Skip to main content
Category

Blog

Open Source Summit North America 2020

By Blog, Events

Session Highlight: Secure Boot and Over-the-Air Updates – That’s Simple, No?

The Civil Infrastructure Platform is thrilled to be sponsoring the Linux Foundations’ OpenSource Summit North America Event. In addition to having a virtual booth, CIP reps will be giving several talks as well as hosting the CIP Mini-Summit.  

On June 30 from 9:30 to 10:20 am CT,  Jan Kiszka with Siemens AG will be giving a talk called, “Secure Boot and Over-the-Air Updates – That’s Simple, No?”  

Check out talk details below and read on to learn how to register for the event. 

Locking down embedded Linux devices via secure boot is almost solved these day. Combining this with rollback-capable over-the-air updates shouldn’t be hard then. But as often, the devil is in the detail. When he comes out, you can easily end up with an insecure system or one that does not update anymore. Or both.

In this talk, we will present patterns and tools for secure OTA system updates that are being developed in the Software Update Workgroup of the Civil Infrastructure Platform project. We will introduce an OTA pattern consisting of redundant update images that are deployed and managed by SWUpdate and switched by a boot loader. We will discuss the options and implication of securing those images, for the boot process as well as the runtime of the images. Then we will walk through UEFI-based secure boot processes, explain shortcomings of commodity boot loaders are and where to use the embedded boot loader EFI Boot Guard instead. Finally, we will also have a look at plain U-Boot-based setups, discuss if its new UEFI mode can help to unify architectures and explain what to do when it is not available.

Register for Open Source Summit NA today to attend this virtual session.

CIP at Open Source Summit + ELC North America 2020

By Blog, Events

Session Highlight: CIP Kernel Team Activities to Accomplish Super Long Term Support

At the end of June, CIP will be participating in many ways at the Linux Foundations’ OpenSource Summit + ELC North America Event. In addition to having a virtual booth, CIP reps will be giving several talks as well as hosting the CIP Mini-Summit.  

On June 29 from 9:30 to 10:20 am CDT,  Masashi Kudo, Cybertrust Japan Co., Ltd. & SZ Lin  (林上智), Moxa Inc. will be presenting “CIP Kernel Team Activities to Accomplish Super Long Term Support” 

Check out talk details below and read on to learn how to register for the event. 

CIP (Civil Infrastructure Platform) project aims to support industrial-grade systems in secure and reliable manners. CIP kernel team was launched in 2016 under CIP to provide and maintain Linux kernel for 10+ years, because life cycles of such industrial-grade systems are very long by their nature.

By steadily releasing SLTS (super long-term support) kernel based on LTS4.4 and LTS4.19, the team has continuously improved the release processes and tools to facilitate the team activities. The team works with LTS and other open source projects to share its findings and contribute outputs. Also, test automation has been strengthened. During the long support period of 10+ years, a large number of minor releases are planned, so the cost reduction effect by test automation will be enormous. Open source tools like “cip-kernel-sec” and “classify-failed-patches” were introduced to track the status of CVEs and to identify patches needed to apply to stable kernel, respectively.

This presentation updates CIP kernel team activities, by featuring collaborative works with LTS , the status of test automation using KernelCI and LAVA, and experiences of using the open source tools.

Register for Open Source Summit NA today to attend this virtual session.

CIP at Open Source Summit North America: Session Preview

By Blog, Events

On June 29- July 2 the Linux Foundation is hosting Open Source Summit North America.  Open Source Summit is a virtual event that connects the open source ecosystem under one roof. It’s a unique environment for cross-collaboration between developers, sysadmins, devops, architects and others who are driving technology forward. bringing together. 

CIP will be participating in many ways at the event including having a virtual booth, several talks by CIP reps as well as hosting the CIP Mini-Summit.  

Find details below on two talks given by Wolfgang Mauerer with Technical University of Applied Sciences Regensburg / Siemens AG. 

Open Source in Research and Reality
June 30, 2020
4:15 pm to 5:05 pm CT

Well-known, large communities and open source projects like the Linux kernel are an often pursued goal of scientific analysis, and questions of interest cover a broad range — core OS design, collaborative software engineering, software architectural questions and community health, to just name a few. However, many research questions are biased towards what can be nicely published, and not on the most pressing problems of projects.

This leads to a gap between what OSS communities need to know, and the insights science can provide. In this (likely opinionated) talk, we discuss this gap from two often opposite sides: As a researcher, the author has never understood why industrial belief in software engineering research seems to often stop at using design patterns, and why industry does not try to benefit more from scientific insight. As an industrial practitioner, the author has never understood why academia would need to tell industrial engineers that have participated in OSS projects for years what they have done, post facto, and why research does not listen more closely to what industry is interested in, and needs to know. We suggest some possibilities to shrink the gap.

Safety, Security, Quality: Artificial Intelligence versus Common Sense
July 1, 2020
3:05 pm to 3:55 pm CT

Embedded Linux is a standard core component of systems deployed in challenging and critical scenarios. Machine learning and statistical techniques are increasingly used to ascertain or even predict various quality properties — the number of open issues to judge reliability or maximum latencies for real-time systems –, or to improve development and maintenance processes: Techniques to automatically select patches for back-porting or to identify security critical fixes have recently been suggested.

While machine learning undoubtedly has its advantages, it is by no means a panacea for solving all engineering issues that have been around for decades, and issues like lack of explainability or over-confident trust in results often cause unease. But it is also unwise to dismiss them just because they differ from traditional engineering approaches.

In this talk, we survey recent uses of ML techniques in OSS systems development and maintenance, address their benefits and disadvantages, and give recommendations on how especially industrial system integrators and solution providers can enjoy the benefits of new ML-based engineering methods without suffering from new problems.

Register for Open Source Summit NA today to attend these sessions.

Civil Infrastructure Platform: The Project at Open Source Summit + Embedded Linux Conference Europe

By Blog

The CIP Project has had an eventful week at the Linux Foundation’s Open Source Summit Europe and Embedded Linux Conference in Lyon, France. In addition to the project’s interactive booth, complete with live demos, the project also had a slew of informative and well-attended talks and hosted a completely sold out mini-summit.

Open source thrives on collaboration, and having this face to face time with the open-source community is so valuable in moving our project forward. Check out below for the details of CIP at OSS EU+ ELC.

CIP at OSS EU. Photos by Masato Minda

The Talks

CIP and CIP members had a combined total of five talks over the three-day event.

With more than 200 people in attendance, “Debian and Yocto Project-Based Long-Term Maintenance Approaches for Embedded Products,” given by Kazuhiro Hayashi, Toshiba & Jan Kiszka, Siemens AG, really struck interest from the OSS EU audience.

Jan Kiszka, Siemens AG and Kazuhiro Hayashi, Toshiba

In this talk, the duo explained the overall build and test setup in their talk about Debian and Yocto-based embedded Linux approaches that satisfy the requirement for 10+ year maintenance in industrial products, specifically around security fixes, reproducible builds, and continuous system updates. 

In their talk, “Open Source Projects to Live Long and Prosper: Linux for Smart Infrastructure and Industry,” Yoshitake Kobayashi, Toshiba Corporation & Urs Gleim, Siemens AG gave an overview of the project and what happened during the last year. Especially the working groups of CIP (on kernel, real-time, core packages, security, and software update) led to great progress in providing a sustainable base for any industrial-grade Linux distribution. 

SZ Lin (林上智), Moxa & Pavel Machek, Denx focused on the long-term maintenance strategy of the kernel in their talk calledActivities of Super Long Term Support Kernel Workgroup in Civil Infrastructure Platform Project.”

Wolfgang Mauerer, Siemens AG, contributed to The List is our Process: An Analysis of the Kernel’s Email-based Development Process. Together with main author Ralf Ramsauer, Technical University of Applied Sciences Regensburg, Sebastian Duda from U Erlangen, and L. Bulwahn from the ELISA project, discussed analysis methods how to track the flow of patches into the kernel, and applied their results to specific subsystems of the Linux kernel. Their work contributes to a reliability analysis of the kernel development and can be used to detect remaining weak spots.

Michael Adler from Siemens AG, and Chris Paterson from Renesas presented “A Guide to CIP and Testing,” where they walked the audience through the CIP testing approach at the Automated Testing Summit. 

The CIP Mini-Summit

For the first time, the CIP project organized a mini-summit, a half-day, single-track event covering Linux-based industrial open source systems. With this event, CIP  gathered those interested in open source to provide technical details and in-depth insights to further develop the industrial-grade CIP base layer which is built on the work of established and stable work from the likes of Debian, Yocto Project, Real-Time Linux.  The sold-out event included topics such as 

  • The State of Civil Infrastructure Platform
  • CIP SLTS kernel development (e.g. Patch management for collaboration with stable kernel team)
  • Security in industrial systems and its future
  • Safe software updates for industrial IoT devices
  • Use cases of the CIP open source base layer

The CIP Booth

In addition to great content in the form of talks and sessions, the CIP community also interacted with hundreds of attendees in the CIP booth in the Sponsor Showcase. Within the booth, both Plat’Home and Toshiba demoed their technologies which are built on CIP.

CIP booth at OSS EU

Civil Infrastructure Platform to Host Mini-Summit at Open Source Summit Europe

By Blog

This October, the Civil Infrastructure Platform will be hosting a half-day Mini-Summit, colocated with the Linux Foundation’s Open Source Summit Europe (OSSEU), taking place in Lyon, France.

The CIP Mini-Summit is a half-day, single-track event covering Linux-based industrial open source systems. The event takes place on October 31st from 8:00 – 13:00 at the Lyon Convention Centre.

With this event, CIP hopes to gather all interested in open source and provide technical details and in-depth insights that will further develop the industrial-grade CIP base layer which is built on the work of established and stable work from the likes of Debian, Yocto, RT Linux.  This event is an opportunity to meet and collaborate face to face while advancing CIP’s goal of establishing an open-source “base layer” of industrial-grade software to enable the use and implementation in infrastructure projects of software building blocks that meet the safety, reliability and other requirements of industrial and civil infrastructure. Use cases for this base layer include power plants, radar systems, traffic lights, dams, weather systems and more. 

The day will be jam-packed with topics, including:

  • The State of Civil Infrastructure Platform
  • CIP SLTS kernel development (e.g. Patch management for collaboration with stable kernel team)
  • Security in industrial systems and its future
  • Safe software updates for industrial IoT devices
  • Use cases of the CIP open source base layer
  • CIP testing activities will be presented at the Automated Testing Summit, which CIP is a proud sponsor of.

To attend, guests attending OSS EU can register here for a nominal fee of $10 USD.

In addition to The CIP Mini-Summit, CIP is also sponsoring Embedded Linux Conference (ELC-E) as a Gold Sponsor and will be exhibiting on the showroom floor. Stay tuned for details about hands-on demos we’ll be displaying on site!

Embedded Linux Conference Europe takes place from Mon, Oct 28, 2019 – Wed, Oct 30, 2019  is the leading conference for developers, architects, and other technologists – as well as open source community and industry leaders – to collaborate, share information, learn about the latest technologies and gain a competitive advantage by using innovative open solutions. Over 2,000 will gather for ELC-E in 2019.

CIP is focused on IEC 62443 for cyber security measures of IACS

By Blog

By Kento Yoshida, CIP security working group member and Senior staff engineer of MPU Product Department, Enterprise Infrastructure Business Division at Renesas Electronics Corporation

The threat of cyber-attacks is growing. With the evolution of IoT, the targets of cyber-attacks are changing from information assets to Industrial Automation and Control System (IACS). Serious damage such as operation stops and the destruction of components are occurring.

In order to deal with evolving cyber attacks, all layers that make up an IACS, such as system services and component functions, in addition to operational layer must be kept secure. For this reason the IEC 62443 series is attracting attention as the de facto cyber security standard for all layers of IACS.

The Civil Infrastructure Platform (“CIP”), the open source project hosted at the Linux Foundation which intends to create reusable building blocks that meet requirements of industrial and civil infrastructure, places great importance on the IEC 62443 series.

Additionally, CIP  supports the adoption of IEC 62443 across the entire industry and are working to roll out solutions as soon as possible as part of an all-out effort to support users’ effort to acquire certification through the newly established CIP security working group.

As a first step to making the industry more secure our working group actively supports suppliers of industrial products so that they can certify using the IEC 62443-4-2 standard, now.

Suppliers will be efficiently able to develop security functions which conform to the IEC 62443-4-2 standard using an open source “base layer” of industrial grade software provided by our activities to reduce development cost, difficulty and uncertainty.

 Currently, we are in the process of completing the investigation of the security functions required for certification and selecting component packages to realize them.

The investigation we conducted showed that more than half of the functionality needed to achieve security level 3 (SL-3) of IEC-62443-4-2 in embedded or network devices can be realized on our platform including our reference hardware.

This high coverage shows that Linux has continued to provide effective and practical features to the industry to date. We are very pleased with this result. And we hope that many industrial-grade software suppliers adopt our open source base layer with high coverage for SL-3 as a development platform for their application.

For more details, visit the CIP security working group wiki page and learn more about our activities. Furthermore, we will present the concept and goal of our activities at the CIP booth at the upcoming Open Source Summit Japan 2019 in Tokyo from July 17 – 19.  If you have any interest in our activities, we hope to see you at the venue.

Renesas RZ/G2M-96CE board adopted as Arm64 reference board for the next CIP SLTS Kernel

By Blog

Today, the Civil Infrastructure Platform (CIP) Project is debuting the Renesas RZ/G2M-96CE board, based on the Arm 64-bit architecture, at Embedded Linux Conference. It is the first-ever using Arm 64-bit architecture that the CIP project will support.

The CIP project aims to support the reference hardware in the project’s Super Long Term Support (SLTS) Linux Kernels and minimal reference filesystem, CIP Core. Testing of the reference hardware will be done using CIP’s customised kernelci and LAVA instances and B@D. This makes it easy for software developers to make the most of the software developed by CIP and allows them to quickly and easily develop industrial applications.

The RZ/G2M-96CE board is based on the Linaro 96boards extended consumer specification. This design allows for rapid prototyping for application, kernel and hardware engineers.  The RZ/G2M-96CE board development kits will be available Q1 2019.

RZ/G2M-96CE board Block Diagram (Preliminary*) includes:

The RZ/G2M-96CE joins the current list of CIP-supported embedded hardware including:

  • RZ/G1M iWave Qseven Development Kit (Armv7)
  • AM335x Beaglebone Black (Armv7)
  • QEMU x86_64

CIP will be showing a selection of the reference hardware, including the RZ/G2M-96CE board, at their booth at the Embedded Linux Conference Europe 2018. Stop by to learn more about the project. For additional information about how Renesas is providing the solutions using CIP kernel on the RZ/G2M-96CE board, please visit here for details.

CIP Member Spotlight: Cybertrust

By Blog

The Civil Infrastructure Platform (CIP) project aims to speed implementation of Linux-based civil infrastructure systems, build upon existing open source foundations and expertise, establish de facto standards by providing a base layer reference implementation, and contribute to and influence upstream projects regarding industrial needs. CIP is driven by some of the world’s leading manufacturers of civil infrastructure systems and industry leaders including Cybertrust, Codethink, Hitachi, Plat’Home, Renesas, Siemens, Moxa and Toshiba.

This spotlight series highlights CIP members and how they are contributing to open source software solutions that will benefit the world’s technical systems. Today, we highlight our newest member Cybertrust Japan, Co., Ltd. in a conversation with Tatsuo Ito, Vice President, CTO and Principal Evangelist.

What does your company do?

Cybertrust is a company that supplies enterprise Linux operating systems, advances its commitment to building secure and reliable embedded equipment and systems. We enable customers to build and manage highly secured IT infrastructures.

Our business portfolio covers Linux and Open Source Software Businesses,  Authentication Businesses, and Security and IoT Businesses. With more than 17 years of development experience of Linux OS, we have a proven track record of building mission critical systems and offering super long support in both server and embedded areas.

Why is your company investing in an open source “base layer” of industrial grade software?

We have a lot of experienced engineers in open source, Linux, embedded systems and employ multiple Linux kernel maintainers. As a Linux distributor, we are committed to making the base layer that supports embedded system foundations more robust and secure. By investing in the base layer, we can supply more secure enterprise Linux operating systems and build more reliable embedded equipment and systems.

Why did your company join CIP?

As a measure against a wide range of springboard attacks, the Bipartisan Legislation was introduced to improve security of IoT devices last summer in the U.S. This requires devices that are purchased by the U.S. government to meet certain minimum security requirements, such as patchable capability to fix security holes. Users also are reaching consensus that embedded devices are not over when they are made, and that they have to be supported definitely, which has resulted in a bigger demand from them for super long-term support (SLTS).

Unlike server systems, platforms for embedded systems vary user-by-user, and are customized for each user. This increases costs and generates resource issues to realize SLTS for both users and platform vendors. CIP aims to achieve SLTS in tandem by a community, not by one company alone. We agreed with the objective, and decided to join the CIP.

How are you currently active in CIP?

We will contribute to step up the level of long-term support and to make it sustainable, which would lead to the safety and security of society as a whole.

Cybertrust is active in CIP by:

  • Contributing to the maintenance of the SLTS kernel in the direction that a Cybertrust member will take over the CIP kernel maintainer
  • Responding to the Spectre/Meltdown issues for LTS4.4/CIP SLTS (under way)
  • Promoting CIP to  our customers/partners or at commercial events
  • Recruiting new CIP members

How are you going to use the software?

As a new member of CIP, we’re excited to go all in. We will be using the open source industrial grade software, such as CIP SLTS kernel and CIP Core, as the foundation for our distro for embedded systems. With CIP’s new collaboration with Debian LTS, we will also use that to complete various use cases.

What benefits have you seen or what do you expect to achieve?

CIP members have the expertise and work together diligently on the same goal of creating an open source framework that is secure and reliable on a global scale. We believe that together, we can address these critical issues.

Where do you see civil infrastructure systems in 20 years?

The embedded infrastructure that supports social infrastructure will cover wider and deeper towards the advancement of IoT, the improvement of convenience by smart city, and the safe and secure society against natural disasters and environmental changes.

Key Learnings at OSS Japan

By Blog

Written by Yoshitake Kobayashi, Chair of the CIP TSC and Senior Manager of Open Source Technology Department at Toshiba 

On June 20-22, more than 1,000 technologists and open source industry leaders attended Open Source Summit Japan and Automotive Linux Summit 2018 in Tokyo. The attendees came from organizations both big and small from 45 countries around the globe. In fact, attendees from overseas increase from 28% last year to 33% this year – making this a true international conference.

The Linux Foundation shared the results of the post-event survey – of attendees surveyed, more than 55% were attending for the first time this year, underscoring the ever-expanding interest and participation in the open source ecosystem. The survey also showcased the fact that around 87% of attendees only attend three or fewer conferences a year, making Open Source Summit Japan and Automotive Linux Summit a valuable place to connect with this audience.

CIP, a Silver Sponsor of the conference, was very active in the event. We kicked off the conference with several face-to-face meetings for the Technical Steering Committee and the Governing Board to discuss the roadmap, security, the new partnership with  Debian Long Term Support activities and welcoming Cybertrust as a new Silver Member. You can see the announcement here.

Dan Cauchy, Executive Director for Automotive Grade Linux, gave a keynote speech about the state of the alliance and mentioned CIP as a key partner in collaboration to make safer systems. AGL and CIP work together Functional Safety. You can see his presentation here.

Additionally, several CIP leaders gave presentations. I gave a presentation about how CIP has progressed since its launch two years ago with the CIP SLTS kernel, Real time Linux, Board at desk (CIP Testing), CIP Core and what’s ahead with collaboration with other open source project like Debian and EdgeX Foundry. You can view the presentation here.

Agustín Benito Bethencourt, Principal Consultant at CodeThink and active CIP TSC member, shared a technical summary that discussed Long Term Support (LTS) the 4.4 Linux kernel, the extensive testing the kernel goes through and the impact of all the technical activity that increases long term maintenance. In total, around 100 people attended the CIP-related sessions led by myself and Agustin.

Additionally, CIP member Wolfgang Mauerer, provided best practices and guidelines for embedded Linux quality assurance to around 50 attendees. He shared tips designing and running automated statistical tests that capture relevant information, how to properly evaluate the resulting data and common mistakes in over-interpreting statistical results and predictions.

In addition to technical content provided these industry visionaries, OSS Japan and ALS  hosted a bustling showcase featuring sponsor booths with interactive demos. The CIP booth had demos from Hitachi, Renesas and Plat’Home and CIP-branded Legos that were a hit with attendees.

Nearly 95% of this year’s attendees visited sponsor booths, and hundreds of attendees participated in the evening booth crawl, time dedicated exclusively to attendee-sponsor interaction, and a lot of them stopped by our booth to discuss our project and make their own CIP Lego man. In fact, we’ve now adopted him into the project and he’s the official CIP mascot!

Additionally, a Long Term Support Initiative (LTSI) workshop was held at the conference with about 50 people. I did a lightning talk to explain all of the CIP activities for LTS and CIP SLTS. The discussion made two things clear: collaboration and education are the keys to maintain the stable kernel. CIP believes this as a fact, which is why we launched a CIP kernel team. Nevertheless, the workshop was great and really helped instill a positive camaraderie for long term support – not just for CIP but all projects and industries like automotive and IoT.

In addition to attending the conference, the CIP project team had time for a little fun….

If you missed CIP at OSS Summit Japan, don’t worry, you’ll have another chance. Come visit us at Open Source Summit Europe, which will be co-located with Embedded Linux Conference and OpenIoT Summit! More details to come…

CIP Member Spotlight: Hitachi

By Blog

The Civil Infrastructure Platform (CIP) project aims to speed implementation of Linux-based civil infrastructure systems, build upon existing open source foundations and expertise, establish de facto standards by providing a base layer reference implementation, and contribute to and influence upstream projects regarding industrial needs. CIP is driven by some of the world’s leading manufacturers of civil infrastructure systems and industry leaders including Cybertrust, Codethink, Hitachi, Plat’Home, Renesas, Siemens, Moxa and Toshiba.

This spotlight series highlights CIP members and how they are contributing to open source software solutions that will benefit the world’s technical systems. Today, we highlight Hitachi in a conversation with Hidehiro Kawai, Researcher.

What does your company do and what is your role? 
Hitachi is a global company that provides solutions and products in a variety of fields, including electric power, transportation, IT, etc. for more than 100 years.  Our main mission is to create a better society by social innovation.  We have good knowledge of IT and OT (operational technology) for many fields, competitive products, and digital solutions powered by AI or machine learning.  Closer collaboration with customers and our technologies will realize the social innovation.

As a researcher for Hitachi, my role is to develop an industrial grade open platform which supports our innovations. Specifically, I’m working to develop a software-based fault tolerant system for civil infrastructures which requires high availability, integrity and robustness.

Why is your company investing in an open source “base layer” of industrial grade software?  
An open platform and open source technology will become a key factor to making things innovative in the IT industry and civil infrastructure systems.  Sharing efforts for a non-competitive “base layer” will accelerate our innovation. Currently, systems are becoming more open and flexible to incorporate new valuable technologies. For example, global businesses are working with more open source technologies to maximize trends with IoT, edge computing and more.

Why did your company join CIP? Can you provide a use case scenario? 
The best part of open source software is that anyone can inspect, modify, and enhance. But even with continuous updating it is not easy to keep this software reliable and secure for more than 10 years. This is where CIP comes in. We thought it would be better if we joined the CIP project and shared this effort among other industry leaders.

The CIP framework would be suitable for IoT controllers which requires real-time processing, super long-term support, flexibility, security and connectivity – all, which be provided by CIP.

How are you currently active in CIP?

As a Platinum member, Hitachi is active on the Governing Board as well as the Technical Steering Committee (TSC). I am the representative for TSC and share CIP requirements, issues and updates among the Hitachi group. This helps Hitachi understand CIP’s progress and mission as well as helps make CIP’s activities more effective.

What benefits have you seen or what do you expect to achieve? 
Though it may take several years to get a return on our investment from CIP, we believe that it is important to keep contributing to CIP. In order to ensure the safety and security for the civil infrastructure platform, we need to keep working with OSS and develop long term support for more than 10 years.

Recently, CIP has put a focus on security and is considering to provide a framework or tools to assist and comply with security standards like IEC 62443. This is a huge milestone and, once we’ve achieved this, all CIP members and contributors will get see benefits.

Where do you see civil infrastructure systems in 20 years? 
I am amazed at how innovation moves so quickly. In 20 years, I think most of our life will be automated or assisted by AI. In fact, AI will be rooted in open source technology and collaboration with contributors and projects who will provide tons of data. I think we may even see a day where AI maintains the CIP kernels!