30
David A Rusling, CTO Linaro The End to End Story March 2016
David A Rusling, CTO Linaro
The End to End Story
March 2016
Some problems can only be solved by looking across a complete compute ecosystem
The End to End Ecosystem
Gateways, Edge DevicesIoT Devices Mobile Devices Media Servers Cloud
● Coordinates strategy across all segment groupso Work directly with the segment groupso Technical detail is directly driven by the director, TL
and committee ● Works directly with members● Impact mostly in the next cycle
o Priorities and new work (Lead Projects) next cycleo Incubation via OCTO, for example HPC/HPDA
OCTO, What does it do?
OCTO
Standards
Boot Architecture
HAL
HPC
Reference PlatformsThe assembly line of the end to end ecosystem
Gateways, Edge DevicesIoT Devices Mobile Devices Media Servers Cloud
● Data needs to be processed and protected
● Products are appearingo most are enhancements to existing
mobile applications, tethered to your mobile
● Many ‘walled gardens’o Little data traffic between them
IoT will Generate Vast Amounts of Data and Compute
IoT Client Reference Platform
CoAP
RTOS
SCRIPTING ENGINE
Ecosystem Libs
CoAP MQTT
KERNEL
SCRIPTING ENGINE
Ecosystem Libs
CoAP MQTT
KERNEL
SCRIPTING ENGINE
Ecosystem Libs
DTLS TLSDTLS TLSDTLS
CoAP HTML
KERNEL
SCRIPTING ENGINE
Ecosystem Libs
TLSDTLS
Sensor Gateway SmartDevice
SmartDevice
Cortex-M● Secure boot (supported by the ARMv8-M
Security Extensions (Cortex-M Security Extensions or CMSE)
● RESTful protocol support (OMA LWM2M, CoAP, MQTT, DTLS, TLS)
● RTOS: Choice of Contiki OS, mBed OS...
● Cortex-A● Bootloader: ARM TF, PSCI, UEFI (ACPI, Grub2),
eMMC● Trusted Execution Environment (OP-TEE)● Stable kernel
o UEFI and ACPI support
o RESTful protocol support (OMA LWM2M, CoAP, MQTT, DTLS, TLS)
● Distributions: OpenWRT, Yocto...
LITE Ecosystem: IoT Client
●IoT Application FrameworkoLightweight Javascript engineoEcosystem services layer (for example, mBed)
IoT Client +● Full web protocol / bridge
o HTML (CoAP / HTML gateway), TLS
● IoT client managemento Key storage and retrieval, authenticationo Device messaging updating, provisioning
(varies by ecosystem)
A gateway is a little server...
IoT Gateway Architecture
CoAP-SMS CoAP-MQ CoAP MQTTHTTP
DTLS
KERNEL
DOCKER ENGINE
Device Messaging
ProvisioningUpdating
Device Messaging
ProvisioningUpdating
Device Messaging
ProvisioningUpdating
Device Messaging
ProvisioningUpdating
Con
tain
ers
TLS
● Mobile is the current ‘central ecosystem of technology’
● Disruptive technology, engineering and business practices will flow from mobile into all market segments
Mobile is Impacting the Whole Ecosystem
Mobile is the ‘central ecosystem of technology’– Benedict Evans, Andreessen Horowitz
● Secure boot path● AOSP based open source
componentso Kernel, including protocol stacks etc
● Android RunTimeo Java based run timetimeo Cloud ecosystem integration
Mobile
CoAP-SMS CoAP-MQ CoAP MQTTHTTP
DTLS
KERNEL
ART
Ecosystem Application Framework
Ecosystem Application Framework
TLS
Ecosystem Application Framework
EcosystemApplication Framework
STB
● Productivity tools no longer means ‘Powerpoint’, it means data sharing and social, for example salesforce.com
● Social is not just writing messages on walls, it is a means of sharing our interests and interactions
● IoT will generate vast quantities of data
The Data Singularity
We kill people based on metadata.– Gen. Michael Hayden, former head of the NSA and CIA
Microsoft needs to try and reinvent the connective tissue of the enterprise– Microsoft CEO Satya Nadella
Data analytics plus learning systems (AI) drive ‘intelligent assistant’ style interactions
● Commoditization continueso Standard components (open source standards)o ‘Value add’ driven to the margins as open source provides the
frameworko Few companies have the scale to differentiate themselves
● Big data consumes big storage● Machine learning consumes CPU and GPU cycles ● Tuning for work loads the only way to scale this
o HPC shows the way
The (ARM) Data Center
What does the (ARM) data center of the future look like?
● Bootloader: ARM TF, PSCI, UEFI (ACPI, Grub2), eMMC, USB / Network boot
● Latest stable kernel with UEFI and ACPI support
● OP-TEE● Distributions: Debian 8, CentOS7● Software stack: Openstack8, Hadoop,
Spark (Bigtop), Docker ● IoT ecosystem components. Includes
device registry and discovery
IoT Cloud Ecosystem
CONTAINERCONTAINER
MQTTHTTP
OPENSTACK
Device Management,
Security
HTTP
Device Management,
Security
MQTT
TLS TLS
KERNEL
● Everybody wants our datao Mandated government back doors /
keyso Cyberterrorismo Corporations
● Security not just about physical and electronic keys
o Cloud gives more attack surfaces to exploit
o Need to focus on detecting and responding to threats
o User and entity behaviour analytics will allow adaptive behaviour
●
Security
Glibc: Mega bug may hit thousands of devices– Dave Lee, BBC
● Clone the network SSID● Telnet to the iKettle with a default password of
000000● List the iKettle’s settings and it displays all known
wifi passwords in plain text
How to Hack Your Kettle
Q: How many of you put your domestic appliances on a separate wifi?
● Web service (API) calls were not verifying the 'sender' of messages
oa would-be attacker to send bogus requests●Attacker could find
oCustomer detailsoChild’s name, age, gender
How to Hack Your Child’s Teddy Bear
● Vulnerability in the mobile application● Allows anyone to take control of your car
using the last 5 digits of the VIN number● Heated seats● Air conditioning
How To Hack Your Car
GET https://[redacted].com/orchestration_1111/gdc/BatteryStatusRecordsRequest.php?RegionCode=NE&lg=no-NO&DCMID=&VIN=SJNFAAZE0U60XXXXX&tz=Europe/Paris&TimeFrom=2014-09-27T09:15:21
● Timely updates are necessaryo New features in IoT and Embedded
o Emerging IoT protocols
o Integration with multiple IoT ecosystems
o Security fixes
● ARM partnership challengeso New IP (secrecy / fragmentation)
o Lack of a common platform HAL, also known as ‘architecture’
o A ‘hack and ship’ development flow - “we’ve always done it this way”
Security Needs Timely Updates
Standards Enable the End to End Ecosystem
Gateways, Edge DevicesIoT Devices Mobile Devices Media Servers Cloud
StandardsWe follow a lot of standards, but there are some
that we should be actively participating in● Open Data Plane● GlobalPlatform● Device tree● Open Container Initiative● ...
Hardware Enables the End to End Ecosystem
IoT
Enterprise
Network STB Consumer
Gateways, Edge DevicesIoT Devices Mobile Devices Media Servers Cloud
Easily prototype new products
●Commoditization of Connectivity Components●Crowdfunding●Quick Turn Manufacturing●3D Printing●Added services (Nest, Fitbit, Philips Hue)
Hardware is the new Software
96Boards plus SDK / Reference Platforms gives us an end to end story
● Raspberry Pi has been a brilliant enabler of engineers and the maker community
o 96Boards inherits much software, Debian, Fedora etc that was incubated on Raspberry Pi
● 96Boards is enabling end to end ubiquitous software
● It’s a layout standard that enables multiple boards of the same form factor
o An improvement on a multiple competing layouts from many ARM SoC manufacturers
● It enables and supports the software reference platform
●
96Boards is not Raspberry Pi
● It all comes together in the reference platforms, hardware and software
● Reference Platforms are driven by standards
● Standards succeed when they are implemented in open source (and in the open)
● Developing open source openly enables more players
● It’s the ARM ecosystem way
How Does All This Come Together?
Additional Material
The End to End Ecosystem
Networking EnterpriseIoT
Gateways, IoT Devices
Mobile DevicesMedia Servers
IoT
Enterprise
IoT / TV / STB / Media Gateway
Network STB Consumer
Consumer
● Software Defined Networking (SDN) plus hardware acceleration
● Open Daylight - modular SDN platform● Open Virtual Switch● ODP - interface to acceleration
hardwareHigh open source content, merging with commodity hardware
Edge Network
ODP
KERNEL
OVS
Open Daylight
Open Daylight
Applicatoin
Open Daylight
Applicatoin
Open Daylight
Applicatoin
