Open Source Summit Europe 2025: Full Schedule

25-27, August 2025
Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time, CEST (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

arrow_back View All Dates

09:00 CEST

Zephyr-friendly Embedded Display Shopping Guide - Eve Redero, Redero Tech

Tuesday August 26, 2025 09:00 - 09:40 CEST

D203

Zephyr has extensive support for all kinds of embedded displays, but sourcing a display can be confusing, especially if you want to source one with out-of-the-box Zephyr support. In this session, we will show how to choose a Zephyr-friendly display component.

The session will cover a review of several types of display techs, what are display controllers and display modules, and the most common ways of interfacing with a display.

Speakers

Eve Redero

Electronics and embedded systems engineer, Redero Tech

I have worked as an electronics and embedded systems engineer for about 10 years, mostly in consumer electronics companies. My skills set includes board design, low-level firmware development, and a bit of knowledge about board production and testing. I now work as a freelance, roaming... Read More →

Tuesday August 26, 2025 09:00 - 09:40 CEST
D203

Zephyr Developer Summit

Audience Experience Level Any

10:05 CEST

Lightning Talk: Overview of the SCMI Support in Zephyr - Laurentiu Mihalcea, NXP

Tuesday August 26, 2025 10:05 - 10:15 CEST

D202

This presentation shall provide a very brief overview of the System Control and Management Interface (SCMI) support in Zephyr. This includes an architectural overview, which will go into the different layers and components that make up the support, and a list of supported features/protocols.

Speakers

Laurentiu Mihalcea

Software Engineer, NXP

MSc student, open-source enthusiast, and contributor to Zephyr and the Linux kernel. Interested in hardware and low-level software.

Tuesday August 26, 2025 10:05 - 10:15 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

11:00 CEST

Build Distroless Containers the Easy Way: From Full Fat To Featherweight With Unbase_oci - Nikolas Kraetzschmar, SAP

Tuesday August 26, 2025 11:00 - 11:40 CEST

Emerald Room

Tired of wrangling dependencies to craft distroless containers from scratch? unbase_oci flips the script.

Instead of painstakingly building up from a minimal base, you start with a comfortable, fully-featured container—think debian or ubuntu—and develop as usual. Then, with one simple command, unbase_oci automatically strips your image down to the bare essentials by comparing it to the base and keeping only what’s truly needed.

No more trial-and-error to get your distroless image just right. Write normal Dockerfiles, enjoy all your debugging tools during dev, and let unbase_oci do the slimming for production.

It’s Bash. It’s fast. It’s minimal. It works with any OCI image and requires nothing but standard Unix tools and your container engine of choice.

Let’s stop over-engineering minimalism. Build smart, then unbase.

Speakers

Nikolas Kraetzschmar

Software Engineer, SAP

Focused on building a streamlined, security-hardened Linux for container and Kubernetes environments, with a keen interest in C programming and security.

Tuesday August 26, 2025 11:00 - 11:40 CEST
Emerald Room

Cloud & Containers

Audience Experience Level Any

11:00 CEST

BASIL - What's New, What's Next - Luigi Pellecchia, Red Hat

Tuesday August 26, 2025 11:00 - 11:40 CEST

D204

BASIL is an open source tool developed to design requirements traceability in a collaborative environment.

It supports the manipulation of multiple types of work items, such as Test Cases, Test Specifications, Software Requirements, Justifications, Documents.

It also comes with its own test infrastructure that allows users to run tests against different kind of test environments and provides capabilities to trace test executed on external test infrastructures.

BASIL development is progressing and new features become available weeks after weeks.

After an introduction of the tool for who see it for the first time,

we will go through major changes introduced in the tools as:

- SPDX traceability export in design SBOM based on Model3

- Requirements import

- Test repository scan and test case import

- User files management

- Granular user permissions definition

- External email server configuration for password reset

and through planned development as:

- Hierarchical Document Mapping

- Multiple reference document for each software component

- LAVA test plugin

Speakers

Luigi Pellecchia

Principal Software Quality Engineer, Red Hat

Luigi Pellecchia is a Principal Sw Quality Engineer at Red Hat.

Tuesday August 26, 2025 11:00 - 11:40 CEST
D204

Safety-critical Software

Audience Experience Level Any

11:55 CEST

Defense in Depth: High Speed Cloud Native With Soft- and Hardware Protected Functions - Ralph Squillace, Microsoft

Tuesday August 26, 2025 11:55 - 12:35 CEST

G001-002

GitHub is one of the largest (if not the largest) open-source code repositories in the world, but its growth creates technical challenges: How can it continue to scale up activities at its rate of growth? How can it protect activities from each other if one uses code with a malicious attack in it?

This talk describes a fun experiment using the CNCF project Hyperlight and WebAssembly (wasm) components to investigate radical scaling of GitHub events using WebAssembly Components to both handle heavy event load on smaller, less costly VMs but at the same time use Hyperlight to provide hardware protection to each individual function.

WebAssembly is a form of “cloud native binary” that runs on almost any operating system and architecture. The emerging wasm component model is a series of standards that enables any language to make use of components written in any other language while radically scoping in the capabilities of a function, giving it only the permissions to execute that the host deems necessary.

When combined with the Hyperlight project, it becomes possible to use security-in-depth features to scale compute far more with far less risk.

Speakers

Ralph Squillace

Principal Product Manager, Microsoft

Professionally trained in history; don't tell him, because he's professionally suffered in distributed applications for the past 20 years or so. A veteran of OSS wars inside the megacorp, he's thrived as the world changed. He runs Ubuntu at work, except for those times when he does... Read More →

Tuesday August 26, 2025 11:55 - 12:35 CEST
G001-002

Cloud & Containers

Audience Experience Level Any

11:55 CEST

Demystifying West - Carles Cufí, Nordic Semiconductor

Tuesday August 26, 2025 11:55 - 12:35 CEST

D202

West is Zephyr's swiss-army knife command-line tool. At its core it handles repository management, but in practice it does so much more than that. With plenty of powerful built-in features and the ability to extend its command set via the manifest file, west is able to cater for most use-cases a Zephyr user will face. This includes maintaining your own manifest as well as your own downstream of Zephyr itself or any of its ancillary repos, and even extending the west commands themselves. This talk will try to shed light on some of the most common questions around the tool, its use and its extension capabilities.

Speakers

Carles Cufí

Open Source, Nordic Semiconductor

Carles has been a firmware developer at several hardware, semiconductor and software companies for over 25 years. For the last 15 years he has worked at Nordic Semiconductor, where he was part of the team that made Nordic’s first ever Bluetooth Low Energy chip. During this time... Read More →

Tuesday August 26, 2025 11:55 - 12:35 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

13:00 CEST

The Embedded Android Developer's BoF - Chris Simmonds, 2net Ltd

Tuesday August 26, 2025 13:00 - 13:40 CEST

Elicium 2

Although Android is pretty common as an embedded operating system, there are surprisingly few opportunities for us developers to come together. This BoF is such an opportunity. If you are working with Android in embedded, Automotive, TVs, custom ROMs or even if you just find this interesting, please come along. Bring with you your experiences, tips, tricks and grumbles about developing Android devices. As a starter, here are some of the topics that have come up in previous years:

* AOSP community and community portals

* working with Google

* examples of devices running Android

* porting to new hardware

* Android in Automotive

Speakers

Chris Simmonds

Consultant, 2net Ltd

Chris Simmonds is a software consultant and trainer living in southern England. He has spent almost two decades designing and building open-source embedded systems of all shapes and sizes, and he has encapsulated much of that experience in his book, “Mastering Embedded Linux Pr... Read More →

Tuesday August 26, 2025 13:00 - 13:40 CEST
Elicium 2

Embedded Linux Conference

Audience Experience Level Any

14:10 CEST

Hotplug of Non-discoverable Hardware: Status and Future Directions - Luca Ceresoli, Bootlin

Tuesday August 26, 2025 14:10 - 14:50 CEST

Elicium 1

More and more industrial products are being designed with add-on components that can be hotplugged at runtime and connected with non-discoverable busses: I²C, MIPI CSI-2, LVDS, and seemingly simpler ones such as interrupts and GPIO lines.

Work is in progress for the kernel to support such hardware using device tree overlays. This talk describes the goals, work done and in progress and future directions. Special attention will be given to the DRM subsystem which is by far the most challenging one.

Topics covered are:

* Problem statement and overview of the goals

* Non-discoverable hotplug in general: device tree overlays and how to properly describe connectors and

add-ons (nexus nodes, export-symbols), instantiating devices, I²C bus issues

* DRM specific: hotplugging in the DRM subsystems, challenges in making DRM bridges removable, current work and next steps

Discussion about future directions will be very welcome.

Speakers

Luca Ceresoli

Embedded Linux and kernel engineer, Bootlin

Luca is an embedded Linux and kernel engineer at Bootlin, primarily working on device drivers and recently active mostly on DRM bridges, device tree overlays and various subsystem involved in hotplugging of non-discoverable devices.

Tuesday August 26, 2025 14:10 - 14:50 CEST
Elicium 1

Embedded Linux Conference

Audience Experience Level Any

14:10 CEST

Hybrid THP Mechanism. Selective Use of Huge Pages by Hot Applications - Asier Gutierrez, Huawei

Tuesday August 26, 2025 14:10 - 14:50 CEST

G104

Currently, THP policies are used globally, for the entire system. This leads to memory fragmentation and memory waste. Main memory has increased a lot faster than TLB entries, and it will continue to do so. Given the limited TLB cache entries, this becomes a serious bottleneck for real world applications. Huge pages are supposed to resolve this issue, since the a single entry in the TLB can map a big chunk of memory. However, this eventually leads to memory fragmentation and eventually the system runs out of usable memory. Hence, most sysadmins and user space application suggest to disable huge pages

We introduce a hybrid page mechanism where hot applications can use huge pages transparently, while avoiding the entire system to use huge pages.

During the talk, we will show how we managed to decrease the huge page consumption as well as benchmarks on real applications.

Speakers

Asier Gutierrez

Staff software engineer, Huawei

I am a seasoned software engineer, with a wide background in product and system programming. I have worked for big companies like Intel, IBM and Yandex, as well as small startups. I spoke at the Open Source Summit Europe in 2023 where I showed how IMA namespaces can be used to achieve... Read More →

Tuesday August 26, 2025 14:10 - 14:50 CEST
G104

Linux

Audience Experience Level Any

14:10 CEST

Your SBOM Is Lying To You – Let’s Make It Honest - Yuchen Zhang & Justin Cappos, New York University

Tuesday August 26, 2025 14:10 - 14:50 CEST

G106

SBOMs (Software Bills of Material) are essential for improving visibility and security in the software supply chain. As open-source code drives modern development, organizations face growing security risks due to limited transparency in software dependencies. Attacks like SolarWinds (2020) and Kaseya (2021) highlight the urgent need for stronger software supply chain security.

However, SBOMs are often inaccurate. This talk explores why these inaccuracies occur, how attackers exploit them, and how to address these issues. A key challenge is dependency management file analysis (e.g., cargo.toml for Rust), which struggles to track components effectively.

Enter SBOMit, an OpenSSF sandbox project leveraging in-toto attestations to create cryptographically verifiable SBOMs. By capturing supply chain steps as they occur, SBOMit enhances accuracy, mitigates tampering risks, and strengthens security. This talk examines SBOMit’s role in improving SBOM reliability across the CNCF ecosystem.

Speakers

Justin Cappos

Professor, New York University

I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.

Yuchen Zhang

Postdoctoral Associate, New York University

Yuchen is currently a postdoctoral researcher with the Secure Systems Laboratory (SSL) at the Tandon School of Engineering, New York University. He obtained his Ph.D. from the Department of Computer Science at Stevens Institute of Technology. Prior to Stevens, he completed his undergraduate... Read More →

Tuesday August 26, 2025 14:10 - 14:50 CEST
G106

Standards & Specifications

Audience Experience Level Any

14:10 CEST

Updates To Clock Management Within Zephyr RTOS - Daniel DeGrasse, Tenstorrent

Tuesday August 26, 2025 14:10 - 14:50 CEST

D202

This talk is intended serve as a continuation of my presentation for a proposed rework of Zephyr’s clock management subsystem delivered at EOSS 2024. Since then, the proposal has evolved and stabilized significantly. We will cover the current state of the implementation within Zephyr and discuss how we can work to move the implementation towards merging into mainline- if it has not merged by the time of the conference. Beyond this, the presentation will include detailed examples of how to implement clock management drivers and consume the clock management subsystem within peripheral drivers. This presentation will offer Zephyr driver maintainers as well as downstream consumers a chance to discuss and influence the direction we are taking regarding improving clock management within Zephyr.

Speakers

Daniel DeGrasse

Firmware Engineer, Tenstorrent

Daniel DeGrasse is the Zephyr maintainer of the disk, MIPI DBI, and SDMMC subsystems. He works as a firmware engineer at Tenstorrent, and is primarily focused on improving generic subsystems within Zephyr, as well as continuous integration

Tuesday August 26, 2025 14:10 - 14:50 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

14:10 CEST

OpenSSH + FIDO Workshop - Joost van Dijk, Yubico

Tuesday August 26, 2025 14:10 - 15:45 CEST

TBA

OpenSSH has built-in support for FIDO security keys since version 8.2 (released in 2020). This means you can protect your SSH private keys using security keys, similar to how this can be done with OpenPGP smart cards and cryptographic tokens that support PKCS#11. Although such devices all allow you to protect your private keys using cryptographic hardware, the benefits on using FIDO include:

- FIDO is easier to use, especially for beginners

- security keys can be used on the web as well to store passkeys

- no need for vendor-specific software (like PKCS#11 modules)

- security keys are inexpensive

- FIDO features device attestation, which lets you cryptographically prove you are using a specific security key make and model.

In this talk, we will give a short introduction to FIDO security keys, and provide several demos of the use of security keys with OpenSSH, such as signing arbitrary data, authenticating to remote systems, and using key attestation.

The talk consists of a number of demos that participants can follow along on their system. Participants can bring their own security key (any vendor will do). If they do not own a security key one will be provided to them.

Speakers

Joost van Dijk

Sr Solutions Architect, Yubico

Joost van Dijk is a Solutions Architect at Yubico. He focuses on securing digital identities and accelerating the adoption of open source authentication standards as part of Yubico's developer program.

Tuesday August 26, 2025 14:10 - 15:45 CEST
TBA

Digital Trust

Audience Experience Level Any

15:05 CEST

Health Check-ups on OSS Software Projects: Managing Risks While Promoting (Re)use - Johan Linåker, RISE Research Institutes of Sweden

Tuesday August 26, 2025 15:05 - 15:25 CEST

G107

Open Source Software (OSS) intake is ever growing. An international Telco recently reported a surge from 30 to over 60,000 unique OSS components annually. However, this rapid adoption also introduces risks. The quality and security of OSS depend heavily on the maintenance efforts and health of its community.

In this talk, we show how organizations can systematically monitor the health of their OSS dependencies. This involves assessing the long-term viability and quality of OSS projects, akin to a medical check-up. Our study, detailed in the OSS Metrics chapter of the TODO group's OSPO book, identified 21 key health aspects through literature review and expert interviews. These aspects help organizations evaluate OSS projects based on factors like community productivity, stability, and governance.

Implementing health assessments requires a tailored approach, as demonstrated in our case study with a major automotive manufacturer. We present a semi-automated process for intake-stage inspections and automated monitoring for deployed components. Continuous training and feedback sessions are essential for integrating health assessments into standard practices.

Speakers

Johan Linåker

Senior Researcher, RISE Research Institutes of Sweden

... Read More →

Tuesday August 26, 2025 15:05 - 15:25 CEST
G107

OSPOCon

Audience Experience Level Any

15:05 CEST

DTS 101: From Roots To Trees, Aka Devicetree for Beginners - Krzysztof Kozlowski, Linaro

Tuesday August 26, 2025 15:05 - 15:45 CEST

Elicium 1

Practical guide to writing Devicetree sources (DTS) and bindings for the Linux kernel. Jump in if you want to know:

1. What compatibility means between devices and how to express it in DTS.

2. What can be in DTS and what cannot.

3. Fastest way to upstream your DTS (no need for 10 iterations!).

4. Validate your DTS and live error-free ever after.

The talk will focus on Devicetree (DTS and bindings) in the context of Linux kernel, which is also applicable to several other projects like U-boot.

Speakers

Krzysztof Kozlowski

Linux Kernel Maintainer , Linaro

Krzysztof Kozlowski is an active Linux Kernel developer, working currently for Linaro. Krzysztof maintains several upstream kernel subsystems: Devicetree bindings (as a co-maintainer with Rob and Conor), Memory controller drivers, NFC subsystem with drivers, and Samsung Exynos SoC... Read More →

Tuesday August 26, 2025 15:05 - 15:45 CEST
Elicium 1

Embedded Linux Conference

Audience Experience Level Any

16:20 CEST

Power Dynamics, Rug Pulls, and Other Corporate Impacts on OSS Sustainability - Dawn Foster, CHAOSS

Tuesday August 26, 2025 16:20 - 17:00 CEST

G107

Power imbalances are everywhere, including in our OSS projects, and in today’s cloud native world, the power dynamics have gotten even more complex. We’ve recently seen an increase in relicensing of open source projects and other tensions within communities that are directly related to imbalances in power that cause disruption within our open source projects. The many users, contributors, and even maintainers who have less power can feel like the rug has been pulled out from under them. We have mechanisms, like forks, where those with less power can counter these moves, regardless of the forms they take.

This talk will not only help people understand the power dynamics at play, but it will also provide tangible steps that we can take as maintainers, contributors, and users to make better decisions about focusing our precious time on making our projects more sustainable. There is no way to accurately predict which projects will not be sustained, but this talk will contain suggestions for how to look for warning signs. By attending this talk, you will learn more about the power dynamics and steps that you can take to make better decisions about which OSS projects to embrace.

Speakers

Dawn Foster

Director of Data Science, CHAOSS

Dr. Dawn Foster works as the Director of Data Science for CHAOSS where she is also a board member / maintainer. She is co-chair of CNCF TAG Contributor Strategy and an OpenUK board member. She has 20+ years of experience at companies like VMware and Intel with expertise in community... Read More →

Tuesday August 26, 2025 16:20 - 17:00 CEST
G107

OSPOCon

Audience Experience Level Any

16:20 CEST

Looking at Linux as a SEooC - Kate Stewart, The Linux Foundation & Nicole Pappler, AlektoMetis

Tuesday August 26, 2025 16:20 - 17:00 CEST

D204

Linux is already being used in Safety Critical applications, mostly as a "Safety Element out of Context". This session provide some background on what this means, and the limitations of this approach. With the velocity of change of the Linux kernel, supporting this mechanism, as well as more detailed approaches is the next frontier for the kernel.

Speakers

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Nicole Pappler

Senior Safety Expert, AlektoMetis

Nicole has worked in different projects developing safety relevant embedded software before starting as an independent assessor.

Tuesday August 26, 2025 16:20 - 17:00 CEST
D204

Safety-critical Software

Audience Experience Level Any

16:20 CEST

API Lifecycle: Smarter Design and Governance With Open Tooling - Dakshitha Ratnayake, WSO2

Tuesday August 26, 2025 16:20 - 17:00 CEST

G106

As API ecosystems grow, keeping designs consistent and governance scalable can really be a challenge for both open platforms and internal teams. In this talk, we’ll dive into how AI-assisted tools, when combined with open standards and policy engines, can help simplify two of the toughest parts of the API lifecycle: design and compliance. We’ll show you how developers can use natural language prompts to generate and update OpenAPI specs, and how teams can use policy-as-code (with tools like OPA) to automate checks for things like naming, versioning, and security. You’ll walk away with practical workflows that help balance developer speed with organizational standards—all built with open source tools.

Speakers

Dakshitha Ratnayake

Director - Developer Relations, WSO2

Dakshitha is a Director of Developer Relations at WSO2, with over 15 years of experience in software development, solution architecture, and technical evangelism. Her work focuses on open-source technologies, particularly in integration, APIs, and identity and access management. She’s... Read More →

Tuesday August 26, 2025 16:20 - 17:00 CEST
G106

Standards & Specifications

Audience Experience Level Any

16:20 CEST

CANnectivity: Zephyr-based USB To CAN Adapter Firmware - Henrik Brix Andersen, Vestas Wind Systems A/S

Tuesday August 26, 2025 16:20 - 17:00 CEST

D202

A crucial component in the development of firmware utilizing Controller Area Network (CAN) communication is a host-connected CAN adapter. Several commercial and open-source solutions are available for this purpose, but each has its own limitations. The CANnectivity firmware, a Zephyr-based open-source firmware for Universal Serial Bus (USB) to Controller Area Network (CAN) adapters, aims to address these limitations.

This presentation will go over the considerations leading to the development of the CANnectivity firmware, its intended use cases, and the advantages it offers over existing solutions. I will provide an overview of the firmware’s architecture, the automated testing procedures currently in place for validation, and the future plans for its enhancement.

CANnectivity is available at https://github.com/CANnectivity/cannectivity

Speakers

Henrik Brix Andersen

Lead Embedded Software Engineer, Vestas Wind Systems A/S

Henrik Brix Andersen is Lead Embedded Software Engineer at Vestas Wind Systems A/S, providing firmware support for Vestas’ sustainable energy solutions. Brix is a passionate open-source software engineer and a long-standing contributor to the Zephyr RTOS project. He currently serves... Read More →

Tuesday August 26, 2025 16:20 - 17:00 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

16:20 CEST

Model-Based Testing for the Zephyr RTOS - Philipp Panzer, UL Solutions

Tuesday August 26, 2025 16:20 - 17:00 CEST

D203

The use of Zephyr in safety-critical domains poses a significant challenge with regard to certification. Since feature development in open-source projects is usually not driven by a centralized requirement specification, V&V become challenging tasks: The lack of a requirement specification makes the subject of validation hard to capture. Verification requires considerable effort for manual test creation. To address these issues, we explore a Model-Based Testing (MBT) approach for Zephyr, which involves the creation of a formal model of the system. Based on this specification, runnable test cases are automatically derived which pass if the actual software implementation aligns with the model. We present our approach of applying MBT to Zephyr's semaphore API, which uses TLA+ and generates runnable ZTest test cases. Given the promising results of our initial exploration, we want to share our ideas with the community to encourage further work in this area. We argue that an integration of MBT into Zephyr’s development cycle results in formal specifications of the system, which, combined with test generation, enable automated conformance testing and facilitate continuous certification.

Speakers

Philipp Panzer

Software Engineer, UL Solutions

Philipp Panzer studied computer science at FAU Erlangen-Nuernberg, with a focus on IT security and system software development. During his studies he worked on cloud-based data-analytics solutions at Siemens Mobility. At the end of his studies, he moved to UL Solutions, where he gained... Read More →

Tuesday August 26, 2025 16:20 - 17:00 CEST
D203

Zephyr Developer Summit

Audience Experience Level Any