Open Source Summit India 2026

Modern embedded audio devices increasingly run mainline Linux, but achieving deterministic low-latency multi-channel audio processing remains a challenge. While heterogeneous SoCs include DSP accelerators capable of handling signal processing workloads efficiently, integrating these accelerators into a standard Linux audio stack without proprietary middleware is non-trivial.
This talk presents a practical, upstream-friendly approach to building a zero-copy DSP offload framework using mainline Linux components such as remoteproc, rpmsg, and ALSA. Instead of relying on custom kernel patches or vendor-specific frameworks, the solution leverages DMA-backed shared memory and rpmsg-based signaling to enable efficient inter-processor communication between ARM application cores and a DSP.
A key focus of this session is eliminating redundant memory copies across kernel and user space boundaries. By designing a ping-pong buffer architecture with shared memory mapping and pointer-based synchronization, we achieved deterministic real-time streaming with significantly reduced CPU utilization and improved latency characteristics.

Practical guide to writing Devicetree sources (DTS) and bindings for the Linux kernel. Jump in if you want to know:
1. What compatibility means between devices and how to express it in DTS.
2. What can be in DTS and what cannot.
3. Fastest way to upstream your DTS (no need for 10 iterations!).
4. Validate your DTS and live error-free ever after.

The talk will focus on Devicetree (DTS and bindings) in the context of Linux kernel, which is also applicable to several other projects like U-boot.

Connected medical devices (IoMT) increasingly depend on Yocto‑based Embedded Linux platforms to perform critical, patient‑impacting functions. As cyberattacks on healthcare rise, securing these devices is now central to patient safety, regulatory compliance, and lifecycle quality. This session provides a practical, defense‑in‑depth blueprint for hardening IoMT devices—starting from secure boot and measured trust to OS‑level hardening, system integrity, secure OTA updates, sandboxing, runtime protection, and zero‑trust device‑to‑cloud communication.
We will map real‑world cyber trends to specific embedded mitigations and align them with global regulatory expectations for medical devices. The session also demonstrates how open‑source tools within the Yocto ecosystem can enforce reproducible security controls, generate SBOMs, and support automated vulnerability triage throughout the device lifecycle.
Attendees will gain engineering‑ready patterns to build secure, maintainable Linux‑based devices—applicable not only in healthcare, but also industrial IoT, automotive, and safety‑critical embedded domains.

Linux has long been the backbone of open innovation in computing, yet access to fully open, Linux-native Electronic Design Automation (EDA) workflows remains limited due to proprietary tools, restrictive licenses, and platform lock-in. eSim(https://esim.fossee.in) is an open-source EDA platform developed under the FOSSEE (Free/Libre and Open Source Software for Education) project at IIT Bombay, designed to bring complete circuit design and simulation workflows to the Linux ecosystem.

This talk presents eSim as a Linux-first, fully open-source EDA solution that integrates schematic capture, SPICE-based simulation, PCB design workflows, and support for open PDKs using established open-source tools and standards. Built to run natively on Linux distributions, eSim enables students, educators, and researchers to design and simulate electronic circuits without relying on proprietary software, aligning closely with Linux principles of transparency, and freedom.

The session will showcase real-world adoption of eSim across academic institutions and future directions toward scalable, reproducible, and community-driven open hardware design.

We trust ISP-provided routers with authentication, firmware updates, and remote management. Yet, many remain opaque black boxes running outdated, poorly audited software built on open source tools.
In this session, we open that box.
Using a commercially deployed embedded Linux router, I will demonstrate a practical workflow for analyzing locked-down firmware and reclaiming control with open source tools.

First, the Security Lesson: We will walk through firmware extraction and forensic analysis in a structured way. This includes inspecting the flash storage, reverse engineering vendor binaries to uncover hardcoded passwords, and manipulating U-Boot to alter the boot process to gain root access. The focus throughout is understanding how embedded Linux systems are built and identifying where security assumptions fail.

Second, the Practical Upgrade: With root access secured, we move beyond analysis to utility. We will transform the router into a network-wide ad blocker using lightweight tools like dnsmasq, demonstrating how open source enables device longevity and architectural control.
This session is not about breaking devices; it is about understanding and reclaiming them.

Unpatched vulnerabilities don't break builds, but can compromise entire infrastructures. A single neglected CVE in an embedded device can be a ticking time bomb, potentially causing millions in damages. But in an ocean of CVE's known vulnerabilities, how do you achieve high detection rates without drowning in false positives?

This session touch bases the lifecycle of a CVE, their exploitability, including how CVSS scores are calculated. It then addresses "translation problem"-explaining why different OS ecosystems label and backport CVEs differently, often confusing automated scanners.

Next, the talk deep-dives into practical solutions, demonstrating how to use SBOMs to map dependencies and implement a semi-automated, custom scanning strategy on top of it to maximize threat detection.

Finally, it focuses on practical application within the Yocto Project. The session explores "sustainability loop," sharing tips for applying security patches and version upgrades without breaking the build and dicusses why hoarding local patches creates crushing technical debt, and why pushing fixes upstream is the most strategic, secure choice for both their organization and open-source community.

Bootloaders are critical foundation of Android boot process, responsible for everything from hardware initialization to kernel handoff. However, the current landscape is heavily fragmented, with each silicon vendor and OEM maintaining different bootloader implementations. This diversity leads to duplication of effort, slower security patching, and complex barriers to upgrading the Android boot framework across the ecosystem.
To address these challenges, Google has introduced Generic BootLoader (GBL) - a unified, Rust-based bootloader developed within the Android Open Source Project (AOSP). Designed as a UEFI application, GBL standardizes the boot flow across x86, ARM64, and RISC-V architectures and can be deployed across various existing firmware stacks, including U-Boot, EDK2, and LittleKernel.
This session provides a deep dive into GBL’s architecture. We will explore how GBL utilizes standard upstream UEFI protocols and how it interfaces to select appropriate Device Trees (DT), apply DT fixups, and prepare prepare kernel data (bootconfig/command-line). We will also examine GBL-specific protocols handling Android requirements like A/B slots, Verified Boot (AVB), and Fastboot.

Perfetto is a tracing and profiling tool developed by Google and well integrated into Android. It's also used for Chromium and can be used on any Linux device, too.

In this talk, I want to give a practical and hands-on introduction to Perfetto. I will briefly describe the architecture of Perfetto which consists of the trace recording, trace analysis and trace visualization. Then I will describe and explain thfe key features of the Perfetto UI for tracing and profiling Android applications, native services, binder communication and gernally the Linux kernel, e.g., the ftrace events for IRQs or the scheduler. I will also present specialized features in Perfetto that the Android team implemented to analyze the graphics stack. Additionally, I will share real world usage tips and common pitfalls to avoid from my project experience. And at the end, I will showcase the SQL trace processor capability to programmatically analyze traces that can also be integrated into a command line or CI testing workflow.

S3 APIs power modern Linux infrastructure, yet most object storage traffic still relies on TCP/IP. Under high concurrency and large transfers, TCP becomes CPU-intensive and limits throughput. RDMA promises Accelerated I/O through kernel bypass and zero-copy data movement—but applying RDMA to S3 workloads is not the same as NFS or block storage.

This session explores how RDMA can accelerate S3-style object transfers in distributed storage systems. We examine memory registration strategies, connection scalability, and what changes when dealing with multipart uploads, HTTP range reads, and parallel clients.

Through real validation scenarios, we compare throughput, latency, and CPU usage across TCP and RDMA paths. We’ll also highlight where RDMA excels, and where it falls short, such as in small-object or metadata-heavy workloads.

Attendees will gain a practical framework for evaluating Accelerated I/O in their own Linux storage environments: what to measure, what to tune, and what performance gains to realistically expect.