Secured Industrial Embedded Linux

As today, AGL mostly leverages Wayland IVI-shell as inherited from Genivi. Worse than having technical limitations, the main issue of IVI-Shell is the persistent lack of interest from the Wayland community. As a result, the IVI-shell ailed to gain adoption from any generic software like browsers or well known social/media applications. Since the early days of Wayland, new options appear to better support compositors/wm.

On one hand, Gnome and KDE ship their own flavour of compositor/wm; nevertheless those solutions remain too monolithic and too desktop centric for the embedded world.

On the other hand Wlroots was designed upfront, not as a Wayland compositor/wm but as a foundation to create compositor. Furthermore, because it’s more recent, the authors were able to leverage the lesson learnt from older toolkit as Weston or WLC and created a far more advanced and flexible toolkit.

Download Slides [here]

Demo video [here]

 

Isolating components of different criticalities is a desirable feature of safety-critical systems used in the automotive industry. IoT.bzh and Kernkonzept therefore cooperated in creating a virtualization Proof-of-Concept that isolates selected components of AGL.

The purpose of this PoC is to split CAN signal processing into two virtual instances of AGL running under the control of the L4Re hypervisor.

The 1st virtual instance runs a minimal AGL realtime(preemptRT) profile and is responsible for CAN data acquisition. The 2nd virtual instance
runs a traditional AGL IVI profile and receives CAN decoded signals directly from AGL application framework through the hypervisor VIRTIO transport layer.

This talk starts by presenting the different components of the architecture used in the PoC. Then it explains how a hypervisor can be used to split AGL into multiple instances and the constrains such an architecture introduces. Finally it proposes some options and remaining work before such a solution gets production ready.

Download pdf slide [here]

A slideshow updated since the latest presentation in Karlsruhe in 2016 with a presentation of a full stack signaling stack using the Signal Composer service.

Click here

This talk presents, the motivation and options chosen by AGL to address automotive cybersecurity. Its first addresses secure functionally targeted by AGL applications security model, then exposes how we extend the model from Linux entertainment to vehicle to cloud, cluster, telematics, ...
This talk remains at the architecture level. It explains targeted security concerns and exposes proposed software architecture but does not aim at digging into specific implementation details.

Download pdf slide [here]

This talk presents options to bring a subsystem of AGL Application Framework into realtime operating systems like AutoSar Foundation, VxWorks, Zephyr, QNX.In order to bridge smaller controllers with AGL systems, current Application Framework should be skimmed down to a portable, OS-independent and realtime enabled core.
To get certified, this small realtime core should be come with 100% code coverage.
It should work on microcontrollers, or on a PREEMPT-RT patched linux. It should have a set of realtime API and communication API with the non realtime world. As an example, the presentation shows how to push CAN data to Infotainment.

 

 PDF presentation available here

Archived Publications

About us

Depending on specific requirements attached to vertical markets such as automotive, telecoms, medical, marine, military and eventual dedicated hardware features for support.

IoT.bzh assembles necessary OpenSource components into a stable, coherent and tested Linux distribution.

Contact information

IoT.bzh

5 Cours de Chazelles
56100 Lorient
02 57 62 02 47