GDP and SOTA May 10 th 2017 Status

GDP and SOTA May 10 th, 2017 | Status and Next Steps Arthur Taylor CTO & Co-Founder, ATS Advanced Telematic Systems Gmb. H

Recent GENIVI Work

aktualizr SOTA Server RVI Server Node sota. genivi. org RVI Protocol rvi_lib GDP 12 Mostly GENIVI-funded development as part of GENIVI Challenge Grant Programme 3 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017 SWLM Recent GENIVI Work - Community OTA Server

Recent GENIVI Work - Community OTA Server Launched server at sota. genivi. org Running on GENIVI infrastructure HTTPS Admin web-interface User Authentication with GENIVI LDAP logins RVI Server Node running - sota. genivi. org: 8801 -8811 Device Authentication using RVI device certificates (x. 509) https: //github. com/genivi/rvi_sota_server 4 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Recent GENIVI Work - Community OTA Server Integrated C++ SOTA Client - aktualizr development kicked-off by ATS in December RVI support with JLR's C-based rvi_lib Using GENIVI SWLM APIs to install software via DBus notifications aktualizr upstreamed to GDP 12 https: //github. com/advancedtelematic/aktualizr 5 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Recent GENIVI Work - Lessons Learned GDP Upstreaming GDP has very high standards for pull requests ATS underestimated the effort to get changes merged GENIVI Software Loading Manager SWLM Po. C packaged for Yocto / GDP by ATS Had to drop some dependencies (GTK+/X 11) RVI Encountered issues with expired development certificates Encountered issues with maximum message size 6 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Recent ATS Work

Recent ATS Work Uptane Implementation of Uptane security framework Connect GENIVI SOTA to ATS implementations of Uptane repositories Uptane Image repository - offline image signing keys Uptane Director repository - online metadata signing keys Extend aktualizr and rvi_sota_client to implement Uptane / TUF APIs 3 rd-party security audit of implementation running on ATS Garage https: //uptane. github. io https: //app. atsgarage. com 8 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Recent ATS Work OSTree, Tree. Hub OSTree support in aktualizr, rvi_sota_client Transactional installation and rollback of full-filesystem updates Automatic delta generation, automatic client-server version negotiation Support for compressed deltas with bsdiff Compatible with standard OSTree tools - ostree admin OSTree integration layer for Yocto builds - meta-updater Tree. Hub server for remote OSTree pull / push OSTree support integrated into AGL https: //ostree. readthedocs. io/ http: //docs. atsgarage. com/start-yocto/adding-ostree-updates-to-your-existing-yocto-project. html http: //docs. atsgarage. com/start-yocto/adding-treehub-updates-to-automotive-grade-linux. html 9 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Recent ATS Work Multi-ECU Update Campaigns that include multiple images / firmwares Addressing / targeting ECUs inside vehicles Distributing software inside vehicles - CAN / UDS, Ethernet / Do. IP Collecting installation reports from bus-connected ECUs Sending signed software manifests back to server 10 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Recent ATS Work Automatic Provisioning Per-account or per-device group provisioning certificate Provisioning certificate bootstraps device-specific x. 509 negotiation Include generic certificate in all images / SD-cards Securely generate and share per-device x. 509 public key for mutual TLS Device Gateway Mutual-TLS endpoint for HTTPS RESTful JSON APIs TLS credential exchanged on the server-side for OAuth 2 token Device never sees OAuth 2 token Possible model for RVI-EG provisioning work? 11 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Roadmap

Roadmap �Implemented �Supported Feature ✕ Not supported � Planned GENIVI SOTA ATS Garage Aktualizr rvi_sota_client End-to-end updates � � RVI transport and Authz/c � ✕ � � Mutual TLS � � LDAP user accounts � ✕ OAuth 2 / Open. ID Connect � ◐ � � OSTree � � Yocto Integration � � � Device Auto-Provisioning � � � TUF Image Repo � � Uptane Director Repo � � Uptane Compliant � � � Multi-ECU / FOTA Updates � � � Static Deltas (various formats) � � � Map data updates � � � 13 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Roadmap Compliance relevant Multi-ECU - Extend SWLM Module Loader API? Uptane - Significant SOTA / SWLM API impact Deltas - Some SOTA / SWLM API impact Map Data - Significant SOTA API impact Compliance Neutral - GDP / User Experience OSTree / Yocto 14 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Longer-term AUTOSAR Adaptive Configuration management / Telecoding Safety critical systems User / Group Management? GDP CI integration? 15 | May 10 th, 2017 | Copyright © GENIVI Alliance 2017

Q&A / Roadmap Discussion

Thank you! Visit GENIVI at http: //www. genivi. org or http: //projects. genivi. org Contact us: help@genivi. org This work is licensed under a Creative Commons Attribution-Share Alike 4. 0 (CC BY-SA 4. 0) GENIVI is a registered trademark of the GENIVI Alliance in the USA and other countries. Copyright © GENIVI Alliance 2017.