Open Source Summit India 2026

Linux has long been the backbone of open innovation in computing, yet access to fully open, Linux-native Electronic Design Automation (EDA) workflows remains limited due to proprietary tools, restrictive licenses, and platform lock-in. eSim(https://esim.fossee.in) is an open-source EDA platform developed under the FOSSEE (Free/Libre and Open Source Software for Education) project at IIT Bombay, designed to bring complete circuit design and simulation workflows to the Linux ecosystem.

This talk presents eSim as a Linux-first, fully open-source EDA solution that integrates schematic capture, SPICE-based simulation, PCB design workflows, and support for open PDKs using established open-source tools and standards. Built to run natively on Linux distributions, eSim enables students, educators, and researchers to design and simulate electronic circuits without relying on proprietary software, aligning closely with Linux principles of transparency, and freedom.

The session will showcase real-world adoption of eSim across academic institutions and future directions toward scalable, reproducible, and community-driven open hardware design.

We trust ISP-provided routers with authentication, firmware updates, and remote management. Yet, many remain opaque black boxes running outdated, poorly audited software built on open source tools.
In this session, we open that box.
Using a commercially deployed embedded Linux router, I will demonstrate a practical workflow for analyzing locked-down firmware and reclaiming control with open source tools.

First, the Security Lesson: We will walk through firmware extraction and forensic analysis in a structured way. This includes inspecting the flash storage, reverse engineering vendor binaries to uncover hardcoded passwords, and manipulating U-Boot to alter the boot process to gain root access. The focus throughout is understanding how embedded Linux systems are built and identifying where security assumptions fail.

Second, the Practical Upgrade: With root access secured, we move beyond analysis to utility. We will transform the router into a network-wide ad blocker using lightweight tools like dnsmasq, demonstrating how open source enables device longevity and architectural control.
This session is not about breaking devices; it is about understanding and reclaiming them.

Unpatched vulnerabilities don't break builds, but can compromise entire infrastructures. A single neglected CVE in an embedded device can be a ticking time bomb, potentially causing millions in damages. But in an ocean of CVE's known vulnerabilities, how do you achieve high detection rates without drowning in false positives?

This session touch bases the lifecycle of a CVE, their exploitability, including how CVSS scores are calculated. It then addresses "translation problem"-explaining why different OS ecosystems label and backport CVEs differently, often confusing automated scanners.

Next, the talk deep-dives into practical solutions, demonstrating how to use SBOMs to map dependencies and implement a semi-automated, custom scanning strategy on top of it to maximize threat detection.

Finally, it focuses on practical application within the Yocto Project. The session explores "sustainability loop," sharing tips for applying security patches and version upgrades without breaking the build and dicusses why hoarding local patches creates crushing technical debt, and why pushing fixes upstream is the most strategic, secure choice for both their organization and open-source community.

Bootloaders are critical foundation of Android boot process, responsible for everything from hardware initialization to kernel handoff. However, the current landscape is heavily fragmented, with each silicon vendor and OEM maintaining different bootloader implementations. This diversity leads to duplication of effort, slower security patching, and complex barriers to upgrading the Android boot framework across the ecosystem.
To address these challenges, Google has introduced Generic BootLoader (GBL) - a unified, Rust-based bootloader developed within the Android Open Source Project (AOSP). Designed as a UEFI application, GBL standardizes the boot flow across x86, ARM64, and RISC-V architectures and can be deployed across various existing firmware stacks, including U-Boot, EDK2, and LittleKernel.
This session provides a deep dive into GBL’s architecture. We will explore how GBL utilizes standard upstream UEFI protocols and how it interfaces to select appropriate Device Trees (DT), apply DT fixups, and prepare prepare kernel data (bootconfig/command-line). We will also examine GBL-specific protocols handling Android requirements like A/B slots, Verified Boot (AVB), and Fastboot.

Perfetto is a tracing and profiling tool developed by Google and well integrated into Android. It's also used for Chromium and can be used on any Linux device, too.

In this talk, I want to give a practical and hands-on introduction to Perfetto. I will briefly describe the architecture of Perfetto which consists of the trace recording, trace analysis and trace visualization. Then I will describe and explain thfe key features of the Perfetto UI for tracing and profiling Android applications, native services, binder communication and gernally the Linux kernel, e.g., the ftrace events for IRQs or the scheduler. I will also present specialized features in Perfetto that the Android team implemented to analyze the graphics stack. Additionally, I will share real world usage tips and common pitfalls to avoid from my project experience. And at the end, I will showcase the SQL trace processor capability to programmatically analyze traces that can also be integrated into a command line or CI testing workflow.

S3 APIs power modern Linux infrastructure, yet most object storage traffic still relies on TCP/IP. Under high concurrency and large transfers, TCP becomes CPU-intensive and limits throughput. RDMA promises Accelerated I/O through kernel bypass and zero-copy data movement—but applying RDMA to S3 workloads is not the same as NFS or block storage.

This session explores how RDMA can accelerate S3-style object transfers in distributed storage systems. We examine memory registration strategies, connection scalability, and what changes when dealing with multipart uploads, HTTP range reads, and parallel clients.

Through real validation scenarios, we compare throughput, latency, and CPU usage across TCP and RDMA paths. We’ll also highlight where RDMA excels, and where it falls short, such as in small-object or metadata-heavy workloads.

Attendees will gain a practical framework for evaluating Accelerated I/O in their own Linux storage environments: what to measure, what to tune, and what performance gains to realistically expect.

AI is changing software delivery—but most teams don’t need more “chat with logs.” They need an engineering platform that turns delivery signals into reliable, auditable outcomes. In this session, we’ll walk through practical AI patterns for CI/CD and internal platforms using open-source building blocks: pipeline failure triage copilots grounded in CI logs and runbooks, flaky test detection, test prioritization/selection to shorten feedback loops, and change-risk scoring to drive progressive delivery.
You’ll get a reference architecture that treats the platform as a product: a unified “delivery intelligence” layer that connects Git, CI, CD, and observability (OpenTelemetry) into a closed loop—recommend → assist → automate—only within strict guardrails. We’ll cover what makes this production-safe and open-source friendly: evidence-first outputs (no claim without links), policy-as-code boundaries, secrets redaction, prompt-injection defenses, and evaluation harnesses so AI behavior is testable like any other dependency.
Attendees leave with a starter backlog, rollout plan, and metrics to prove impact (cycle time, false-red rate, MTTR, and change failure rate).

Modern platform teams are overwhelmed by reactive operations where manual escalation, delayed remediation, and siloed automation take over. This session presents Event-Driven Platform Engineering as a framework for the design of platforms from ticket-driven systems to autonomous control loops. With the aid of Kubernetes controllers, event streams, policy engines, and real-time telemetry, platforms can identify, decide, and act without recourse to human intervention. We will also look at how events from observability systems, CI/CD pipelines, policy violations, and runtime signals can be transformed into actionable triggers for automation that powers scaling, remediation, governance enforcement, and developer workflows. The talk presents a reference architecture consisting of Kubernetes operators, Prometheus metrics, event brokers, and policy-as-code frameworks for developing self-adaptive internal developer platforms. Attendees will gain a structured approach to designing event-native platforms such as MTTR reduction, SLA compliance, continuous guardrails enforcement, and developer experience enhancement that align with open-source cloud-native environments.