open source secure software updates for linux based ivi
play

Open Source secure software updates for Linux-based IVI systems - PowerPoint PPT Presentation

Aug 30, 2023 •109 likes •351 views

Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced Telematic Systems Abstract Cyber security and vehicle recalls are two of the hottest topics in automotive software development right now.

  1. Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced Telematic Systems

  2. Abstract Cyber security and vehicle recalls are two of the hottest topics in automotive software development right now. Over-the-air updates are critical to allowing vehicle and device manufacturers to mitigate security and warranty risks in deploying software to vehicle fleets, but until recently there was no end-to-end open source solution to manage updates. ATS has been working with GENIVI and AGL to implement secure software updates in their development / reference platforms. In this talk we will present a review of existing open source OTA solutions, introduce the open source GENIVI SOTA solution, describe its architecture and security features, and describe the integration of the OTA Client into the GENIVI Development Platform and the AGL Reference Platform. We will demonstrate updates to a running device based on the OpenIVI platform.

  3. Background ● ATS Advanced Telematic Systems GmbH - Berlin start-up, founded 2013 ● ATS is AGL and GENIVI member since 2013 ● Have worked on client- and server-side software solutions for automotive ○ Ported AGL to Freescale iMX.6-based automotive platform 2015 ○ Developed GENIVI SOTA 2015 ● Strong focus on and experience with Open Source

  4. Goal ● To OTA enable AGL Reference Platform ● To use end-to-end Open Source tools and software ● To implement an approach which meets the requirements of automotives ● To implement an approach that is accepted by the community ● Build a Proof-of-Concept system to demo here

  5. Background ● Automotive requirements for updates ● Current state of Linux in Automotive

  6. Automotive Requirements for Software Updates ● Atomic updates ● Revert to previous system on update failure ● Update of bootloader, kernel and configuration data, and filesystems ● Support for signing of images and verification of images on installation ● Support trusted boot and execution of software update in a trusted application environment leveraging the platform’s hardware TPM and/or TEE features. ● Enable/disable a specific feature and apply/rollback system updates incrementally rather than through a complete OS update that replaces the filesystem

  7. Linux-based IVI Systems ● GENIVI ○ Proprietary Linux-based [1] ■ Accenture, ADIT, Aisin, Delphi, Freescale, KPIT, LG, Magnetti, Mentor XSe, Neusoft, NVidia, Continental, Pelagicore, QuEST, Renesas, Harman, TCS, Visteon, Wind River ○ Open Source ■ Tizen ■ GENIVI Development Platform ● Automotive Grade Linux ○ AGL Reference Platform ● Open IVI 1. https://www.genivi.org/compliant-products

  8. Yocto ● AGL, GENIVI, OpenIVI and many embedded projects use Yocto GENIVI / GDP AGL Reference Open IVI Platform Base Layer meta-poky meta-poky meta-poky Arch Layer meta-intel meta-intel Middleware Layer meta-ivi meta-ivi-common Application Layer meta-genivi-demo-platform meta-agl meta-oim

  9. Research and Planning ● Investigated existing update tools and approaches for embedded Linux ● 01/05 Commissioned a study from Konsulko team to investigate possibilities ○ SWUpdate, mender.io, resin.io, OSTree, swupd ● 24/05 Published study to AGL mailing list [1] 1. https://lists.linuxfoundation.org/pipermail/automotive-discussions/2016-May/002061.html

  10. Update Strategies - Master / Slave full-system ● Master device receives update binaries ● Master device updates Slave device Master ● Master device validates Slave health ○ Rollback if necessary ● Robust, Simple to implement ● Used in multi-ECU systems Slave ● What to do about the master?

  11. Update Strategies - Full-system by Bootloader ● Userspace downloads binaries ● Reboot bootloader into update mode ● Bootloader flashes new system Userspace Kernel / Initramfs Bootloader

  12. Update Strategies - Full-system by Bootloader ● Implemented in SWUpdate ● Require temp storage for update files ● Have to hope that updated system boots ● Bootloader may not be capable of rollback Userspace ● How to update bootloader? Kernel / Initramfs Bootloader

  13. Update Strategies - Full-system by Userspace ● Kill unnecessary processes ● Remount the filesystem readonly ● mlock the update process in place ● Pray Userspace ● Stream the new binary directly to flash under the running system ● Pray ● Reboot Kernel / Initramfs ● Pray Bootloader

  14. Update Strategies - Full-system by Userspace ● Implemented by at least one CE device :) ● No additional flash storage required! ● Can update entire filesystem ● Supports secure boot Userspace ● Kinda risky... Kernel / Initramfs Bootloader

  15. Update Strategies - A/B full-system ● Userspace A receives update binaries ● Userspace A flashes Userspace B ● Userspace A validates Userspace B ● Userspace A notifies Bootloader Userspace A Userspace B (Running) ● Bootloader attempts to boot Userspace B ● Revert to Userspace A on error Kernel / Initramfs Bootloader

  16. Update Strategies - A/B full-system ● Implemented in SWUpdate, Mender.io ● Similar approach in CoreOS, Resin.io ● Atomic, with rollback support ● Very robust against unbootable updates Userspace A Userspace B (Running) ● Supports secure boot ● Requires 2 x Storage ● Bootloader / kernel updates must be done 'blind' (hard to test before reboot) Kernel / Initramfs ● All user settings on a separate partition ○ /home easy. /etc on overlayfs? Bootloader

  17. Update Strategies - OverlayFS ● Have a fixed base system ○ Or manage base system with another approach ● Make progressive updates to OverlayFS Userspace Kernel / Initramfs Bootloader

  18. Update Strategies - OverlayFS ● Good support for rollback ● Easy to implement ○ Can be used with any existing packaging system ● What happens if base system changes? Userspace Kernel / Initramfs Bootloader

  19. Update Strategies - Progressive by Userspace ● Download updated binaries ● Install them into the running system Userspace Kernel / Initramfs Bootloader

  20. Update Strategies - Progressive by Userspace ● Implemented in desktop / server Linux systems ○ .deb, .rpm, etc. ● Similar approach in OSTree, swupd ○ OSTree - Git-like tree of hard-links Userspace ○ swupd - software "bundles" ● Support for file-level updates ● Package approaches widely used ○ Easy to package and distribute updates ○ Update binaries highly portable Kernel / Initramfs ○ Rollback can be tricky ● OSTree approach has good traction Bootloader ○ Used in GnomeContinuous ○ Allows atomic updates and rollback

  21. Implementation ● 30/05 Agreed with AGL team during Vannes F2F on OSTree approach ● 01/06 Analyse technical risk of implementation 1. https://lists.linuxfoundation.org/pipermail/automotive-discussions/2016-May/002061.html

  22. Challenges ● Trusted Execution Environment ○ Only basic features available ○ Any OS interaction would require implementation of eMMC and Filesystem drivers ○ Build a chain of trust some other way ■ Integrity checks from TEE? ■ OSTree metadata in TEE? ● OSTree ○ Needs integration with target OS ○ Requires modification of bootloader / initramfs for full root-fs integration ○ What to do about modified files? ■ Configuration (/etc) ■ App working data (/var) ■ User data (/home)

  23. Chosen Approach Target Machine Base system with OSTree 3. ostree checkout ... 2. OTA Update using static diff OSTree Repo /repo-agl Build Machine Base Linux System OSTree Repo /repo-agl 1. untar agl-image-ivi-qemu86-64.tar.bz2 AGL Root /opt/agl-build

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
What is RIOT? An operating system for IoT devices too small for Linux A free, open source

What is RIOT? An operating system for IoT devices too small for Linux A free, open source

What is RIOT? An operating system for IoT devices too small for Linux A free, open source software platform A community of developers Open source Free core Grassroots governance Since Summit 2016: RIOTs year in numbers

405 views • 9 slides
1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

Open Source Idea? SHARE and the Origins of Open The basic idea behind open source is very simple: When programmers can read, Source Software: 1953-1972 redistribute, and modify the source code for a piece of software, the software evolves.

530 views • 8 slides
The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source Software Amazing times for Open Source Software! Commercial Success Fantastic Success of Open Source Based Businesses! RedHat Acquired by IBM

1.19k views • 52 slides
Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based multihoming protocol 2 Traditional Multihoming peerlink switch2 switch1 Host2 Host1 3 Open Multihoming solution with VxLAN Overlay E-VPN

673 views • 11 slides
Automotive Grade Linux Accelerating Connected Car Software Development Open Source Forum Japan

Automotive Grade Linux Accelerating Connected Car Software Development Open Source Forum Japan

Automotive Grade Linux Accelerating Connected Car Software Development Open Source Forum Japan November 15, 2017 Dan Cauchy, Executive Director, AGL Why do so many people do this? Slide 2 Its not just about the cars anymore, >

629 views • 48 slides
Free and Open Source Software T ools for Making Open Source Hardware Leon Anavi Konsulko Group

Free and Open Source Software T ools for Making Open Source Hardware Leon Anavi Konsulko Group

Free and Open Source Software T ools for Making Open Source Hardware Leon Anavi Konsulko Group leon.anavi@konsulko.com Embedded Linux Conference Europe 2017 23-25 October, Prague, Czech Republic Agenda Open source hardware Free and

488 views • 34 slides
Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Design principles for 5G Toward a new paradigm, All-IT Network architecture Unbundling Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD) Unbundled Function Blocks Open Source Hardware (OCP,

180 views • 15 slides
What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

462 views • 14 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
1 Distribution of work: new functionality Distribution of work: fixes 7 8 Who reports

1 Distribution of work: new functionality Distribution of work: fixes 7 8 Who reports

The case for open source software Open Source Software Why Open Source Software / Free The process, the outcome Software (OSS/FS)? Look at the Numbers! David A. Wheeler The heat, the light Revised as of September 30 2004

464 views • 9 slides
Open Source Project Universal Locales for Linux - Locale data in XML and Transformer Kentaro

Open Source Project Universal Locales for Linux - Locale data in XML and Transformer Kentaro

Open Source Project Universal Locales for Linux - Locale data in XML and Transformer Kentaro Noji Globalization Center of Competency,Yamato Yamato Software Laboratory, IBM Japan Ltd. 2001/5/17 1 Why Universal Locales for Linux Linux is

561 views • 25 slides
Rough times? TUF shines A Framework for Secure Software Updates Trishank Karthik Kuppusamy,

Rough times? TUF shines A Framework for Secure Software Updates Trishank Karthik Kuppusamy,

Rough times? TUF shines A Framework for Secure Software Updates Trishank Karthik Kuppusamy, Vladimir Diaz, Sebastien Awwad Lukas Phringer , Justin Cappos Software updates Experts agree that software updates are the most important thing

613 views • 27 slides
Overview Evolution in Open Source Software: What is software evolution? A Case Study Why

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why

Overview Evolution in Open Source Software: What is software evolution? A Case Study Why should we care? Previous research Michael W. Godfrey A case study: The Linux OS kernel Qiang Tu Observations, hypotheses, and future

179 views • 6 slides
Survey of Linux and Open Source Technologies and their Business Functions An Introduction to

Survey of Linux and Open Source Technologies and their Business Functions An Introduction to

Survey of Linux and Open Source Technologies and their Business Functions An Introduction to Linux and Open Source for Computer Consultants Christopher J. Fearnley LinuxForce, Inc. http://www.LinuxForce.net 9 December 2004 / ICCA Delaware

682 views • 54 slides
CAS CS 460/660 Introduction to Database Systems Functional Dependencies and Normal Forms 1.1

CAS CS 460/660 Introduction to Database Systems Functional Dependencies and Normal Forms 1.1

CAS CS 460/660 Introduction to Database Systems Functional Dependencies and Normal Forms 1.1 Review: Database Design Requirements Analysis user needs; what must database do? Conceptual Design high level descr (often done w/ER

434 views • 42 slides
-Calculus Christine Rizkallah CSE, UNSW (and data61) Term3 2019 1 -Calculus Church

-Calculus Christine Rizkallah CSE, UNSW (and data61) Term3 2019 1 -Calculus Church

-Calculus Church Encodings -Calculus Christine Rizkallah CSE, UNSW (and data61) Term3 2019 1 -Calculus Church Encodings -Calculus The term language we defined for Higher Order Abstract Syntax is almost a full featured programming

620 views • 32 slides
Evaluation Order Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of

Evaluation Order Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of

Objectives Evaluation Order How Far to Evaluate For Us Evaluation Order Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of Computer Science Objectives Evaluation Order How Far to Evaluate For Us Objectives

232 views • 19 slides
Schema Refinement and Normal Forms UMass Amherst Feb 14, 2007 Slides Courtesy of R.

Schema Refinement and Normal Forms UMass Amherst Feb 14, 2007 Slides Courtesy of R.

Schema Refinement and Normal Forms UMass Amherst Feb 14, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke, Dan Suciu 1 Relational Schema Design name Conceptual ER Model Person buys Product Design price name ssn Relational

348 views • 33 slides
CS 423 Operating System Design: Historical Memory Management Professor Adam Bates CS 423:

CS 423 Operating System Design: Historical Memory Management Professor Adam Bates CS 423:

CS 423 Operating System Design: Historical Memory Management Professor Adam Bates CS 423: Operating Systems Design Goals for Today Learning Objective: Explore historical strategies for memory management Announcements, etc:

609 views • 32 slides
Mobile Communications 1965 first commercial geostationary satellite Satellit Early Bird

Mobile Communications 1965 first commercial geostationary satellite Satellit Early Bird

History of satellite communication 1945 Arthur C. Clarke publishes an essay about Extra Terrestrial Relays 1957 first satellite SPUTNIK 1960 first reflecting communication satellite ECHO 1963 first geostationary satellite SYNCOM

456 views • 7 slides
Lecture 21: Midterm 2 Review. Modular Arithmetic Inverses and GCD Example: p = 7, q = 11.

Lecture 21: Midterm 2 Review. Modular Arithmetic Inverses and GCD Example: p = 7, q = 11.

Lecture 21: Midterm 2 Review. Modular Arithmetic Inverses and GCD Example: p = 7, q = 11. Professor Walrand. x has inverse modulo m if and only if gcd ( x , m ) = 1 . N = 77 . Wrapping up his lectures for other course this week. ( p 1 )( q

208 views • 5 slides
Midterm 2 Review. Midterm format Modular Arithmetic Inverses and GCD Midterm Topics: Notes 6-14.

Midterm 2 Review. Midterm format Modular Arithmetic Inverses and GCD Midterm Topics: Notes 6-14.

Midterm 2 Review. Midterm format Modular Arithmetic Inverses and GCD Midterm Topics: Notes 6-14. Modular Arithmetic. Inverses. GCD/Extended-GCD. x has inverse modulo m if and only if gcd ( x , m ) = 1 . Time: 120 minutes Proof Idea:

282 views • 5 slides

More recommend