Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

What is meta-timesys

This Yocto layer provides scripts for image manifest generation used for security monitoring and notification, customer support, recipe source mirroring, recipe modifications, demos, etc.

Some of the features are aimed at Timesys customers with active subscriptions. Using these features requires an API Keyfile, which you can learn about setting up from the LinuxLink document here:

Quick Start

The fastest way to try meta-timesys and its security features is to try dropping it into your existing BSP (clone alongside other layers, add to bblayers.conf). These are instructions to try it from scratch with a pretty minimal Yocto environment.

Although a build is not required to create an image manifest or use the CVE script, BitBake does need to run (to make the manifest), so it is easiest if you adhere to the Yocto system requirements as found here:

Clone poky and meta-timesys

git clone git:// -b rocko
git clone -b rocko

Activate yocto build environment (needed for manifest creation)

source poky/oe-init-build-env

Add meta-timesys to conf/bblayers.conf

Follow format of the file, just add meta-timesys after the default poky/meta, etc.

Check an Image for CVEs

When you run the following script without any arguments, you will be prompted to select an image to check (one can also be provided as an argument to skip the GUI).


Create an image manifest (optional)

The script will create a manifest automatically, but you may want to save certain configurations to pass to the script, upload to LinuxLink, or share with teammates or Timesys support. Using a pregenerated image manifest speeds up the script significantly, so doing that is recommended if your configuration is not changing often.

../meta-timesys/scripts/ core-image-minimal manifest.json

Kernel Config filter (optional)

You may pass a kernel .config file to the script, which will be uploaded to LinuxLink along with the image manifest. This filter will reduce the number of kernel CVEs reported by removing those related to features which are not being built for your kernel.

NOTE: This must be a full kernel config, not a defconfig!

../meta-timesys/scripts/ -k /path/to/kernel/.config


Steve Bedford <>

You can’t perform that action at this time.