GDP and SOTA Arthur Taylor May 10th, 2017 | Status and Next Steps

Slides:



Advertisements
Similar presentations
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
Advertisements

Oracle IDM at First National Bank
Content Overview Update Process Additional Tools.
WSO2 Identity Server Road Map
Fraser Technical Solutions, LLC
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Openid Connect
Microsoft Management Seminar Series SMS 2003 Change Management.
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
SoftUpdate New features and management technique.
Bootstrapping Key Infrastructures
TUF: Secure Software Updates Justin Cappos NYU Poly Computer Science and Engineering.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
WebYaST Remote Web Based System Management
Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence
ArcGIS for Server Security: Advanced
Alain Bethuyne Web Security Architect BNPParibas Fortis
Eclipse Vorto Alexander Edelmann.
Multi-layer software defined networking in GÉANT
Lesson 6: Configuring Servers for Remote Management
IoT Integration Patterns, REST, and CoAP
What are they? The Package Repository Client is a set of Tcl scripts that are capable of locating, downloading, and installing packages for both Tcl and.
Ed-Fi ODS/API v3.0 Pre-Read Information for Technical Congress.
What is Apertis? Apertis is a versatile open source infrastructure tailored to the automotive needs and fit for a wide variety of electronic devices.
Federation made simple
Section 6 Object Storage Gateway (RADOS-GW)
Opening slide.
ITEA3 Project: ACOSAR Advanced Co-Simulation Open System Architecture
Information Collection and Presentation Enriched by Remote Sensor Data
Overall Architecture and Component Model
CJIS Security Policy Version 5.4, 10/06/2015
Radius, LDAP, Radius used in Authenticating Users
Forefront Security ISA
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Introduction to J2EE Architecture
About CodeTwo We are a trusted software vendor and Microsoft partner delivering Office 365 and Exchange solutions to over businesses all over the.
About CodeTwo We are a trusted software vendor and Microsoft partner delivering Office 365 and Exchange solutions to over businesses all over the.
Chapter 3: Windows7 Part 4.
2018 Real Cisco Dumps IT-Dumps
Guide to Access Control Systems
ONOS Drake Release September 2015.
April Webinar: Advanced Configuration of Order Forms in Workflow
CDISC SHARE API v1.0 CAC Update 22 February 2018
NAAS 2.0 Features and Enhancements
Communication and Information Resource Centre Administrator
RKL Remote key loading.
Cloud Web Filtering Platform
SharePoint Online Authentication Patterns
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
Community AAI with Check-In
Platform Architecture
AAA: A Survey and a Policy- Based Architecture and Framework
Requirements and Approach
Technical Integration Guide
FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1
APACHE WEB SERVER.
Building Security into Your System
5G Use Case Configuration & PNF SW Upgrade using NETCONF ONAP DDF, Jan 9, 2019 Ericsson.
Requirements and Approach
Cryptography and Network Security
Computer Network Information Center, Chinese Academy of Sciences
D Guidance 26-Jun: Would like to see a refresh of this title slide
Sending data to EUROSTAT using STATEL and STADIUM web client
The new EDAMIS and its security
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
MicroToken Exchange Data Security Solutions
Presentation transcript:

GDP and SOTA Arthur Taylor May 10th, 2017 | Status and Next Steps CTO & Co-Founder, ATS Advanced Telematic Systems GmbH

Recent GENIVI Work

Recent GENIVI Work - Community OTA Server sota.genivi.org SOTA Server GDP 12 aktualizr RVI Protocol SWLM rvi_lib RVI Server Node Mostly GENIVI-funded development as part of GENIVI Challenge Grant Programme 3 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

https://github.com/genivi/rvi_sota_server Recent GENIVI Work - Community OTA Server Launched server at sota.genivi.org Running on GENIVI infrastructure HTTPS Admin web-interface User Authentication with GENIVI LDAP logins RVI Server Node running - sota.genivi.org:8801-8811 Device Authentication using RVI device certificates (x.509) https://github.com/genivi/rvi_sota_server 4 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

https://github.com/advancedtelematic/aktualizr Recent GENIVI Work - Community OTA Server Integrated C++ SOTA Client - aktualizr aktualizr development kicked-off by ATS in December RVI support with JLR's C-based rvi_lib Using GENIVI SWLM APIs to install software via DBus notifications aktualizr upstreamed to GDP 12 https://github.com/advancedtelematic/aktualizr 5 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Recent GENIVI Work - Lessons Learned GDP Upstreaming GDP has very high standards for pull requests ATS underestimated the effort to get changes merged GENIVI Software Loading Manager SWLM PoC packaged for Yocto / GDP by ATS Had to drop some dependencies (GTK+/X11) RVI Encountered issues with expired development certificates Encountered issues with maximum message size 6 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Recent ATS Work

Recent ATS Work Uptane Implementation of Uptane security framework Connect GENIVI SOTA to ATS implementations of Uptane repositories Uptane Image repository - offline image signing keys Uptane Director repository - online metadata signing keys Extend aktualizr and rvi_sota_client to implement Uptane / TUF APIs 3rd-party security audit of implementation running on ATS Garage https://uptane.github.io https://app.atsgarage.com 8 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

https://ostree.readthedocs.io/ Recent ATS Work OSTree, TreeHub OSTree support in aktualizr, rvi_sota_client Transactional installation and rollback of full-filesystem updates Automatic delta generation, automatic client-server version negotiation Support for compressed deltas with bsdiff Compatible with standard OSTree tools - ostree admin OSTree integration layer for Yocto builds - meta-updater TreeHub server for remote OSTree pull / push OSTree support integrated into AGL https://ostree.readthedocs.io/ http://docs.atsgarage.com/start-yocto/adding-ostree-updates-to-your-existing-yocto-project.html http://docs.atsgarage.com/start-yocto/adding-treehub-updates-to-automotive-grade-linux.html 9 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Multi-ECU Update Campaigns Recent ATS Work Multi-ECU Update Campaigns Campaigns that include multiple images / firmwares Addressing / targeting ECUs inside vehicles Distributing software inside vehicles - CAN / UDS, Ethernet / DoIP Collecting installation reports from bus-connected ECUs Sending signed software manifests back to server 10 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Automatic Provisioning Recent ATS Work Automatic Provisioning Per-account or per-device group provisioning certificate Provisioning certificate bootstraps device-specific x.509 negotiation Include generic certificate in all images / SD-cards Securely generate and share per-device x.509 public key for mutual TLS Device Gateway Mutual-TLS endpoint for HTTPS RESTful JSON APIs TLS credential exchanged on the server-side for OAuth2 token Device never sees OAuth2 token Possible model for RVI-EG provisioning work? 11 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Roadmap

Roadmap ⚫ Implemented ⚪ Supported ✕ Not supported ⬥ Planned Feature GENIVI SOTA ATS Garage Aktualizr rvi_sota_client End-to-end updates ⚫ RVI transport and Authz/c ✕ Mutual TLS LDAP user accounts OAuth2 / OpenID Connect ⚪ ◐ OSTree Yocto Integration Device Auto-Provisioning TUF Image Repo ⬥ Uptane Director Repo Uptane Compliant Multi-ECU / FOTA Updates Static Deltas (various formats) Map data updates 13 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Multi-ECU - Extend SWLM Module Loader API? Roadmap Compliance relevant Multi-ECU - Extend SWLM Module Loader API? Uptane - Significant SOTA / SWLM API impact Deltas - Some SOTA / SWLM API impact Map Data - Significant SOTA API impact Compliance Neutral - GDP / User Experience OSTree / Yocto 14 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Configuration management / Telecoding Safety critical systems Longer-term AUTOSAR Adaptive Configuration management / Telecoding Safety critical systems User / Group Management? GDP CI integration? 15 | May 10th, 2017 | Copyright © GENIVI Alliance 2017

Q&A / Roadmap Discussion

Thank you! Visit GENIVI at http://www.genivi.org or http://projects.genivi.org Contact us: help@genivi.org Copyright © GENIVI Alliance 2017.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.