 Yeah, I welcome you to this session. It's a split session in three parts We start with a minute of advertising because we had a nice sponsor that we are allowed to come here So we'll use this one give you a very very brief overview on the context in which we are working in Then you shortly see that this is not a Bosch presentation. It's an Elisa project presentation So it gives you a little bit of insights how in Elisa project, which is normally on safety and this is not a pure safety topic we'll get through this and This looks all the marketing is more high-level thing and then we will make a hard cut towards Really technical things and Thomas takes over from me. So he will go through the system composition So if you feel in the first five minutes, oh, this is not the level I would have expected I wanted to see more on the source code or I would like to see the ideas behind it Then wait another three minutes and you will be there Right this set. Let me go for the first thing I am working currently in a project which is focusing on saying on embedded Iot Linux and so is Thomas where I do more on the technical technical business development or as engagements and so on Thomas focus on the content below and What we have in mind that we use all these different projects which we can see here bring them Into our project and create a value for a lot of different Bosch Units and basically all these areas of products You can see are prepared by Bosch and they all not exactly always the brand or the picture of the icon will be F Linux in there, but all these business units use embedded Linux and With various kind of technologies behind. So this was the advertising part. I would jump over to the Elisa project if you haven't heard about the Elisa we are also sponsoring the critical software summit main sessions are on Friday and What we target is to create different kind of artifacts that element processes tools to Get closer to safety certification for products being used with Linux and for this Heavy work is also documentation and kind of this presentation serves also the idea of being not the best present Documentation part yet, but at least the way they're we're not alone as Bosch But there are many other parties involved in the Elisa project We have really strong supporting our members as premium members with Boeing. You see also aerospace being involved and Internet driving more the automotive track, but not limited to it and then we have a large set of members from automotive. So basically is also where major use cases are in However, if you don't go into verticals, but more into horizontals The Elisa working groups are split into some core groups. So there's a safety architecture involvement That by Red Hat they do kernel analysis look for example to the watchdog subsystem see How system calls are being made and so so this is the overall idea of the safety architecture This will lead to a safety product on the very long run More or less in three to five years scale when you think about it, but there are people already developing things now so For this we have a Linux features workgroup, which just looks in the scope of what you know from security There's C group namespaces potential things which you could make use of but you need to know how to use them to make them really Things really secure and we look now for them or things was in this workgroup. See what will be beneficial for safety? the whole long story comes in the Friday in the overview and outlook on Elisa on the critical software summit and Yeah, just two more groups not directly where I did the tools investigation code improvement This is on seeing where could kernel patches apply how which tools are there to supporting safety We need a process around it The open source engineering process is doing and the main focus today would be the systems Workgroup parts the system should bring things together. I have a slide in a minute on it So they're not talking too much about it But I want to talk about this horizontals basically would create a framework But the framework needs context and this needs typically use case for this Elisa operates in verticals the newest workgroup was the aerospace one It's air started basically at the beginning of the year and in the big falling phase They try to more figure out who are other aerospace companies involved, which are used cases Which we can start off. They have a wonderful Presentation about how Boeing makes use of yokto. We have a webinar in July So it's a good chance to to look this at this and Yeah, one of the first use cases we had where from the automotive part. This was the Warning science cluster demo from a GL because this was already implemented there. It's a good base It's something which should later during the year also get into the systems work group and the second use case group major one more the medical devices Shortly teething this is an open artificial pantry system And this is really fancy because it was started in open source without safety regulations following safety regulations But with the user centric focus by the user itself and has a growing community So this is quite nice to see and we support this with the analysis looking into critical elements What colonel calls could cause a risk to the operation? So we are supporting here and I guess currently they are also more in a way of following certain certification passes but just a short word on where things go from the automotive thing are If you would like to learn what we're doing there and I'm telling this because this is also the way where we want to go with the systems work group we thought that we have new people joining and Often the same questions come like how do I set up the system? How do I do the work and it took us like three to four iterations to really come to a state that a new member Joins and just with a step-by-step bite It's able to do things sometimes they're still living which may be expired or so Recently yokto project changed some links in the docu and the mutation and then our bill didn't or the guideline didn't work one-on-one Or a docker has changed some links, but what we really would like to achieve is that depending on your interest capabilities you can start either with Just following guidelines and sources start with a docker file to make your environment easier Or just take the docker image if you don't want to bake it on your own or Download images and just boot a QM or system. So these kind of things are all combined and Yeah, the links are in there what makes it interesting from more like the safety critical part is There is a kind of dependable flow So it means from our pipeline the documentation with this air as meter lies on in the github One-on-one more or less reprint the docker file So we see if the documentation changes we get a direct conclusion to the docker file Of course the docker image is generated by the docker file and this docker image Which you will have is also the one which is used in the github This means if you download this docker image you can more or less say this is the one which goes into the github part and From github then the execution is triggered and that's the last part. There is a qa Open qa part which is currently hosted at code thing Which does a boot check and check that our implemented mechanisms on the danger sign this telltale monitoring warning signs monitoring still works I can say the major issues which we had in the past were actually on Not directly on the sources, but something which you don't foresee directly like Some at some point in time certificates expired and then the can stack didn't work properly anymore And we rely on can messages. There's something each you will see in test But yeah, we're doing some rebuilds also we have as stay to make resource consumption a bit less But all in this means there's a dependable q whenever break something in this queue wherever you do We'll take it we'll go back and what the user does Consuming it is exactly what the C is so we will see the C is being a user of our system We want to spread this now into a Wide environment where it's not only Linux while still the Lisa project focus on Linux But we also add an RTOS. We want to go on a microcontroller later on currently our artist is still on Which is that fire then on top of Xen hypervisor We took these projects because they are all Safety relevant and we see how our different work groups can benefit It's really the idea if you want to build a safe system with Linux It will run in a system context and if you prepare an artifact you need to experience this artifact And that's nothing special which is related to our environment It's something which you have for a few cases because you have your little change and you want to figure out How does this look like in a later system setup without spending months for prototyping or so? It was the drive of it We're not taking this fully alone. We also interact with other communities So we know that the Xen and the fire they have both a certification pass trying to get to a certain safety certification with different Challenges and some commonalities As we have strong driver with automotive. We also act with HAL Sophie and eclipse stv So these are partnerships which we are doing where we are in regular exchange Because they share this kind of system architecture and then we have further outreach So we have been in discussion with slinnaro with spdx folks. So we created an own spdx special interest group on safety s bomb and Yeah, the doctor project from the built system is also involved right I Guess this comes smallest last thing which I want to tell the overall ideas Well, if you exchange an apple I exchange an apple with you Then we both have still one apple but exchanging ideas mean that the other person suddenly has two ideas and the same is for you and Based on this We want to prototype these kind of things and this was also one lesson when discussing with a gl when discussing with Partners when discussing with Xen it was like yeah I did all these nice features and I show this for years But the main question is how do I try these things out? And this was basically the story Stefano was presenting last year in Austin during the open-source summit and This was on a Q&A more and we came to the brave idea. Let's put all this on hardware. How hard can this be? so This concludes my marketing-ish high-level presentation and I hand over to Thomas Hello I'm Thomas Middelstedt and I'm senior engineer and I'm integrating and in fact systems since a long time and I bring things together and this is my profession and When I have entered this project I have seen Yeah, I have faced some challenges and the challenge is first challenge is to select the right target board It seems to be easy, but in fact, it's really difficult. The problem is you have Several requirements, which are sometimes fit sometimes not and I will show you later The hardware we have examined as the other thing is a setup of the yok to build an environment Which is at the moment the basis to set up the Xen system because there are a lot of Examples and I can try out and especially for xilinx I can use but also for the renaissance stuff and But the setup of the yok to build environment is not so simple because yeah, it depends on your computer resources if you have a slow computer you are facing sometimes network problems and also We are working basically behind a proxy and then it's a mess with the proxy But this can be solved partly Within docker image also like Phillip has explained so at the moment the best yok to build environment will be an proven Docker image and There are other problem, but this is not related to Xen is it's really sometimes hard to find valid descriptions So you find a lot of descriptions, but if you try it out or we have tried it out Well, something go doesn't work and this I have often faced and Then you have to build the images based on the descriptions and then other things are going long So and but the advantage at our project if we have a lot of specialists here for for for the several systems And we can simply ask them how this works and this is really a big advantage Compared to the usual work at our company. Yeah, and at the end not the goal is not only to Do the things but only turn also to understand what is happening, but this is a long story a long lasting story I will give you a short overview about the stuff we have examined We have started with the Renaissance family some targets like the H3 premium and Also other targets it was at the beginning very nice because Sanhardt was support is very nice You have a functional sense system. You can create it But it's and we have stopped this activity because the Renaissance has a not not the right license condition The Renaissance is forcing us to use proprietary licenses Otherwise, you can't do the really interesting things like graphics and so on and it's really hard to get and to buy for our usual customers from a purchaser because you need connections to the Product manager and yes, this is hard. But as a licensed pro problem Was the major Reason not to continue with renaissance and At the other side we have started with the Xilinx boards different at the moment. We have tried we have tried out this he said sets you one zero two and The advantage from this board is it's already also very good a very good Supported it's nice support from point of sin the hardware is fitting to the needs and Xilinx has really nice documentation This is reliable. You can try out almost all the things you want. The problem is it's a little bit expensive and The CCSU is at one zero two is a little bit outdated. It has not all the capabilities especially the graphics can't be Passed through to a domain. There is a problem with With some hardware, but the plan is that there will be an update In your sport which is much cheaper. Yeah, and and so this is Okay, and this sets you has some problems or that's there are some additional problems You have to not only to program the software, but you have once only also to take care For the FPGA programming you have to create some bit streams And this is sometimes a little bit annoying, but the rest is really night You see here some links So if you are interested what I mean and you have the presentation you can point to the links and then you can see what is happening and We have continued other targets. We have thought it's wild for about the QA with systems But this is an also nice but for proof of concepts. It's not really feasible because you can't Blink some LEDs and some lamps and you can't control some motors perhaps it's possible for the specialists But it's hard Yeah, so we have stopped it because yeah, it's it's restricted But at the other one we have also had a look at the Raspberry Pi systems But Raspberry Pi has not the right or hardware capability, so it's not sufficient for a secure sense system So from point of From point of security It's not feasible and we had a look at nxp i8 systems and the problem is this is really good from a hardware point of view It's good from the license point of view, but the problem is at the moment nxp doesn't support Xen in the right way They have other focus. I have called I have talked with Yeah people from from nxp and they They she has said They are aware of this problem and they she will ask internally how to Continue and the hardware here and only in short overview. We have used the set CU one zero two and Yeah, it's not a big thing. I have used here an additional hardware for the demonstrator Yeah, we have our SD card There's only the bootloader placed and we have a USB stick with the whole demonstrator setup and I have used for one use case for the adapter pass through Some USB ethernet adapter And you need some environment Here mentioned and this is the overall image what I want to show you here is you have in fact here The hardware and the hardware is connected with some putty and later I will show you some videos what is happening there And there are some hardware connected to the local ethernet means built in nick Which is a part of the board and I have a the second Ethernet adapter both are connected to a local network, which is supporting the hcp This is not automatically at our company site But yeah, then it's much easier We have some software parts, especially the bootloader, which is affecting you boot And which controls with the boot source which is boot script the stuff to start And the bootloader is started from the SD card because Yeah, the SD card is a major boot media, but the rest is started from the USB stick And the software self consists of XSEN system, which is in fact a specialized Yocto 2022 Dot tool system with some parts from siblings And at the other side, I have some VM software and I will say all the systems are not aware Of Yeah of the special setup. So the apparatus build I will show you Is yeah It is not aware about XSEN. There are no special drivers built in It's just from the mainline stuff and also the simple petal Linux Which I am using I have simply downloaded the BSP. This is the package from siblings and put the root fs put Image inside so nothing is prepared and this is what I want you to explain here The idea is we want to have a skeleton and kind of a frame But the systems on top of it are we I always say they are weekly bind Bound so weekly bound means You don't have to Regard what is inside of the frame, but this is a kind of a platform and you are landing simply on it and that this is working I can show and Yeah, and I have used several sources. One is XSYLINX Yocto 2022 dot tool. This is not really XSYLINX there are some additions for the petal Linux implementation, but not really much And it's all open. I have used some binaries from the XSYLINX I have used an Apertis built by my own because We at Bosch are supporting Apertis and using Apertis And yeah, I'm integrator for for a lot of Apertis image. So I have built up an Apertis system And we have used the former Demonstrator based on the RenderSus ERCA and I've simply Got the SIFIRE image binary as binary. So the build has not built something special for our petal For our XSYLINX setup. I have used the image for SIFIRE binary I have put it at the Send and it has worked. So the idea behind is the SIFIRE and all the other systems are using common interfaces and yeah, and they will work And some instructions and all the parts you see here are There are links Yeah This is an explanation from this. I have a scheme I can go over because we Perhaps we need the time for demonstration. This is a scheme for the SD card usb loader It's not really much interesting, but you can have a look now. We come to the interesting parts I have created different Demonstrations and this The special thing here is It's usable out of the box. So I have used the binaries and they were easily To set up and yeah, and I want to show you now The first setup I want to show you is a very simple setup. Hopefully you can see it And this is simple The setup about It's okay Okay, um now we start here. This is a The idea behind is we have stages and I have some titles added So if you have a look you'll see what is done and now it's booting with the sen and the dom zero It's very simple. It's a standard boot and you see some kernel activities. Hopefully you can see it It's a little bit not so big, but The videos are at a higher resolution and now After the sen is started I will I simply log in this is always And the setup This is for this yokto image. It's also based at yokto 2022 and now I simply Look for For the lists what are Available and you see only domain zero is started and Yeah, and then I start the simple demo with the petal linux image Um at the usb stick I have a directory. I change to the directory. You can see some configuration files for xen And yeah, simply I start with this creation and what is happening now is secondary vm is started and This vm is not aware about xen and it can it has at the end not much not much Not many capabilities, but uh, yeah, it can easily be started and I can now xen has started and Yeah, and then I change to the console and uh, yeah and I am miss written And you see here the guest zero is started and this is so far We will wait to change to the console and then I will And start the next example Because I guess Yeah, and now we see the console output from the simple application It looks very similar to the xen because the base system is the same Yeah, and now I am in there I have to repeat my password, but it doesn't matter. Yeah, and now we are at the system. I will stop here And I will show you a nice other approach And this is apparatus um It's in fact the same approach, but the idea is uh apparatus is completely Yeah, there are different parts and different image system memories for linux The device tree is different But the advantage is apparatus is supporting this out of the box There are only few changes needed because I am creating here a run disk file for apparatus because not all word ios are part of the run disk, but Yeah, you have to add the word io devices and that's all and if we look here At the Yeah, I have not have no extra it needs some exercise Okay Now the same procedure I have want to increase the time or Speed up, but here you have another configuration file and the configuration file starts the arm apparatus also at the run disk image From procedure same, but I want to show you that it's not only theoretically It's done and from the message here is You can use an apparatus image. You can use your yokto image. You can use almost all images you can Imagine and yeah, and they are starting At at the same basis them and our idea is to develop this in in a way That you have a kind of an input or interface from the Send system and yeah, it can be and the system can be Loaded and here you'll see the apparatus. We have a bliss Image, it's a nano image, but in fact, it's a apparatus system with a usual Interface and here only some hints that there are no networks and this was to show you and There's also the possibility to start a sapphire system because I will stop because we are Going out of date. What I want to show is perhaps That it's possible and this is really a nice path through of either net controller You see at the left corner the network. This is in the case a little bit small But if you have the presentation before you you can have a look And yeah, and this use case Shows you how to transfer Nick controller to to the image and yeah, and this can be easily done And if you think further then you can say, okay, I can have an apparatus system Which has an easily controller and you can have a other system and this should be for this day I want I want to show because these are only the demo cases and so we are coming to the end I guess I just wrap it up. So What I want to mention We want to bring a lot of this documentation also in Github The original work for example from the renaissance setup. It's in there as a work in progress pull request We will most likely close it soon. You see that it's on the older date But we didn't made it into the ci due to the mentioned reason and for the other thing There's public reference. You will also find all this from the Lisa tech side and Yeah As originally was planned to show really the full setup also the already having the github link and so we're not yet there Turned all hardware sometimes a little more tricky than even if you know about it Then you expect and by this I guess we can conclude say thanks and have still a few minutes If I see the counter for questions, which you hopefully have At the first hand, let's see if yeah, wall is moving Yes, thank you for the presentation. Very interesting And yeah, first I would I actually have two questions First question is about the how do you choose to go for sen and not other options like kvm or maybe Containerization Yeah, so the selection for xen was basically so we discussed also about kvm and we which because also hl was working with kvm We took this because The xen brings a good strong pass on security and the even more important on the safety because we see that they Try to get into a safety certification for open source and this gave a good fit for elisa So we wouldn't bound on this and as tom has said we try to build a skeleton So the idea would also be if the skeleton works and where you can place your linux We am if you where you can replace the sapphire the idea should also be from the recipes you get a pass on Showing additional virtualization hypervisor technologies But it was just the starting point because we had direct outreach to the community I know they have a safety path and this helped us a lot Okay, thank you and the second question In the presentation, I am not sure if there's already like information on what's the The usage of cpu say because it's cnkp. It's using the cortex a only or is it also using already a cortex r It's only the a1. So we couldn't the system sketch. We had the microcontroller part in there, but We're not yet there If we came from the kvm o1, which was basically just having the xen and this would be another step to go for Yeah, thank you Hi, I would be interested. How do you create all these images? Is there Some support for it in the meter elisa layer in yokto or Do you build them? Basically externally from the yokto No In fact, they are built with a yokto layer. I have nothing changed. I have the only to use directly the yokto setup from Which I had and I've created the image as and this is not There's not much happen because to be honest. I'm not The specialist for yokto. So I have to replicate the stuff I see And I guess the only thing is I have it has to be put to a ci And this is the only thing I have there's nothing adapted It's out of the box This is with respect to the systems demo and the automotive use case, which is just a plain enough that we have We use the yokto as it comes from the agl at our meter elisa as an additional layer This builds everything and it's built within the kit lab cloud infrastructure So you can see all the build logs there. You can download the image from there You will find this is the s-bomb for it. So this automatic s-bomb generation You'll find the uploaded artifacts from the boot process image comparisons Everything is there for the use automotive use case and we want to get to this stage For the system demo with sand and sapphire There's another one Yeah, I also wanted to know if there's like already like some benchmarking on the Usage on of the for example sefir on top of sand or against like a Just sefir by itself On this on this test that you already did We didn't do but stafano did I think he has some benchmarking on the sapphire part At least he was quite Quite happy to see also which real-time performance he could achieve when using sand and sapphire on the system And this was part of his presentation I don't know if it was really in the presentation But he took it last year along with this talking austin And there at least from this performance I kind of say something about cpu loads or if you want to go for this perspective But he said from real-time capabilities of the artist was really satisfying for him In the microsecond range, I guess yeah in terms of safety This was also like good for the IRQ and cache coherency So this separation is it's also good already in this with this separation on sand or I'm actually not sure I cannot tell you completely So we try to concentrate on the linux and that's why we interact with sapphire and sand community also We just get a lot of support from their side just to see to try to make it documental and flexible Okay. Yeah, thank you Yeah, we have room for one more questions or two. I don't know Thank you. Could you go on the slide sevens, please? 17 you said seven seven That's good that we have at least one slide with a number Yeah, this one with the session Next yes this one. Yeah, um, how do you prevent the other operating system running on the micro Core to not access resources of the linux system or the other os Yeah, so From microcontroller part if you really take this rs There you would need hardware capabilities So it's not preventant software as we see bring certain isolation methodologies with system mme other parts So we're doing on this is on this level This was also an example why we said if we want to really go for a good isolation and so on that's why we said The raspberry pi is not the best option and we would like to go for more hardware Especially discussing about gpu and how gpu virtualization is done is can mean Either you go for a secure way of doing it Or you get an easy way of doing it. So this is something more complicated and for the On top of xen part xen will take care to a certain extent The interesting part will be not about how the ideation also works But also how the share sharing of devices will be established because then your safety argumentation can become different if you share a device How to really make sure that the paths on a shared device will not get a conflict Thank you welcome Oh, yeah, that's one way back Hi, my question is related to one of your presentation You said that you are using ss state for the cash Thing but I think in the detailing I did not see much info about it So is it that I should check the link or is it something you would like to share about it? so, uh I think it was in I think the first yeah Anyway, so what we have we have an s state the s state mirror is also Accessible. So there's a link on this. There is documentation in the meter. Eliza Where it says this is how you enable the s state what you configure as a server and we had the concern That on the long run we may have Something corrupted. So once in a week, we also build up a new ad as state To just see that everything builds properly because there could be someone who doesn't want to rely on the s state because maybe of a bad Metered connection or whatever Then it's easier to download the things and so we have this mixture in there and considered say okay to be on the safe side Rebuild this s state on regular base, but have it available for download. So this is documentation Okay, thanks And it was actually also funny learning from the new joining He said I did everything and then at the end of the documentation You mentioned that there is an s state and you made a pr and just said Can we have this documentation at the beginning because I was not reading through everything I was following the step and then at the end you say and if you want to save a lot of time make it At the beginning make it now and it was quite a nice thing That's like how user experience and just thinking in your box, right? So it was really good All right, we stop here I guess. Thanks a lot for your questions. Let's buy a gift more