Secured Open Source Embedded Software

 Deploying An Embedded Distro Build Factory With Ansible And Proxmox Lessons Learned

With redpesk, we provide customers the ability to cross-build an embedded, CentOS Stream-based Linux distribution in the cloud. This requires a significant infrastructure: Koji/RPM builders, Angular-based WebUI, Gitlab forge, network and RPM package dependency management, Qemu test lab management, all need to come together and be connected, in a mix of Qemu virtual machines and LXC containers. Fortunately, Ansible and Proxmox comes to the rescue to manage this complexity.

In this talk, we'll present our architecture of a self-contained CI/CD environment in the cloud, to cross-build RPM packages and Linux images. We will then dive into the specifics of using Ansible to drive Proxmox and deploy a mix of Packer-built Qemu virtual machines and LXC containers. Those provide a full Koji build system (hub and builders), an Angular frontend, Go backend, a Gitlab forge as well as network isolation/firewalling and a Qemu virtual target lab. We'll continue with lessons learned from doing these deployments for multiple customers. We will finish describing solutions we are currently working on, like Ansible AWX, to address the challenges of doing it at scale and increase automation.

This talk was presented at FOSDEM 2022 in the Infra Management Devroom

Slides: [click here]

Videos: [click here for MP4] [click here for WEBM]

After presenting key constraints of new cybersecurity standards UN R155/R156 regulations, the session presents how redpesk open source stack helps to address those concerns, especially with it secured-by-design architecture.

The UNECE WP.29 regulation R155 for Cyber Security Management and R156 for Software Updates have been adopted in 2021 by UNECE’s World Forum for Harmonization of Vehicle Regulations. This means that cybersecurity is now non-negotiable for accessing the market in more than 60 countries, starting in July 2022.

The open source secured-by-design stack redpesk helps to fulfill regulatory requirements by providing:

  • MAC-enabled Linux distribution (SMACK/SELinux)
  • secure microservices architecture
  • integration with RTOS for safety
  • Innovative container engine fitted for embedded
  • LTS on full car life (approx. 20 years)
  • SOTA support

 Talk presented at FOSDEM 2022

Slides: [click here]

Video: [click here]

With the exponential grows of software complexity, to keep under control the cost and time of critical embedded application development, a continuous testing infrastructure is a must have feature.

Not only software tests should be run early and automatically each time a developer push a new code commit in the system. But furthermore, as developers typically never get enough physical board to test from, it is a key to initially run tests in a virtualized environment. Nevertheless we should keep enough real hardware in the loop to limit virtualization/reality deviation and ensure developers can transparently move tests from virtualization to the real world.

This presentation shows how virtualization may ensure early code integration to reduce development/testing cycle, while at the same time keeping track with real hardware, to ensure that application is also running correctly on final production device. Finally it gives a feedback on the different challenges Iot.bzh faced while deploying its solution of continuous tests. Then focuses on the way virtualization and real targets can be combined to offer to developers a complete and efficient CI infrastructure.

This talk was presented at Automotive Linux Summit and at FOSDEM 2022

Slides: [click here]

Video: [click here]

OSXP 2021 Connected ships and data flows from the on board sensor to the cloud

The modern, connected, embedded Linux IoT device is facing a fundamental problem: the more connected it gets, the more cybersecurity threats it faces. Data link reliability, especially in the marine case, also makes it hard to efficiently push sensor data to the cloud.

This talk shows how to implement a reliable sensor data path from a marine IoT device running the redpesk embedded distribution to the cloud. It starts with lessons learned from real-world use cases: sending data from thousands of sensors to a cloud backend served by a choppy connection. It then dives into the IoT.bzh microservice framework, its security model (based on SMACK and SELinux) and how we coupled it with RedisTimeSeries.

Those, in addition to an OpenID Connect service, allows to securely and selectively funnel data from that target to the cloud. The talk concludes with a proposal on how this open infrastructure can be used by the community at large.

This talk was presented at Open Source Experience 2021 (direct link to session)

Slides: [click here]

Cross debugging, and more generally, remote debugging, is something that may be unknown, or badly used, by either beginner engineers, or sometimes even by senior engineers, for several reasons. Some people simply do not know that remote debugging tools exists, some might consider the complex setup as a show-stopper, some other ones may not trust the tools (and we can explain why).

Yet the return of investment of such tools is significant, provided that they are used appropriately.

This presentation talks about the first-fruits of cross-debugging, going through some real experiences, some architecture schemes and functionnal descriptions, comparing the existing solutions (eg, gdb-server vs lldb vs tcf ...), and their integration in IDEs (Eclipse, VsCode).

A technical chapter about the debugger mysteries, explains, in particular, why multithread, or SMP debugging is a complex issue, and how existing debuggers deal with it.

A chapter of performance analysis tools (eg, valgrind) is presented, too, in order to offer a kind of swiss army knife to the listeners.

As a conclusion, a short presentation of the debug tools on another OpenSource OS (Zephyr) is done.

This talk was presented at OSS

[Slides]

[Video]

Archived Publications

About us

Our redpesk® product: a software factory in a white box enabling you to speed up and control your embedded developments from the initial design cycle to your product end of life.

Contact information

IoT.bzh

Halles St Louis,
    rue Docteur Bodelio
56100 Lorient
02 57 62 02 47