Abstract
This session presents an open-source system for integrating resource-constrained IoT devices like ESP32-based MCUs into k8s-managed environments. It covers secure device onboarding using Entity Attestation Tokens (EATs) and OpenDICE, where devices generate cryptographic identities from hardware-embedded secrets and attest their state during registration and OTA updates.
Devices are discovered using Akri, which exposes them as addressable Kubernetes resources. Firmware is built and packaged as OCI artifacts, stored in standard registries, and deployed via a k8s “FlashJob” operator that lives alongside the Akri framework. Upon deployment, prior to joining the cluster, devices are onboarded and validated via Akri’s discovery handler. When repurposed, devices are validated again, to ensure end-to-end attestation of both hardware and software components.
The session focuses on concrete mechanisms for OTA management, hardware-rooted identity, and distributed execution targeting constrained systems under k8s control.
Watch the Talk
Anastassios Nanos
Systems Researcher
My research interests include Systems software, virtualization, Operating Systems, Containers, unikernels etc.
Charalampos Mainas
Systems Researcher
PhD candidate focusing on low-level systems programming, Linux kernel development, hypervisors (KVM, Xen) and unikernel runtime ecosystems.