THE LINUX FOUNDATION PROJECTS
All Posts By

Regina Nkenchor

Apr 28 2026

A Decade of Industrial Grade Linux: Reflecting on the CIP Journey and the Road Ahead

By Announcement, Blog, In the News

Author: Yoshitake Kobayashi, CIP TSC Chair, Toshiba

In April 2026, the Civil Infrastructure Platform (CIP) project will celebrate its 10th Anniversary. Over the last decade, CIP has worked to solve one of the most critical challenges facing industrial and civil infrastructure systems: the Longevity Gap with Industrial Gradeness.

Our mission has been clear from the start: to establish Industrial Grade Linux (IGL) as an Open Source Base Layer (OSBL), ensuring 10+ years of stability and reliability—an indispensable foundation for the Critical Infrastructure and Industrial Systems that power our world.

The Founding Vision: Collaboration Over Crisis

Around 2015, the industrial sector faced a dilemma. While the IT world moved at high speed with new Linux kernel releases every few months, operational technology (OT) systems—such as power plants, railways, and industrial automation—had lifecycles spanning more than 10 years, sometimes 50 years. This forced companies into expensive, insecure, and unsustainable private “forks” of Linux.

To solve this “Maintenance Crisis,” leaders like Renesas, Siemens, and Toshiba united to create a collaborative, non-competitive base layer. We defined the requirements for Industrial Grade Linux through three primary challenges:

  1. Industrial Gradeness: Ensuring Real-Time capability to provide the deterministic performance required for mission-critical control.
  2. Sustainability: Providing Super Long-Term Support (SLTS) to maintain software for 10+ years.
  3. Security: Implementing continuous vulnerability management and adherence to international industrial standards.

Five Pillars of Stability: CIP’s Core Achievements

Our journey has been built on five technical pillars, each addressing a critical need for civil infrastructure:

1. Kernel Team: The 10+ Year Promise

CIP pioneered the Super Long-Term Support (SLTS) kernel, extending maintenance far beyond standard LTS to meet industrial product lifecycles.

  • Milestone: Our first SLTS kernel, Linux 4.4, is supported from 2016-2027, proving the viability of a consortium-maintained kernel.
  • Current Status: We actively maintain five concurrent SLTS versions (4.4, 4.19, 5.10, 6.1, and 6.12). We have also successfully worked with the Real-Time Linux project to mainline PREEMPT_RT, bringing native real-time capabilities to the core Linux kernel.

2. CIP Core Working Group: Reference and Reproducibility

We strategically chose Debian as our primary reference distribution, contributing to its LTS/ELTS programs to avoid “reinventing the wheel.”

  • Profiles: We provide a Tiny Profile for resource-constrained devices and a Generic Profile for standard industrial use cases, both built using the ISAR build system.
  • Reproducible Builds: We have achieved and continuously verify bit-for-bit reproducible builds using ISAR-CIP-CORE. This is crucial for supply chain security, trusted transparency, and enabling small, efficient delta updates in the field.

3. Testing Working Group: Validation at Scale

Our testing architecture ensures the reliability of our SLTS kernels on real hardware.

  • Upstream Integration: CIP is fully integrated with KernelCI, sharing results publicly and visualizing kernel health over several years.
  • CIP Testing: What began as the “Board at Desk (B@D)” initiative has evolved into a fully distributed and highly reproducible testing environment integrated with KernelCI and LAVA, performing validation at scale.

4. Security Working Group: Conformance to Industrial Standards

Security is baked in by default, with hardening guidelines designed to meet stringent industrial requirements.

  • IEC 62443 Alignment: CIP has achieved historic milestones in industrial security. After becoming the first open-source project to complete the IEC 62443-4-1 conformance assessment in August 2024, we reached another major goal in February 2026 by successfully completing the IEC 62443-4-2 assessment. This dual achievement dramatically reduces the cost of compliance for our users.
  • Vulnerability Management: Our triage process filters the “CVE flood” to assess impact specifically on CIP SLTS kernel configurations, allowing us to focus efforts on truly exploitable risks.

5. Software Update Working Group: Secure & Robust Updates

We provide a sustainable solution for software lifecycle management by integrating SWUpdate and TUF (The Update Framework). This ensures secure delivery with signed artifacts and safe rollbacks (A/B partitioning). We are currently working on WFX integration to automate update workflows for massive device fleets at scale.

The Road Ahead: The Compliance Base

Looking forward, CIP is evolving from a “Technical Base” into a “Compliance Base.” The rise of global regulations, such as the EU Cyber Resilience Act (CRA), mandates security updates throughout a product’s entire lifecycle. CIP’s long-term maintenance approach, reproducible builds, and security artifacts will form a crucial part of the evidence required for regulatory auditing and certification.

Conclusion

Over the past ten years, CIP has successfully built the open-source foundation required by industrial systems. By enhancing sustainability through SLTS and ensuring industrial gradeness through real-time performance, we enable our members to deploy secure, reliable, and future-proof products.

As we look toward the next decade, one thing remains certain: for the civil infrastructure our civilization runs on, collaboration is the key to sustainable living.

Jun 25 2025

Civil Infrastructure Platform Mini Summit 2025

By Announcement, Blog, Events, In the News

We are pleased to announce that the Civil Infrastructure Platform (CIP) will once again hold the CIP Mini Summit (Open TSC Meeting) alongside Open Source Summit Europe 2025.

Event Details

  • Date: Thursday, August 28, 2025, 13:30–17:00 (Local Time)
  • Venue: RAI Amsterdam, Amsterdam, Netherlands
  • Registration Fee: $10 (select as an add-on when registering for Open Source Summit Europe)
  • Registration Page: CIP Mini Summit Registration

Join us to explore the latest achievements and future roadmap of the CIP Project. As cybersecurity resilience becomes increasingly crucial, CIP continues to play a pivotal role in supporting industrial-grade Linux for long-term stability and security, especially in the context of emerging regulations like the Cyber Resilience Act (CRA).

Agenda

1. Opening Session (13:30–13:40)
 A concise overview of the CIP project’s mission and strategic goals.

2. Working Group Updates and Future Directions

  • Kernel Team – CIP SLTS Kernel 6.12 Release and New Reference Board Support (13:40–14:20)
     Discover the groundbreaking advancements introduced in the latest CIP Super Long-Term Support (SLTS) Kernel 6.12, including support for new reference boards. Hear directly from the Kernel Team about key enhancements in performance, stability, and extended support tailored for industrial-grade systems.
  • CIP Core WG – Debian 13-Based Reference Environment (14:30–15:10)
     Gain insights into the release of the new Debian 13-based reference environment, which marks a significant milestone in strengthening CIP’s core components. Learn how this update enhances compatibility and long-term stability.
  • Security WG – Advancing IEC 62443-4-2 Compliance (15:10–15:50)
     Explore CIP’s ongoing efforts and successes in aligning with the rigorous IEC 62443-4-2 security standards. Learn about the practical implications of these security enhancements and how they empower industrial systems to meet evolving cybersecurity demands.
  • SW Update WG – TUF (The Update Framework) Integration (16:00–16:30)
     Learn about CIP’s progress in integrating TUF (The Update Framework) to enhance software update security and reliability. Discover how this approach ensures robust protection against software supply chain attacks.
  • CIP Testing WG – Ensuring Quality and Reliability (16:30–17:00)
     Understand the latest advancements in CIP’s comprehensive testing framework designed to ensure the highest standards of software quality and reliability. See how rigorous testing practices contribute directly to the dependability of CIP-supported infrastructure.

Cocktail Time

After the summit, we will host a Cocktail Time, providing an excellent opportunity to network with fellow attendees, exchange ideas, and discuss the future of CIP. Don’t miss this chance to connect!

How to Register

To attend the CIP Mini Summit, you must first register for Open Source Summit Europe 2025. Ensure you select “Civil Infrastructure Platform Mini Summit” during registration.

Visit the registration page for more details and to secure your spot.

The CIP Mini Summit is a unique opportunity for developers, engineers, and project stakeholders interested in industrial-grade Linux, long-term support strategies, and cybersecurity. We look forward to your participation!For reference, last year’s announcement is available here.

May 26 2025

CIP is now supporting five SLTS kernels

By Blog

With the first release of a 6.12-based CIP kernel, the Civil Infrastructure Platform project extends its commitment to provide super long-term supported (SLTS) kernels to the fifth series.

The new 6.12-cip support was set up to run until mid of 2035. Combined with the other four SLTS kernels, 4.4-cip, 4.19-cip, 5.10-cip and 6.1-cip, all started with 2 years distance and all running for up to 10 years, this provides a high degree of flexibility to their users when to schedule major updates on their devices. See here for further considerations around this.

The CIP kernel, just like the whole CIP project, is a community effort. Contributions in form of test reports, fix proposals, reviews, etc. are highly welcome. And if you are relying on CIP kernels in production, please consider joining the project to help us sustaining or even expanding our work.

Jan 13 2025

Kernel 6.12 will have 10 years support via CIP – Are all your maintenance problems solved?

By Blog

Author: Jan Kiszka, CIP Kernel Team Chair, Siemens

We, the Civil Infrastructure Platform project, have just announced to select the new 6.12 kernel as our 5th SLTS (super long-term stable) kernel. This means that — after 4.4, 4.19, 5.10 and 6.1 — 6.12 will also receive up to 10 years support. If your update/testing/roll-out plans are not yet aligned to the 2 years that the latest LTS kernel guarantees by now, your problems are now solved once again by CIP, right? As often, things are a bit more complex. But let’s first reflect on why there is a kernel with such long support, where it can help and where it may not be needed.

The reasons for having stable branches besides the development head should be obvious: Ensuring that complex systems with hundreds or thousands of components work smoothly can be challenging. This is not only true for Linux. Eventually, you have to switch from integrating the latest and greatest versions to eliminating problems for a feature-wise frozen set of components. Those problems may be functional issues or performance gaps, including timing constraints when running real-time workloads. However, this way of consuming a dependency via stable releases does not yet answer the question of how long to stay on a specific stable series.

Let’s assume you are on kernel version 6.12. That release is going to be maintained as an LTS kernel for 2 years now. After one year 6.18 may be selected as the next LTS, and there may be 7.3 another year later, exactly when 6.12 is discontinued. But that means you must pick up version 6.18 as a replacement of 6.12. Otherwise, if you were to wait for 7.3 and it wouldn’t work immediately for you, you could end up stuck in the field without support for the discontinued 6.12.

Are you prepared for annual major kernel updates? Are you on a mainline kernel with no, or at least very few, extra patches so that updating will be little effort? Or do you depend on a chip or board supplier who requires you to use a large out-of-tree patch set? If so, is that supplier ready to provide you with an annual update early enough so that your own integration and qualification will be ready in time? What does your continuous test strategy for upstream kernels look like? Does it allow you to identify, report and possibly hunt down non-obvious regressions early?

Updating the major kernel version every year may be too ambitious for many projects using Linux for now, particularly in the embedded space. Every additional customization step and transfer point  in your supply chain between the upstream kernel and the final deployment will make it even harder. Ideally, everyone would be working upstream first to avoid such hand-over points, but we are not yet living in an ideal world.

The CIP kernels with up to 10 years of support provide you way more flexibility regarding when you do a major update. If your product requires support for less than 10 years and you were quick to release it right after a CIP kernel was started, you may get away without any major version update in the field. More realistic is that it takes about a year, in some cases even longer, to develop a product based on a newly released CIP kernel, specifically if the supply chain is long or certification work is required. This reduces the usable support span. And as a new CIP kernel is generally selected every 2 years, you may be left with about 6-7 years of staying exclusively on the major version selected at the product launch.

No one says that you need to use the full support length of the CIP kernel, though. The wider the version jumps are, the harder it will be to find regressions and their root causes when you hit one. Instead, you may consider the CIP support length as an insurance that kicks in when you cannot switch at some earlier point, e.g. because the development and/or testing teams are fully booked or something else delays an update.

So, just use the CIP kernel and you are done? Not quite.

First of all, the extended support of CIP kernel is built on focusing its scope on a reduced set of kernel subsystems and features. You might be lucky, and your kernel configuration is already covered by the CIP project. If not, you have your first reason to join CIP: bring in your requirements and support the project in handling the additional effort this may entail. Joining also allows you to influence which SoCs and boards are actively tested, a second reason to become a member.

But even if both your configuration and your hardware are covered already, there is a third reason why you should support the CIP project if you want to use its kernel (or already do so): By the end of 2026, support for regular LTS kernels 5.10 and 6.12 will end according to current schedules. One year later LTS kernel 6.1 will reach end of life. This means the CIP project will have to maintain 4 kernels independently of LTS instead of the current 2 (4.4 and 4.19). We know how to do that, but it is clear that this task will require more hands on deck. And these hands are needed earlier in order to expand the team smoothly, give everyone a chance to get familiar with workflows and improve them before the peak workload is reached.

We need more eyes reviewing stable patches, ideally before they hit regular LTS. We need more people identifying backport candidates that get stuck between LTS versions or require extra effort to merge them into CIP kernels. And, last but certainly not least, we need more ideas and contributions to improve, together with KernelCI, the test coverage of I/O drivers in regular as well as CIP kernels so that regressions remain few and are found quickly. You can find the CIP kernel source code at https://git.kernel.org/pub/scm/linux/kernel/git/cip. Accompanying repositories containing supported kernel configurations, CVE tracking, patch review results and other bits and pieces can be found at https://gitlab.com/cip-project/cip-kernel. The CIP kernel community is exchanging patches and discussing issues on the cip-dev mailing list at https://lists.cip-project.org/g/cip-dev. In addition, there is also a weekly IRC meeting, watch out for its announcements on the mailing list.