Debian vs Yocto for Embedded Systems
Debian and Yocto are two different approaches to providing a GNU/Linux operating system on embedded systems. In this article, we give you an overview of each, and then examine the comparative strengths and weaknesses of both approaches.
Introduction to Debian
Debian was first released as a Linux distribution by Ian Murdock in 1993. Originally designed for x86 (PC) architectures, it is known for its stability and ease of use. It is also the basis for other distributions – including Ubuntu, which is one of the most common.
It contains many thousands of packages which have been ported to various architectures including ARM; it is the ARM Debian filesystem image that is most commonly used for Debian on embedded systems.
The APT (Advanced Package Tool) allows the user to download, configure and install individual packages easily and on top of the base image.
Here is an example of installing the “iperf3” package with a single command:
villeb@villeb-dev:~$ sudo apt install iperf3
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 8,802 B of archives.
After this operation, 41.0 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic/universe amd64 iperf3 amd64 3.1.3-1 [8,802 B]
Fetched 8,802 B in 0s (121 kB/s)
Selecting previously unselected package iperf3.
(Reading database ... 275741 files and directories currently installed.)
Preparing to unpack .../iperf3_3.1.3-1_amd64.deb ...
Unpacking iperf3 (3.1.3-1) ...
Setting up iperf3 (3.1.3-1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Versions are named after characters from the Toy Story films, the current version is Buster.
Introduction to Yocto
Yocto (properly known as “Yocto Project”) is a set of tools and metadata that allows a customised Linux operating system to be compiled directly from source code.
First released in 2010, it was designed specifically to target Embedded Linux devices in IoT and similar domains. Yocto is supported directly by various chip vendors such as NXP, Renesas and STMicro for their flagship SoC products. It is based off of OpenEmbedded, a build automation framework, which began development in 2003.
Individual packages are built up via “recipes”, which contain instructions on how to fetch, configure, build and install the various pieces of software required to build a complete OS. Silicon vendors support their hardware through collections of recipes called “meta layers”.
Builds are run using the BitBake tool which works out all dependencies of a requested package and then executes everything in a series of parallelised units of work.
Here is an example of building the “core-image-minimal” filesystem for a Renesas RZG2M:
villeb@villeb-dev:~/rzg2m/oe/build$ bitbake core-image-minimal
Loading cache: 100% |##################################################################| Time: 0:00:01
Loaded 5591 entries from dependency cache.
NOTE: Resolving any missing task queue dependencies
NOTE: preferred version 2.19 of cross-localedef-native not available (for item cross-localedef-native)
NOTE: versions of cross-localedef-native available: 2.26
NOTE: Multiple providers are available for runtime lib32-initd-functions (lib32-initscripts, lib32-lsbinitscripts)
Consider defining a PREFERRED_RPROVIDER entry to match lib32-initd-functions
BB_VERSION = "1.36.0"
BUILD_SYS = "x86_64-linux"
NATIVELSBSTRING = "universal"
TARGET_SYS = "aarch64-poky-linux"
MACHINE = "hihope-rzg2m"
DISTRO = "poky"
DISTRO_VERSION = "2.4.3"
TUNE_FEATURES = "aarch64 cortexa57-cortexa53"
TARGET_FPU = ""
SOC_FAMILY = "rzg2:r8a774a1"
meta-virtualization = ":"
Initialising tasks: 100% |###################################################################| Time: 0:00:08
NOTE: Executing SetScene Tasks
NOTE: Executing RunQueue Tasks
Currently 1 running tasks (3954 of 3960) 99%
0: core-image-minimal-1.0-r0 do_rootfs - 0s (pid 17520)
Versions are named after units from the Total Annihilation PC games. The current version is Dunfell.
Ease of use
Yocto has a very steep learning curve for beginners. The Yocto combined documentation (Yocto Project Mega-Manual) is 4.6M or pure text in size (368’000 words). You have to be comfortable working with typical build systems (make, CMake, autotools etc…), have skills in various Linux tools (Git, Python, Bash), and generally be (or at least be willing to become) a strong programmer to become proficient in Yocto.
In contrast, Debian comes as a pre-built root filesystem, and once up and running on your hardware, administration of it is much like that of a Linux PC. You can simply add and remove packages (via APT) to fine-tune your system. This might allow some teams to rapidly prototype an Embedded Linux system by adding packages where needed. Some packages may require on-target compilation, and this may be slow or even impossible depending on resource constrains of the system.
Yocto wins hands-down here. Working with it for any length of time will quickly show you the ability to create as small or large a system as you desire. There is great ease to choose between init systems, display backends, audio subsystems, network managers etc.
With Debian you can make steps to move between some of these things but you can start to run into difficulties. Sometimes the order and the manner in which you remove and install packages can lead you to a “dependency hell” just as with desktop Linux.
We spoke to Software Consultant and Embedded Linux trainer Chris Simmonds of 2net.co.uk. He advocates another method for creating reproducible Debian builds:
“The method described earlier is what I call the “golden master” approach; in other words, you take a more or less full Debian image, strip out the packages you don’t want, install some new ones, and then test and refine until it does what you want. Then you clone it to all the production units.
However, the problem – as I see it – is that a golden master is hand crafted and hard/impossible to reproduce from scratch. I believe that a better approach is to use a tool such as ELBE or Armbian to create deterministic Debian images. I think they combine the best of Yocto and Debian.”
As Debian caters to the Desktop and Server markets, the release of security patches for known vulnerabilities is a high priority. Choosing an LTS support version means you may have up to five years of security updates on the following architectures (i386, amd64, armel, armhf and arm64).
Yocto leaves security more to the end user. Updates to security vulnerabilities are provided for approximately one year for each Yocto version. From 2020, the Yocto team are bringing in a two-year LTS release once every two years.
For a large system with many different components that might fall prone to security vulnerabilities, the cost of monitoring CVEs and applying patches to Yocto may become prohibitively expensive. However, for a small system with a limited attack surface, the number of security updates would be expected to be quite small.
There are tools that can perform scans for security vulnerabilities on your embedded device, and these would be considered good practice to use in either case. There are also companies that provide a security patching solution for Yocto as a consultancy service. At ByteSnap, we have gone back to provide targeted security updates for in-field customer products and due to our experience with Yocto this is relatively straightforward.
The Debian upgrade system allows all the software on the device to remain up to date through online repositories. You can also set up APT compatible repositories for your own custom application software running on the device. One problem for Embedded systems is recovery from a power failure. If an upgrade to a vital component is disturbed by a power failure, you may find the device unrecoverable, this is unacceptable for a lot of use cases.
Yocto allows for a multitude of OTA update systems to be packaged in such as RAUC, SWUpdate and Mender. These allow not only file-based updates for non-vital components but also block-based (fail-safe) upgrades for vital components with fallback recovery mechanisms built in.
Continuous Integration / Continuous Delivery (CI/CD)
Yocto is, perhaps, more suited to a CI/CD pipeline as it builds everything from source on the host computer. It typically results in a filesystem and boot objects which can then be directly applied to a device and tested. A Debian installation process may require performing many tasks on the target itself, which could take much longer to fully test.
For raw performance Yocto will win if configured correctly. Each package is only built with the features requested or needed for other packages. For example, the editor Vim will only compile with GUI features if either x11 or gtkgui is enabled.
This results in smaller binaries across the entire system and therefore faster performance. This will result in a quicker boot-time. Also, a typical Debian system may be running many unnecessary services in the background that unless removed will also hinder performance.
At ByteSnap, we tend to recommend Yocto to our customers over Debian due to its performance, small root filesystem size, and the ease of integrating safe system updates. We have had customers request Debian and in certain situations it really does make sense (use case doesn’t push limits of the processor, need for rapid prototyping, etc.). However, with Yocto, we have the experience to make the most of the flexibility afforded without spending any extra effort – which makes it a win-win.
How can ByteSnap help you today?
From start-ups to blue chips, ByteSnap’s electronic design engineers are enabling companies to stay a step ahead by providing them with bespoke solutions. Maintain your competitive edge – contact us today and let your business be among them!