Skip to main content
Category

Blog

Civil Infrastructure Platform Mini Summit 2025

By Announcement, Blog, Events, In the News

We are pleased to announce that the Civil Infrastructure Platform (CIP) will once again hold the CIP Mini Summit (Open TSC Meeting) alongside Open Source Summit Europe 2025.

Event Details

  • Date: Thursday, August 28, 2025, 13:30–17:00 (Local Time)
  • Venue: RAI Amsterdam, Amsterdam, Netherlands
  • Registration Fee: $10 (select as an add-on when registering for Open Source Summit Europe)
  • Registration Page: CIP Mini Summit Registration

Join us to explore the latest achievements and future roadmap of the CIP Project. As cybersecurity resilience becomes increasingly crucial, CIP continues to play a pivotal role in supporting industrial-grade Linux for long-term stability and security, especially in the context of emerging regulations like the Cyber Resilience Act (CRA).

Agenda

1. Opening Session (13:30–13:40)
A concise overview of the CIP project’s mission and strategic goals.

2. Working Group Updates and Future Directions

  • Kernel Team – CIP SLTS Kernel 6.12 Release and New Reference Board Support (13:40–14:20)
    Discover the groundbreaking advancements introduced in the latest CIP Super Long-Term Support (SLTS) Kernel 6.12, including support for new reference boards. Hear directly from the Kernel Team about key enhancements in performance, stability, and extended support tailored for industrial-grade systems.
  • CIP Core WG – Debian 13-Based Reference Environment (14:30–15:10)
    Gain insights into the release of the new Debian 13-based reference environment, which marks a significant milestone in strengthening CIP’s core components. Learn how this update enhances compatibility and long-term stability.
  • Security WG – Advancing IEC 62443-4-2 Compliance (15:10–15:50)
    Explore CIP’s ongoing efforts and successes in aligning with the rigorous IEC 62443-4-2 security standards. Learn about the practical implications of these security enhancements and how they empower industrial systems to meet evolving cybersecurity demands.
  • SW Update WG – TUF (The Update Framework) Integration (16:00–16:30)
    Learn about CIP’s progress in integrating TUF (The Update Framework) to enhance software update security and reliability. Discover how this approach ensures robust protection against software supply chain attacks.
  • CIP Testing WG – Ensuring Quality and Reliability (16:30–17:00)
    Understand the latest advancements in CIP’s comprehensive testing framework designed to ensure the highest standards of software quality and reliability. See how rigorous testing practices contribute directly to the dependability of CIP-supported infrastructure.

Cocktail Time

After the summit, we will host a Cocktail Time, providing an excellent opportunity to network with fellow attendees, exchange ideas, and discuss the future of CIP. Don’t miss this chance to connect!

How to Register

To attend the CIP Mini Summit, you must first register for Open Source Summit Europe 2025. Ensure you select “Civil Infrastructure Platform Mini Summit” during registration.

Visit the registration page for more details and to secure your spot.

The CIP Mini Summit is a unique opportunity for developers, engineers, and project stakeholders interested in industrial-grade Linux, long-term support strategies, and cybersecurity. We look forward to your participation!For reference, last year’s announcement is available here.

CIP is now supporting five SLTS kernels

By Blog

With the first release of a 6.12-based CIP kernel, the Civil Infrastructure Platform project extends its commitment to provide super long-term supported (SLTS) kernels to the fifth series.

The new 6.12-cip support was set up to run until mid of 2035. Combined with the other four SLTS kernels, 4.4-cip, 4.19-cip, 5.10-cip and 6.1-cip, all started with 2 years distance and all running for up to 10 years, this provides a high degree of flexibility to their users when to schedule major updates on their devices. See here for further considerations around this.

The CIP kernel, just like the whole CIP project, is a community effort. Contributions in form of test reports, fix proposals, reviews, etc. are highly welcome. And if you are relying on CIP kernels in production, please consider joining the project to help us sustaining or even expanding our work.

Kernel 6.12 will have 10 years support via CIP – Are all your maintenance problems solved?

By Blog

Author: Jan Kiszka, CIP Kernel Team Chair, Siemens

We, the Civil Infrastructure Platform project, have just announced to select the new 6.12 kernel as our 5th SLTS (super long-term stable) kernel. This means that — after 4.4, 4.19, 5.10 and 6.1 — 6.12 will also receive up to 10 years support. If your update/testing/roll-out plans are not yet aligned to the 2 years that the latest LTS kernel guarantees by now, your problems are now solved once again by CIP, right? As often, things are a bit more complex. But let’s first reflect on why there is a kernel with such long support, where it can help and where it may not be needed.

The reasons for having stable branches besides the development head should be obvious: Ensuring that complex systems with hundreds or thousands of components work smoothly can be challenging. This is not only true for Linux. Eventually, you have to switch from integrating the latest and greatest versions to eliminating problems for a feature-wise frozen set of components. Those problems may be functional issues or performance gaps, including timing constraints when running real-time workloads. However, this way of consuming a dependency via stable releases does not yet answer the question of how long to stay on a specific stable series.

Let’s assume you are on kernel version 6.12. That release is going to be maintained as an LTS kernel for 2 years now. After one year 6.18 may be selected as the next LTS, and there may be 7.3 another year later, exactly when 6.12 is discontinued. But that means you must pick up version 6.18 as a replacement of 6.12. Otherwise, if you were to wait for 7.3 and it wouldn’t work immediately for you, you could end up stuck in the field without support for the discontinued 6.12.

Are you prepared for annual major kernel updates? Are you on a mainline kernel with no, or at least very few, extra patches so that updating will be little effort? Or do you depend on a chip or board supplier who requires you to use a large out-of-tree patch set? If so, is that supplier ready to provide you with an annual update early enough so that your own integration and qualification will be ready in time? What does your continuous test strategy for upstream kernels look like? Does it allow you to identify, report and possibly hunt down non-obvious regressions early?

Updating the major kernel version every year may be too ambitious for many projects using Linux for now, particularly in the embedded space. Every additional customization step and transfer point  in your supply chain between the upstream kernel and the final deployment will make it even harder. Ideally, everyone would be working upstream first to avoid such hand-over points, but we are not yet living in an ideal world.

The CIP kernels with up to 10 years of support provide you way more flexibility regarding when you do a major update. If your product requires support for less than 10 years and you were quick to release it right after a CIP kernel was started, you may get away without any major version update in the field. More realistic is that it takes about a year, in some cases even longer, to develop a product based on a newly released CIP kernel, specifically if the supply chain is long or certification work is required. This reduces the usable support span. And as a new CIP kernel is generally selected every 2 years, you may be left with about 6-7 years of staying exclusively on the major version selected at the product launch.

No one says that you need to use the full support length of the CIP kernel, though. The wider the version jumps are, the harder it will be to find regressions and their root causes when you hit one. Instead, you may consider the CIP support length as an insurance that kicks in when you cannot switch at some earlier point, e.g. because the development and/or testing teams are fully booked or something else delays an update.

So, just use the CIP kernel and you are done? Not quite.

First of all, the extended support of CIP kernel is built on focusing its scope on a reduced set of kernel subsystems and features. You might be lucky, and your kernel configuration is already covered by the CIP project. If not, you have your first reason to join CIP: bring in your requirements and support the project in handling the additional effort this may entail. Joining also allows you to influence which SoCs and boards are actively tested, a second reason to become a member.

But even if both your configuration and your hardware are covered already, there is a third reason why you should support the CIP project if you want to use its kernel (or already do so): By the end of 2026, support for regular LTS kernels 5.10 and 6.12 will end according to current schedules. One year later LTS kernel 6.1 will reach end of life. This means the CIP project will have to maintain 4 kernels independently of LTS instead of the current 2 (4.4 and 4.19). We know how to do that, but it is clear that this task will require more hands on deck. And these hands are needed earlier in order to expand the team smoothly, give everyone a chance to get familiar with workflows and improve them before the peak workload is reached.

We need more eyes reviewing stable patches, ideally before they hit regular LTS. We need more people identifying backport candidates that get stuck between LTS versions or require extra effort to merge them into CIP kernels. And, last but certainly not least, we need more ideas and contributions to improve, together with KernelCI, the test coverage of I/O drivers in regular as well as CIP kernels so that regressions remain few and are found quickly. You can find the CIP kernel source code at https://git.kernel.org/pub/scm/linux/kernel/git/cip. Accompanying repositories containing supported kernel configurations, CVE tracking, patch review results and other bits and pieces can be found at https://gitlab.com/cip-project/cip-kernel. The CIP kernel community is exchanging patches and discussing issues on the cip-dev mailing list at https://lists.cip-project.org/g/cip-dev. In addition, there is also a weekly IRC meeting, watch out for its announcements on the mailing list. 

Enhancing Cyber Resilience with CIP

By Blog

The CIP Project is at the forefront of developing secure and robust systems for civil infrastructure. This webinar will explore the crucial relationship between CIP and Cyber Resilience, highlighting how CIP contributes to creating critical infrastructures.

Learn about:

  • CIP’s role in building secure systems
  • CIP’s approach to implementing ongoing security measures focusing on rapid response to newly discovered vulnerabilities and maintaining the integrity of critical infrastructure.
  • CIP’s adoption of the IEC-62443 standard to enhance security practices in industrial automation and control systems.

Date: Tuesday, September 3
Time: 7:00 AM PDT / 11:00 PM JST

Register today!

CIP Core supports Debian 11-based reference images

By Announcement, Blog, In the News

Author: Kazuhiro Hayashi,  CIP Core Team Chair, Toshiba

The Civil Infrastructure Platform (CIP) project has five Working Groups – Security, Kernel, Testing, Software Update and CIP Core. The CIP Core Working Group [1], which was launched in 2019, is responsible for developing, testing and maintaining tools to generate CIP Core reference file system images. We are excited to announce that the working group now supports Debian 11-based reference images. 

The CIP Core images consist of CIP kernel and Debian base systems and provide run-time environments that work with CIP reference hardware [2. ] This library of images is the foundation for CIP developers to enhance new features, test existing functions, and maintain them for the long-term. CIP users can evaluate the features with the reference images in relation to their use cases.

The isar-cip-core [3] now supports 5.10 based CIP kernel [4] and Debian 11 bullseye packages. Isar-cip-core is a set of extensions for isar (an image generation tool) to support CIP reference hardware and other features including, but not limited to, security and software updates. Debian 11 bullseye is currently the “stable” version and will be maintained by Debian project and the LTS project until June 2026. After June 2026, the Debian Extended LTS project will inherit its maintenance. The 5.10 CIP kernel is being maintained by the Linux kernel community as a long term release kernel until Dec. 2026. After this, CIP will maintain it until Jan 2031.

By supporting 5.10 CIP kernel + bullseye based CIP Core images, users can use the latest stable versions of CIP kernel and userland with all the CIP reference hardware[2], some of which are only supported by the 5.10 kernel. 

The CIP Security Working Group[5] is targeting version 5.10 CIP kernel and the bullseye based CIP image to achieve IEC-62443-4-x certification. The CIP Software Updates Working Group[6] is actively improving secure software update mechanisms by SWUpdate and secure boot and expanding devices where the features have been supported, with the latest version of CIP Core image as well as the previous.

The CIP Core Working Group plans to continue to introduce more useful features like above to the 5.10 kernel + bullseye based image and maintain them in cooperation with other working groups and related open source software communities. Contact us via the cip-dev mailing list for feedback, questions, or discussions.

[1] https://wiki.linuxfoundation.org/civilinfrastructureplatform/cip-core

[2] https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/cipreferencehardware

[3] https://gitlab.com/cip-project/cip-core/isar-cip-core

[4] https://www.cip-project.org/blog/2020/12/02/cip-to-embark-on-kernel-5-10-development-for-slts

[5] https://wiki.linuxfoundation.org/civilinfrastructureplatform/cip-security

[6] https://wiki.linuxfoundation.org/civilinfrastructureplatform/cip-sw-updates

CIP Expands Work on SLTS Kernel Maintenance

By Announcement, Blog, In the News

The Civil Infrastructure Platform project (cip-project.org) – released the first 5.10-based version of its super-long-term stable (SLTS) kernel. The 5.10-based release made official the third CIP kernel series available after 4.4-cip and 4.19-cip. It demonstrates how CIP remains committed to maintaining all SLTS versions for a minimum of 10 years after the original release.

With the recent discontinuation of the 4.4 LTS kernel by its maintainer Greg Kroah-Hartman, the CIP project now requires organized backports to one of its kernels for the first time, independently of the LTS project. The CIP kernel team already expanded its capacity last year and is well prepared to handle this task.

The CIP kernel developers will remain  involved in the review process of patches targeting related LTS kernels. CIP is actively engaged in enhancing the test infrastructure for the Linux Kernel, both through its work on the CIP SLTS Kernels and CIP’s participation in the KernelCI project.

About The Civil Infrastructure Platform (“CIP”)

The Civil Infrastructure Platform (“CIP”) is a collaborative, open source project hosted by the Linux Foundation. The CIP project is focused on establishing an open source “base layer” of industrial grade software to enable the use and implementation of software building blocks in civil infrastructure projects. Currently, civil infrastructure systems are built from the ground up, with little re-use of existing software building blocks.

The CIP project intends to create reusable building blocks that meet the safety, reliability and other requirements of industrial and civil infrastructure. By establishing this ‘base layer’, CIP aims to:

  • Speed up implementation of civil infrastructure systems;
  • Build upon existing open source foundations and expertise without reinventing non-domain specific technology;
  • Establish (de facto) standards by providing a base layer reference implementation;
  • Contribute to and influence upstream projects regarding industrial needs;
  • Motivate suppliers to actively support these platform / provide an implementation; 
  • Promote long term stability and maintainability of the base layer of code; and
  • Adopt the security standard IEC 62443

With respect to project governance, a Governing Board is responsible for financial matters while the Technical Steering Committee oversees the technical direction of the project.

For more information, please visit https://www.cip-project.org/

 

 

VES LLC Joins CIP as a Silver Member

By Announcement, Blog, In the News

Leader in custom Government off the Shelf (GOTS) infrastructure solutions becomes the newest member of Civil Infrastructure Platform (CIP)

Today, the Civil Infrastructure Platform (CIP) welcomes VES LLC as its newest member. VES is a small business Headquartered out of Aberdeen Proving Ground, Maryland with a focus on solving the Department of Defense’s (DoD) hardest Software Systems Integration challenges. VES is joining CIP to further their development of custom Government off the Shelf (GOTS) infrastructure solutions, integrating Mission Command systems, and prototyping emerging technologies for use in the Army and Joint tactical architecture.

The Civil Infrastructure Platform strives to create an open source “base layer” of industrial-grade software to enable the use and implementation of software building blocks in civil infrastructure projects. Embedded systems are crucial to civil infrastructure, including within Army operating systems and across the DoD. Given VES’ area of expertise, and CIP’s mission to establish an open source “base layer” of industrial-grade software, there’s strong alignment with both CIP and VES.

“As CIP grows, it is exciting to bring in a broader array of organizations wishing to establish a Linux-based open source base layer for industrial-grade, civil infrastructure.” said Yoshitake Kobayashi, Technical Steering Committee Chair of CIP, “We are excited to have VES on board and welcome all future collaboration within the CIP community.” 

Matthew Vidovich
CEO, VES LLC

“We are very excited to join the CIP and become an integral member of an expansive network focused on open source solutions with other industry leaders.” said VES CEO, Matt Vidovich.  “Each member of our core VES leadership team brings over 17 years of open systems architecture experience across the Department of Defense, commercial, and international markets.  We look forward to expanding our relationships and impact with other stakeholders sharing the same purpose and passion on solving the toughest open source problems with enduring solutions.”

Brad Lilly, VES Chief Technology Officer (CTO) for Systems

Brad Lilly, VES Chief Technology Officer (CTO) for Systems, stated “As a segment leader in custom DoD Linux Distributions, VES is committed to the ongoing security and maintainability for our customer’s systems. CIP has given us a strong base to build on, and we are excited to begin contributing back to help ensure CIP’s long term success.” 

Established in 2014, VES has specialized expertise in building GOTS versions of embedded Linux for Army operating systems needs, and in developing and deploying the Army Mission Command Infrastructure architecture.

Interested in becoming a CIP member, learn more here. 

Welcome IoT.bzh as a CIP Member

By Blog, Work Group

Today, CIP is thrilled to welcome IoT.bzh as the newest member of the project. The Civil Infrastructure Platform strives to create an open source “base layer” of industrial-grade software to enable the use and implementation of software building blocks in civil infrastructure projects. Embedded systems are key to the civil infrastructure.  IoT.bzh’s expertise in IoT and embedded as well as its deep history with open source, make them a welcomed voice to the CIP Project.

“As we enter into an era of ongoing security risks to our most critical infrastructure, things like updates and security are crucial. Now, more than ever, supporting CIP means investing in the long term support and maintenance on the very foundational infrastructure we all rely on, said Yoshitake Kobayashi , Technical Steering Committee Chair of CIP. “For that, we are thrilled to have IoT.bzh as a new CIP member”

IoT.bzh, leading open source company for secured embedded systems provides redpesk®, a software factory in a white box enabling users to speed up and control embedded developments from the initial design cycle until product end of life. IoT.bzh works with developers from Industrial IoT markets (automotive, marine, military, energy, aeronautics etc) to help them focusing on the differentiating applications that bring value to their business

“We are thrilled to welcome IoT.bzh to the CIP Project. As an organization, they have great experience with helping the very audience CIP also aims to support,” said Urs Gleim, CIP Board Chair. “As members of the CIP Project, we look forward to working together.” 

Interested in becoming a CIP member, learn more here. 

CIP Testing Working Group

By Blog, Work Group

Today, the Civil Infrastructure Platform has multiple requirements that need to be maintained. This is where the CIP Testing Work Group (TWG) comes in. The TWG configures and manages the automated test infrastructure for the CIP project and ensures all systems are operating correctly. Currently led by Chris Paterson (patersonc), the TWG’s main focus is on maintaining the LAVA instance that the project uses. Overall, the TWG provides the infrastructure needed to test the various CIP projects such as the Super Long Term Support (SLTS) Kernels and CIP-Core reference filesystems.

The CIP project aims to provide support for the Linux Kernel for a comparatively long time. Over time the amount of testing required will keep increasing as the project grows, so it is important to have as much of that testing as automated as possible. Without automation, the cost of testing would be prohibitive.

Under the hood 

Our Continuous Integration (CI) setup is driven by GitLab CI/CD which dynamically boots up AWS EC2 on-demand instances for our build jobs using our gitlab-cloud-ci tool.

Test jobs are also created and submitted to our LAVA instance, where they are run on QEMU virtual machines and on physical devices.

The GitLab CI pipelines that we use to build/test the Kernel are hosted in a separate GitLab repository.

Currently, CIP has two LAVA master instances (production & staging) and 5 LAVA workers (Cybertrust, Denx, Mentor, Renesas & “Chris” (staging)) in use, hosting a total of 284 devices.

The current device status can be viewed at lava.ciplatform.org.

We support all of the CIP reference platforms. We are working to expand the number of devices available, increasing reference platform availability whilst reducing test times.

Testing WG and the ecosystem 

This group is a critical part of the overall CIP ecosystems, working with other CIP WGs as well as external open source projects. For example, CIP Testing works with all of the other CIP projects and working groups as most, if not all require the ability to test their software. Outside of CIP the testing group collaborates with other open source projects such as KernelCI, LAVA and Linaro’s test definitions. CIP also builds and boot tests each stable Linux Kernel release candidate in a number of different configurations.

On the Horizon

CIP has recently started work on their third SLTS Kernel, based on v5.10.y, which means that our automated testing needs to be expanded accordingly.

On the roadmap is collaborating further with the KernalCI project on testing management. The TWG is currently working with the KernelCI project to set up CIP’s own instance of KernelCI’s back/front-end. This will allow the project to better manage its testing and automatically process and check the results for any regressions. The front-end GUI that KernelCI provides is much better for reviewing test results then the setup CIP is currently using.

Get Involved

We are always happy to collaborate with others to expand and improve our setup, whether it’s upgrading the core infrastructure or simply adding support for more test cases.

Reach out to us on IRC (Freenode #cip) or via the cip-dev mailing list.

More information on the activities of the TWG can be found on the CIP Wiki.

CIP to Embark on Kernel 5.10 Development for SLTS

By Announcement, Blog

Starting early next year Civil Infrastructure Platform will start development for the next major super long-term support (SLTS) kernel version based on upstream kernel 5.10.

This will be the third SLTS kernel maintained by CIP for the extended time frame of 10 years. The SLTS kernels differentiate from regular LTS releases in that they accept certain hardware-enabling backports of upstream accepted changes. By having the latest kernel features and device supports, the new SLTS kernel will give a new starting point for long term support. This will benefit users who are planning to embark on new industrial-grade device developments or Board Support Package (BSP) developments.

If you are relying already on CIP SLTS 4.4 or 4.19 kernels or plan to make use of the upcoming version, please consider joining the project to ensure its sustainability and help expanding SLTS support also in the future. Being a member furthermore allows to influence the project direction, the choice of reference hardware and kernel configurations that will be supported and tested.

By starting the SLTS kernel development, CIP would be ready to align with a new Debian release which is expected in 2021. The Debian Project aims to provide Linux-based operating system, Debian, to be widely used with long-term support. This enables CIP to take advantage of their activities to achieve CIP’s goal. 

End-users of CIP include systems for electric power generation and energy distribution, oil and gas, water and wastewater, healthcare, communications, transportation, and community management. These systems deliver essential services, provide shelter, and support social interactions and economic development. They are society’s lifelines, and CIP aims to contribute to and support these important pillars of modern society. Developing the next major SLTS kernel version helps CIP continue on its goal to create an interoperable open source software platform that is secure, reliable and sustainable for at least 10 years.