Towards a Decade of Industrial Grade Linux: CIP’s Journey and the Road Ahead

Transcript

1. TOWARDS A DECADE OF INDUSTRIAL GRADE LINUX: CIP's Journey and

   the Road Ahead Yoshitake KOBAYASHI, CIP TSC Chair Open Source Summit Japan, Tokyo, December 8, 2025

2. About speaker Yoshitake Kobayashi CIP Technical Steering Committee Chair 2

3. Platinum Members Silver Members 3 Gold Members

4. 4 DEMOS at OSS JAPAN BOOTH! SOFTWARE UPDATE LOW POWER

5. AGENDA 5 FOUNDATIONS The origins of CIP, the crisis of

   2015, and the governance structure. THE 5 PILLARS Deep dive into Kernel, Core, Testing, Security, and Update Working Groups. THE ROAD AHEAD Future challenges: EU Cyber Resilience Act (CRA) and Community Collaboration.

6. EXECTIVE SUMMARY 6 A DECADE OF STABILITY • Milestone: CIP

   will celebrate its 10th Anniversary in April 2026 • Mission: Providing Industrial Grade Linux (IGL) as Open Source Base Layer for systems requiring 10+ years of reliability • Collaboration: Leaders like Renesas Siemens and Toshiba uniting to solve the "Maintenance Crisis." KEY ACHIEVEMENTS • Established Super Long-Term Support (SLTS) Linux® Kernels and CIP Core Packages • Alignment with critical standards (IEC 62443, EU CRA) • Contributing to upstream ecosystem (Debian LTS/ELTS, KernelCI and more) for sustainability Linux ® is a registered trademark of Linus Torvalds.

7. OUR CIVILIZATION RUNS on Linux : “Hidden” Industrial IoT Systems

   Rail automation Automatic ticket gates Vehicle control Transport Power Generation Turbine Control Energy Turbine Control Building automation Healthcare Broadcasting Others Industry automation Industrial communication CNC control Industry Linux ® is a registered trademark of Linus Torvalds. 7

8. THE CONTEXT: 2015 8 THE LONGEVITY GAP In the early-2010s,

   Civil Infrastructure faced a critical dilemma: • IT Speed: Linux kernel releases every few months. LTS lasted only 2-6 years. • OT Reality: Power plants, railways, and automation systems operate for 10, 20, or even 50 years. • The Result: Companies were forced to maintain private forks ("Reinforcing the Wheel"), leading to unmanageable costs and security risks.

9. THE FOUNDING VISION 9 The vision was revolutionary: Competitors in

   the application layer should collaborate in the non-competitive base layer. INDUSTRIAL GRADE REQUIREMENTS Super Long-Term Support: 10+ Years. Security: Continuous vulnerability management. Real-Time: Deterministic performance. "Applying Linux to the Civil Infrastructure Systems“ at LinuxCon Japan 2015

10. THE KEY CHALLENGES Apply IoT concepts to industrial systems Ensure

    quality and longevity of products Keep millions of connected systems secure • Product life-cycles of decades • Backwards compatibility • Standards • Reliability • Functional Safety • Real-time capabilities • Security & vulnerability management • Firmware updates • Minimize risk of regressions Sustainability Industrial gradeness Security 10

11. Establishing an Open Source Base Layer of industrial-grade software to

    enable the use and implementation of software building blocks for Civil Infrastructure Systems 11

12. CIP Civil Infrastructure Platform Project (https://www.cip-project.org/) LTS Long Term Support

    CIP Open Source base layer Scope of a typical Linux distribution Layered Linux distribution for industrial products, utilizing and influencing the relevant Open Source projects: WHAT is “OPEN SOURCE BASE LAYER (OSBL)” ? 12 CIP Core packages (tens) CIP kernel (based on LTS kernel) Additional packages (hundreds) company-specific middleware and applications

13. OSS Open Source Software QA quality assurance SDK software development

    kit Corporate team/ central project Companies/ Divisions Business Units/ Products Up to 70% effort reduction achievable for OSS license clearing and vulnerability monitoring, kernel and package maintenance, application adaptation and testing for an individual product. CIP Core packages (tens) Additional packages (hundreds) CIP Kernel (10+ years maintenance) MAPPING CIP into the COMPANY Domain specific extensions Domain specific extentions … Distribution Kernel Base packages, SDK, Build chain, QA Firmware update Security Hardening Container Runtime …

14. THE CIP ORGANIZATION 14

15. CIP GOVERNAMCE 15 GOVERNING BOARD • Direct project overall strategy

    • Approve a budget • Define and enforce policy for IP • Direct marketing and certification efforts TECHINICAL STEERING COMMITTEE • Coordinate the technical direction • Communicate with external and industry organizations and OSS community • Create working groups

16. CIP GOVERNANCE & STRATEGY 16 TECHNICAL STEERING COMMITTEE (TSC) The

    decision-making body for technical direction and scope. Activity evolved in three phases: 1. Phase 1 (2016-17): Definition of SLTS & "Upstream First" policy. 2. Phase 2 (2018-21): Working Group formation and Implementation 3. Phase 3 (2022-Present): Accelerating for Compliance & Resilience (CRA, SBOM).

17. User space Kernel space Linux Kernel App container infrastructure (mid-term)

    App Framework (optionally, mid-term) Middleware/Libraries Monitoring Domain Specific communication (e.g. OPC UA) Shared config. & logging Real-time / safe virtualization Tools Concepts Tracing & reporting tools Configuration management Device management (update, download) Functional safety architecture/strategy, including compliance w/standards (e.g.,NERC CIP, IEC61508) Standardization collaborative effort with others License clearing Export Control Classification On-device software stack Product development and maintenance Application life-cycle management Multimedia Security Safe & Secure Update 6 2 5 Real-time support CIP Core Packages 3 1 Super Long Term Supported Kernel (STLS) 4 Test automation 3 Build environment (e.g. bitbake, dpkg) 1 3 Long-term support Strategy: security patch management SCOPE OF TECHNICAL ACTIVITIES 17

18. THE 5 PILLARS OF CIP 18 KERNEL SLTS Kernel Maintenance

    10+ years CORE Maintained Reference Base image (based on Debian) TESTING Validation SECURITY Meet cybersecurity standard IEC62443-4 UPDATE SWUpdate & TUF

19. KERNEL TEAM (Chair: Jan Kiszka) 19

20. SUPER LONG-TERM SUPPORT (SLTS) 20 THE 10+YEAR PROMISE Standard LTS

    kernels are supported for 2-6 years. CIP extends this to 10+ years to match industrial product lifecycles. Strict Backport Policy: Backport patches should be available on upstream mainline kernel +YEARS

21. 4.4 SLTS: THE FIRST MILESTONE 21 2016 - 2027 CIP's

    first SLTS kernel was based on Linux 4.4. THE OUTCOME It served as the "Proof of Concept" for the entire CIP model. It demonstrated that companies could share the burden of deep maintenance without creating proprietary forks. • Started maintenance by Ben Hutchings and the team. • Proved that a consortium could successfully maintain a kernel for a decade. • Will reach End of Life (EOL) in Jan 2027.

22. A HISTORIC MILESTONE: 5 ACTIVE KERNELS 22 4.4/4.4-rt Self maintenance

    5.10/5.10-rt w/Upstream 6.1/6.1-rt w/Upstream 6.12 w/Upstream With the introduction of Linux 6.12-cip, CIP maintains 5 concurrent SLTS versions. 4.19/4.19-rt Self maintenance

23. 23 2021 2022 2023 2024 2025 2026 2027 2028 2029

    2030 2031 2032 2033 2034 LTS 4.4 4.19 5.10 6.1 6.12 CIP SLTS 4.4 4.19 5.10 6.1 6.12 We are here Self-maintenance Upstream First Self-maintenance Upstream First Self-maintenance Maintained by the stable team Upstream First Self-maintenance Self-maintenance Upstream First Maintained by CIP TIMELINES for CIP SLTS KERNELs (Upstream first development)

24. SOME NUMBERS FROM KERNEL TEAM ACTIVTIES 24 CONTRIBUTIOS 1000+/month LTS

    Patch reviews CVE CHECKS 2000+ fixes Counts only for 6.1.y-cip in 2024 SLTS RELEASES 466 releases August 2025 v4.4(100, rt46) v4.19(120,rt42) v5.10(61, rt26) v6.1(44, rt23) v6.12(4) REFERENCE HW 11 boards 4 architectures X86_64 Armhf Arm64 Risc V TEAM Jan Kiszka Pavel Machek Nobuhiro Iwamatsu Ulrich Hecht Masami Ichikawa (and more.)

25. KERNEL ROADMAP OVERVIEW 25 Version Maintainer(s) First Release Projected EOL

    Target Releases/Month Status 4.4 Ulrich Hecht 2017-01-17 2027-01 1 Active 4.4-rt Pavel Machek 2017-11-16 2027-01 0.5 Active 4.19 Ulrich Hecht 2019-01-11 2029-01 1 Active 4.19-rt Pavel Machek 2019-01-11 2029-01 0.5 Active 5.10 Nobuhiro Iwamatsu & Pavel Machek 2021-12-05 2031-01 1 Active 5.10-rt Pavel Machek 2021-12-08 2031-01 0.5 Active 6.1 Nobuhiro Iwamatsu & Pavel Machek 2023-07-14 2033-08 1 Active 6.1-rt Pavel Machek 2023-07-16 2033-08 0.5 Active 6.12 Nobuhiro Iwamatsu & Pavel Machek 2025-05-20 2035-06 2 Active Next SLTS TBD TBD Decision expected late 2026

26. CIP SLTS kernel development ( # of patches/ CIP patches)

    26 0 200 400 600 800 1000 1200 cip30 cip33 cip36 cip39 cip42 cip45 cip48 cip51 cip54 cip57 cip60 cip63 cip66 cip69 cip72 cip75 cip78 cip81 cip84 cip87 cip90 cip93 cip96 cip99 #patches #CIP patches 0 200 400 600 800 1000 1200 cip3 cip7 cip11 cip15 cip19 cip23 cip27 cip31 cip35 cip39 cip43 cip47 cip51 cip55 cip59 cip63 cip67 cip71 cip75 cip79 cip83 cip87 cip91 cip95 cip99 #patches #CIP patches 0 200 400 600 800 1000 1200 cip3 cip8 cip13 cip18 cip23 cip28 cip33 cip38 cip43 cip48 cip53 cip58 cip63 cip68 cip73 cip78 cip83 cip88 cip93 cip98 cip103 cip109 cip116 cip121 #patches #CIP patches 0 200 400 600 800 1000 1200 cip3 cip6 cip9 cip12 cip15 cip18 cip21 cip24 cip27 cip30 cip33 cip36 cip39 cip42 cip46 cip49 cip52 cip55 cip58 cip61 #patches #CIP patches 0 200 400 600 800 1000 1200 #patches #CIP patches 1356 0 200 400 600 800 1000 1200 cip3 cip4 cip5 cip6 cip7 #patches #CIP patches 4.4-cip 6.1-cip 6.12-cip 4.19-cip 5.10-cip

27. CIP SLTS kernel development (4.4-cip) 27 Average (cip30 - cip68)

    #LTS patches: 234.5 #CIP patches: 11.8 0 100 200 300 400 500 600 700 800 900 1000 #patches #CIP patches Average (cip69 – cip101) #CIP patches: 137.6

28. VULNERABILITY MANAGEMENT 28 THE CVE FLOOD CVEs are published day

    by day. Not all apply to industrial embedded systems. CIP TRIAGE PROCESS We filter noise from signal. • Analysis of CVEs. • Assessment of impact on CIP SLTS Kernel configurations. • Auto-Triage: Determining "Not Exploitable" based on config.

29. CIP CORE WORKING GROUP (Chair: Hirotaka Motai) 29

30. THE STRATEGIC CHOICE: DEBIAN 30 WHY NOT CREATE A NEW

    DISTRO? CIP chose not to reinvent the wheel. Instead, we chose Debian as the primary reference distribution for base system. • Debian LTS/ELTS: Existing infrastructure for long- term maintenance. CIP has joined since 2018 • Synergy: CIP sponsors and contributes to Debian, creating a win-win feedback loop • Stability: Proven track record in stability and security

31. CIP CORE PROFILES 31 TINY PROFILE Targeting resource-constrained devices (Headless

    sensor gateways, etc.). Uses BusyBox and minimal footprint. GENERIC PROFILE For standard industrial use cases. Full Debian package compatibility. Uses ISAR build system to generate custom images.

32. ENSURERING SUSTAINABILITY THROGH COLLABORATION 32 Base Debian version Status Kernel

    CPU Architecture Recipes Debian ELTS 8 jessie (2015) Supported 4.4 SLTS amd64, armhf Available(deby) EOL (2025-07-01) 10 buster (2019) Supported 4.19 SLTS amd64,arm64, armhf Available Active (2024-07-01~) 11 bullseye (2021) Supported 5.10 SLTS amd64,arm64, armhf Available ELTS not started yet 12 bookworm (2023) Supported 6.1 SLTS amd64,arm64, armhf Available ELTS not started yet 13 trixie (2025) Supported 6.12 SLTS amd64,arm64,armhf, riscv Available ELTS not started yet ISAR-CIP-CORE SUPPORT STATUS

33. REPRODUCIBLE CIP CORE 33 WHY IT MATTERS? • Verify that

    released binaries are built in trusted, transparent ways • Enable small and efficient delta updates for field devices • Improve security and reliability across industrial systems Isar-cip-core Reproducibility QEMU amd64 Reproducible QEMU arm64 Reproducible QEMU armhf Reproducible Generic x86 Reproducible Beaglebone Black Reproducible CIP GOALS • Make CIP Core images reproducible • Continuously verify reproducibility through CI

34. TESTING WORKING GROUP (Chair: Chris Paterson) 34

35. BOARD AT DESK (B@D) 35 The Challenge: Enable local testing

    using upstream method. The Solution: B@D allows developers to connect their local boards to the central CI infrastructure. • Upstream-aligned testing tools (KernelCI + LAVA) • Test on real hardware directly on your desk • Simple, distributed, and reproducible setup by a virtual machine image

36. CENTRALISD CIP TESTING ARCHITECTURE 36 LAVA Worker LAVA Master Artifact

    Storage (AWS S3) LAVA Worker Profiles CIP Reference Hardware Build and Test Built Artifacts GitLab Runners (Image builder) deby Implementations isar-cip-core CIP Kernel Debian Generic Tiny

37. CENTERIZED and KERNELCI INTEGRATION 37 NO SILOS CIP integrated with

    KernelCI, the upstream testing project. • CIP SLTS kernels are part of the KernelCI matrix. • Results are public and shared with the community. • Dashboards visualize health over years, not just days. Ref: https://dashboard.kernelci.org/tree?i=30&ts=cip

38. CIP REFERENCE HARDWARES 38 1 Tested with standard Kernel configuration

    (non-RT) 2 Tested with Real-Time enabled Kernel configuration Supported SLTS Kernels Platform Architecture v4.4 v4.4-rt v4.19 v4.19-rt v5.10 v5.10-rt v6.1 v6.1-rt v6.12 AM335x Beaglebone Black Armv7 Y Y1 Y Y1 Y T Y T Y Cyclone V DE0-Nano-SoC Development Kit Armv7 N N Y Y1 Y T Y T QEMU x86_64 Y Y1 Y Y1 Y T Y Y Y Armv7(a15) Y Y1 Y Y1 Y T Y Y Y Armv8(a53) Y Y1 Y Y1 Y T Y Y Y riscv64 N N N N Y N Y N Y RZ/G1M iWave Qseven Development Kit Armv7 Y Y2 Y Y2 Y Y Y Y N RZ/G2M HopeRun HiHope Armv8 N N Y Y2 Y Y Y Y Y SIMATIC IPC227E x86-64 N N Y Y1 Y Y Y Y SIEMENS M-COM x86-64 N N N N Y Y Y Y Y TI AM62P SoC Starter Kit board Armv8 N N N N N N N N Y OpenBlocks IoT VX2 x86-64 N N Y Y1 Y T Y T N Zynq UltraScale+ MPSoC ZCU102 Evaluation Kit Armv8 N N T T1 Y Y Y Y Candidate Reference Hardware Supported Kernels Platform Architecture v4.4 v4.4-rt v4.19 v4.19-rt v5.10 v5.10-rt v6.1 v6.1-rt Renesas RZ/Five EVK riscv64 N N N N Y T Y T

39. SECURITY WORKING GROUP (Chair: Dinesh Kumar) 39

40. SECURITY BY DEFAULT HARDENING FOR INDUSTRY CIP Core is not

    just a collection of packages; it become a secure reference. • IEC 62443 Alignment: Implementation guidelines to help members achieve certification (IEC 62443-4-x). • Secure References: e.g. Unused services removed, strict password policies. • Reproducibility: Bit-for-bit reproducible builds using ISAR. 40

41. IEC 62443-4 COMPLIANCE 41 BRIDGING OSS AND STANDARDS IEC 62443

    is one of the gold standard for industrial security. CIP helps users achieve it. • Gap Analysis: Mapping OSS development processes to IEC 62443-4-1 and 4-2. • Guidelines: Published guidance on how CIP meet requirements to help users. • Certification Ready: Reducing the cost of compliance for users.

42. CIP AS THE FIRST IEC62443-4-1 CONFORMANCE PROJECT 42 IEC62443-4-1 ASSESMENT

    CONCLUDED on August 2025 Most of the secure development practices can be met by reusing upstream as well as CIP development practices

43. CIP IEC-62443-4-2 COMPLIENCE 43 ASSESMENT CURRENTLY UNDERWAY SVV-1 testing was

    the most time-intensive phase, as it involves comprehensive security validation across all components Final assessmen t results IEC62443- 4-2 final assessment SVV testing (in- progress) SVV-1 SVV-2 SVV-3 SVV-4 DONE >40% 0% 0%

44. SOFTWARE UPDATE WORKING GROUP (Chair: Kazuhiro Hayashi) 44

45. SECURE & ROBUST UPDATE with CIP SOFTWARE UPDTAE CIP SOFTWARE

    UPDATE FEATURES Drives sustainable software lifecycle management for industrial-grade Linux systems • Integration: Using SWUpdate, TUF and WFX • A/B Partitioning: Updates install to an inactive partition. • Delta update: Reduces the size of update images • Secure: Signed and encrypted image support

46. SOFTWARE UPDATE WG UPDATES 46 Reference H/W SWUpdate Secure boot

    Secure storage QEMU Supported Supported Supported BBB Supported - - Renesas RZ/G2M Supported - - Siemens MCOM Supported Supported Supported Siemens IPC227E Supported - - TUF INTEGRATION (DONE) • Hardening update delivery system. • Uses quorum of keys to sign artifacts, reducing the impact of key compromises. • Rotation the signing keys. WFX INEGRATION (WIP) • Automate update workflow for fleet of devices at scale. • Manage update status to track any failed updates on the field.

47. THE ROAD AHEAD 47

48. CIP ACTIVITY TIMELINE 48 2016 2017 2018 2019 2020 2021

    2022 2023 2024 START 2016 SLTS Kernel Activity Started JUN 2017 Joined Real-Time Linux DEC 2024 PREEMPT_RT Mainlined! OCT 2017 CIP Core WG OCT 2018 Reproducible Builds Kernel Core Testing Security MAR 2018 IEC62443 AUG 2024 IEC62443-4-1 2025 2016 Project-X Prototype Phase APR 2018 Kernel WG Formed Chair-led structure 2016 - 2018 Board at Desk FEB 2019 Centralized Architecture OCT 2018 Security WG Launch IEC62443 SW Update OCT 2018 SW Update WG Launch JUN 2018 Debian LTS Joined Project OCT 2019 KernelCI Joined Project

49. THE REGULATORY WAVE 49 EU CYBER RESILIENCE ACT (CRA) Mandatory

    security updates for the product lifecycle. Non-compliance leads to fines. CIP AS A SHELTER CIP evolves from a "Technical Base" to a "Compliance Base." The outcomes and artifacts provided by CIP become a part of the evidence required for auditing.

50. CIP Civil Infrastructure Platform Project (https://www.cip-project.org/) LTS Long Term Support

    CIP AS AN OSBL FOR SUSTAINABLE SOCIETY 50 CIP Core packages (tens) CIP kernel (based on LTS kernel) Additional packages (hundreds) company-specific applications 10+ years SLTS Conformity of Security Standard Validated OSBL Safe and Secure Update for Sustainability

51. Join Now Join Now JOIN NOW! Join your industry peers

    in helping build and shape the ecosystem for industrial grade software, its use cases and applications. Unite with other global leaders in power generation, oil and gas, communications and many other industries to establish the software building blocks for civil infrastructure. 51

52. 52 DEMOS at OSS JAPAN BOOTH! SOFTWARE UPDATE LOW POWER

    LEGOS!

53. CONCLUSION • Our Civilization needs an Open Source Base Layer

    of industrial-grade software • Industrial-grade OSBL enhances sustainability and cyber resilience for your products and services • IEC62443-4-x compliant platform with Long-term support • Constantly striving to incorporate latest security features and updates • Engagement with multiple open-source projects (Real Time Linux, KernelCI, Reproducible builds, Debian LTS/ELTS) • CIP follows open source and upstream first principles Collaboration is the key to sustainable living Collaboration is the key to sustainable living 53

54. - CIP GitLab: https://gitlab.com/cip-project - CIP kernel: https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git CONTACTS and

    RESOURCES 54 To get the latest information, please contact • CIP Mailing list: [email protected] Other resources • X: @cip_project • CIP web site: https://www.cip-project.org • CIP source code Ref: https://cip-project.org/

55. QUESTIONS? 55 55

56. THANK YOU! 56

57. 57