Secured Open Source Embedded Software

The modern, connected, embedded Linux IoT device is facing a fundamental problem: the more connected it gets, the more cybersecurity threats it faces. Data link reliability, especially in the marine case, also makes it hard to efficiently push sensor data to the cloud.

This talk shows how to implement a reliable sensor data path from a marine IoT device running the redpesk embedded distribution to the cloud. It starts with lessons learned from real-world use cases: sending data from thousands of sensors to a cloud backend served by a choppy connection. It then dives into the IoT.bzh microservice framework, its security model (based on SMACK and SELinux) and how we coupled it with RedisTimeSeries.

Those, in addition to an OpenID Connect service, allows to securely and selectively funnel data from that target to the cloud. The talk concludes with a proposal on how this open infrastructure can be used by the community at large.

This talk was presented at Live Embedded Event 2021

Slides: [click here]

Video: [click here]

 

Modern SoCs contain heterogeneous processor devices that can be used to execute specific tasks. While Linux often runs on Cortex Ax processors, it is possible to run Zephyr on smaller cores like Cortex M or R. That way it's possible to isolate critical functions from a Linux rich environment. Applications can be found for safety use cases, power management purposes (wake up word, wake on sensor), or isolating realtime tasks. This talk is about solutions we found at IoT.bzh to make both world cooperate: How to communicate thanks to the RPMSG framework and how to start this remote processor from Linux using the remoteproc subsystem.

This talk has been given for Live Embedded event 2021.

Slides: [click here]

Video: [click here]

 

Modern SoCs contain heterogeneous processor devices that can be used to execute specific tasks. Renesas R-Car Gen 3 embeds a Cortex-R7 that can access any memory mapped devices.

Taking advantage of this processor allows to have critical applications that should bring the proof of their robustness (realtime, safety, power consumption..).

This talk start with a presentation about technical constraints about having a MCU running RTOS.

This talk also gives an introduction on how to manage this processor lifecycle from Linux side and how to communicate between both worlds (AGL and Zephyr).

This talk was presented at the AGL All Member Virtual Meeting 2021.

Slides: [click here]

Video: [click here]

The modern vehicle is facing a fundamental problem: the more connected it gets, the more cybersecurity threats it faces.

Data link reliability or bandwidth changes caused by roaming also make it much harder to reliably push car sensor data to the cloud.

This presentation is about implementing a reliable Vehicle to Cloud (V2C) scheme in the AGL ecosystem.

It starts with lessons learned from real-world use cases: sending data from thousands of sensors to a cloud backend served by a choppy connection.

It then describes how the AGL microservice framework and its security model, coupled with RedisTimeSeries, can be used to securely and selectively funnel data from the target to the cloud.

The talk concludes with a proposal on how this infrastructure could be integrated into the core of AGL to benefit the community at large.

This talk was presented at the AGL All Member Virtual Meeting 2021.

Slides: [click here]

Video: [click here]

 

This talk given at the AGL All Member Metting [VIRTUAL] of Spring 2021 presents how the application framework and its core components can shift from being based on Smack to SELinux.

The Linux kernel has many security mechanisms: capabilities, credentials, cgroups, namespaces, security modules, SELinux, AppArmor, Smack, ...

The talk reviews their benefits. As of today, the AGL application framework leverages these security features in order to achieve safety, security and privacy of the system, applications and users.

The talk summarizes the current state of the application framework.

Finally, the talk presents the work done in replacing Smack with SELinux and shows the designs that make the transition transparent to application developers while providing the same level of security.

Slides: [click here]

Video: [click here]

Archived Publications

About us

Our redpesk® product: a software factory in a white box enabling you to speed up and control your embedded developments from the initial design cycle to your product end of life.

Contact information

IoT.bzh

Halles St Louis,
    rue Docteur Bodelio
56100 Lorient
02 57 62 02 47