Application Framework and Security Expert Group Meeting Minutes Archive
December 20, 2017
Attendees: Walt, Stephane, Sebastien, Jose, Loic, Vincent
-
11/22
Eli sending comments on the system hardening section to the mail list or on github directly.
IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
-
12/6
Eli still working on his comments
Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
12/21
Notes from Dresden Meeting.
Application Framework
Chromium from Igalia
9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see
https://github.com/iotbzh/chromium-agl-app) and SPEC-942
11/8 - No update
11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
Build and run Chromium as an app available for Intel, Renesas, and other platforms
Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
Enable Qt-WebEngine for EE?
12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
12/21 - No update. Waiting for latest updates on XDG launcher from Tanikawa-san
-
Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
Created SPEC-940
Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
12/6 - On hold
12/21 - On hold for FF. Jose's patch was merged upstream in systemd.
New:
Roadmap for 2018
Need to come to next meeting with FF and GG plans
Security workflow. Now that we have the building blocks in place, turn on security and put in place a mechanism for developers to sign applications, load them.
Running apps not as root/ multi-user
Distinction between platform services (e.g., nfc, telephone) and user services that run inside a user context (e.g., media player and lightmedia scanner)
Changes necessary at binder level for V2C
Application signing and installation mechanism
Secure applications running on a remote device such as mobile phone or tablet that are rendered on the IVI system.
December 6, 2017
Attendees: Walt, Stephane, Michael, Sebastien, Vincent, Jose
-
11/22
Eli sending comments on the system hardening section to the mail list or on github directly.
IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
-
12/6
Eli still working on his comments
Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
Notes from Dresden Meeting.
Application Framework
Chromium from Igalia
9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see
https://github.com/iotbzh/chromium-agl-app) and SPEC-942
11/8 - No update
11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
Build and run Chromium as an app available for Intel, Renesas, and other platforms
Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
Enable Qt-WebEngine for EE?
12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
-
Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
Created SPEC-940
Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
12/6 - On hold
New:
Roadmap for 2018
Need to come to next meeting with FF and GG plans
Security workflow. Now that we have the building blocks in place, turn on security and put in place a mechanism for developers to sign applications, load them.
November 22, 2017
Attendees: Walt, Jan-Simon, Eli, Stephane, Sebastien, Jose
-
11/22
Eli sending comments on the system hardening section to the mail list or on github directly.
IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
-
Notes from Dresden Meeting.
Application Framework
Chromium from Igalia
9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see
https://github.com/iotbzh/chromium-agl-app) and SPEC-942
11/8 - No update
11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
Build and run Chromium as an app available for Intel, Renesas, and other platforms
Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
Enable Qt-WebEngine for EE?
-
Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
Created SPEC-940
Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
New:
November 8, 2017
Attendees: Walt, Sebastien,
Notes from Dresden Meeting.
Application Framework
-
Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
Created SPEC-940
Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
New:
November 1, 2017
Attendees: Walt, Jan-Simon, Dennis, Oshri, Tanikawa, Tiejun Chen
Notes from Dresden Meeting.
Application Framework
-
Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
Created SPEC-940
Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
New:
October 25, 2017
October 11, 2017
Attendees: Walt, Jan-Simon, Tiejun Chen, Stephane, Dominig, Jose, Michael, Sebastien,
Application Framework
Message Signaling -
Wiki page to document the changes.
New:
-
Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
Created SPEC-940
Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
September 27, 2017
Attendees: Walt, Jan-Simon, Eli Mordechai, Oshri Yahav, Stephane
Application Framework
Message Signaling -
Wiki page to document the changes.
..
New:
September 13, 2017
Attendees: Walt, Eli (Karamba), Tsubone, Stephane, Sebastien,
Application Framework
Message Signaling -
Wiki page to document the changes.
..
New:
August 31, 2017
August 17, 2017
August 3, 2017
Attendees: Walt, Jose, Tanikawa, Hammad, Kurokawa, Sebastien,
Application Framework
Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
Update: 6/7 - Not complete.
Update: 6/20 - Will raise Jira this week.
Update 7/5 - SPEC-700 - Ronan has fix proposed already.
Update 7/19 - SPEC-700 - Fix from Ronan has been merged. Tanikawa will test out the fix.
Update 8/2 - Closed.
Message Signaling -
Wiki page to document the changes.
..
Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (
https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
New:
July 19, 2017
Attendees: Walt, Jan-Simon, Tanikawa, Michael, Chris, Dennis, Fulup
Agenda:
Application Framework
Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
Update: 6/7 - Not complete.
Update: 6/20 - Will raise Jira this week.
Update 7/5 - SPEC-700 - Ronan has fix proposed already.
Update 7/19 - SPEC-700 - Fix from Ronan has been merged. Tanikawa will test out the fix.
Message Signaling -
Wiki page to document the changes.
..
Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (
https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
New:
July 5, 2017
Attendees: Walt, Fulup, Dominig, Tanikawa, Stephane, Michael, Hammad, Dennis, Assaf, Sebastien
Agenda:
Application Framework
Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
Update: 6/7 - Not complete.
Update: 6/20 - Will raise Jira this week.
Update 7/5 - SPEC-700 - Ronan has fix proposed already.
Message Signaling -
Wiki page to document the changes.
Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (
https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
New:
June 21, 2017
Attendees: Walt, Dominig, Hammad, Stephane, Tanikawa, Kurokawa, Matsuzawa, Dennis, Tsubone
Agenda:
Application Framework
Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
Update: 6/7 - Not complete.
Update: 6/20 - Will raise Jira this week.
Message Signaling -
Wiki page to document the changes.
New:
June 7, 2017
Attendees: Walt, Jan-Simon, Dominig, Kurokawa, Stephane, Jose, Matsuzawa, Sebastien
Meeting Notes:
Application Framework
App-framework-main:
- Deinstallation of units
- Fix lack of message when setting exec bit
App-framework-binder:
- Binding V2 proposal finalized
- Human readable option for afb-client-demo
- Cleanup and improvement of API
- Logging by request
- Relax authorization for self
- New hooking/tracing features (options --tracesvc and --traceevt)
- Fix of many bugs
$ wget http://iot.bzh/download/public/2017/XDS/docker/docker_agl_worker-xds-3.2.tar.xz
$ docker load < agl_worker-xds-3.2.tar.xz
$ wget http://iot.bzh/download/public/2017/XDS/xds-utils/xdsexec_linux-amd64-v1.0.0_e555da5.zip
New:
May 24, 2017
Attendees: Walt, Jan-Simon, Hammad, Stephane, Jose, Tanikawa, Matsuzawa, Jan-Alexandru
Meeting Notes:
Application Framework
May 10, 2017
Attendees: Walt, Stephane, Hammad, Jonathan Kline, Dominig
Meeting Notes:
Application Framework
April 26, 2017
Attendees: Walt, Stephane, Jose, Tanikawa, Hammad
-
Update 3/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document. Hammad will initiate a security review of the AGL code. Jose offered to help as well.
Update 4/29 - Hammad used Phil's document to update the sec blueprint. Pull request merged. Hammad and Irdeto looking at overall document for consistency. More updates later. No update from Jose.
Application Framework
New 4/29
User, app, and display privileges
SPEC-545 - Platform services must NOT run as root and MUST use a dedicated system user
SPEC-546 - Run weston with dedicated 'display' user and group
Need to finish and agree to Hammad's system hardening guide in the documentation
Use cases Requirements for user management and multi-display
Overall plan for managing users and login management
Proposal will come from Ronan and Jose on how to manage users. See gerrit 9135
Toyota use cases for Home screen and window manager. Hoshina-san says “Soon” according to Tanikawa-san. Original document probably in Japanese and needs to be translated.
For next meeting- Review proposal from Ronan. Use cases available? System hardening guide in github can be used to document what we want to do here. Jose and Stephane should review before the next meeting.
—-
April 12, 2017
Attendees: Walt, Jose, Stephane, Dominig, Kurokawa, Tanikawa, Matsuzawa, Matsumoto, Jan-Simon
Application Framework
March 29, 2017
Attendees: Walt, Jens, Michael, Tanikawa, Kurokawa, Stephane, Dominig
Application Framework
March 1, 2017
Attendees: Walt, Jens, Hammad, Stephane, Fulup, Tanikawa-san, Ohiwa-san, Dominig, Matsuzawa, Jose
Security Agenda
Application Framework
February 15, 2017
Attendees: Jan-Simon, Stephane, Jens, Fulup, Tanikawa-san, Ohiwa-san, Jose, Dominig
Security Agenda
-
By early next week the last of the content will be included in Github, primarily Doming and Hammad.
Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
Need a tech writer to come in and help clean up english and grammar mistakes.
Update 2/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document.
Update 2/15 - As per the discussion during last weeks F2F, stale categories removed from docs.automotivelinux.org. Remaining sections to be reviewed and updated.
Application Framework
February 1, 2017
Attendees: Walt, Michael, Hammad, Stephane, Jens, Jose, Jan-Simon, Ohiwa
Security Agenda
-
By early next week the last of the content will be included in Github, primarily Doming and Hammad.
Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
Need a tech writer to come in and help clean up english and grammar mistakes.
Update 2/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document.
Application Framework
App FW documentation
Documentation now included in
AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
Update 2/1 - Not started yet.
Window Manager interface for App Framework Discussion
Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week. Update 2/1 - SOW waiting on Dan.
——
January 18, 2017
Attendees: Walt, Jens, Dominig
Security Agenda
-
By early next week the last of the content will be included in Github, primarily Doming and Hammad.
Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
Need a tech writer to come in and help clean up english and grammar mistakes.
Update 12/21 - No reviews really held. Need to wait until after CES. Hammad submitted a pull request with additional content for secure boot/ system hardening that needs to be merged.
Application Framework
App FW documentation
Documentation now included in
AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
Window Manager interface for App Framework Discussion
Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
January 4, 2017
December 21, 2016
Attendees: Walt, Jens, Hammad
Security Agenda
-
By early next week the last of the content will be included in Github, primarily Doming and Hammad.
Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
Need a tech writer to come in and help clean up english and grammar mistakes.
Update 12/21 - No reviews really held. Need to wait until after CES. Hammad submitted a pull request with additional content for secure boot/ system hardening that needs to be merged.
Application Framework
App FW documentation
Documentation now included in
AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
Window Manager interface for App Framework Discussion
Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
Other:
Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Jose created a
Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?
December 7, 2016
Attendees: Walt, Jan-Simon, Jens, Fulup, Dennis, Hammad, Stephane,
Security Agenda
-
By early next week the last of the content will be included in Github, primarily Doming and Hammad.
Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
Need a tech writer to come in and help clean up english and grammar mistakes.
Application Framework
App FW documentation
Documentation now included in
AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
Window Manager interface for App Framework Discussion
Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
Other:
Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Jose created a
Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?
New Business:
November 23, 2016
Attendees: Walt, Stephane, Hammad, Jens, Dominig, Jose
Security Agenda
-
-
Target first draft for steering committee after Nov 16 meeting. At risk. John is proposing to move this to the end of November. Will be addressed during the SC meeting tonight.
John asked if people can add an github issues to keep track of what they are working on so we know what to expect in the next few weeks to get added to the document.
Kernel hardening is one area Irdeto will contribute to. (Hammad)
Dominig can contribute to strategy
Dominig and Jose will look at some existing Tizen documents that could be updated and adapted to AGL.
GENIVI threat analysis?
Application Framework
App FW documentation
Documentation now included in
AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
Window Manager interface for App Framework Discussion
Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
Other:
Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Jose created a
Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?
New Business:
November 9, 2016
Attendees: Walt, Jose, Dominig, Dennis, Stephane, John, Jens, Hammad
Security Agenda
Where did John go? - China and then got sick
Security Blueprint: Next steps and how to get back on track
Action item - Stephane or Jose to enter issues in github to point to existing AGL documents that deal with security issue (e.g. Lessons Learned from Tizen and Security White Paper).
-
-
Target first draft for steering committee after Nov 16 meeting. At risk. John is proposing to move this to the end of November. Will be addressed during the SC meeting tonight.
John asked if people can add an github issues to keep track of what they are working on so we know what to expect in the next few weeks to get added to the document.
Kernel hardening is one area Irdeto will contribute to. (Hammad)
Dominig can contribute to strategy
Dominig and Jose will look at some existing Tizen documents that could be updated and adapted to AGL.
GENIVI threat analysis?
New Business:
Discussion on the mail list and
SPEC-304 needs to come to a decision quickly so we can complete the demo and CC release.
Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Action for Jose to create a Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?
October 26, 2016
Attendees: Walt, Jose, Jens, Kusakabe, Hammad
Notes:
-
Identify what is in scope for AGL recognizing that AGL cannot solve all security issues. John will write the initial version for review at the next meeting. Not complete. John indicated via email that he has been working on it and should have a draft uploaded this week.
Target first draft for steering committee after Nov 16 meeting. At risk
Framework Updates
Looking for feedback from the community on the presentation from Jose on signaling in the App FW. Discussed earlier today during the vehicle signaling discussion. Summarized in the F2F meeting notes.
Feedback at AMM from Murata-san about resource management in the App FW. Jose is starting to look at how this can be accomplished and try to get a demo together by the end of the year. Jose is looking at implementing cgroups for restrictions on resource usage. Will be ready in time for CC release. Namespace usage is also being looked at.
IoT.bzh working with Forgerock on identity and user management Moving forward. Fulup met with them at the GENIVI AMM. Working on something to show at CES.
October 14, 2016
Face to face meeting in Berlin
Attendees: Walt, Michael Fabry (Microchip), Yuichi Kusakabe (Fujitsu Ten), Fulup, Stephane, Doming, Munakata, Tanikawa, Jens, Christian
Notes:
John will send the Irdeto slides from the AMM to Walt to be posted to the event site Done
-
Identify what is in scope for AGL recognizing that AGL cannot solve all security issues. John will write the initial version for review at the next meeting. Not complete
Target first draft for steering committee by Nov 15. At risk
Discussed github usage. For smaller sections we agreed to use “issues” in github to hash through content before moving it to the document itself. Larger changes probably require an issue and a branch for review.
Walt will create an initial set of issues to be looked at for the first draft Done
Automotive Threat Actors/ Adversaries from Phil Wise (ATS) - Walt will contact Phil about putting his draft directly into the document so we start commenting on it there. Phil is ok with us using his document as a starting point. Walt added it to the issues list.
Framework Updates
Looking for feedback from the community on the presentation from Jose on signaling in the App FW. Discussed earlier today during the vehicle signaling discussion. Summarized in the F2F meeting notes.
Feedback at AMM from Murata-san about resource management in the App FW. Jose is starting to look at how this can be accomplished and try to get a demo together by the end of the year. Jose is looking at implementing cgroups for restrictions on resource usage. Will be ready in time for CC release. Namespace usage is also being looked at.
IoT.bzh working with Forgerock on identity and user management Moving forward. Fulup will meeting with them next week at the GENIVI AMM and should more to report at the next meeting
September 28, 2016
Attendees: Walt, John O'Connor (Irdeto), Jose Bollo (IoT.bzh), Michael Fabry (Microchip), Hammad Ahmed (Irdeto), Yuichi Kusakabe (Fujitsu Ten), Ned Miljevic (Wind River), Fulup, Stephane
Agenda
Notes:
John will send the Irdeto slides from the AMM to Walt to be posted to the event site
-
Security Blueprint
Identify what is in scope for AGL recognizing that AGL cannot solve all security issues. John will write the initial version for review at the next meeting.
Target first draft for steering committee by Nov 15.
Discussed github usage. For smaller sections we agreed to use “issues” in github to hash through content before moving it to the document itself. Larger changes probably require an issue and a branch for review.
Walt will create an initial set of issues to be looked at for the first draft
Automotive Threat Actors/ Adversaries from Phil Wise (ATS) - Walt will contact Phil about putting his draft directly into the document so we start commenting on it there.
August 31, 2016
Meeting starts at 04:00 UTC.
August 17, 2016
Meeting starts at 13:00 UTC
August 3, 2016
Meeting starts at 04:00 UTC.
July 20, 2016
Meeting starts at 13:00 UTC. No participants after 15 minutes of waiting.
July 7, 2016
Joint meeting with System Architecture Team. Meeting minutes can be found here.
June 24, 2016
Joint meeting with System Architecture Team. Meeting minutes can be found here.
June 8, 2016
Meeting starts at 04:00 UTC. No else dialed in after 10 minutes.
May 25, 2016
May 11, 2016
Meeting starts at 04:00 UTC. Canceled due to lack of participants.
April 27, 2016
Attendees: Walt, Stephane, Federico, Paul Nichols, Tom Becker, Kusakabe
Discussion:
Review of IoT.bzh Security proposal.
-
Federico (and others) - how does telematics or other non-UI based ECUs fit into this proposal?
Paul - How would core telematics services be protected in a telematics device. Examples include which application(s) are permitted to talk to other ECUs in the system. Which applications may access external connections. From chat window:
"Within interconnected CAN communications, they cannot. I think that is where
the disconnection is. The security I am referring to is accessing certain information
that is part of more premiere telematics service solution. For instance, not all
vehicle owners are going to want to allow all users to access certain location
specific information, geofences, or perform all remote services. That is more of
what I was attempting to referring to. That is going to require thoughts around which
device is connecting or who owns that device. That requires some type of profile
associated with the connecting cellular device. It will not be applicable to OBD2 type
data, but will be applicable for certain telematics services. Hope that makes sense."
March 9, 2016
Attendees:
Discussion:
Determining which sections of the system
spec to update.
Sec 3 Home Screen. Reads more like an application with a large mix of requirements rather than components we could implement.
Sec 4 - Need to carefully define terms in the
spec for the parts of the App FW so we all agree on what each component is.
Window Manager = Wayland Compositor + IVI Shell (Jens)
Feb 25, 2016
Face to face meeting at the All Member Meeting
Attendees:
Fulup ar Foll - IoT.bzh
Hideo Yamashita - Advanced Telematics
Koji Hamasaki - Panasonic
Risto Avila - Qt Company
Ned Miljevic - Wind
Toshihiro Matsumoto - Mentor
Jens Bocklage - Mentor
Ryota Okubi - Toyota
Tukashi Yamamiya - UIEvolution
Ryo Murakami - Fujitsu
Tadao Tanikawa - Panasonic
Stephane Desneux - IoT.bzh
Walt Miner - Linux Foundation
Nobuhiko Taniabata - Denso
* Tool for documentation and requirements : Doors NG
Available here: http://doors.automotivelinux.org/
Post Jira Ticket for Walt or Jan-Simon if issues to connect.
* Communication tools :
dedicated mailing list
JIRA
* Meeting frequency :
once a week, shifted mode
* Every group member should review the AGL 1.0 specification (at least sections 3 & 4.1) and comment/amend the specification where needed.
PDF file available here :
https://www.automotivelinux.org/sites/agl/files/pages/files/agl_spec_v1.0_final_0.pdf
=> deadline for initial review :March, 10th 2016 (or the closest conf date)
=> define use cases / scenario
=> adjustments to be discussed : using ML probably
=> commit the changes : end of march and will occur continuously
* App Framework candidates :
IoT.bzh AppFW – Apache License
Qt AppFW (Pelagicore implementation) – (L?)GPLv3 License
…
* Ask to CIAT EG / LF infra team for evaluation images based on new components pushed to AGL Gerrit