Secured Open Source Embedded Software

This talk was given at ENSIBS Vannes to present IoT.bzh and Automotive Grade Linux project and ecosystem.

Download slides [click here]

AGL Security Blueprint available online on AGL doc website  has been revamped and completed by Vincent Nieutin / IoT.bzh.
A proposal has been posted online (still on AGL doc website beside the current version: here  ) and is under review by the AGL community.
This proposal includes information of existing Security Blueprint reorganized in a more logical way (bottom to top : hardware to applications,updates) and uses colored sections to highlight and easily identify criticals items.
Some missing parts like SOTA or Secure development have also been added.

[Click here] to download the PDF version of this updated Security Blueprint.

Automotive software has traditionally focus on safety. Nevertheless with the arrival of connected car cybersecurity is becoming every day more and more critical. On one hand we have to enable and secure dedicated cloud automotive services such as: data analytic, telematics, car sharing, traffic optimisation, etc... On the other hand customers expect their navigation system to update automatically, they want a smooth access to existing well known services as Spotify, Facebook or Traffic Info and find natural to stream their preferred music/news in their car like they already do everyday on their smart phone. Last but not least users expect their private data to remain private.

This talk explains how AGL(Automotive Grade Linux) implements cybersecurity both inside the car to protect applications and services, and outside the car to enable V2C(Vehicle to Cloud) access to non automotive Internet services.

Download slides [click here]

Yocto SDKs or images are currently deployed as monolithic archives.
Projects are more and more complex resulting to larger archives and 
consequently, SDKs or target images updates are not efficient at all.

This talk presents a new solution based on incremental updates and binary
packages deployment, which is closer to standard Linux distribution packaging. 
This solution offers an easy way to update development environment (SDK)
on the development machine and makes packages management simpler on the target side.
This allows among other to install a minimal set of packages in order to reduce the target filesystem size.

Yocto-incremental-SDKs

AGL leverages Sytemd for several purposes. Example:

  •  setup of applications and services (cgroups, namespaces, autostart, permissions)
  •  use of libsystemd for its programs (event management, dbus interface)
  •  manage users and user sessions

 This presentation explains how using systemd is beneficial for AGL and how the AGL is built to leverage good systemd features.

 It reviews the mechanics of systemd integration and how it is used for user management: PAM integration, privacy management.

 AGL emphasis a clean separation of applications together and with the underlying system layer. It also provides a mechanism to tune how this is done. This talk presents this aspect. see the presentation

Archived Publications

About us

Our redpesk® product: a software factory in a white box enabling you to speed up and control your embedded developments from the initial design cycle to your product end of life.

Contact information

IoT.bzh

Halles St Louis,
    rue Docteur Bodelio
56100 Lorient
02 57 62 02 47