Booting Automotive ECUs Really Fast with Modern Security Features
Brendan Le Foll, BMW Car IT GmbH [Open Source Summit EU 2022]

Modern cars have dozens of ECUs. Nowadays there is typically a central ECU called Node0 running Linux. Try to keep things simple by doing as much as possible in Linux itself.

Botting fast is actually doing the things that need to be done fast early on - before the entire system is ready. In addition it has to have decent security.

Implementing UEFI-based Secure Boot + OTA Update for Embedded ARM Devices
Jan Kiszka & Christian Storm, Siemens AG [Open Source Summit EU 2022]

Nowadays, field updates are unavoidable but must also be secure, unattended, and robust (i.e. atomic + automatic rollback). On x86 you boot UEFI which verifies the signature of the bootloader and loads it. The bootloader takes care of A/B switching (UEFI can do that itself, but do you trust the firmware?); it also starts a wachtdog. The bootloader loads kernel+commandline+initrd image after verifiying it. The kernel verifies and unlocks the (encrypted) rootfs. The platform key for dmcrypt comes from TPM.

ARM64 typically uses U-Boot + TF-A, but there is still custom engineering needed. There is also no standard for getting the key. However, ARM64 is also evolving to UEFI. There is even project to use U-Boot as a UEFI provider. With that, the same boot/update/verification flow can be used as on x86. For the secrets, there is OP-TEE.

Implementing A/B System Updates with U-Boot
Michael Opdenacker, Bootlin [Open Source Summit EU 2022]

This is an experience of preparing A/B updates with U-Boot and swupdate.

BoF: Open Source Fleet and Device Management
Jan Lübbe, Pengutronix [Open Source Summit EU 2022]

Device mgmt: identity, communication with backend, monitoring, debugging, onboarding, updates, EOL, secure tunnel (VPN/SSH)

Fleet mgmt = devices in aggregate: scheduled updates (waves), alerting, integration with other services, authentication

No open source solutions for any of this exist. Doesn’t need to be integrated even, it could be something built from components.

https://docs.google.com/document/d/1wUghUSas7syUzjeJ971mvpaPQ4VlI1kxDDzPVEdQJ68/edit?usp=sharing

Some people from mender were there. They said that mender, even though open core, would accept PRs for features that are currently closed but implemented (differently) by the community. To be taken with a grain of sand of course.

Azure IoT Hub looks open source, but it’s actually just a bunch of huge blobs that are dropped.

RAUC: (R)evolution of an Update Framework
Enrico Jörns, Pengutronix [Open Source Summit EU 2022]

RAUC is an update system. It creates the update image, downloads it from a server or a storage device, and applies it in a fail-safe way. It uses A/B updates. Updates are verified cryptographically before applying.

Recently a new “verity” bundle format was created which solves some security issues, makes things faster, and allows streaming.

SBOMs: Essential for Embedded Systems Too!
Kate Stewart, The Linux Foundation[Open Source Summit EU 2022]

Software supply chain attacks are growing. SBOM (Software Bill Of Materials) helps controlling them.

Improving Wireless PAN Support
Miquèl Raynal, Bootlin [Open Source Summit EU 2022]

802.15.4 is the spec for wireless PAN (Personal Area Network), i.e. Zigbee and 6LowPan.

Writing an Embedded Operating System in Rust
Alistair Francis, Western Digital [Open Source Summit EU 2022]

Rust is a systems language like C, that can be used to build reliable and efficient software. It provides compile-time memory and thread safety. It’s slowly being introduced into open source projects, including the Linux kernel. There is even talk about rewriting the NVMe driver in rust. This allows to evaluate performance, it turns out to be about the same as C, and it might even get better as some of the current C bindings are converted to Rust as well.

Linux for Space - Mission Begins
Lenka Kosková Třísková & Lukáš Mázl, Technical University of Liberec [Open Source Summit EU 2022]

A few research and development institutes in Czech republic working on space came together to start something similar to Automotive Linux for space because nothing exists yet.

Podman 101 and Beyond!
Pierre Blanc, Red Hat [Open Source Summit EU 2022]

Podman is a container (and pod) manager with a focus on security. It’s closely related to kubernetes but very often used independently as well.

Linux on RISC-V and the New OS-A Platform
Drew Fustini, BayLibre [Open Source Summit EU 2022]

RISC-V is a free, open ISA, initially defined in 2010. It doesn’t force a specific microarchitecture, so in-order, out-of-order, vector, … are possible. It’s extensible.

Being Systematic with systemd
Chris Simmonds, 2net Ltd [Open Source Summit EU 2022]

There is some resistance to using systemd in embedded. Chris tries to show how it can be used effectively. He had a previous talk in 2019 covering boot speed, so that’s not covered here.