[agl-discussions] Review of Ostro (Intel latest embedded Linux)

Walt Miner wminer at linuxfoundation.org
Mon Apr 25 21:54:56 UTC 2016 

Hi Stephane,
This is a different tangent than the previous thread.  The document alludes
to some preliminary work to combine Ostro with AGL and has a link to the
 AGL BSP Developer kit [1] document. I cannot find anything there about
combining AGL with meta-intel-iot-security. Have you tried to build that
with meta-agl and meta-ivi-common for the Renesas boards?

When you talk about the Security Features you mention that the Ostro App FW
implements many of the features and that it would not be reusable for AGL.
In the discussion that follows it says

Noticeable security features in Ostro could be reused in AGL:

   -

   All non-necessary privileges have been removed
   -

   Only system update service can write to root fs
   -

   Run as non-root if possible (ambient capabilities in systemd 229)
   -

   Permission checks based on Unix group membership

Are these features implemented in the Ostro App FW or in
meta-intel-iot-security or a combination?


Regarding Combo vs. Submodules what I see is in the document and the email
thread is a lot of discussion of solutions, but no description of the
problems were are trying to solve with those solutions. If I take a stab at
the problems we are trying to resolve. I guess we will talk some more about
this at the developer call tomorrow.

Regards,
Walt


[1] http://iot.bzh/en/publications/30-agl2-bsp-devkit


On Tue, Apr 5, 2016 at 12:03 PM, Stephane Desneux <stephane.desneux at iot.bzh>
wrote:

> Hi all,
>
> In order to understand what could be useful for AGL, we made a quick
> analysis of Ostro Project, a new embedded Linux by Intel.
>
> As you may know, Intel published last month a pre-release of their
> latest IoT OS named Ostro OS [1]. As AGL, this OS is based on
> Yocto/Poky/OpenEmbedded and reuses some security mechanisms used in Tizen.
>
> You may find here [2] the document we published: it gives a quick
> analysis of the distribution to determine the models and components that
> could be reused in AGL.
>
> It appears from our review that Intel had few nice ideas that could be
> very useful for AGL: we hope that this will lead to constructive
> discussions in expert groups.
>
> Happy reading !
> Stéphane
>
> [1] https://github.com/ostroproject/ostro-os/releases
> [2] http://iot.bzh/en/publications/31-ostro-project-analysis
> --
> Stephane Desneux - CTO
> stephane.desneux at iot.bzh - www.iot.bzh
> _______________________________________________
> automotive-discussions mailing list
> automotive-discussions at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/automotive-discussions
>



-- 
Walt Miner
Engineering Project Manager
The Linux Foundation
mobile: +1.847.502.7087
skype: vstarwalt

Visit us at:
automotive.linuxfoundation.org
www.linuxfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/automotive-discussions/attachments/20160425/2ec132e7/attachment.html>

More information about the automotive-discussions mailing list