terminology used in engineering to describe the list of materials required to build a particular piece of hardware. SBOM stands for Software Bill of Materials and just extends this concept to the software that is shipped with the hardware. When you buy a product from the market like a snack or a candy bar, you ...
When I started my career in the 90s, it was very common to write the entire firmware for an embedded system from scratch. Nowadays, a substantial part of our work is software integration! Take for example the firmware of a modern microcontroller-based project. When working on a new project, you will start the project by integrating different softwa...
SBOM is a formal method to describe all components (libraries, executables, modules, etc) and their relationship when building a piece of software. These software components can be open source or proprietary, and the data about them can be widely available or somewhat restricted. But SBOM is not the format itself, it is just the process of creating...
SPDX (Software Package Data Exchange) is an open standard for communicating software bill of material information, including provenance, license, security, and other related information. It started in 2010 in a Linux Foundation workgroup, originally created for license compliance, but later focusing on SBOM generation. The first version of the spec...
Generating an accurate SBOM is not an easy task, and there are different ways to do it. For example, one could take the firmware of an embedded device, and via static analysis and reverse engineering tools, try to identify its software components. But some pieces of information might be difficult to collect with this technique, like provenance, dep...
There are several tools to consume SPDX files listed on the SPDX website. One of the most popular tools is called Fossology, an open-source license compliance software system and toolkit that supports different SBOM formats and standards, including SPDX files. But, at the time of writing this article, I feel we lack a nice and easy-to-use open-sour...
Back from Embedded World 2024! I had a great experience doing two talks, hanging around with friends and talking to embedded folks. Until next year embedded world Exhibition&Conference ! Obs.: I ...
Sergio Prado has been working with embedded systems for more than 20 years. He is an entrepreneur and founder of Embedded Labworks, where he gives 40+ training sessions every year. He has presented several talks and workshops in conferences like Embedded Linux Conference, Microchip Masters and Embedded Systems Conference.
Sergio Prado has been working with embedded systems for more than 25 years, providing consulting and training services for companies worldwide. He also writes on his blog at sergioprado.blog and contributes to several free and open-source projects, including Buildroot, Yocto Project, and the Linux kernel.
