Secure by Design: Enhancing Embedded Firmware Resilience with SBOM-Driven Security Analysis

As embedded devices continue to permeate critical applications, ensuring their security from the earliest stages of development has never been more essential.

This talk explores practical strategies for building ESP32-based products that are “secure by design,” with a focus on integrating Software Bill of Materials (SBOM) practices into the firmware lifecycle. Attendees will learn how SBOM security analysis tools can uncover hidden vulnerabilities, strengthen supply-chain trust, and streamline compliance efforts.

Using real-world examples from ESP32 firmware development, the session demonstrates how developers can incorporate automated analysis, dependency tracking, and continuous security validation to deliver robust and resilient embedded systems.

Go to Session

ActiveCpp: Active Objects for Modern C++

The Active Object design pattern is a concurrency pattern that decouples method execution from method invocation to enhance the responsiveness and scalability of an application. This pattern is particularly useful in scenarios where multiple operations need to be performed concurrently without blocking the main thread of execution.

This talk presents modern methods for the Active Object design pattern, also known as Actor objects, in C++ and introduces activecpp (https://github.com/samiralavi/activecpp), a useful single-header templated library to implement this pattern effectively. Key features of the Active Object design pattern, alongside best practices for low-power embedded systems, are discussed, and the activecpp library is showcased for a typical IoT application on an ESP32-S3 SoC-based devkit.

Go to Session

Firmware Co-Design & Development for IP Cores in C++/SystemC using Verilator

Co-design of software and hardware for FGPA-based embedded systems has become a major challenge for tech companies, pushing them to follow development processes that require special care to lower the risks. The risk becomes a major factor for system on chip (SoC) solutions with integrated intellectual property (IP) cores that require custom firmware or driver development. A solution to this problem that has received a lot of interest in the last few years is by simulating the IPs and using them to design and validate the corresponding software stacks. Verilator is an open-source tool that is specifically developed for this purpose to simulate the IPs written in Verilog or SystemVerilog hardware description languages. In this talk, I am going to discuss the following topics for the audience:

• A brief introduction to SystemC and simulation of logic blocks in C++
• Common processes for co-design of firmware and FPGA IP cores
• Introduction to Verilator and using it for creating simulation models from IP cores
• Protecting IPs by encrypting their simulated models and sharing pre-releases
• An example workflow for Verilog IP simulation and firmware design in C++
• Analysis of simulation results with open source tools
• Real-time simulation of verilated models with QEMU for system integration

Go to Session