 Hello and welcome to my talk. I'm Stefan Kalkowski. I'm working at Genote Labs as a developer since more than 10 years now and I was focusing on the ARM architecture mainly in the last years sorry and Within the last 10 months we achieved quite a few steps to Run Genote on MVA machines on certain MVA hardware and today I want to Demonstrate this to you. So it's more technical demonstration with the focus on the demonstration not so much on the technical details and As you have seen in the previous talk We are used to Run our presentations on our own software stacks. So this same applies to this talk and like Norman Already told you with with regard to his setup. It's the same to me. So it was done A day before I was starting to fuss them. So cross fingers that everybody everything will work so before we come to the actual Demonstration where I want to show Three different aspects that might be interesting for embedded systems, which you could already use right now With genote. I want to give you a short introduction on genotes history on arm and What were the findings of us that we made out of these experiences? Then I will showcase you certain aspects and then we come to a short Roadmap for this year related to the arm development So this picture shows in a rough sketch what kind of different arm hardware was entering the genote landscape and What you can see I don't want to go into much detail, but we had slight different arm architectures from version 4 until now version 8 and We collected a lot of experiences also is different as you see renders like Broadcom the series that were used in the Raspberry Pi the OMAP 4 from Texas Instruments and Incarnation of the Panda board and Exynos 5 from Samsung in Incarnation of the Andil board and we did not just run a kernel on top of it with some timer driver and you are but really tried hard to develop different device drivers for the peripherals for it and So we had as RTA drivers or SD card or different display engine and so on and The experiences for from this kind of development was that it's a pain and that it's really painful if you are just a small operating system open source operating system with no access to documentation at all and so the best reference you might get is Linux kernel drivers written by the SOC renders themselves, so there's not so much semantics that you can read out of it And in the worst case you've got even blob drivers which are just Loaded by the Linux kernel drivers inside so like HDMI blobs and whatever So the situation is not that good, but The best experiences we made so far Where with nxp based the iMix series On and their system on ships, so I wouldn't say it's It's great and everything is fine with nxp and I don't want to make marketing now for them but from our experiences it was best with regards to open documentation and we used it for instance for our extensive studies with using trust soon with doing secure boot on this kind of platforms and also Yeah We made some good experiences here, so this is what I wanted to give you as a result of Of this kind of history and we are not the only ones obviously that seem to Recognize that nxp makes better documentation, so there are several open hardware Projects right now that use this kind of system of some shit So here you see the USB armory, which now has already a second Version of it Which was presented. I think at ccc congress of this year or last year And it's a kind of a smart cut system where you can store your Cryptographic material which you can use for signing stuff or just storing encrypted Stuff and it's running on an nxp iMix 5 and it's completely open so you can download the layouts and you can assemble it yourself if you like and We also had a geno port on the first version, so yeah I'm looking forward for the second one and there is this MNT reform. It's a very cool self-made laptop project by MNT research and it's really Somehow one person project. I mean there are more than one person, but from the technical side It's more it's not not more than one person and again you get all the material you can just download it you can build it yourself including a nice mechanical keyboard and I'm really looking forward to bring the skulls OS which you Just had to look at if you attended the previous talk to this kind of device and We have this Libram 5 smartphone which uses the same system on ship like the MNT reform and This is the iMix 8m so it's an ARM v8 nxp system on ship and again What they try to achieve is giving back control to the user getting a smartphone which is mostly block block free as far as they can get with it and Yeah, I think we have this mindset in common with those kind of projects And this is somewhere Where we like to meet and we also like to take this Libram 5 to make Android like Environment and Android runtime replacement so to say and those of you who attended the talk from Alexander Zinier about Their component framework know what I mean, okay, so This board for those of you who are not sitting in the first line is Staying here in front of me on the table and I Held the presentation now on this device so it's the same system on ship like in the Libram 5 and in the MNT reform and You see we have some ethernet connector USB connector HDMI connector and SD card and We have peripheral drivers running right now in the system that drive all those kind of devices and Yeah, but this is not everything But to show you this and not just List items. I like to come to the actual demonstration part so What are the use cases for you know used in in the embedded world? So just imagine you stand in front of the ticket machine and the ticket is showing you blue screen or you Drive in public transport and it doesn't show up the next station, but some weird other desktop or whatever and Of course The ATM doesn't give you cash because it's one to do a windows upgrade right now and doesn't work out until it gets this So those are not some hypothetical Examples, but I think all of you somehow Experienced already something like this and here you see the want to cry attack at Deutsche Bahn where they were out of order for Several hours or even days. I'm not sure anymore. So What you actually need is not a fully fledged Desktop operating system like Microsoft for a kiosk system, but you'll need a custom tailored solution and Of course the costs for Those who develop such systems are standing in a way where if you have to do this all on your own But those of you who attended the previous talk have seen how easily it is to integrate a custom me custom tailored environment, but of course you need some Support in form of components for this and what you see here right now is again the slight central thing this administration console and I want to show you now that in This system There are already on the small arm machine, which only uses the first CPU because I didn't wrote a load balancer which automatically Drives the components on different CPUs and did not manually tweak it So everything is running on the first CPU and we have already 76 components running in this system and as you can see it's like yeah, I mean it's All all everything is software and that's so it's Really usable as as a display system as a display panel was as a kiosk system now We have very easy Richard said a very simple one and maybe your programmers are not coming to this kind of which it said or Programming in a genot environment But of course we can also start something else. So let's start This cute 5-text editor. I mean of course this takes some time because Everything is read from a non-optimized SD card. You can see all which is now doing is some IO and he is it's heavily copying over the bytes from from the SD card, but in the end Crossing fingers we will see This text editor you already know from The scalp version on x86 so What I wanted to show you we did not just ported some peripheral drivers But we really went through the whole software stack. So we have different libraries like lip PNG and Qt 5 a Qt 5 and TCP IP stack of course in lip see itself and The base library of genot obviously and we went to the whole software stack to make this Happen within the ten months. So I'm quite convinced that we will Also achieve more with regard to the hardware targets. I already mentioned Okay, but let's come back to the slides Another example So today everybody talks about IOT and all those crappy devices that are Out there and Probably the idea is to have some shield gateways to to SH devices which are then Yeah, but a better shield of those kind of IOT devices and this is such a device, but of course you always have the problem of firmware upgrades in such environments and as you have seen we have this depot packaging mechanism and I Can show you ah, sorry wrong key. I Can show you Maybe you didn't notice but I Have a vulnerability in my backdrop Application and somebody defaced my wallpaper. So an upgrade routine that regularly gets information about new packages might get now the information about fixed version and Now I will be the Upgrade routine because it's not there yet, but I just do it by hand So first I Take away this Q5. It's in the way and I open up a new Component No, okay now exactly this happened what what shouldn't happen So I have to reboot. I think the scalp manager is not not available yet. Yeah, sorry But that can happen Sorry There's some there's some I think the scalp manager, which is this graphical user interface for administration missed some signal or Guts, maybe it had to do a resource request or whatever I cannot show you now because I do not have some Report I can some some lock output here to to look at it So yeah, as I mentioned, it's it was already the day before so Okay, sorry for this, but we continue just Just go ahead Okay, so I reuse the image from DSD card Okay, so here we are again and to fix the broken backdrop package. I now first copy over this deploy configuration which Contains all the packages are which are now running in this runtime and I copy it over to a non Automatically managed space so in the normal config. No, I missed that. Sorry Okay, so now It's known that that we want to hand something manually and don't want the system to manage it automatically anymore, so I go over and And here you see this sticks blue black backdrop, which is the package containing the buck so I just know as the upgrade routine that there's a minus a version of it and I just Save the file and what you see now is yeah, it throws away the original version it's downloading the new version verifies it extracts it and Replaces the running stuff and if you somehow Yeah, see that there are problems with it Maybe with a watchdog mechanism the component is not coming up again. Yeah, we can just revert it of course so Yeah, sorry. Yeah, it was fixed Sorry, sorry. Yeah, of course. So I show it again Zack, okay Now it does not has to download of course So it's fixed Okay, so last example I have to hurry up because we are Already running out of time. Okay last example ups Legacy software in Industrial context so often you have some Custom software which costs a lot of money which a lot of men power was Used to to do this only for very few instances of this running software and They are also tied to a specific operating system version So they use specific drivers on on their own and you cannot just replace it with a newer version of Microsoft or whatever so Here the problem is they run out of support Maybe they are also edge devices and you want to give some Possibility to run this legacy OS. So what we did is is We have a Witcher machine monitor for MV 8 So I started Linux VM And This Linux of course Linux is big so it's a generic MV 8 kernel of 18 megabyte or something like this so it needs some time to be copied again from the SD card and This was a joint a project. It was not We did not finance it on our own, but it was a Corporate work with bedrock system who also sit in this room and I want to thank it at this place for supporting us and in Doing so because they do a much more ambition project of building up a Witcher machine monitor That is gets formally proved But at that point they were not ready to develop it Right now in their system, so we rapid prototype so to say and G node and they could use it as a blueprint and As far as I know they are envisioned to open source their version too. So we are very Looking forward to to use that To so I just want to show you This is not just some linux working, but it also has network access via word. I owe and So I can I Can start a movie a network stream movie. Hopefully if the network is working. Yeah, okay, so The VMM contains A real complete CPU model It has models for generic interrupt controller version two and and three for the generic timer of arm and it has drivers for word. I owe consola and for what I own network and Yeah, I think We have some minutes left Okay, so this is Star Wars Streamed over telnet Let's come to the road map again so those are my technical demonstrations and My last slide is the road map for the upcoming year so I Definitely want to Push this sculpt development on ambiate further. So Skulls on this MNT reform would be really cool But for this to happen. We need some kind of platform driver. So now the drivers are running, but we do not have Access to the PCI bus for instance We do not have access to the clocking and power management and we need this kind of stuff in Incarnation of a platform driver We want to have more What I only support so that we can use it interactively of course then we could really use a Skype or as desktop like we know it from the x86 world and Of course, it would be pretty cool to use hardware Accelerated graphics. So Those are the plans for this year and now I'm open for questions. Thank you for your attention. Ah, sorry Yeah, I forgot to mention. It's our own kernel So we did not use another one. Ah, sorry. I have to repeat the question. I forgot So the question was what kernel did we use? So in the initial development of ambiate in the very first release where we brought their first Ambiate support in we used fiasco c because it already has ambiate support But then we implemented it in our own kernel and also this whole virtualization support stuff is part of our own Other questions