Talks
Secure by Default? Unified Bootflows from Factory to Field
OSADL COOL April 2026 edition [abstract ☍]
Discussion of a “Secure-by-Default” boot model combining barebox’s new security features, hardening measures as well as non-technical improvements in the release process.
Build Once, Trust Always: Single-Image Secure Boot with barebox
FOSDEM 2026: Embedded Devroom [slides & recording ☍]
Eliminate multiple bootloader variants while preserving secure debugging and recovery using new barebox functionality.
Netboot without throwing a FIT
FOSDEM 2026: Kernel Devroom [slides & recording ☍]
Use Kbuild FIT support and initramfs tricks to easily network boot a kernel and its modules without touchig the on-disk rootfs. The conference-driven development resulted in barebox’s devboot feature.
Hardening the Barebox Bootloader
Linux Security Summit Europe 2025 [schedule ☍] [recording ☍]
Recounting recent efforts to improve barebox security posture.
Bootloaders Under Fire: Real-World Threats and Practical Defenses
Embedded Linux Conference Europe 2025 [schedule ☍] [recording ☍]
Looking at some attacks against U-Boot and barebox bootloaders and how barebox changed in response. First introduction of the barebox security policy framework.
Das Hoch und Runter mit ARM-Systemen (German)
FrOSCon 2025 [schedule ☍] [recording ☍]
A (German) walkthrough of NXP i.MX8M bootstrap. From Boot ROM through barebox to Linux and back to power-off.
usb9pfs: network booting without the network
FOSDEM 2025: Embedded Devroom [slides & recording ☍]
This talk discusses the design of 9p and usb9pfs and showcase how streamlined development on a Yocto root file system can be with both barebox and Linux making use of usb9pfs.
Taming DMA: Tales Wrestling Memory Corruption
Embedded Linux Conference Europe 2024 [slides ☍] [recording ☍]
I speak about how strangely DMA bugs can manifest as an excuse to generate Yu-Gi-Oh! cards.
Linux Matchmaking: Helping devices and drivers find each other
FOSDEM 2024: Kernel Devroom [slides & recording ☍]
A gentle introduction into how Linux device driver probing works.
One Image to Rule Them All: Portably Handling Hardware Variants
Embedded Recipes 2023 [slides ☍] [recording ☍]
I talk about how to design an image that is portable to many differnt boards.
Wenn Geräte an Bäumen wachsen: Linux-Device-Tree-Portierung (German)
Chemnitzer Linux-Tage 2023 [slides ☍] [recording ☍]
A (german) introduction into device trees as used by Linux and barebox.
Having Something to Hide: Trusted Key Storage in Linux
FOSDEM 2023: Kernel Devroom [schedule & recording ☍]
Introduction to the kernel’s trusted key subsystem and my work in enabling it for unattended disk decryption on NXP’s i.MX line of embedded SoCs.
From Zero to A/B: Swimming Upstream with Yocto, Barebox and RAUC
Embedded Linux Conference Europe 2022 [slides ☍] [recording ☍]
Building an OTA-capable Yocto-based BSP with mainline components and no vendor layer.
DOOM auf STM32: Barebox Mars Domination (German)
Chemnitzer Linux-Tage 2022 [slides & recording ☍]
For kicks, I ported DOOM onto a MMU-less STM32F4 microcontroller and talked about it.
DOOM portieren für Einsteiger - Heavy Metal auf Bare Metal (German)
FrOSCon 2021 [slides ☍] [recording ☍]
“DOOM as a boot splash. How, why and how to get it on your nearest home appliance”. A (German) walkthrough on how to leverage barebox APIs to run DOOM on any hardware supported by barebox.
From Reset Vector to Kernel - Navigating the ARM Matryoshka
FOSDEM 2021: Embedded Devroom [slides & recording ☍]
A walkthrough of NXP i.MX8M bootstrap. From Boot ROM through barebox to Linux.
Initializing RISC-V: A Guided Tour for ARM Developers
Embedded Linux Conference Europe 2021 [slides ☍] [recording ☍]
A guide through the RISC-V architecture and some of its ISA extensions and a walkthrough of the barebox port to the Beagle-V Starlight.
Beyond “Just” Booting: Barebox Bells and Whistles
Embedded Linux Conference - Europe 2020 [slides ☍] [recording ☍]
Porting barebox to a new STM32MP1 board and a general discussion of design choices like multi-image, VFS, POSIX/Linux API, fail-safe updates, boot fall-back mechanisms, etc.
