 Good morning all So first off apologies My talk is going to be much shorter than anticipated a number of my team members weren't available today So I'm just going to go over a general overview of Fedora IoT And if you were here At the release party, it's going to look a little familiar So let's just get started So what is Fedora IoT? It is a focused on small edge devices. We support x86 and ar64 32-bit arm was deprecated in Fedora 36, but it is still supported in Fedora 36 It's we focus. It's an RPM OS tree based operating system with no graphical user interface If you need that, there are other offerings like silver blue and Kenote And we focus on container workflow so you can install software and you can layer Different softwares on top of the the operating system, but we do Suggests that you use containers Rather than layering software and we've also got a strong focus on security Which you'll see and we're going to be expanding that And Fedora 37 and going forward So the hardware we support UAFI is a requirement We do recommend that you have a TPM to and a hardware watchdog as well For AR 64. We support a number of edge devices And various classes of edge servers We also support the Nvidia Jetson Xavier and NX. We are working at adding The nano as well. Hopefully that'll be added in Fedora 37 We support the raspberry pi 3 and 4 and all the different variants of those two the pine 64 Couple different variants there the rock pro and the rock 64 As well as the hummingboard M from solid run For x86 the we test and we focus on the comp the lab fit lit to it does have a TPM to With it So it's a great little device the up squared As well as any generic x86 64-bit platform Should work just fine in Fedora IoT And so Fedora IoT is the upstream for Ralph Reg There was a brief gap there where most of the development was happening in rel We've moved that back to Fedora now There are major improvements coming from Ralph Reg including OS build enhancements and industry Standards like Fido device onboarding Arm is also involved with Fedora IoT Including system ready project Cassini and Parsec. We've supported Parsec for a number of releases One of our features So in Fedora 37 the IoT addition again We're adding Fido device onboarding Sign RPM contact contents by I with IMA The IoT artifacts are going to be created using using OS build And there are a bunch of different enhancements to Green Boot So what is Green Boot Green Boots health check framework for system D for OS tree based installations I don't think anyone else is using yet What it does is when the system boots up It runs a series of health checks to ensure that everything's functioning properly If not, it rolls back to the last known good configuration You're able to add in your own little bash scripts for personalized health checks By default it checks to see if you can reach the update servers But in Fedora 37 and I'm not sure if it's coming back to 36 But definitely in 37 you're going to have the ability to monitor different system D services So there's going to be a config file and you can add in a service That's important to you and that you need to make sure it's working by default. I think it includes SSATD That's a big one. Of course you want to contact Your your equipment you'll need that to come up doesn't come up It'll roll back into the last known good configuration So something that was just recently enabled in Fedora 37 is IMA that's the integrity measurement architecture So what that does is at runtime it verifies the files The that are being executed are what the build system produces If it's not exactly as the build system produces it will prevent any execution This was a security feature in Red Hat Enterprise Linux 9 that just came out recently And in Fedora IoT we're going to ship a little sample policies for users to either use as is or adapt to their needs again This is a new accepted change in Fedora 37 and brand new to Fedora We'll also support FIDO device onboarding so that allows for zero touch onboarding of devices with roots of trust and chains of trust It's a new open standard that's derived from Intel Secure device onboarding There's lots of involvement from industry leaders like the big ones Intel and ARM And Red Hat is a member of the FIDO IoT working group and actively Involved or evolving that standard. So in Fedora, we have a clean in implementation written in Rust And this is brand new change for Fedora 37 as well So Fedora IoT is going to move to OS build. We're going to be the first ones to be using OS build We're working on that right now The Fedora IoT artifacts we produced with OS build in Fedora 37 That includes the installer ISOs and the raw disk images Hopefully that'll be enabled soon Maybe as soon as next week at least the installer ISOs we hope So users are able to create their own customized images and OS tree repositories using image builder and OS build And this is a brand new change in Fedora 37 for us and I think other Other Editions will be moving to it shortly after that as well in Fedora 37. We're adding simplified provisioning So you're able to create or the image is created in OS build. You can provision your system through the network USB disk or provision in a factory And it will allow for identical deployments across a number of different devices and will allow for Features like predefined encrypt and file system. So the system is Pre-encrypted and once installed on your local system, it re-encrypts it So that it's nice and secure for your local system rather than some predefined encryption So how are we doing all this? We've got a bunch of new team members including myself. I joined the rel for edge team earlier this year We've also got a number of other people Again, the Fedora IoT is going to be the upstream for L for edge after a long departure We've also got an intern that's helping us with the outreach you programs doing fantastic work. Thank you very much Also looking for more community involvement from people like you We especially need to help testing Previously I was the QE lead in Fedora IoT. That's now been taken over by Jeffrey Maher He's doing a great job, but always can use some assistance and making sure everything works and If you're interested in contributing you can join us on the IRC and pound Fedora IoT We do have a weekly meeting in pound Fedora meeting. We've got a mailing list You can report any issues to github And all the different IoT features are listed there and our documentation is rolled into the official Fedora documentation And that's what I got for today folks again. I apologize. It's a lot shorter than we had anticipated But a number of team members are out today. So I did my best to sort of give you some general information Does anyone have any questions? How can we get more users? Matthew that is I think that some of the features that we're going to be Including in Fedora 37 are of great interest with a lot of people We've been getting a number of people coming in and asking about the Fido device on boarding so I think that that will attract new users and Some of the security features I think that people will Appreciate the security features that we've got coming in Fedora 37 And the next question from Matthew again, will I be winning my bet with Neil about OS build image builder and production for the official? I believe so so I guess Neil had a bet with Matthew that OS build wouldn't be released Already, I think that you will be winning that bet There are some some hitches we've hit and sort of the final run up To Fedora 37, but I think that the image builder team should be able to work through that And how can I preview? How can I preview access to OS build in Fedora? So currently um OS build in Fedora is it's not yet available. Um, it will be a small section I I guess you have to have image build privileges in Koji Um, and I there is discussions about expanding that further Um, but I'm not aware of where that'll be Any other questions today? Oh, they're at the top there. Okay What are the differences? I'm not familiar with uh, yak though. Um, So I'm not familiar with what the differences would be How do you feel about moving the Fedora iot discussion primarily to discussion Dot fedora project or I'm fine with it. It's um, certainly just another place that we have to Check. Um, but but yeah, I'd be certainly okay with that And where is Fedora iot expected to be useful? So edge devices Everybody's sort of using a lot of people are running different containers For local services home assistant I think there is a home assistant Demonstration a little bit later on today But it's expected to be useful at the edge For Any sort of edge devices Using it with different sensors in you know in your backyard to to measure the the temperature and humidity things like that and Do we Are you planning to focus on lower RAM device with less than one gigabyte of RAM? So yes, the lower The RAM devices shouldn't work. Okay. I think that The raspberry pi is zero Two, which I believe is 512 megs of RAM is working Okay, I had with standard fedora. I was able to use smaller devices with 256 megs of RAM Um, so that should certainly be possible. Um, I think that more testing is needed there. I'm not aware of I haven't been doing any testing with lower RAM devices Is there a chance that arm support could return the future? So I I guess that's 32 bit arm Because we do support 64 bit arm 32 bit I don't think that'll be coming back. Um, there was a number of limitations that We had in supporting the 32 bit RAM the biggest being The enterprise hardware wasn't supporting 32 bit any any longer. We were having trouble finding hardware for the build system but also You know, the devices are pretty cheap for a 64 bit arm device So we encourage people to to sort of move to 64 bit rather than 32 bit Uh is going to be a firmware device for devices or apis for applications. Uh, I Don't think that we're getting into the firm. I mean, we do provide some firmware in fedora. Um, But I'm not aware of anything being added I feel like arm devices seem mostly aimed at arm device enthusiasts. Um Like sold as bare metal boards Arm devices studios like sold as bare boards that is a project in itself Uh, I agree with you. Um to get working. Do you see that changing in the future or something is Uh, nice case Just to put on an sd card and go so, um It's actually gone a lot better. Uh, so when I started, uh working on fedora arm, um, we offered a pre-canned root file system That you had to bring your own kernel for um, and you'd explode that, you know Onto an sd card and install your kernel to get the system to boot. So it has gotten a lot better um, we could definitely use some additional tooling, uh for Creating the disk images. We currently use, uh Horrible bash script that I wrote a long time ago for myself that people encouraged me to Put out there because we had nothing else. So if you are interested in writing something we certainly would love to see the fedora arm installer replaced at some point in the future Uh, what hardware would you recommend for getting into fedora iot? um, I think the raspberry pi 4 is a Uh, great device. We have um, we are going to be supporting that in fedora fully for fedora 37 um, sort of the big limitation there was uh graphics. Um, we didn't want to say that it was supported um, fully, um Because the graphics weren't accelerated. That's changing Um, peter robinson has been doing great work to to get that enabled in fedora It has worked great as an iot device. Um for a while Again, it's just sort of the the graphical limitation was just holding us back um, so Or if you've got I mean it you can start to just play with it on a virtual machine Is a great way to just sort of get started and and take a look at it. Um, and and then if you're interested in continuing Um, raspberry pi is uh, our great device is raspberry pi 3 even, um, you know what at this point It's hard to get your hands on something like that. Um Because of the supply chain issues, I think hopefully that should be changing Uh, since it supports container workload is fedora opinionated about how containers run on the image. Um, not that i'm aware of um Freedom is one of our tenants. So Do as you will You know, you might run into issues, but uh, let us know if you do so I don't know that we have Any strong opinions about that either way What about uh risk 5? Um, so well, it's not yet supported in fedora. Um, but I think we would love to support risk 5 when uh, it is Another architecture that's uh in fedora Definitely, I'm very interested. I actually have a risk 5 device that I haven't really gotten any usage out of um, and Uh, I would love to get that working in fedora Uh, you're working with some beagle board still true. So, uh in The beagle bones, uh, beagle bone black beagle bone white our 32 bit arm devices. Um, they should Uh, I'm not sure if they work. Um, you need a firmware to provide a dtv Our device tree blob. Um, they do work great with standard fedora. Um, But I'm not sure if they're working With fedora iot wasn't something that we are actively testing. Um For fedora iot, but it they may work work. I'm just not sure offhand Is there any chance of getting fedora iot to run on ecs? Leave a minibox qc 7 10 I have no idea. I've not heard of that particular hardware. Um, if it's uh has Uh uefi I'm not sure what architecture that is either But it might work and it might work. Well, um, I just don't know Apologies, uh, if you were to have an opinion about how to best run containers, which would it be? Uh system d or micro cube Um, I don't have an opinion as to which way is the best to run containers? Um But uh, so I'm not opinionated there at all If I had to go with one of the two, I would say system d All right Well, I don't see any new questions. Um, so again, I thank you for joining the talk today I apologize. Um that it wasn't quite the talk that we were hoping to give Um, and we look forward to presenting as a larger team At a future nest event. Um, so thank you very much