User Tools

Site Tools


eg-app-fw:meetings

Meetings Notes for AGL Application Framework and Security Team

Meetings of the App Framework and Security EG are held every other Wednesday. Meeting time is 14:00 UTC. The upcoming schedule can be found below.

Conference Information:

1. Join https://global.gotomeeting.com/join/324926029

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

[EG-AppFW] Weekly Call

Please join my meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/324926029

You can also dial in using your phone.

Access Code: 324-926-029

Australia: +61 2 8355 1020 Austria: +43 7 2081 5427
Belgium: +32 28 08 4368 Canada (Toll Free): 1 888 455 1389
Canada: +1 (647) 497-9353 Denmark: +45 69 91 89 28
Finland: +358 942 59 7850 France: +33 170 950 594
Germany: +49 692 5736 7317 India (Toll Free): 18002669272
Ireland: +353 15 360 728 Italy: +39 0 247 92 13 01
Japan (Toll Free): 0 120 663 800 Korea, Republic of (Toll Free): 0806150880
Netherlands: +31 208 080 219 New Zealand: +64 9 280 6302
Norway: +47 75 80 32 07 Spain: +34 911 82 9906
Sweden: +46 852 500 186 Switzerland: +41 435 0167 13
United Kingdom: +44 330 221 0088 United States (Toll Free): 1 877 568 4106
United States: +1 (646) 749-3129

Joining from a video-conferencing room or system? Dial: 67.217.95.2##324926029 Cisco devices: 324926029@67.217.95.2

First GoToMeeting? Let's do a quick system check: https://link.gotomeeting.com/system-check

Access Code: 324-926-029
Audio PIN: Shown after joining the meeting


December 19, 2018

Attendees: Upcoming Meeting

December 5, 2018

Attendees: Walt, Jan-Simon, Ohiwa, Sebastien, Kusakabe, Lorenzo, Dominig, Jose

  • Adding Window Manager and Home Screen services to App FW EG. The F2F meeting in Yokohama is addressing these topics this week.
    • Update from Ohiwa-san:
      • See latest status in SPEC-1932
      • Waltham in progress being debugged with ADIT. May use a workaround for CES.
      • Good progress being made on the split screen apps
      • CES Demo #3 integration will continue next week in Yokohama
      • Confirmed shipping arrangements for demo to Las Vegas. Walt will order steering wheel.
  • Refactor libwindowmanger and libhomescreen (Lorenzo and Abhijeet)
    • SPEC-1871 and SPEC-1920 - progressing. Need to discuss comments in SPEC-1920 with Mitsunari-san. Will send an email to him to attend the SAT call tomorrow.

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
      • 8/29 - SDK basically ready for FF except release branch builds
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
    • 8/28 - Jose has three patches that can be built to get the system running as a non-root user. Need guidelines for how to configure users, which services can run with root privileges, etc. Set a goal of having draft guidelines and a summary of what is done in other systems for the September 26 meeting of the EG.
    • 9/26 - Jose will add to GG as a build option so others can start debugging their services. Sebastien and Jose will put together a plan for getting this done by RC1. They will also send out a description of what App FW features will be added in the GG build.
    • 11/21 - Not ready for GG due to competing priorities.
    • 12/5 - Email from George on this topic. Jose has mic problems. Will discuss during SAT call.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs agreement of events/states for app lifecycle.
      • 8/28 - Becoming more apparent that this is needed for GG. Tanikawa working on this. Will add to the F2F meeting agenda for discussion.

New:

November 21, 2018

Attendees: Walt, Sebastien, Abhijeet, Loic, Lorenzo, Stephane, Supriya, Ohiwa, Kurokawa

  • Adding Window Manager and Home Screen services to App FW EG. The F2F meeting in Yokohama is addressing these topics this week.
    • Update from Ohiwa-san:
      • Waltham in progress, being debugged. May be ready at the end of November
      • Currently split screen on display is the same size. They are making a change to allow the split window sizing to change via swipe. Challenging task! Being developed by Toyota
      • CES Demo #3 integration continuing at Toyota office and they will provide a weekly update
      • Will get a complete readout after the Yokohama F2F meeting
  • Refactor libwindowmanger and libhomescreen (Lorenzo and Abhijeet)
    • SPEC-1871 and SPEC-1920 - progressing. Probably another two weeks of work.

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
      • 8/29 - SDK basically ready for FF except release branch builds
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
    • 8/28 - Jose has three patches that can be built to get the system running as a non-root user. Need guidelines for how to configure users, which services can run with root privileges, etc. Set a goal of having draft guidelines and a summary of what is done in other systems for the September 26 meeting of the EG.
    • 9/26 - Jose will add to GG as a build option so others can start debugging their services. Sebastien and Jose will put together a plan for getting this done by RC1. They will also send out a description of what App FW features will be added in the GG build.
    • 11/21 - Not ready for GG due to competing priorities.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs agreement of events/states for app lifecycle.
      • 8/28 - Becoming more apparent that this is needed for GG. Tanikawa working on this. Will add to the F2F meeting agenda for discussion.

New:

November 7, 2018

Attendees: Walt, Sebastien, Stephane, Loic, Ohiwa, Jose

  • Adding Window Manager and Home Screen services to App FW EG. The F2F meeting in Yokohama is addressing these topics this week.
    • Update from Ohiwa-san:
      • Waltham in progress, being debugged. May be ready at the end of November
      • Currently split screen on display is the same size. They are making a change to allow the split window sizing to change via swipe. Challenging task! Being developed by Toyota
      • CES Demo #3 integration continuing at Toyota office and they will provide a weekly update
      • Will get a complete readout after the Yokohama F2F meeting

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
    • 8/1 - Nothing new to report
    • 8/29 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
      • 8/29 - SDK basically ready for FF except release branch builds
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
    • 8/1 - meta-agl-lg still needs some fixes/adaptations
    • 8/29 - Sebastien has demo running on eel/ M3. FF not working due to current home screen issues in FF.
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
    • 8/28 - Jose has three patches that can be built to get the system running as a non-root user. Need guidelines for how to configure users, which services can run with root privileges, etc. Set a goal of having draft guidelines and a summary of what is done in other systems for the September 26 meeting of the EG.
    • 9/26 - Jose will add to GG as a build option so others can start debugging their services. Sebastien and Jose will put together a plan for getting this done by RC1. They will also send out a description of what App FW features will be added in the GG build.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs agreement of events/states for app lifecycle.
      • 8/28 - Becoming more apparent that this is needed for GG. Tanikawa working on this. Will add to the F2F meeting agenda for discussion.
  • App FW vs. HMI FW split
  • Surface management
    • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
      • 8/1: runxdg working again
      • 8/28 - Zhang made some patches that ended up getting reverted for FF. Need a major revisit of this topic for GG.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
    • 8/1 - no update
    • 8/28 - no update

New:

October 10, 2018

Attendees: Walt

Meeting canceled due to lack of attendance.

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
    • 8/1 - Nothing new to report
    • 8/29 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
      • 8/29 - SDK basically ready for FF except release branch builds
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
    • 8/1 - meta-agl-lg still needs some fixes/adaptations
    • 8/29 - Sebastien has demo running on eel/ M3. FF not working due to current home screen issues in FF.
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
    • 8/28 - Jose has three patches that can be built to get the system running as a non-root user. Need guidelines for how to configure users, which services can run with root privileges, etc. Set a goal of having draft guidelines and a summary of what is done in other systems for the September 26 meeting of the EG.
    • 9/26 - Jose will add to GG as a build option so others can start debugging their services. Sebastien and Jose will put together a plan for getting this done by RC1. They will also send out a description of what App FW features will be added in the GG build.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs agreement of events/states for app lifecycle.
      • 8/28 - Becoming more apparent that this is needed for GG. Tanikawa working on this. Will add to the F2F meeting agenda for discussion.
  • App FW vs. HMI FW split
  • Surface management
    • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
      • 8/1: runxdg working again
      • 8/28 - Zhang made some patches that ended up getting reverted for FF. Need a major revisit of this topic for GG.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
    • 8/1 - no update
    • 8/28 - no update

New:

September 26, 2018

Attendees: Walt, Stephane, Jose

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
    • 8/1 - Nothing new to report
    • 8/29 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
      • 8/29 - SDK basically ready for FF except release branch builds
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
    • 8/1 - meta-agl-lg still needs some fixes/adaptations
    • 8/29 - Sebastien has demo running on eel/ M3. FF not working due to current home screen issues in FF.
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
    • 8/28 - Jose has three patches that can be built to get the system running as a non-root user. Need guidelines for how to configure users, which services can run with root privileges, etc. Set a goal of having draft guidelines and a summary of what is done in other systems for the September 26 meeting of the EG.
    • 9/26 - Jose will add to GG as a build option so others can start debugging their services. Sebastien and Jose will put together a plan for getting this done by RC1. They will also send out a description of what App FW features will be added in the GG build.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs agreement of events/states for app lifecycle.
      • 8/28 - Becoming more apparent that this is needed for GG. Tanikawa working on this. Will add to the F2F meeting agenda for discussion.
  • App FW vs. HMI FW split
  • Surface management
    • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
      • 8/1: runxdg working again
      • 8/28 - Zhang made some patches that ended up getting reverted for FF. Need a major revisit of this topic for GG.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
    • 8/1 - no update
    • 8/28 - no update

New:

September 12, 2018

See Santa Clara F2F Meeting for details.

August 29, 2018

Attendees: Walt, Jan-Simon, Sebastien, Stephane, Jose

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
    • 8/1 - Nothing new to report
    • 8/29 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
      • 8/29 - SDK basically ready for FF except release branch builds
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
    • 8/1 - meta-agl-lg still needs some fixes/adaptations
    • 8/29 - Sebastien has demo running on eel/ M3. FF not working due to current home screen issues in FF.
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
    • 8/28 - Jose has three patches that can be built to get the system running as a non-root user. Need guidelines for how to configure users, which services can run with root privileges, etc. Set a goal of having draft guidelines and a summary of what is done in other systems for the September 26 meeting of the EG.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs agreement of events/states for app lifecycle.
      • 8/28 - Becoming more apparent that this is needed for GG. Tanikawa working on this. Will add to the F2F meeting agenda for discussion.
  • App FW vs. HMI FW split
  • Surface management
    • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
      • 8/1: runxdg working again
      • 8/28 - Zhang made some patches that ended up getting reverted for FF. Need a major revisit of this topic for GG.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
    • 8/1 - no update
    • 8/28 - no update
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, Thierry

New:

  • SPEC-1230 reopened - re-install app does not update cynara privileges.
    • Jose investigating. Trying to get a fix for RC5

August 16, 2018

Attendees: Walt, Jan-Simon, Scott, Sebastien, Fulup, Romain

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
    • 8/1 - Nothing new to report
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
  • API v3.0 - planned for FF
    • 7/4 - API v3.0 went into RC1. Some bugs to be fixed by Jose.
    • 8/1 - doc update pending (migration guide v2→v3)
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
    • 8/1 - meta-agl-lg still needs some fixes/adaptations
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs aggreement of events/states for app lifecycle.
    • App FW vs. HMI FW split
    • Surface management
      • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
        • 8/1: runxdg working again
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
    • 8/1 - no update
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, Thierry

New:

Aug 1, 2018

Attendees: Jan-Simon, Stephane, Momiyama-san

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
    • 8/1 - Nothing new to report
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • 8/1 No update
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report
  • 8/1 - No update. Walt to ping Denso.

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
      • 8/1 - gerrit part solved, ci builds solved, release branch builds not yet done
  • API v3.0 - planned for FF
    • 7/4 - API v3.0 went into RC1. Some bugs to be fixed by Jose.
    • 8/1 - doc update pending (migration guide v2→v3)
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
    • 8/1 - meta-agl-lg still needs some fixes/adaptations
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
    • 8/1 - Working towards it.
  • Other topics
    • Application Life Cycle
      • 8/1 - there's a jira on OOM (new facebook oomd), there's lifecycle discussion for apps (see gfx thread, Tanikawa-san), put on list to check for GG, needs aggreement of events/states for app lifecycle.
    • App FW vs. HMI FW split
    • Surface management
      • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
        • 8/1: runxdg working again
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
    • 8/1 - no update
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, Thierry

New:

July 18, 2018

Attendees: Walt, Jan-Simon, Sebastien, Stephane, Jose

* Roadmap for 2018 can be found here.

  • Continued roadmap review. Added GG priority list.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
    • 7/18 - Nothing to report
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
      • 7/18 - Working on adding XDS client to gerrit/ CI
  • API v3.0 - planned for FF
    • 7/4 - API v3.0 went into RC1. Some bugs to be fixed by Jose.
  • Chromium and Web App Runtime from LG and Igalia
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
  • Not running as root.
    • 7/4 - On hold. Need to review whether we can get this into GG.
  • Other topics
    • Application Life Cycle
    • App FW vs. HMI FW split
    • Surface management
      • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, Thierry

New:

July 4, 2018

Attendees: Walt, Jan-Simon, Tanikawa, Stephane, Jose, Sebastien

  • Roadmap for 2018 can be found here.
    • Starting to review for features that were completed in FF, what will be done in GG, and any features for 2019.
    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.
    • 1/31
    • 2/14 - No comments received.
    • 3/28 - Eli's comments were sent to the mail list for review.
    • 4/25 - In progress. Pull request was done by Vincent. Some open issues remain. See https://github.com/automotive-grade-linux/docs-agl/issues/112
    • 5/23 - Pull request merged. Old version still appears on the doc site. Sebastien will send an email to the mail proposing to remove it. Will remove it after next meeting if there is no dissent. Will request the Virtualization EG to update section 3. A list of updates needed are in the TODO Notes section.
    • 6/6 - Since there was no dissent about removing the old version we will remove it ASAP. SPEC-1502. Jira tickets created for the rest of the ToDo list in the document.
    • 7/4 - Old version needs to be removed. ToDo list is progressing.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
    • 7/4 - Nothing to report
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
  • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)
  • 5/23 - Need to get this moving.
  • 6/6 - Nothing to report
  • 7/4 - Nothing to report

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 3/28 - Sebastien working on monitoring and supervision for Karlsruhe meeting.
      • 4/25 - In progress
      • ptest(-wrapper) for CI, developer local run, diagnostics in production5/23 - XDS 1.1.1 released. SPEC-1361 in progress for publishing XDS packages. Next step is Sebastien's. XDS 2.0.0 still on target for ALS.
      • 6/6 - XDS 2.0.0 - Stephane will present a video with a demo use case at ALS. Software be published in time for ALS (consider it an alpha release, not bug free, but can be tried out).
      • 7/4 - Stephane's demo of the monitoring at ALS went well. Sebastien and Jan-Simon worked on aligning the versioning of XDS with the rest of AGL. XDS 2.0.0 is now 6.0.0.
  • API v3.0 - planned for FF
    • Dynamic API, binder/API discovery
    • 3/28 - Features will be discussed in Karlsruhe in detail. What is the plan to deprecate API v2.0 once 3.0 is available? Thought is that one year of overlap will be sufficient. To be discussed further in Karlsruhe.
    • 4/25 - In progress. Should see something pushed to gerrit by the next meeting of EG.
    • 5/23 - In progress and under test by Jose. API v3.0 should be ready for RC1.
    • 6/6 - Jose will be ready to push in time for RC1 with documentation and stabilization updates to follow.
    • 7/4 - API v3.0 went into RC1. Some bugs to be fixed by Jose.
  • Chromium and Web App Runtime from LG and Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
    • 3/28 - Need to work out a plan with Igalia and LG for web apps based on their discussions at the AMM.
    • 4/25 - Steve L. - LG SVL porting web app runtime (WAM) and Chromium from WebOS OSE to AGL this week. WebOS OSE + Daring Dab + Chromium 53. Goal is to have web app up and running on AGL this week. Background: WebOS has been running web apps LG TVs since 2013, and was first created in 2008 for WebOS phones and tablets from HP/Palm. WebOS was first open-sourced by HP in 2012; LG released WebOS OSE just after the AMM in February.
      • Stephane showed Chromium Embedded Framework (CEF), but to avoid confusion: CEF is not relevant to the current WebOS OSE AGL effort.
      • Steve ran across an email thread from Dominig email and another email from Tizen days regarding Crosswalk, Web App, security and process model issues that were being looked at by Tizen. WebOS already addresses many of these concerns in televisions.
      • Follow up technical meeting at 10 am PDT/ 7 pm CET.
    • 5/23 - LG will be at the F2F in Lorient in two weeks.
    • 6/6 - LG will arrive in Lorient tomorrow.
    • 7/4 - F2F meeting Santa Clara in Sep. Engaging Igalia to support.
  • Not running as root.
    • 3/28 - Work in progress. Kernel patches from Tizen BSPs are needed and Jose and is trying to get those upstream in a single place in the kernel.
    • 4/25 - Work is on standby. Patch merged in gerrit to enable this. Jose needs to test.
    • 5/23 - Still on standby. Probably not ready for FF. Still a lot of testing to do and we do not want to risk breaking FF with this change.
    • 6/6 - On hold.
    • 7/4 - On hold. Need to review whether we can get this into GG.
  • Other topics
    • Application Life Cycle
    • App FW vs. HMI FW split
    • Surface management
      • Making surfaces available to services such as navigation so that map is service available to native and HTML5 apps.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
    • 7/4 - SPEC-1018 (restructure of folders) on hold
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, Thierry

New:

June 20, 2018

Canceled due to Automotive Linux Summit.

June 6, 2018

Attendees: Walt, Jan-Simon, Sebastien, Stephane, Jose

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.
    • 1/31
    • 2/14 - No comments received.
    • 3/28 - Eli's comments were sent to the mail list for review.
    • 4/25 - In progress. Pull request was done by Vincent. Some open issues remain. See https://github.com/automotive-grade-linux/docs-agl/issues/112
    • 5/23 - Pull request merged. Old version still appears on the doc site. Sebastien will send an email to the mail proposing to remove it. Will remove it after next meeting if there is no dissent. Will request the Virtualization EG to update section 3. A list of updates needed are in the TODO Notes section.
    • 6/6 - Since there was no dissent about removing the old version we will remove it ASAP. SPEC-1502. Jira tickets created for the rest of the ToDo list in the document.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
    • 6/6 - Nothing to report.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 3/28 - Sebastien working on monitoring and supervision for Karlsruhe meeting.
      • 4/25 - In progress
      • 5/23 - XDS 1.1.1 released. SPEC-1361 in progress for publishing XDS packages. Next step is Sebastien's. XDS 2.0.0 still on target for ALS.
      • 6/6 - XDS 2.0.0 - Stephane will present a video with a demo use case at ALS. Software be published in time for ALS (consider it an alpha release, not bug free, but can be tried out).
  • API v3.0 - planned for FF
    • Dynamic API, binder/API discovery
    • 3/28 - Features will be discussed in Karlsruhe in detail. What is the plan to deprecate API v2.0 once 3.0 is available? Thought is that one year of overlap will be sufficient. To be discussed further in Karlsruhe.
    • 4/25 - In progress. Should see something pushed to gerrit by the next meeting of EG.
    • 5/23 - In progress and under test by Jose. API v3.0 should be ready for RC1.
    • 6/6 - Jose will be ready to push in time for RC1 with documentation and stabilization updates to follow.
  • Chromium and Web App Runtime from LG and Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
    • 3/28 - Need to work out a plan with Igalia and LG for web apps based on their discussions at the AMM.
    • 4/25 - Steve L. - LG SVL porting web app runtime (WAM) and Chromium from WebOS OSE to AGL this week. WebOS OSE + Daring Dab + Chromium 53. Goal is to have web app up and running on AGL this week. Background: WebOS has been running web apps LG TVs since 2013, and was first created in 2008 for WebOS phones and tablets from HP/Palm. WebOS was first open-sourced by HP in 2012; LG released WebOS OSE just after the AMM in February.
      • Stephane showed Chromium Embedded Framework (CEF), but to avoid confusion: CEF is not relevant to the current WebOS OSE AGL effort.
      • Steve ran across an email thread from Dominig email and another email from Tizen days regarding Crosswalk, Web App, security and process model issues that were being looked at by Tizen. WebOS already addresses many of these concerns in televisions.
      • Follow up technical meeting at 10 am PDT/ 7 pm CET.
    • 5/23 - LG will be at the F2F in Lorient in two weeks.
    • 6/6 - LG will arrive in Lorient tomorrow.
  • Not running as root.
    • 3/28 - Work in progress. Kernel patches from Tizen BSPs are needed and Jose and is trying to get those upstream in a single place in the kernel.
    • 4/25 - Work is on standby. Patch merged in gerrit to enable this. Jose needs to test.
    • 5/23 - Still on standby. Probably not ready for FF. Still a lot of testing to do and we do not want to risk breaking FF with this change.
    • 6/6 - On hold.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).
      • 2/14 - SPEC-1018 in progress
      • 4/25 - SPEC-1018 on hold.
      • 5/23 - SPEC-1018 on hold.
      • 6/6 - SPEC-1018 on hold.
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, New guy from IoT.bzh (Thierry)

New:

May 23, 2018

Attendees: Walt, Jan-Simon, Tanikawa, Kurokawa, Sebastien, Jose

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.
    • 1/31
    • 2/14 - No comments received.
    • 3/28 - Eli's comments were sent to the mail list for review.
    • 4/25 - In progress. Pull request was done by Vincent. Some open issues remain. See https://github.com/automotive-grade-linux/docs-agl/issues/112
    • 5/23 - Pull request merged. Old version still appears on the doc site. Sebastien will send an email to the mail proposing to remove it. Will remove it after next meeting if there is no dissent. Will request the Virtualization EG to update section 3. A list of updates needed are in the TODO Notes section.

SafeRide proposal

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
    • 5/23 - Nothing to report.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting

Application Framework

  • SDK
    • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
      • Monitoring integration
      • Improved development cycle (based on partial Widget installation) (Update 5/25 - May be deferred past ALS)
      • First step to support package manager for SDKs (Yomo) (Update 5/25 - May be deferred past ALS)
      • Bug fixes
      • 3/28 - Sebastien working on monitoring and supervision for Karlsruhe meeting.
      • 4/25 - In progress
      • 5/23 - XDS 1.1.1 released. SPEC-1361 in progress for publishing XDS packages. Next step is Sebastien's. XDS 2.0.0 still on target for ALS.
  • API v3.0 - planned for FF
    • Dynamic API, binder/API discovery
    • 3/28 - Features will be discussed in Karlsruhe in detail. What is the plan to deprecate API v2.0 once 3.0 is available? Thought is that one year of overlap will be sufficient. To be discussed further in Karlsruhe.
    • 4/25 - In progress. Should see something pushed to gerrit by the next meeting of EG.
    • 5/23 - In progress and under test by Jose. API v3.0 should be ready for RC1.
  • Chromium and Web App Runtime from LG and Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
    • 3/28 - Need to work out a plan with Igalia and LG for web apps based on their discussions at the AMM.
    • 4/25 - Steve L. - LG SVL porting web app runtime (WAM) and Chromium from WebOS OSE to AGL this week. WebOS OSE + Daring Dab + Chromium 53. Goal is to have web app up and running on AGL this week. Background: WebOS has been running web apps LG TVs since 2013, and was first created in 2008 for WebOS phones and tablets from HP/Palm. WebOS was first open-sourced by HP in 2012; LG released WebOS OSE just after the AMM in February.
      • Stephane showed Chromium Embedded Framework (CEF), but to avoid confusion: CEF is not relevant to the current WebOS OSE AGL effort.
      • Steve ran across an email thread from Dominig email and another email from Tizen days regarding Crosswalk, Web App, security and process model issues that were being looked at by Tizen. WebOS already addresses many of these concerns in televisions.
      • Follow up technical meeting at 10 am PDT/ 7 pm CET.
    • 5/23 - LG will be at the F2F in Lorient in two weeks.
  • Not running as root.
    • 3/28 - Work in progress. Kernel patches from Tizen BSPs are needed and Jose and is trying to get those upstream in a single place in the kernel.
    • 4/25 - Work is on standby. Patch merged in gerrit to enable this. Jose needs to test.
    • 5/23 - Still on standby. Probably not ready for FF. Still a lot of testing to do and we do not want to risk breaking FF with this change.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).
      • 2/14 - SPEC-1018 in progress
      • 4/25 - SPEC-1018 on hold.
      • 5/23 - SPEC-1018 on hold.
  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, New guy from IoT.bzh (Thierry)

New:

May 9, 2018

Attendees:Upcoming Meeting

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting

Application Framework

  • SDK
    • XDS v1.1.0 in progress - targeted release date: AMM (2018 February 20th)
      • Board console/terminal integration within XDS dashboard
      • Documentation improvement of debug section
      • Bug fixes
    • 2/14 - On track to be available next week.
    • 3/28 - Now available. Action item for Jan-Simon (SPEC-1361) to make XDS source packages available on the download server.
    • 4/25 - SPEC-1361 in progress.
  • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
    • Monitoring integration
    • Improved development cycle (based on partial Widget installation)
    • First step to support package manager for SDKs (Yomo)
    • Bug fixes
    • 3/28 - Sebastien working on monitoring and supervision for Karlsruhe meeting.
    • 4/25 - In progress
  • API v3.0 - planned for FF
    • Dynamic API, binder/API discovery
    • 3/28 - Features will be discussed in Karlsruhe in detail. What is the plan to deprecate API v2.0 once 3.0 is available? Thought is that one year of overlap will be sufficient. To be discussed further in Karlsruhe.
    • 4/25 - In progress. Should see something pushed to gerrit by the next meeting of EG.
  • Chromium and Web App Runtime from LG and Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
    • 3/28 - Need to work out a plan with Igalia and LG for web apps based on their discussions at the AMM.
    • 4/25 - Steve L. - LG SVL porting web app runtime (WAM) and Chromium from WebOS OSE to AGL this week. WebOS OSE + Daring Dab + Chromium 53. Goal is to have web app up and running on AGL this week. Background: WebOS has been running web apps LG TVs since 2013, and was first created in 2008 for WebOS phones and tablets from HP/Palm. WebOS was first open-sourced by HP in 2012; LG released WebOS OSE just after the AMM in February.
      • Stephane showed Chromium Embedded Framework (CEF), but to avoid confusion: CEF is not relevant to the current WebOS OSE AGL effort.
      • Steve ran across an email thread from Dominig email and another email from Tizen days regarding Crosswalk, Web App, security and process model issues that were being looked at by Tizen. WebOS already addresses many of these concerns in televisions.
      • Follow up technical meeting at 10 am PDT/ 7 pm CET.
  • Not running as root.
    • 3/28 - Work in progress. Kernel patches from Tizen BSPs are needed and Jose and is trying to get those upstream in a single place in the kernel.
    • 4/25 - Work is on standby. Patch merged in gerrit to enable this. Jose needs to test.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).
      • 2/14 - SPEC-1018 in progress
      • 4/25 - SPEC-1018 on hold.

New:

  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, New guy from IoT.bzh (Thierry)

April 25, 2018

Attendees: Walt, Jan-Simon, Steve L., Sebastien, Stephane, Sebastien, Tanikawa, Michael, Jose

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopp about getting them accepted.
    • 4/25 - Discussions in progress between Oliver and Oshri.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update
    • 1/3 - No update
    • 1/17 - No update
    • 1/31 - No update
    • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)

Application Framework

  • SDK
    • XDS v1.1.0 in progress - targeted release date: AMM (2018 February 20th)
      • Board console/terminal integration within XDS dashboard
      • Documentation improvement of debug section
      • Bug fixes
    • 2/14 - On track to be available next week.
    • 3/28 - Now available. Action item for Jan-Simon (SPEC-1361) to make XDS source packages available on the download server.
    • 4/25 - SPEC-1361 in progress.
  • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
    • Monitoring integration
    • Improved development cycle (based on partial Widget installation)
    • First step to support package manager for SDKs (Yomo)
    • Bug fixes
    • 3/28 - Sebastien working on monitoring and supervision for Karlsruhe meeting.
    • 4/25 - In progress
  • API v3.0 - planned for FF
    • Dynamic API, binder/API discovery
    • 3/28 - Features will be discussed in Karlsruhe in detail. What is the plan to deprecate API v2.0 once 3.0 is available? Thought is that one year of overlap will be sufficient. To be discussed further in Karlsruhe.
    • 4/25 - In progress. Should see something pushed to gerrit by the next meeting of EG.
  • Chromium and Web App Runtime from LG and Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
    • 3/28 - Need to work out a plan with Igalia and LG for web apps based on their discussions at the AMM.
    • 4/25 - Steve L. - LG SVL porting web app runtime (WAM) and Chromium from WebOS OSE to AGL this week. WebOS OSE + Daring Dab + Chromium 53. Goal is to have web app up and running on AGL this week. Background: WebOS has been running web apps LG TVs since 2013, and was first created in 2008 for WebOS phones and tablets from HP/Palm. WebOS was first open-sourced by HP in 2012; LG released WebOS OSE just after the AMM in February.
      • Stephane showed Chromium Embedded Framework (CEF), but to avoid confusion: CEF is not relevant to the current WebOS OSE AGL effort.
      • Steve ran across an email thread from Dominig email and another email from Tizen days regarding Crosswalk, Web App, security and process model issues that were being looked at by Tizen. WebOS already addresses many of these concerns in televisions.
      • Follow up technical meeting at 10 am PDT/ 7 pm CET.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
    • 1/3 - Jose working on evaluation. Maybe done by end of January.
    • 1/31 - Jose is working on security layer updates as part of the uprev to rocko. Middle of next week per dev call yesterday. Also evaluation of Tizen 4.0 (SPEC-763) was completed. See Jira for results. Summary is that there is nothing much we can use from Tizen 4.0 since we have diverged a bit from their approach. Possibly can use Integrated Network Enforcement from Tizen 4.0.
    • 2/14 - Jose has the new security layer building for rocko. Testing in progress.
    • 3/28 - New security layer (meta-security) is merged as part of the update to rocko, but there is an issue with ptest.
    • 4/25 - ptest issue resolved. Can close this issue.
  • Not running as root.
    • 3/28 - Work in progress. Kernel patches from Tizen BSPs are needed and Jose and is trying to get those upstream in a single place in the kernel.
    • 4/25 - Work is on standby. Patch merged in gerrit to enable this. Jose needs to test.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).
      • 2/14 - SPEC-1018 in progress
      • 4/25 - SPEC-1018 on hold.

New:

  • Code reviewers for EG: Jose, ask Dominig, Need someone focused on security, Tanikawa or someone else from Japan, New guy from IoT.bzh (Thierry)

March 28, 2018

Attendees: Walt, Stephane, Dominig, Jose, Sebastien, Eli

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.
    • 1/31
    • 2/14 - No comments received.
    • 3/28 - Eli's comments were sent to the mail list for review.

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
    • 3/28 - Oshri pushed the patches to gerrit. Need to get them accepted upstream in the kernel. He has been communicating with Oliver Hartkopf about getting them accepted.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update
    • 1/3 - No update
    • 1/17 - No update
    • 1/31 - No update
    • 3/28 - Need to get a copy of the Denso presentation from the AMM so we can review it. Also should take a look at FASTR ( Future of Automotive Security Technology Research)

Application Framework

  • SDK
    • XDS v1.1.0 in progress - targeted release date: AMM (2018 February 20th)
      • Board console/terminal integration within XDS dashboard
      • Documentation improvement of debug section
      • Bug fixes
    • 2/14 - On track to be available next week.
    • 3/28 - Now available. Action item for Jan-Simon to make XDS source packages available on the download server.
  • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
    • Monitoring integration
    • Improved development cycle (based on partial Widget installation)
    • First step to support package manager for SDKs (Yomo)
    • Bug fixes
    • 3/28 - Sebastien working on monitoring and supervision for Karlsruhe meeting.
  • API v3.0 - planned for FF
    • Dynamic API, binder/API discovery
    • 3/28 - Features will be discussed in Karlsruhe in detail. What is the plan to deprecate API v2.0 once 3.0 is available? Thought is that one year of overlap will be sufficient. To be discussed further in Karlsruhe.
  • Chromium from Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
    • 3/28 - Need to work out a plan with Igalia and LG for web apps based on their discussions at the AMM.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
    • 1/3 - Jose working on evaluation. Maybe done by end of January.
    • 1/31 - Jose is working on security layer updates as part of the uprev to rocko. Middle of next week per dev call yesterday. Also evaluation of Tizen 4.0 (SPEC-763) was completed. See Jira for results. Summary is that there is nothing much we can use from Tizen 4.0 since we have diverged a bit from their approach. Possibly can use Integrated Network Enforcement from Tizen 4.0.
    • 2/14 - Jose has the new security layer building for rocko. Testing in progress.
    • 3/28 - New security layer (meta-security) is merged as part of the update to rocko, but there is an issue with ptest.
  • Not running as root.
    • 3/28 - Work in progress. Kernel patches from Tizen BSPs are needed and Jose and is trying to get those upstream in a single place in the kernel.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).
      • 2/14 - SPEC-1018 in progress

New:

February 14, 2018

Attendees: Walt, Sebastien, Oshri, Stephane, Evgeniy

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.
    • 1/31
    • 2/14 - No comments received.

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • 2/14 - Oshri started discussing how to add his code to the AGL baseline with Jan-Simon. Oshri plans to push the first patch by the end of the week.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update
    • 1/3 - No update
    • 1/17 - No update
    • 1/31 - No update

Application Framework

  • SDK
    • XDS v1.1.0 in progress - targeted release date: AMM (2018 February 20th)
      • Board console/terminal integration within XDS dashboard
      • Documentation improvement of debug section
      • Bug fixes
    • 2/14 - On track to be available next week.
  • XDS v2.0.0 - targeted release date: ALS (2018 June 20th)
    • Monitoring integration
    • Improved development cycle (based on partial Widget installation)
    • First step to support package manager for SDKs (Yomo)
    • Bug fixes
  • Chromium from Igalia
    • 2/14 - Silvia will be at the AMM next week to discuss schedule and roadmap from Igalia. Need to discuss
      • Chromium for HTML5 apps and how to get that integrated into AGL.
      • Chromium browser and app support for all reference boards
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
    • 1/3 - Jose working on evaluation. Maybe done by end of January.
    • 1/31 - Jose is working on security layer updates as part of the uprev to rocko. Middle of next week per dev call yesterday. Also evaluation of Tizen 4.0 (SPEC-763) was completed. See Jira for results. Summary is that there is nothing much we can use from Tizen 4.0 since we have diverged a bit from their approach. Possibly can use Integrated Network Enforcement from Tizen 4.0.
    • 2/14 - Jose has the new security layer building for rocko. Testing in progress.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).
      • 2/14 - SPEC-1018 in progress

New:

January 31, 2018

Attendees: Walt, Jan-Simon, Sebastien, Eli

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.
    • 1/31

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
    • 11/22 - No update
    • 12/6 - No update
    • 12/21 - No update
    • 1/3 - Nothing to report. SafeRide will be at CES next week.
    • 1/17 - Oshri was at CES and said that they will be upstreaming their code soon.
    • 1/31 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update
    • 1/3 - No update
    • 1/17 - No update
    • 1/31 - No update

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
        • SPEC-1132 - Move the code from IoT.bzh github to AGL gerrit
          • 12/6 - In progress
          • 1/3 - New repos created. Migration in progress. Discussed SPEC-1147 and release of XDS for Eel. Sebastien to reply to Walt's latest comment and create a new task for the final XDS release.
          • 1/31 - XDS source code is now in Gerrit. Sebastien working with Jan-Simon to build XDS in Jenkins. Sebastien will send an email with high level XDS features planned for 2018 to be added to the roadmap.
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
    • 11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
      • Build and run Chromium as an app available for Intel, Renesas, and other platforms
      • Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
      • Enable Qt-WebEngine for EE?
    • 12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
    • 12/21 - No update. Waiting for latest updates on XDG launcher from Tanikawa-san
    • 1/3 - Chromium running on full surface of the screen. Some issues with XDG launcher.
    • 1/31 - XDG launcher works ok on the eel branch. Need to check if this got ported to master.
  • Window Manager interface for App Framework Discussion
    • 12/6 - Tanikawa working on XDG proxy for EE/ CES. Hopefully ready for next week's integration session. Stephane asked about user management to switch home screen look and feel based on the current user and whether that is included in the EE homescreen. Need to check next week in Yokohama.
    • 1/3 - SPEC-1086 needs to be addressed. Surface is not released in the window manager when the app dies.
    • 1/31 - SPEC-1086 closed. Merged for eel and master.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
    • 1/3 - Jose working on evaluation. Maybe done by end of January.
    • 1/31 - Jose is working on security layer updates as part of the uprev to rocko. Middle of next week per dev call yesterday. Also evaluation of Tizen 4.0 (SPEC-763) was completed. See Jira for results. Summary is that there is nothing much we can use from Tizen 4.0 since we have diverged a bit from their approach. Possibly can use Integrated Network Enforcement from Tizen 4.0.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
      • 1/31 - Settled on restructure of the folders for the repository (SPEC-1018).

New:

January 17, 2018

Attendees: Walt, Jan-Simon, Sebastien, Ronan, Dominig, Jose

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update
    • 1/17
      • No comments received. Most likely due to CES.

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
    • 11/22 - No update
    • 12/6 - No update
    • 12/21 - No update
    • 1/3 - Nothing to report. SafeRide will be at CES next week.
    • 1/17 - Oshri was at CES and said that they will be upstreaming their code soon.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update
    • 1/3 - No update
    • 1/17 - No update

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
        • SPEC-1132 - Move the code from IoT.bzh github to AGL gerrit
          • 12/6 - In progress
          • 1/3 - New repos created. Migration in progress. Discussed SPEC-1147 and release of XDS for Eel. Sebastien to reply to Walt's latest comment and create a new task for the final XDS release.
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
    • 11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
      • Build and run Chromium as an app available for Intel, Renesas, and other platforms
      • Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
      • Enable Qt-WebEngine for EE?
    • 12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
    • 12/21 - No update. Waiting for latest updates on XDG launcher from Tanikawa-san
    • 1/3 - Chromium running on full surface of the screen. Some issues with XDG launcher.
  • Window Manager interface for App Framework Discussion
    • 12/6 - Tanikawa working on XDG proxy for EE/ CES. Hopefully ready for next week's integration session. Stephane asked about user management to switch home screen look and feel based on the current user and whether that is included in the EE homescreen. Need to check next week in Yokohama.
    • 1/3 - SPEC-1086 needs to be addressed. Surface is not released in the window manager when the app dies.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
    • 1/3 - Jose working on evaluation. Maybe done by end of January.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
  • API instances (was namespaces). API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
    • 11/8 - No update
    • 11/22 - SPEC-1020 - 4A is using a version of dynamic APIs already (dynapi). Will be available globally, Jose needs to update the documentation.
    • 12/6 - No update
    • 12/21 - No update. Should be API “instances” instead of a traditional namespace problem since we resolved using a dynamic API model.
    • 1/2 - No update.
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
    • 11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
    • 12/6 - On hold
    • 12/21 - On hold for FF. Jose's patch was merged upstream in systemd.
    • 1/3 - Issue (SPEC-940) Closed.

New:

  • Roadmap for 2018
    • Need to come to next meeting with FF and GG plans
    • Security workflow. Now that we have the building blocks in place, turn on security and put in place a mechanism for developers to sign applications, load them.
    • Define the list of privileges we are going to enforce in the security model.
    • Running apps not as root/ multi-user
    • Distinction between platform services (e.g., nfc, telephone) and user services that run inside a user context (e.g., media player and lightmedia scanner)
    • Changes necessary at binder level for V2C
    • Application signing and installation mechanism
    • Secure applications running on a remote device such as mobile phone or tablet that are rendered on the IVI system.
    • Improved Developer workflow for debugging apps including
      • Round trip download/debug/fix/download apps.
      • Supervision daemon for apps and services for development mode. Allows a developers to have a central place monitor IPC in real time. Builds on the current monitor service that is available for binders. Extends its availability to startup and allows more general monitoring without requiring detailed knowledge of what is available in a specific binder. Current version only allows a single binder to be monitored. This would allow monitoring across binders.
  • Task manager app to allow developers to see what tasks/process are running in an app. Allow for killing apps.
    • Review AGL spec 1.0 to determine what requirements are there for managing home screen and apps. Something like iphone where a double-tap on home button allows swiping up of apps to kill them.
  • Introduce resource widgets to share content/ resources across multiple apps.
  • App Launcher for web apps and strategy for managing code that can be downloaded on the fly by HTML5
  • App Framework API and strategy to stop non-privilege apps that are currently in the background (e.g., SIGTERM). Do those apps save their state so they can restart quickly?
  • App Framework binder communications shall be able to manage return from sleep mode.
  • Connection glitches in multi-ECU system shall be properly handled.

January 3, 2018

Attendees: Walt, Stephane, Sebastien, Vincent, Dominig, Jose

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.
    • 1/3
      • No update

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
    • 11/22 - No update
    • 12/6 - No update
    • 12/21 - No update
    • 1/3 - Nothing to report. SafeRide will be at CES next week.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update
    • 1/3 - No update

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
        • SPEC-1132 - Move the code from IoT.bzh github to AGL gerrit
          • 12/6 - In progress
          • 1/3 - New repos created. Migration in progress. Discussed SPEC-1147 and release of XDS for Eel. Sebastien to reply to Walt's latest comment and create a new task for the final XDS release.
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
    • 11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
      • Build and run Chromium as an app available for Intel, Renesas, and other platforms
      • Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
      • Enable Qt-WebEngine for EE?
    • 12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
    • 12/21 - No update. Waiting for latest updates on XDG launcher from Tanikawa-san
    • 1/3 - Chromium running on full surface of the screen. Some issues with XDG launcher.
  • Window Manager interface for App Framework Discussion
    • 12/6 - Tanikawa working on XDG proxy for EE/ CES. Hopefully ready for next week's integration session. Stephane asked about user management to switch home screen look and feel based on the current user and whether that is included in the EE homescreen. Need to check next week in Yokohama.
    • 1/3 - SPEC-1086 needs to be addressed. Surface is not released in the window manager when the app dies.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
    • 1/3 - Jose working on evaluation. Maybe done by end of January.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1018.
      • 1/3 - SPEC-1018 in progress. Would be nice to have the ability to download via a package manager from the target as well. Need to be able to verify the certificates and signatures of the apps being downloaded.
  • API instances (was namespaces). API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
    • 11/8 - No update
    • 11/22 - SPEC-1020 - 4A is using a version of dynamic APIs already (dynapi). Will be available globally, Jose needs to update the documentation.
    • 12/6 - No update
    • 12/21 - No update. Should be API “instances” instead of a traditional namespace problem since we resolved using a dynamic API model.
    • 1/2 - No update.
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
    • 11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
    • 12/6 - On hold
    • 12/21 - On hold for FF. Jose's patch was merged upstream in systemd.
    • 1/3 - Issue (SPEC-940) Closed.

New:

  • Roadmap for 2018
    • Need to come to next meeting with FF and GG plans
    • Security workflow. Now that we have the building blocks in place, turn on security and put in place a mechanism for developers to sign applications, load them.
    • Define the list of privileges we are going to enforce in the security model.
    • Running apps not as root/ multi-user
    • Distinction between platform services (e.g., nfc, telephone) and user services that run inside a user context (e.g., media player and lightmedia scanner)
    • Changes necessary at binder level for V2C
    • Application signing and installation mechanism
    • Secure applications running on a remote device such as mobile phone or tablet that are rendered on the IVI system.
    • Improved Developer workflow for debugging apps including
      • Round trip download/debug/fix/download apps.
      • Supervision daemon for apps and services for development mode. Allows a developers to have a central place monitor IPC in real time. Builds on the current monitor service that is available for binders. Extends its availability to startup and allows more general monitoring without requiring detailed knowledge of what is available in a specific binder. Current version only allows a single binder to be monitored. This would allow monitoring across binders.
  • Task manager app to allow developers to see what tasks/process are running in an app. Allow for killing apps.
    • Review AGL spec 1.0 to determine what requirements are there for managing home screen and apps. Something like iphone where a double-tap on home button allows swiping up of apps to kill them.
  • Introduce resource widgets to share content/ resources across multiple apps.

December 20, 2017

Attendees: Walt, Stephane, Sebastien, Jose, Loic, Vincent

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).
    • 12/21
      • Only a few comments received on the document so we will postpone the review until the new year. Will send an email reminding people to review the document.

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
    • 11/22 - No update
    • 12/6 - No update
    • 12/21 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
        • SPEC-1132 - Move the code from IoT.bzh github to AGL gerrit
          • 12/6 - In progress
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
    • 11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
      • Build and run Chromium as an app available for Intel, Renesas, and other platforms
      • Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
      • Enable Qt-WebEngine for EE?
    • 12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
    • 12/21 - No update. Waiting for latest updates on XDG launcher from Tanikawa-san
  • Window Manager interface for App Framework Discussion
    • 12/6 - Tanikawa working on XDG proxy for EE/ CES. Hopefully ready for next week's integration session. Stephane asked about user management to switch home screen look and feel based on the current user and whether that is included in the EE homescreen. Need to check next week in Yokohama.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
    • 12/21 - On hold
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
    • 12/21 Folders now work SPEC-1018). Waiting on a full build for all apps for Eel. Need to populate the dab folder with the dab apps on the dab branch. SPEC-1019.
      • Comment from Stephane to reorganize the folder structure to allow for easier download by branch or by boards, etc. Will add a suggested folder structure to SPEC-1019
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
    • 11/8 - No update
    • 11/22 - SPEC-1020 - 4A is using a version of dynamic APIs already (dynapi). Will be available globally, Jose needs to update the documentation.
    • 12/6 - No update
    • 12/21 - No update. Should be API “instances” instead of a traditional namespace problem since we resolved using a dynamic API model.
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
    • 11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
    • 12/6 - On hold
    • 12/21 - On hold for FF. Jose's patch was merged upstream in systemd.

New:

  • Roadmap for 2018
    • Need to come to next meeting with FF and GG plans
    • Security workflow. Now that we have the building blocks in place, turn on security and put in place a mechanism for developers to sign applications, load them.
    • Running apps not as root/ multi-user
    • Distinction between platform services (e.g., nfc, telephone) and user services that run inside a user context (e.g., media player and lightmedia scanner)
    • Changes necessary at binder level for V2C
    • Application signing and installation mechanism
    • Secure applications running on a remote device such as mobile phone or tablet that are rendered on the IVI system.

December 6, 2017

Attendees: Walt, Stephane, Michael, Sebastien, Vincent, Jose

    • 11/22
      • Eli sending comments on the system hardening section to the mail list or on github directly.
      • IoT.bzh reviewing the document and has a proposal for some restructuring. The Application Security section is need of an update.
      • Jan-Simon found some inconsistencies between the hardening guide and the current kernel configuration. See comments in https://github.com/automotive-grade-linux/docs-agl/pull/28
    • 12/6
      • Eli still working on his comments
      • Sebastien and Vincent completed a rework of the Security Blueprint based on the latest code. They published a pdf to the mail list. Will add to github in a new directory later today. Walt will reply to their email with a request to review the document and add comments to github before the next EG meeting (Dec 20).

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
    • 11/22 - No update
    • 12/6 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update
    • 12/6 - No update

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
        • SPEC-1132 - Move the code from IoT.bzh github to AGL gerrit
          • 12/6 - In progress
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
    • 11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
      • Build and run Chromium as an app available for Intel, Renesas, and other platforms
      • Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
      • Enable Qt-WebEngine for EE?
    • 12/6 - Waiting for some feedback from Igalia (Maksim) on how they want to proceed. They are envisioning everything as part of the platform built in Yocto, but that is not the current proposal that AGL would like to pursue.
  • Window Manager interface for App Framework Discussion
    • 12/6 - Tanikawa working on XDG proxy for EE/ CES. Hopefully ready for next week's integration session. Stephane asked about user management to switch home screen look and feel based on the current user and whether that is included in the EE homescreen. Need to check next week in Yokohama.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Jose to evaluate Tizen 4.0 security to see what they have done (SPEC-763)
    • Update 12/6 - On hold
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
    • 12/6 - Need to check with Jan-Simon
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
    • 11/8 - No update
    • 11/22 - SPEC-1020 - 4A is using a version of dynamic APIs already (dynapi). Will be available globally, Jose needs to update the documentation.
    • 12/6 - No update
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
    • 11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.
    • 12/6 - On hold

New:

  • Roadmap for 2018
    • Need to come to next meeting with FF and GG plans
    • Security workflow. Now that we have the building blocks in place, turn on security and put in place a mechanism for developers to sign applications, load them.

November 22, 2017

Attendees: Walt, Jan-Simon, Eli, Stephane, Sebastien, Jose

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
    • 11/22 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
    • Update 11/22 - No update

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
        • SPEC-1132 - Move the code from IoT.bzh github to AGL gerrit
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
    • 11/22 - Reviewed email from Maksim about Igalia's plans for Chromium. Goals for Chromium
      • Build and run Chromium as an app available for Intel, Renesas, and other platforms
      • Build and run web engine in platform or as an app depending on the profile/device need for multiple platforms
      • Enable Qt-WebEngine for EE?
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
      • Update 9/13 - New version of the proposal delivered prior to Yokohama f2f. First drop of code is planned for end of September. Demo and presentation planned for Dresden AMM.
      • Update 9/27 - Received email from Mentor that they are ready to push window manager, homescreen, and sound manager to gerrit. We will create a distro feature to enable the new home screen and leave the old homescreen as the default until we know the new one is working properly.
      • Update 10/11 - Changes being merged to master for EE RC1.
      • Update 11/8 - Updates merged into RC2. See dev call for more information.
      • Update 11/22 - Will discuss further in SAT call tomorrow.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
    • Update 9/13 - need to get an update from Dominig
    • Update 9/27 - Nothing to report.
    • Update 10/11 - Jose checking Tizen 4.0 security to see what they have done and had been waiting for pyro settle down.
    • Update 11/8 - No update.
    • Update 11/22 - No update
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
    • 11/22 - No update. Need to add Eel folder as well.
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.
    • 9/13 - Not started.
    • 9/27 - Not started. Jose on vacation.
    • 10/11 - Not started. See above.
    • 11/1 - Not started.
    • 11/9 - Not started
    • 11/22 - No update.
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
    • 11/8 - No update
    • 11/22 - SPEC-1020 - 4A is using a version of dynamic APIs already (dynapi). Will be available globally, Jose needs to update the documentation.
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.
    • 11/22 - Jose did a little investigation and this creates a dynamic user that is intended to be disposable which is not our requirement. He submitted a patch to systemd which was accepted for a future version of systemd. Will need to do some backporting for FF when we change to multi-user.

New:

November 8, 2017

Attendees: Walt, Sebastien,

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 9/27 - Jose has to review application security. Discussed the current status of the Security Blueprint. Walt to add a session on Friday of the AMM to discuss security.

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
    • 11/8 - No update
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
    • Update 11/8 - No update
  • WPA2 issue (KRACK) - waiting for Yocto, but we will investigate a backport on our own. SPEC-1017
    • 11/8 - Closed. Fixed on Dab and on master branches.

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC2
      • XDS - will be released by the end of the year
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
    • 11/8 - No update
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
      • Update 9/13 - New version of the proposal delivered prior to Yokohama f2f. First drop of code is planned for end of September. Demo and presentation planned for Dresden AMM.
      • Update 9/27 - Received email from Mentor that they are ready to push window manager, homescreen, and sound manager to gerrit. We will create a distro feature to enable the new home screen and leave the old homescreen as the default until we know the new one is working properly.
      • Update 10/11 - Changes being merged to master for EE RC1.
      • Update 11/8 - Updates merged into RC2. See dev call for more information.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
    • Update 9/13 - need to get an update from Dominig
    • Update 9/27 - Nothing to report.
    • Update 10/11 - Jose checking Tizen 4.0 security to see what they have done and had been waiting for pyro settle down.
    • Update 11/8 - No update.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
    • 11/8 - No update
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.
    • 9/13 - Not started.
    • 9/27 - Not started. Jose on vacation.
    • 10/11 - Not started. See above.
    • 11/1 - Not started.
    • 11/9 - Not started
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
    • 11/8 - No update
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.

New:


November 1, 2017

Attendees: Walt, Jan-Simon, Dennis, Oshri, Tanikawa, Tiejun Chen

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 9/27 - Jose has to review application security. Discussed the current status of the Security Blueprint. Walt to add a session on Friday of the AMM to discuss security.

Notes from Dresden Meeting.

  • Oshri Yahav of Saferide.io made a proposal about security. saferide_open_source_project.pdf
    • Update 11/1 - Discussed how Oshri can make the code available in gerrit for AGL. Will take about one month to have the code available. Source will be in github.
  • Discussed the process for security issues in AGL code
    • Walt will clean out the existing EG-Security mail list so we can make use of this as a private discussion mechanism.
    • Create a new Jira project for security issues visible to members of the EG.
    • Create a process for accepting applications to and vetting access to the mail list and Jira.
    • Review at next EG meeting
    • Update 11/1 - Walt to get this done this week.
  • WPA2 issue (KRACK) - waiting for Yocto, but we will investigate a backport on our own. SPEC-1017

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC1
      • Need AFB-Genskel (genskel native) added to the SDK for EE (SPEC-941)
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
      • Update 9/13 - New version of the proposal delivered prior to Yokohama f2f. First drop of code is planned for end of September. Demo and presentation planned for Dresden AMM.
      • Update 9/27 - Received email from Mentor that they are ready to push window manager, homescreen, and sound manager to gerrit. We will create a distro feature to enable the new home screen and leave the old homescreen as the default until we know the new one is working properly.
      • Update 10/11 - Changes being merged to master for EE RC1.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
    • Update 9/13 - need to get an update from Dominig
    • Update 9/27 - Nothing to report.
    • Update 10/11 - Jose checking Tizen 4.0 security to see what they have done and had been waiting for pyro settle down.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
    • Update 11/1 - SPEC-1018 created to figure out the dab and master overwrite issue.
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.
    • 9/13 - Not started.
    • 9/27 - Not started. Jose on vacation.
    • 10/11 - Not started. See above.
    • 11/1 - Not started.
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.
    • 11/1 - SPEC-1020 created to track this issue.
  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.

New:


October 25, 2017

Postponed for one week.


October 11, 2017

Attendees: Walt, Jan-Simon, Tiejun Chen, Stephane, Dominig, Jose, Michael, Sebastien,

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 9/27 - Jose has to review application security. Discussed the current status of the Security Blueprint. Walt to add a session on Friday of the AMM to discuss security.

Application Framework

  • SDK
    • SDK for EE
      • Ready for RC1
      • Need AFB-Genskel (genskel native) added to the SDK for EE (SPEC-941)
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
    • 10/11 - New version pushed by Igalia. Stephane having issue building for Intel. Stephane can build Chromium with the SDK and create a wgt but it takes a long time. (see https://github.com/iotbzh/chromium-agl-app) and SPEC-942
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
      • Update 9/13 - New version of the proposal delivered prior to Yokohama f2f. First drop of code is planned for end of September. Demo and presentation planned for Dresden AMM.
      • Update 9/27 - Received email from Mentor that they are ready to push window manager, homescreen, and sound manager to gerrit. We will create a distro feature to enable the new home screen and leave the old homescreen as the default until we know the new one is working properly.
      • Update 10/11 - Changes being merged to master for EE RC1.
  • Message Signaling - Wiki page to document the changes.
    • Roadmap for EE and 2018?
    • Update 9/13 - See face to face meeting minutes from last week.
    • Update 9/27 - Romain working on the signal composer. May have something ready next week.
    • Move to connectivity call
  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
    • Update 9/13 - need to get an update from Dominig
    • Update 9/27 - Nothing to report.
    • Update 10/11 - Jose checking Tizen 4.0 security to see what they have done and had been waiting for pyro settle down.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
    • Update 10/11 - Results are now being synched to https://download.automotivelinux.org/AGL/apps/ Not seeing apps for both master and dab, seems to be one or the other. Apps are populated into the directory when they are patched/built. Jan-Simon to check to see if dab and master are overwriting each other.
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.
    • 9/13 - Not started.
    • 9/27 - Not started. Jose on vacation.
    • 10/11 - Not started. See above.
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.
    • 10/11 - Need Jira issue to track this.

New:

  • Systemd v235 - introduced dynamic users (see http://0pointer.net/blog/dynamic-users-with-systemd.html)
    • Propose testing the dynamic users using Arch Linux to see if the expected benefits are seen and whether we should backport to AGL before we see it in poky which may take another version or two.
    • Created SPEC-940
    • Plan to get a readout before the Feb AMM to determine if we should do this for FF or wait for Yocto to do the uprev.

September 27, 2017

Attendees: Walt, Jan-Simon, Eli Mordechai, Oshri Yahav, Stephane

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 9/27 - Jose has to review application security. Discussed the current status of the Security Blueprint. Walt to add a session on Friday of the AMM to discuss security.

Application Framework

  • SDK
    • SDK for EE should be ok for end of September on master (EE).
    • Need AFB-Genskel added
  • Chromium from Igalia
    • 9/27 - Stephane has tested for Gen 3. It is expected to work on any wayland target not just Renesas. Stephane trying out for QEMU and Intel. No support for IVI shell extensions.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
      • Update 9/13 - New version of the proposal delivered prior to Yokohama f2f. First drop of code is planned for end of September. Demo and presentation planned for Dresden AMM.
      • Update 9/27 - Received email from Mentor that they are ready to push window manager, homescreen, and sound manager to gerrit. We will create a distro feature to enable the new home screen and leave the old homescreen as the default until we know the new one is working properly.
  • Message Signaling - Wiki page to document the changes.
    • Roadmap for EE and 2018?
    • Update 9/13 - See face to face meeting minutes from last week.
    • Update 9/27 - Romain working on the signal composer. May have something ready next week.

..

  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
    • Update 9/13 - need to get an update from Dominig
    • Update 9/27 - Nothing to report.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
    • Update 9/27 - Working on app branches for master and dab. We should shortly have the download folder ready.
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.
    • 9/13 - Not started.
    • 9/27 - Not started. Jose on vacation.
  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.

New:


September 13, 2017

Attendees: Walt, Eli (Karamba), Tsubone, Stephane, Sebastien,

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.
    • Update 6/7 - Walt to contact Laura K. from LF about Tech writers.
    • Update 6/21 - Walt waiting to hear back from Laura. Irdeto will have their own tech writer go over the security blueprint. Should be ready before the next EG meeting.
    • Update 7/5 - Pull request with changes from Irdeto tech writer should be ready in the next few days.
    • Update 7/19 - Pull request from Irdeto merged after incorporating comments.
    • Update 8/2 - Created SPEC-797 to make System Hardening a separate document from the Security Blueprint. Next step is to evaluate DD release compared to System Hardening guide and determine the gaps. Gaps that need to be addressed in the code should have a Jira ticket created to evaluate how to get it into the code.

Application Framework

  • SDK
    • SDK for EE should be ok for end of September on master (EE).
    • Need AFB-Genskel
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
      • Update 9/13 - New version of the proposal delivered prior to Yokohama f2f. First drop of code is planned for end of September. Demo and presentation planned for Dresden AMM.

..

  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
    • Update 9/13 - need to get an update from Dominig
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.
    • 9/13 - Not started.

New:

  • API namespace. API names are hardcoded in the JSON description at the moment and there is no way to have multiple instances of the same binding. This is a limitation being run into in the audio area and vehicle signaling where there can be multiple physical devices that need to be supported via the same API.
  • Enable APIs in languages other than C/Cplus plus. Use case is from Daimler to use Rust. Probably FF or later in the roadmap.

August 31, 2017

August 17, 2017

Attendees: Canceled.


August 3, 2017

Attendees: Walt, Jose, Tanikawa, Hammad, Kurokawa, Sebastien,

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.
    • Update 6/7 - Walt to contact Laura K. from LF about Tech writers.
    • Update 6/21 - Walt waiting to hear back from Laura. Irdeto will have their own tech writer go over the security blueprint. Should be ready before the next EG meeting.
    • Update 7/5 - Pull request with changes from Irdeto tech writer should be ready in the next few days.
    • Update 7/19 - Pull request from Irdeto merged after incorporating comments.
    • Update 8/2 - Created SPEC-797 to make System Hardening a separate document from the Security Blueprint. Next step is to evaluate DD release compared to System Hardening guide and determine the gaps. Gaps that need to be addressed in the code should have a Jira ticket created to evaluate how to get it into the code.

Application Framework

  • Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
  • Update: 6/7 - Not complete.
  • Update: 6/20 - Will raise Jira this week.
  • Update 7/5 - SPEC-700 - Ronan has fix proposed already.
  • Update 7/19 - SPEC-700 - Fix from Ronan has been merged. Tanikawa will test out the fix.
  • Update 8/2 - Closed.
  • SDK
    • Beta version of the SDK that makes GDB available is planned for Sepatember
    • Rework the UI to be more intuitive.
  • App FW documentation
    • High-level overview document needed (March/April timeframe)
      • Update 5/26 - Need a top level document still. New bindings development method is in the works and will need to be documented. Suggest that we get someone fresh to start building an app using the documentation to see where we have gaps.
      • Update 6/21 - Jose has rewritten the App FW documentation and it is in github. Stephane will publish the documentation to the docs web site this week.
      • Update 7/5 - Stephane working on updates to doc site that allows selection of the release that the developer is working on so that they get the correct documentation for the code they are working on. Working on this as part of SPEC-701.
      • Update 7/19 - Done. Ready for DD
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
      • Update 8/2 - First version should be released end of August. We will not see any code until that release. There is a F2F meeting in Yokohama where this should be discussed on 8/30 - 8/31. Plan is to also have App FW training as part of the F2F meeting.
  • Message Signaling - Wiki page to document the changes.
    • Roadmap for EE and 2018?

..

  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
  • Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
    • Update 7/5 - Dennis has had a chance to try anything new. Dominig talking to mraa guys about looking at the AGL App FW and enabling access to mraa services from the App FW.
  • Tizen 4.0 Feature evaluation - SPEC-763
    • 8/2 - Jose will get to this at the end of August.

New:


July 19, 2017

Attendees: Walt, Jan-Simon, Tanikawa, Michael, Chris, Dennis, Fulup

Agenda:

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.
    • Update 6/7 - Walt to contact Laura K. from LF about Tech writers.
    • Update 6/21 - Walt waiting to hear back from Laura. Irdeto will have their own tech writer go over the security blueprint. Should be ready before the next EG meeting.
    • Update 7/5 - Pull request with changes from Irdeto tech writer should be ready in the next few days.
    • Update 7/19 - Pull request from Irdeto merged after incorporating comments.

Application Framework

  • DD App FW issues documented in SPEC-670 and SPEC-663 and SPEC-662 need to be fixed before RC2 can be released.
    • Update 7/5 - SPEC-663 and SPEC-670 were fixed for DD RC2. SPEC-662 was deferred to RC3.
    • Update 7/19 - App FW looks good for DD RC3. No blocking issues.
  • Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
  • Update: 6/7 - Not complete.
  • Update: 6/20 - Will raise Jira this week.
  • Update 7/5 - SPEC-700 - Ronan has fix proposed already.
  • Update 7/19 - SPEC-700 - Fix from Ronan has been merged. Tanikawa will test out the fix.
  • SDK
    • No open issues for DD.
    • Discussed how to make a beta release available for XDS integration
  • App FW documentation
    • High-level overview document needed (March/April timeframe)
      • Update 5/26 - Need a top level document still. New bindings development method is in the works and will need to be documented. Suggest that we get someone fresh to start building an app using the documentation to see where we have gaps.
      • Update 6/21 - Jose has rewritten the App FW documentation and it is in github. Stephane will publish the documentation to the docs web site this week.
      • Update 7/5 - Stephane working on updates to doc site that allows selection of the release that the developer is working on so that they get the correct documentation for the code they are working on. Working on this as part of SPEC-701.
      • Update 7/19 - Done. Ready for DD
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
  • Message Signaling - Wiki page to document the changes.
    • Roadmap for EE and 2018?

..

  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
  • Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
    • Update 7/5 - Dennis has had a chance to try anything new. Dominig talking to mraa guys about looking at the AGL App FW and enabling access to mraa services from the App FW.

New:

  • Dominig sent an email with the new features incorporated into Tizen 4.0. Will create a Jira ticket to have Jose analyze the list of changes in security to determine what we should incorporate and whether we should have some more formal relationship with the Tizen Security team.

July 5, 2017

Attendees: Walt, Fulup, Dominig, Tanikawa, Stephane, Michael, Hammad, Dennis, Assaf, Sebastien

Agenda:

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.
    • Update 6/7 - Walt to contact Laura K. from LF about Tech writers.
    • Update 6/21 - Walt waiting to hear back from Laura. Irdeto will have their own tech writer go over the security blueprint. Should be ready before the next EG meeting.
    • Update 7/5 - Pull request with changes from Irdeto tech writer should be ready in the next few days. LF has a des

Application Framework

  • DD App FW issues documented in SPEC-670 and SPEC-663 and SPEC-662 need to be fixed before RC2 can be released.
    • Update 7/5 - SPEC-663 and SPEC-670 were fixed for DD RC2. SPEC-662 was deferred to RC3.
  • Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
  • Update: 6/7 - Not complete.
  • Update: 6/20 - Will raise Jira this week.
  • Update 7/5 - SPEC-700 - Ronan has fix proposed already.
  • SDK
    • No open issues for DD.
    • Discussed how to make a beta release available for XDS integration
  • App FW documentation
    • High-level overview document needed (March/April timeframe)
      • Update 5/26 - Need a top level document still. New bindings development method is in the works and will need to be documented. Suggest that we get someone fresh to start building an app using the documentation to see where we have gaps.
      • Update 6/21 - Jose has rewritten the App FW documentation and it is in github. Stephane will publish the documentation to the docs web site this week.
      • Update 7/5 - Stephane working on updates to doc site that allows selection of the release that the developer is working on so that they get the correct documentation for the code they are working on. Working on this as part of SPEC-701.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
      • Update 7/5 - Toyota will conduct a review of their document during the F2F meeting next week.
  • Message Signaling - Wiki page to document the changes.
    • Roadmap for EE and 2018?
  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 7/5 - No progress to report.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store
  • Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
    • Update 7/5 - Dennis has had a chance to try anything new. Dominig talking to mraa guys about looking at the AGL App FW and enabling access to mraa services from the App FW.

New:


June 21, 2017

Attendees: Walt, Dominig, Hammad, Stephane, Tanikawa, Kurokawa, Matsuzawa, Dennis, Tsubone

Agenda:

    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.
    • Update 6/7 - Walt to contact Laura K. from LF about Tech writers.
    • Update 6/21 - Walt waiting to hear back from Laura. Irdeto will have their own tech writer go over the security blueprint. Should be ready before the next EG meeting.

Application Framework

  • DD App FW issues documented in SPEC-670 and SPEC-663 and SPEC-662 need to be fixed before RC2 can be released.
  • Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
  • Update: 6/7 - Not complete.
  • Update: 6/20 - Will raise Jira this week.
  • SDK
    • Fixing bugs identified on mail list by Dennis and Hitendra Nishar that were seen with the demo version of the SDK.
  • App FW documentation
    • High-level overview document needed (March/April timeframe)
      • Update 5/26 - Need a top level document still. New bindings development method is in the works and will need to be documented. Suggest that we get someone fresh to start building an app using the documentation to see where we have gaps.
      • Update 6/21 - Jose has rewritten the App FW documentation and it is in github. Stephane will publish the documentation to the docs web site this week.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
  • Message Signaling - Wiki page to document the changes.
    • Roadmap for EE and 2018?
  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
    • Update 6/21 - No progress to report.
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store

New:

  • Dennis brought up an issue with writing a new driver and having to create a kernel module, enable it in the App FW, etc. Discussed using the mraa project (https://github.com/intel-iot-devkit/mraa) as a way to short-cut that process and allow the developers to write the driver in user space.
  • Need to document sound use cases and how to use AGL.

June 7, 2017

Attendees: Walt, Jan-Simon, Dominig, Kurokawa, Stephane, Jose, Matsuzawa, Sebastien

Meeting Notes:

  • Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
    • Update: 6/7 - Not complete.
    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 4/29 - Hammad used Phil's document to update the sec blueprint. Pull request merged. Hammad and Irdeto looking at overall document for consistency. More updates later. No update from Jose.
    • Update 5/10: Jose made comments that were fixed by Hammad. Decided to go ahead and merge the pull request and get any comments made on the newly merged document. Hammad coming up with a plan of action for Threat Analysis and Attack Surfaces sections and is reviewing the other sections as they currently stand.
    • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.
    • Update 6/7 - Walt to contact Laura K. from LF about Tech writers.

Application Framework

  • Final DD version of the App FW was pushed to gerrit by Jose (9609)
    • Changes include
 App-framework-main:
 - Deinstallation of units
 - Fix lack of message when setting exec bit
 App-framework-binder:
 - Binding V2 proposal finalized
 - Human readable option for afb-client-demo
 - Cleanup and improvement of API
 - Logging by request
 - Relax authorization for self
 - New hooking/tracing features (options --tracesvc and --traceevt)
 - Fix of many bugs
 $ wget http://iot.bzh/download/public/2017/XDS/docker/docker_agl_worker-xds-3.2.tar.xz
 $ docker load < agl_worker-xds-3.2.tar.xz
 $ wget http://iot.bzh/download/public/2017/XDS/xds-utils/xdsexec_linux-amd64-v1.0.0_e555da5.zip
  • Matt P. working on documentation under SPEC-512
  • User, app, and display privileges
    • SPEC-545 - Platform services must NOT run as root and MUST use a dedicated system user
    • SPEC-546 - Run weston with dedicated 'display' user and group
    • Use cases Requirements for user management and multi-display
    • Overall plan for managing users and login management
  • Cgroups and namespace usage in AGL
    • Jose will make a proposal by the end of May for default set up. SPEC-427
    • Update 6/6 - No changes until EE
  • App FW documentation
    • High-level overview document needed (March/April timeframe)
      • Update 5/26 - Need a top level document still. New bindings development method is in the works and will need to be documented. Suggest that we get someone fresh to start building an app using the documentation to see where we have gaps.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
      • Update 5/24 - Now available at Window Manager
      • Update 6/7 - New version of the HMI framework document uploaded by Toyota at Window Manager. No indication as to what changes were made. Assume changes are based on the face to face meeting in Tokyo last week.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes.
      • Update 6/7 - Included in DD.
  • Upcoming Improvements to App Framework
    • Update 6/7 - We should have a list of improvements to be planned for EE and roadmap for 2018 ready to be reviewed at July F2F meeting. Action item assigned to Fulup to create this list.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
    • Update 6/7 - Dominig has spoken to the maintainer of Yocto meta-security (Armin Kuster) which has SELinux and TPM and we may have home there. We could possibly move the recipes that we use from meta-iot-security
  • Matsuzawa asked about having a developer repository (store) for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store

New:


May 24, 2017

Attendees: Walt, Jan-Simon, Hammad, Stephane, Jose, Tanikawa, Matsuzawa, Jan-Alexandru

Meeting Notes:

  • Update from Tanikawa on ALS integration. Will create a Jira issue that documents the problems he saw with failures on initial application installation.
    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 4/29 - Hammad used Phil's document to update the sec blueprint. Pull request merged. Hammad and Irdeto looking at overall document for consistency. More updates later. No update from Jose.
    • Update 5/10: Jose made comments that were fixed by Hammad. Decided to go ahead and merge the pull request and get any comments made on the newly merged document. Hammad coming up with a plan of action for Threat Analysis and Attack Surfaces sections and is reviewing the other sections as they currently stand.
    • Update 5/24 - Hammad suggested releasing the System Hardening Guide as an appendix or possibly a standalone document so it can get a wider a audience. Need to hire a tech writer to go through the document. Would like to release as part of DD release.

Application Framework

  • SDK
    • Update from 5/9 dev call.
      • Initial SDK will be available for Gen3 and VMDK. Goal is for App developers to be able to easily create new applications.
      • Matt P. working on documentation under SPEC-512
  • User, app, and display privileges
    • SPEC-545 - Platform services must NOT run as root and MUST use a dedicated system user
    • SPEC-546 - Run weston with dedicated 'display' user and group
    • Use cases Requirements for user management and multi-display
    • Overall plan for managing users and login management
  • Cgroups and namespace usage in AGL
    • Jose will make a proposal by the end of May for default set up. SPEC-427
    • Update 5/24 - Delayed
  • App FW documentation
    • High-level overview document needed (March/April timeframe)
      • Update 5/26 - Need a top level document still. New bindings development method is in the works and will need to be documented. Suggest that we get someone fresh to start building an app using the documentation to see where we have gaps.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
    • Toyota use cases for Home screen and window manager.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Update - Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.- Need to have discussions about this within the Jira issue.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 3/1:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss). Fulup favors the VW proposal and will start to work on implementation.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
  • Matsuzawa asked about having a store for AGL apps so that developers can exchange apps.
  • From Stephane:
    • How to handle services/apps packages (widgets) until we have an app store (at least for developers). Typical example: CAN low level service which is ready to be shipped into AGL as a reference implementation for CAN
    • Immediate solution (DD): build packages during platform build (bitbake recipe) then embed into image, install at first boot. This is what we have currently for agl-demo. Typically, CAN-signaling should enter in that category
    • After DD: setup AGL profiles and determine in which profile a given app/service should be preinstalled (still using platform builds+firstboot)
    • EE-rc1: setup a separate build for apps/services then tell developers how to grab those packages and install by hand (wget … ; afm-util install …) depending on their needs
    • Later (EE?): have an appfw store (kinda repository) and a client to download and install apps/services from a store

New:


May 10, 2017

Attendees: Walt, Stephane, Hammad, Jonathan Kline, Dominig

Meeting Notes:

  • User, app, and display privileges
    • SPEC-545 - Platform services must NOT run as root and MUST use a dedicated system user
    • SPEC-546 - Run weston with dedicated 'display' user and group
    • Need to finish and agree to Hammad's system hardening guide in the documentation - Done see below.
    • Use cases Requirements for user management and multi-display
    • Overall plan for managing users and login management
  • Toyota use cases for Home screen and window manager. Hoshina-san says “Soon” according to Tanikawa-san. Original document probably in Japanese and needs to be translated.
  • Update 5/10: Stephane showed the presentation that is attached to SPEC-545. Ronan is working on two gerrit patches (9135 and 9261) for DD that implement the diagram on slide 2 of the presentation.
    • Platform Security → Jose
      • Discussed the Platform Definition in the section of the document.
        • HW and BSP are an important part of security but out of scope of the document for now.
        • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
        • Jose - part of the secure environment is outside of the vehicle.
    • Application Security → open
  • Update 4/29 - Hammad used Phil's document to update the sec blueprint. Pull request merged. Hammad and Irdeto looking at overall document for consistency. More updates later. No update from Jose.
    • Update 5/10: Jose made comments that were fixed by Hammad. Decided to go ahead and merge the pull request and get any comments made on the newly merged document. Hammad coming up with a plan of action for Threat Analysis and Attack Surfaces sections and is reviewing the other sections as they currently stand.

Application Framework

  • SDK
    • Update from 5/9 dev call.
      • Initial SDK will be available for Gen3 and VMDK. Goal is for App developers to be able to easily create new applications.
      • Matt P. working on documentation under SPEC-512
  • Cgroups and namespace usage in AGL
    • Jose will make a proposal by the end of May for default set up. SPEC-427
  • App FW documentation
    • In March: convert PDF documents to MD as part of docs.automotivelinux.org (quickstart & sdk pdfs)
      • Setup SDK with Docker container - IoT.bzh
      • Build apps - IoT.bzh
    • High-level overview document needed (March/April timeframe)
      • Update 4/12 - Not available on doc site yet.
      • Update 4/29 - Stephane updated the App FW and SDK guides with MD instead of PDF.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Update - Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.- Need to have discussions about this within the Jira issue.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317) Complete
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 3/1:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss). Fulup favors the VW proposal and will start to work on implementation.
  • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
    • Update 5/10 - Dominig has continued to research longer term security architecture and how we can continue to use cynara for EE and beyond. Researching TPM.
  • Matsuzawa asked about having a store for AGL apps so that developers can exchange apps.

New:


April 26, 2017

Attendees: Walt, Stephane, Jose, Tanikawa, Hammad

    • Update 3/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document. Hammad will initiate a security review of the AGL code. Jose offered to help as well.
      • Platform Security → Jose
        • Discussed the Platform Definition in the section of the document.
          • HW and BSP are an important part of security but out of scope of the document for now.
          • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
          • Jose - part of the secure environment is outside of the vehicle.
      • Application Security → open
    • Update 4/29 - Hammad used Phil's document to update the sec blueprint. Pull request merged. Hammad and Irdeto looking at overall document for consistency. More updates later. No update from Jose.

Application Framework

  • Cgroups and namespace usage in AGL
    • Jose will make a proposal by the end of May for default set up. SPEC-427
  • App FW documentation
    • In March: convert PDF documents to MD as part of docs.automotivelinux.org (quickstart & sdk pdfs)
      • Setup SDK with Docker container - IoT.bzh
      • Build apps - IoT.bzh
    • High-level overview document needed (March/April timeframe)
      • Update 4/12 - Not available on doc site yet.
      • Update 4/29 - Stephane updated the App FW and SDK guides with MD instead of PDF.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
  • New 4/29
  • User, app, and display privileges
  • SPEC-545 - Platform services must NOT run as root and MUST use a dedicated system user
  • SPEC-546 - Run weston with dedicated 'display' user and group
    • Need to finish and agree to Hammad's system hardening guide in the documentation
    • Use cases Requirements for user management and multi-display
    • Overall plan for managing users and login management
    • Proposal will come from Ronan and Jose on how to manage users. See gerrit 9135
    • Toyota use cases for Home screen and window manager. Hoshina-san says “Soon” according to Tanikawa-san. Original document probably in Japanese and needs to be translated.
    • For next meeting- Review proposal from Ronan. Use cases available? System hardening guide in github can be used to document what we want to do here. Jose and Stephane should review before the next meeting.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Update - Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.- Need to have discussions about this within the Jira issue.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317) Complete
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 3/1:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss). Fulup favors the VW proposal and will start to work on implementation.
  • New:
    • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
  • Matsuzawa asked about having a store for AGL apps so that developers can exchange apps.

—-

April 12, 2017

Attendees: Walt, Jose, Stephane, Dominig, Kurokawa, Tanikawa, Matsuzawa, Matsumoto, Jan-Simon

    • Update 3/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document. Hammad will initiate a security review of the AGL code. Jose offered to help as well.
      • Platform Security → Jose
        • Discussed the Platform Definition in the section of the document.
          • HW and BSP are an important part of security but out of scope of the document for now.
          • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
          • Jose - part of the secure environment is outside of the vehicle.
      • Application Security → open

Application Framework

  • Cgroups and namespace usage in AGL
    • Jose will make a proposal by the end of May for default set up. SPEC-427
  • App FW documentation
    • In March: convert PDF documents to MD as part of docs.automotivelinux.org (quickstart & sdk pdfs)
      • Setup SDK with Docker container - IoT.bzh
      • Build apps - IoT.bzh
    • High-level overview document needed (March/April timeframe)
      • Update 4/12 - Not available on doc site yet.
  • Window Manager interface for App Framework Discussion
    • Decision taken to use XDG as the Application to Window Manager interface
    • Need to investigate which XDG functions are needed for AGL window Manager and are currently missing
    • Tanikawa: Homescreen is a good test case for this research.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Update - Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.- Need to have discussions about this within the Jira issue.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317) Complete
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 3/1:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss). Fulup favors the VW proposal and will start to work on implementation.
  • New:
    • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.
  • Matsuzawa asked about having a store for AGL apps so that developers can exchange apps.

—-

March 29, 2017

Attendees: Walt, Jens, Michael, Tanikawa, Kurokawa, Stephane, Dominig

    • Update 3/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document. Hammad will initiate a security review of the AGL code. Jose offered to help as well.
      • Platform Security → Jose
        • Discussed the Platform Definition in the section of the document.
          • HW and BSP are an important part of security but out of scope of the document for now.
          • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
          • Jose - part of the secure environment is outside of the vehicle.
      • Application Security → open

Application Framework

  • App FW documentation
    • Update 3/1:
      • In March: renew PDF documents as part of docs.automotivelinux.org (quickstart & sdk pdfs)
        • Setup SDK with Docker container - IoT.bzh
        • Build apps - IoT.bzh
      • High-level overview document needed (March/April timeframe)
  • Window Manager interface for App Framework Discussion
    • Jens gave Homescreen and Window Manager presentation during the Yokohama face to face.
    • 3/1 Update:
      • Fulup: Investigating gtk/gnome and mutter focusing more on security and integration with App FW.
        • AI now: integration with wayland → who does what ?
        • iot.bzh: appfw+wayland part
      • Jens: reviewing architecture windowmanager/compositor.
        • Mentor: proposal for windowmanager/compositor & later interface w/ homescreen to be ready before April F2F meeting.
      • parallel work on these topics to be integrated/sync'ed once we have some real code to talk shop
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week. Update 2/1 - SOW waiting on Dan.
    • Update 3/29 - Contract now in place
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Update - Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.- Need to have discussions about this within the Jira issue.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317) Complete
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 3/1:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss). Fulup favors the VW proposal and will start to work on implementation.
  • SOTA Update
    • Demo shown at CES and a number of people are using it on a regular basis to manage their boards
    • Updates for DD?
    • Update 3/1 - Nothing to report. Walt will contact ATS separately.
    • Update 3/1 - Static UID / dynamic UID issue : SPEC-440 https://jira.automotivelinux.org/browse/SPEC-440 Closed
  • New:
    • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.

March 1, 2017

Attendees: Walt, Jens, Hammad, Stephane, Fulup, Tanikawa-san, Ohiwa-san, Dominig, Matsuzawa, Jose

Security Agenda

    • Update 3/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document. Hammad will initiate a security review of the AGL code. Jose offered to help as well.
      • Platform Security → Jose
        • Discussed the Platform Definition in the section of the document.
          • HW and BSP are an important part of security but out of scope of the document for now.
          • Jan-Simon proposed we look at meta-agl (with the app-fw included) and document security provided by AGL from that perspective.
          • Jose - part of the secure environment is outside of the vehicle.
      • Application Security → open

Application Framework

  • App FW documentation
    • Update 3/1:
      • In March: renew PDF documents as part of docs.automotivelinux.org (quickstart & sdk pdfs)
        • Setup SDK with Docker container - IoT.bzh
        • Build apps - IoT.bzh
      • High-level overview document needed (March/April timeframe)
  • Window Manager interface for App Framework Discussion
    • Jens gave Homescreen and Window Manager presentation during the Yokohama face to face.
    • 3/1 Update:
      • Fulup: Investigating gtk/gnome and mutter focusing more on security and integration with App FW.
        • AI now: integration with wayland → who does what ?
        • iot.bzh: appfw+wayland part
      • Jens: reviewing architecture windowmanager/compositor.
        • Mentor: proposal for windowmanager/compositor & later interface w/ homescreen to be ready before April F2F meeting.
      • parallel work on these topics to be integrated/sync'ed once we have some real code to talk shop
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week. Update 2/1 - SOW waiting on Dan.
    • 2/15 No update
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Update - Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.- Need to have discussions about this within the Jira issue.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317) Complete
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 3/1:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss). Fulup favors the VW proposal and will start to work on implementation.
  • SOTA Update
    • Demo shown at CES and a number of people are using it on a regular basis to manage their boards
    • Updates for DD?
    • Update 3/1 - Nothing to report. Walt will contact ATS separately.
    • Update 3/1 - Static UID / dynamic UID issue : SPEC-440 https://jira.automotivelinux.org/browse/SPEC-440 Closed
  • New:
    • Dominig - will need to define a strategy to maintain iot security layer since ostro moved in a different direction. Ostro removed cynara. Need Jira issue to track.

February 15, 2017

Attendees: Jan-Simon, Stephane, Jens, Fulup, Tanikawa-san, Ohiwa-san, Jose, Dominig

Security Agenda

    • By early next week the last of the content will be included in Github, primarily Doming and Hammad.
    • Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
    • Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
    • Need a tech writer to come in and help clean up english and grammar mistakes.
    • Update 2/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document.
    • Update 2/15 - As per the discussion during last weeks F2F, stale categories removed from docs.automotivelinux.org. Remaining sections to be reviewed and updated.
      • Platform Security → Jose
      • Application Security → open

Application Framework

  • App FW documentation
    • Update 2/15:
      • In march: renew PDF documents as part of docs.automotivelinux.org (quickstart & sdk pdfs)
        • setup SDK
        • build apps
      • High-level overview document needed (march/april timeframe)
  • Window Manager interface for App Framework Discussion
    • Jens gave Homescreen and Window Manager presentation during the Yokohama face to face. Update 2/1 - face to face discussion next week at AMM.
    • 2/15 Update:
      • Fulup: general agreement on high-level approach
        • AI now: integration with wayland → who does what ?
        • iot.bzh: appfw+wayland part
      • Jens: reviewing architecture windowmanager/compositor.
        • Mentor: proposal for windowmanager/compositor & later interface w/ homescreen
      • parallel work on these topics to be integrated/sync'ed once we have some real code to talk shop
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week. Update 2/1 - SOW waiting on Dan.
    • 2/15 No update
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317)
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
    • Update 2/15:
      • Fulup: Approach for the low-level can interface first. High-level not proposed yet, due to ongoing discussions with W3C. There are 2 proposals out there: Volkswagen (viwi) and JLR/Genivi (viss).
  • SOTA Update
    • Demo shown at CES and a number of people are using it on a regular basis to manage their boards
    • Updates for DD?
    • Update 2/1 - Nothing to report. Walt will contact ATS separately.
    • Update 2/15 - Static UID / dynamic UID issue : SPEC-440 https://jira.automotivelinux.org/browse/SPEC-440
      • Discussion about possible solutions:
        • Modify in recipes + simple/quick - possible lots of upstream recipes
        • Fulup: patch useradd class with lookup-table
        • Stephane: base passwd/group file + additional fixed UIDs, useradd class to use usermod (and not fail if user exists)
        • AI: Stephane: investigate passwd file + useradd class modifications
        • AI: Dominig: asks on Yocto Project mailinglist
    • New:

February 1, 2017

Attendees: Walt, Michael, Hammad, Stephane, Jens, Jose, Jan-Simon, Ohiwa

Security Agenda

    • By early next week the last of the content will be included in Github, primarily Doming and Hammad.
    • Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
    • Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
    • Need a tech writer to come in and help clean up english and grammar mistakes.
    • Update 2/1 - Hammad updated his pull request secure boot/ system hardening. Waiting on Jan-Simon and Fulup to re-review. Hammad will also look at Phil Wise's adversary list to incorporate into the document.

Application Framework

  • App FW documentation
    • Documentation now included in AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign. Update 2/1 - Not started yet.
  • Window Manager interface for App Framework Discussion
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week. Update 2/1 - SOW waiting on Dan.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC) SPEC-427 for documenting how it works and what is provided.
      • Introduce cgroups (Will be included in CC. Additional work will be needed for DD) SPEC-425.
        • Need to document use cases for cgroups. Eg. Managing CPU usage, memory consumptions, CPU affinity, process management, network traffic, IO traffic.
        • Strategy for defining cgroups within the system.
      • Namespace (Will be included in Daring Dab) SPEC-426
      • Basically containerizing applications (LXC) (Requires namespace and use case definitions so DD or later) Need Jira epic for roadmap.
      • Notification service (Dominig presenting at AMM a proposal) - Need Jira epic
      • Identity and user management - Need Jira epic
      • Key management for app installation and the manifest that gives the rights within cynara. - Need Jira epic. After DD.
      • First boot app installation mechanism (SPEC-317)
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets. Need Jira issue
      • Documentation of how to convert legacy apps to AGL Apps. - Need Jira issue
  • Jens sent out an email with ideas about the future of the AGL compositor. We also need to look at separating the Window Manager from the Home screen. In general we need to compile a list of lessons learned and issues to fix in the architecture for 2017. Jens will push documents to the AGL documentation site about the home screen by the end of the week. The topics will be How to Use the Home screen and How to build the Home Screen. Update 2/1 to be discussed next week at the AMM.
  • SOTA Update
    • Demo shown at CES and a number of people are using it on a regular basis to manage their boards
    • Updates for DD?
    • Update 2/1 - Nothing to report. Walt will contact ATS separately.

——

January 18, 2017

Attendees: Walt, Jens, Dominig

Security Agenda

    • By early next week the last of the content will be included in Github, primarily Doming and Hammad.
    • Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
    • Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
    • Need a tech writer to come in and help clean up english and grammar mistakes.
    • Update 12/21 - No reviews really held. Need to wait until after CES. Hammad submitted a pull request with additional content for secure boot/ system hardening that needs to be merged.

Application Framework

  • App FW documentation
    • Documentation now included in AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
  • Window Manager interface for App Framework Discussion
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
  • Framework Updates for 2017
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC)
      • Introduce cgroups (Will be included in CC. Additional work will be needed for DD)
      • Namespace (Will be included in Daring Dab)
      • Basically containerizing applications (LXC) (Requires namespace so DD or later)
      • Notification service (Dominig presenting at AMM a proposal)
      • Identity and user management
      • Key management for app installation and the manifest that gives the rights within cynara.
      • First boot app installation mechanism (SPEC-317)
      • Building apps in CI and providing snapshot builds.
      • Consistent templates and documentation for creation of apps and widgets
      • Documentation of how to convert legacy apps to AGL Apps.
  • Update 12/21 - Jens sent out an email with ideas about the future of the AGL compositor. We also need to look at separating the Window Manager from the Home screen. In general we need to compile a list of lessons learned and issues to fix in the architecture for 2017. Jens will push documents to the AGL documentation site about the home screen by the end of the week. The topics will be How to Use the Home screen and How to build the Home Screen.
  • SOTA Update
    • Demo shown at CES and a number of people are using it on a regular basis to manage their boards
    • Updates for DD?

January 4, 2017

Canceled - CES

December 21, 2016

Attendees: Walt, Jens, Hammad

Security Agenda

    • By early next week the last of the content will be included in Github, primarily Doming and Hammad.
    • Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
    • Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
    • Need a tech writer to come in and help clean up english and grammar mistakes.
    • Update 12/21 - No reviews really held. Need to wait until after CES. Hammad submitted a pull request with additional content for secure boot/ system hardening that needs to be merged.

Application Framework

  • App FW documentation
    • Documentation now included in AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
  • Window Manager interface for App Framework Discussion
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
  • Framework Updates
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC)
      • Introduce cgroups (Will be included in CC. Additional work will be needed for DD)
      • Namespace (Will be included in Daring Dab)
      • Basically containerizing applications (LXC) (Requires namespace so DD or later)
  • IoT.bzh working with Forgerock on identity and user management
    • Update 11/23 - work in progress by Jose. Working on something to show at CES. Integration meeting planned in Vannes Dec 5-8 so it will be ready for Yokohama f2f Dec 14.
  • Update 12/21 - Jens sent out an email with ideas about the future of the AGL compositor. We also need to look at separating the Window Manager from the Home screen. In general we need to compile a list of lessons learned and issues to fix in the architecture for 2017. Jens will push documents to the AGL documentation site about the home screen by the end of the week. The topics will be How to Use the Home screen and How to build the Home Screen.
  • SOTA Update
    • Leon has ported SOTA to Raspberry PI 2/3 with some open issues in the GUI
    • Leon now has a Porter board so he can start testing SOTA on the Porter.
    • Discussion on the mail list and SPEC-304 needs to come to a decision quickly so we can complete the demo and CC release.
      • Update 11/23 - Not resolved.

Other:

  • Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Jose created a Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?
  • Building apps in CI and providing snapshot builds. Jan-Simon working on something this week. Stephane will give him a call.

December 7, 2016

Attendees: Walt, Jan-Simon, Jens, Fulup, Dennis, Hammad, Stephane,

Security Agenda

    • By early next week the last of the content will be included in Github, primarily Doming and Hammad.
    • Review process kicks off starting starting Tuesday (Dec 13). Document issues in github by Dec 21 meeting of App FW EG.
    • Stephane and Jan-Simon empowered to fix issues with rendering and typos without review.
    • Need a tech writer to come in and help clean up english and grammar mistakes.

Application Framework

  • App FW documentation
    • Documentation now included in AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
  • Window Manager interface for App Framework Discussion
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
  • Framework Updates
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC)
      • Introduce cgroups (Will be included in CC. Additional work will be needed for DD)
      • Namespace (Will be included in Daring Dab)
      • Basically containerizing applications (LXC) (Requires namespace so DD or later)
  • IoT.bzh working with Forgerock on identity and user management
    • Update 11/23 - work in progress by Jose. Working on something to show at CES. Integration meeting planned in Vannes Dec 5-8 so it will be ready for Yokohama f2f Dec 14.
  • SOTA Update
    • Leon has ported SOTA to Raspberry PI 2/3 with some open issues in the GUI
    • Leon now has a Porter board so he can start testing SOTA on the Porter.
    • Discussion on the mail list and SPEC-304 needs to come to a decision quickly so we can complete the demo and CC release.
      • Update 11/23 - Not resolved.

Other:

  • Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Jose created a Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?
  • Building apps in CI and providing snapshot builds. Jan-Simon working on something this week. Stephane will give him a call.

New Business:

November 23, 2016

Attendees: Walt, Stephane, Hammad, Jens, Dominig, Jose

Security Agenda

    • Review the Scope of Security Blueprint - see https://github.com/automotive-grade-linux/docs-agl/issues/1
    • Target first draft for steering committee after Nov 16 meeting. At risk. John is proposing to move this to the end of November. Will be addressed during the SC meeting tonight.
    • John asked if people can add an github issues to keep track of what they are working on so we know what to expect in the next few weeks to get added to the document.
    • Kernel hardening is one area Irdeto will contribute to. (Hammad)
    • Dominig can contribute to strategy
    • Dominig and Jose will look at some existing Tizen documents that could be updated and adapted to AGL.
    • GENIVI threat analysis?

Application Framework

  • App FW documentation
    • Documentation now included in AGL documentation site. Still need the high level document. It was reported by Fulup that ALPS used the existing documentation (from wiki) to create their Wifi app and they were able to get most of the conversion done with it. Some tweaks needed to documentation but this is a good sign.
  • Window Manager interface for App Framework Discussion
  • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Walt will get SOW to Fulup this week.
  • Framework Updates
    • Message Signaling - Wiki page to document the changes. Plan is to go ahead with this architecture.
    • Upcoming Improvements to App Framework
      • Reworking the App FW to use systemd for control of apps (Complete for CC)
      • Introduce cgroups (Will be included in CC. Additional work will be needed for DD)
      • Namespace (Will be included in Daring Dab)
      • Basically containerizing applications (LXC) (Requires namespace so DD or later)
  • IoT.bzh working with Forgerock on identity and user management
    • Update 11/23 - work in progress by Jose. Working on something to show at CES. Integration meeting planned in Vannes Dec 5-8 so it will be ready for Yokohama f2f Dec 14.
  • SOTA Update
    • Leon has ported SOTA to Raspberry PI 2/3 with some open issues in the GUI
    • Leon now has a Porter board so he can start testing SOTA on the Porter.
    • Discussion on the mail list and SPEC-304 needs to come to a decision quickly so we can complete the demo and CC release.
      • Update 11/23 - Not resolved.

Other:

  • Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Jose created a Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?

New Business:

  • Building apps in CI and providing snapshot builds. Jan-Simon working on something this week. Stephane will give him a call.
  • Dominig reported that Igalia has concluded some of their HTML5 work with Chromium. Need to get in touch with them to get it integrated in AGL mainline.

November 9, 2016

Attendees: Walt, Jose, Dominig, Dennis, Stephane, John, Jens, Hammad

Security Agenda

  • Where did John go? - China and then got sick
  • Security Blueprint: Next steps and how to get back on track
  • Action item - Stephane or Jose to enter issues in github to point to existing AGL documents that deal with security issue (e.g. Lessons Learned from Tizen and Security White Paper).
    • Review the Scope of Security Blueprint - see https://github.com/automotive-grade-linux/docs-agl/issues/1
    • Target first draft for steering committee after Nov 16 meeting. At risk. John is proposing to move this to the end of November. Will be addressed during the SC meeting tonight.
    • John asked if people can add an github issues to keep track of what they are working on so we know what to expect in the next few weeks to get added to the document.
    • Kernel hardening is one area Irdeto will contribute to. (Hammad)
    • Dominig can contribute to strategy
    • Dominig and Jose will look at some existing Tizen documents that could be updated and adapted to AGL.
    • GENIVI threat analysis?
  • Application Framework discussion
    • Agreed to use some of Dominig's slides from ELCE on the Wiki to describe the App FW at a high level and to use some of Michael's slides to describe how a service can be implemented to interact with the app framework. Stephane created this wiki page
    • Window Manager interface for App Framework Discussion
      • Action for Jens to provide documentation of what services were written as part of the home screen implementation so we can use that as a starting point. Jens needs to review with Okubi-san before releasing. Jens is thinking about a video that will show how the Home Screen application works with the window manager. Update 11/9 - Jens should have something for next week's integration workshop.
    • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Need to define the AMB requirements some more in order to specify.
  • Framework Updates
    • Looking for feedback from the community on the presentation from Jose on signaling in the App FW. Discussed earlier today during the vehicle signaling discussion. Summarized in the F2F meeting notes. Update 11/9 - No feedback received. Stephane created a wiki page to document the changes.
    • Feedback at AMM from Murata-san about resource management in the App FW. Jose is starting to look at how this can be accomplished and try to get a demo together by the end of the year.
    • Jose is looking at implementing cgroups for restrictions on resource usage. Will be ready in time for CC release. Namespace usage is also being looked at.
    • Update 11/9 - Jose's target is sometime in December to get this done. At risk for CC.
  • IoT.bzh working with Forgerock on identity and user management
    • Update 11/9 - work in progress by Jose. Working on something to show at CES.
  • SOTA Update
    • Leon has ported SOTA to Raspberry PI 2/3 with some open issues in the GUI
    • Leon now has a Porter board so he can start testing SOTA on the Porter.

New Business:

  • Discussion on the mail list and SPEC-304 needs to come to a decision quickly so we can complete the demo and CC release.
  • Dominig brought up the need to be able to install applications off-line without running the device. This was possible in Tizen using OBS, but this was not ported to the Yocto version. Action for Jose to create a Jira issue to keep track of the requirement. Use case for CES is that we are receiving applications from multiple sources. How will we build an image that will boot on the device with these apps pre-installed?

October 26, 2016

Attendees: Walt, Jose, Jens, Kusakabe, Hammad

Notes:

    • Identify what is in scope for AGL recognizing that AGL cannot solve all security issues. John will write the initial version for review at the next meeting. Not complete. John indicated via email that he has been working on it and should have a draft uploaded this week.
    • Target first draft for steering committee after Nov 16 meeting. At risk
  • Application Framework discussion
    • Agreed to use some of Dominig's slides from ELCE on the Wiki to describe the App FW at a high level and to use some of Michael's slides to describe how a service can be implemented to interact with the app framework. Need to get the presentation from Dominig or Fulup's GENIVI presentation from last week.
    • Window Manager interface for App Framework Discussion
      • Action for Jens to provide documentation of what services were written as part of the home screen implementation so we can use that as a starting point. Jens needs to review with Okubi-san before releasing. Jens is thinking about a video that will show how the Home Screen application works with the window manager.
    • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Need to define the AMB requirements some more in order to specify.
  • Framework Updates
    • Looking for feedback from the community on the presentation from Jose on signaling in the App FW. Discussed earlier today during the vehicle signaling discussion. Summarized in the F2F meeting notes.
    • Feedback at AMM from Murata-san about resource management in the App FW. Jose is starting to look at how this can be accomplished and try to get a demo together by the end of the year. Jose is looking at implementing cgroups for restrictions on resource usage. Will be ready in time for CC release. Namespace usage is also being looked at.
    • IoT.bzh working with Forgerock on identity and user management Moving forward. Fulup met with them at the GENIVI AMM. Working on something to show at CES.
  • SOTA Update
    • Leon has ported SOTA to Raspberry PI 2/3 with some open issues in the GUI
    • Leon now has a Porter board so he can start testing SOTA on the Porter.

October 14, 2016

Face to face meeting in Berlin Attendees: Walt, Michael Fabry (Microchip), Yuichi Kusakabe (Fujitsu Ten), Fulup, Stephane, Doming, Munakata, Tanikawa, Jens, Christian

Notes:

  • John will send the Irdeto slides from the AMM to Walt to be posted to the event site Done
    • Identify what is in scope for AGL recognizing that AGL cannot solve all security issues. John will write the initial version for review at the next meeting. Not complete
    • Target first draft for steering committee by Nov 15. At risk
    • Discussed github usage. For smaller sections we agreed to use “issues” in github to hash through content before moving it to the document itself. Larger changes probably require an issue and a branch for review.
    • Walt will create an initial set of issues to be looked at for the first draft Done
  • Automotive Threat Actors/ Adversaries from Phil Wise (ATS) - Walt will contact Phil about putting his draft directly into the document so we start commenting on it there. Phil is ok with us using his document as a starting point. Walt added it to the issues list.
  • Application Framework discussion
    • Agreed to use some of Dominig's slides from ELCE on the Wiki to describe the App FW at a high level and to use some of Michael's slides to describe how a service can be implemented to interact with the app framework.
    • Window Manager interface for App Framework Discussion
      • Action for Jens to provide documentation of what services were written as part of the home screen implementation so we can use that as a starting point
    • Munakata-san asked about hiring people to get Window Manager and AMB replacement complete. Walt will start the process to get IoT.bzh some help. Need to define the AMB requirements some more in order to specify.
  • Framework Updates
    • Looking for feedback from the community on the presentation from Jose on signaling in the App FW. Discussed earlier today during the vehicle signaling discussion. Summarized in the F2F meeting notes.
    • Feedback at AMM from Murata-san about resource management in the App FW. Jose is starting to look at how this can be accomplished and try to get a demo together by the end of the year. Jose is looking at implementing cgroups for restrictions on resource usage. Will be ready in time for CC release. Namespace usage is also being looked at.
    • IoT.bzh working with Forgerock on identity and user management Moving forward. Fulup will meeting with them next week at the GENIVI AMM and should more to report at the next meeting
  • SOTA Update
    • Leon has ported SOTA to Raspberry PI 2/3 with some open issues in the GUI
    • Leon now has a Porter board so he can start testing SOTA on the Porter.

September 28, 2016

Attendees: Walt, John O'Connor (Irdeto), Jose Bollo (IoT.bzh), Michael Fabry (Microchip), Hammad Ahmed (Irdeto), Yuichi Kusakabe (Fujitsu Ten), Ned Miljevic (Wind River), Fulup, Stephane

Agenda

Notes:

  • John will send the Irdeto slides from the AMM to Walt to be posted to the event site
  • Security Blueprint
    • Identify what is in scope for AGL recognizing that AGL cannot solve all security issues. John will write the initial version for review at the next meeting.
    • Target first draft for steering committee by Nov 15.
    • Discussed github usage. For smaller sections we agreed to use “issues” in github to hash through content before moving it to the document itself. Larger changes probably require an issue and a branch for review.
    • Walt will create an initial set of issues to be looked at for the first draft
  • Automotive Threat Actors/ Adversaries from Phil Wise (ATS) - Walt will contact Phil about putting his draft directly into the document so we start commenting on it there.
  • Application Framework discussion
    • Looking for feedback from the community on the presentation from Jose on signaling in the App FW.
    • Feedback at AMM from Murata-san about resource management in the App FW. Jose is starting to look at how this can be accomplished and try to get a demo together by the end of the year.
    • IoT.bzh working with Forgerock on identity and user management
    • Fulup asked about university interest in looking at attack vectors into AGL App FW.

August 31, 2016

Meeting starts at 04:00 UTC.

August 17, 2016

Meeting starts at 13:00 UTC

August 3, 2016

Meeting starts at 04:00 UTC.

July 20, 2016

Meeting starts at 13:00 UTC. No participants after 15 minutes of waiting.

July 7, 2016

Joint meeting with System Architecture Team. Meeting minutes can be found here.

June 24, 2016

Joint meeting with System Architecture Team. Meeting minutes can be found here.

June 8, 2016

Meeting starts at 04:00 UTC. No else dialed in after 10 minutes.

May 25, 2016

Meeting minutes in the F2F minutes. See https://wiki.automotivelinux.org/agl-distro/may2016-f2f

May 11, 2016

Meeting starts at 04:00 UTC. Canceled due to lack of participants.

April 27, 2016

Attendees: Walt, Stephane, Federico, Paul Nichols, Tom Becker, Kusakabe

Discussion:

Review of IoT.bzh Security proposal.

  • Federico (and others) - how does telematics or other non-UI based ECUs fit into this proposal?
  • Paul - How would core telematics services be protected in a telematics device. Examples include which application(s) are permitted to talk to other ECUs in the system. Which applications may access external connections. From chat window:
 "Within interconnected CAN communications, they cannot. I think that is where 
 the disconnection is. The security I am referring to is accessing certain information 
 that is part of more premiere telematics service solution. For instance, not all 
 vehicle owners are going to want to allow all users to access certain location 
 specific information, geofences, or perform all remote services. That is more of 
 what I was attempting to referring to. That is going to require thoughts around which 
 device is connecting or who owns that device. That requires some type of profile 
 associated with the connecting cellular device. It will not be applicable to OBD2 type 
 data, but will be applicable for certain telematics services. Hope that makes sense."
  • Tom - Slide 18 - what part of this slide is AGL concerned with or are we implementing.

March 9, 2016

Attendees:

Discussion:

  1. Determining which sections of the system spec to update.
  2. Sec 3 Home Screen. Reads more like an application with a large mix of requirements rather than components we could implement.
  3. Sec 4 - Need to carefully define terms in the spec for the parts of the App FW so we all agree on what each component is.
  4. Window Manager = Wayland Compositor + IVI Shell (Jens)

Feb 25, 2016

Face to face meeting at the All Member Meeting

Attendees:

  • Fulup ar Foll - IoT.bzh
  • Hideo Yamashita - Advanced Telematics
  • Koji Hamasaki - Panasonic
  • Risto Avila - Qt Company
  • Ned Miljevic - Wind
  • Toshihiro Matsumoto - Mentor
  • Jens Bocklage - Mentor
  • Ryota Okubi - Toyota
  • Tukashi Yamamiya - UIEvolution
  • Ryo Murakami - Fujitsu
  • Tadao Tanikawa - Panasonic
  • Stephane Desneux - IoT.bzh
  • Walt Miner - Linux Foundation
  • Nobuhiko Taniabata - Denso

* Tool for documentation and requirements : Doors NG Available here: http://doors.automotivelinux.org/ Post Jira Ticket for Walt or Jan-Simon if issues to connect.

* Communication tools : dedicated mailing list JIRA

* Meeting frequency : once a week, shifted mode

* Every group member should review the AGL 1.0 specification (at least sections 3 & 4.1) and comment/amend the specification where needed.

PDF file available here : https://www.automotivelinux.org/sites/agl/files/pages/files/agl_spec_v1.0_final_0.pdf

=> deadline for initial review :March, 10th 2016 (or the closest conf date)
=> define use cases / scenario
=> adjustments to be discussed : using ML probably
=> commit the changes : end of march and will occur continuously

* App Framework candidates : IoT.bzh AppFW – Apache License Qt AppFW (Pelagicore implementation) – (L?)GPLv3 License …

* Ask to CIAT EG / LF infra team for evaluation images based on new components pushed to AGL Gerrit

eg-app-fw/meetings.txt · Last modified: 2018/12/05 22:51 by waltminer