 Hello, I'm surprised to see some people still at six o'clock in the evening, so That's pretty impressive We're going to talk about Automotive grade Linux, so I'm Dominique I work for Intel I see people doing pictures. I already posted my slides So you can find them on the internet So if we keep about working, so what what is automotive grade Linux? It's a distribution based on the October Using really upstream component What we have different a little bit is that we have tried to make something which was a little bit more focus on The automotive and the reason why I'm here today is not only to explain you what is automotive grade Linux, but to Anchorage you actually to look at that project if you want to do industrial project outside of the automotive because You know when we talk with people we realize that the need of a lot of people Is very similar and apparently of the fact that you're looking at Automotive issues or you're looking at industrial issues or even building of smart cities so AGL is an open-source project Which is sponsored by quite a lot of big companies And originally mostly driven by manufacturers of car manufacturers coming from Japan But we have since been joined by I thought in United States and very recently by Daimler in Germany But we also have some software houses and we have people doing equipment for cars and At a lower level we have even more people People like advanced telemetrics that you have just seen before this presentation members of the AGL and are working on the project So it's a lot of people at the end of the day And all of them have a direct relationship with automotive, but everything is really in the open so Who is working on AGL? I don't know if the numbers mean anything because I still don't know how the Linux foundation does it But it gives a little bit of a ranking and definitely the number one guy on AGL is Jose who is there Okay, so if you want to go with him and I have to say that is the best one for the second year in a row I know that some people are trying to get him out for the third one, but they still have to prove They're capable what we can see here is that actually we have quite a number of people who are committing Understanding that in AGL, we are not really developing a kernel We are probably making a distribution with mostly existing Components so we have a few small things that we are developing which have been developed specifically for AGL and we talked about it But most of them like OS 3 are actually projects that are coming from the outside world from the open source that we are integrating so What is AGL itself It's an embedded Yocto-based build so a lot of people believe that Yocto is a distribution I Will not go into semantic or do you say that Yocto Yocto project or open embedded? You know, let's forget this conflicting marketing discussion for after the beers But at the end of the day Yocto provide development tools which allow you to build an embedded distributions And and we're using that. Is it the best tool in the world? If you ask me personally before I was using OBS and I still prefer it But it's a tool that people know and at the end of the day It's a tool that you're capable to deploy and you're capable to scale up with Because you can hire people who understand it and you can subcontract to company who are capable to use it We obviously because we work in the industry We had to made a system initially that would immediately start to have capability to have a very strong integrations with sensors In the cars you have a lot of sensors and obviously we had to get that readable by the software We could not have a desktop you are Nobody want to drive a car with a mouse And even a touchscreen is sometime on the very strong edge of what you can do So the user interface is very specific Furthermore a very important point which is driving us in a GL is that we know that the people will use a GL all of them Want to do their own user interface? So we cannot do what we do in desktop where you either use GNOME or KDE and then you have a few exceptions people using one of the two hundred different desktop available in Linux But the majority are there Using either GNOME or KDE now in automotive every car manufacturers want to have his own UI and actually in every car Series they want to have their own UI as well. It's a huge Differentiation is actually likely one the most important one so we had to think from the very beginning of Making an OS with the distribution that would not be assuming any type of UI When it comes to the technology of the UI we also had very strong Differentiation's you know some people are saying we're going to use Qt and some say yeah We don't want Qt because we don't want to buy the license and the GP L3 in a car It's not really something we can afford to put in And and you know some of us said we're going to work with HTML 5 But on the other side on some CPU having a very performance browser is still a serious challenge so Not only on the design of the UI we cannot agree but actually on the technology of the UI We know that we cannot enforce and force anything One specific thing which is very different from a desktop in a car you have specific buttons Typically they are sitting somewhere between the dashboard and your steering wheels And you have a lot of them so you have to manage them and in modern car you have multiple screens The one that we all know is the one where we have the GPS Somewhere with a radio in the middle normally of the console But we also have now what the industry called the cluster that you know people like me called the speedometer You know the thing you have in front of you that tell you you know how quickly you're going and if your car is over heating That is another area. It's also a screen you know from a computing point of view and and you start to have screens in the back of the car But you also have people wanting to interconnect that tablet which becomes and a screen into the system when you're driving So the type of screen the shape of the screen the definition of the screens are different Now if you buy the car prestige or the car popular of the same theory likely the screen is not the same size and not the same definition So you also have to take that into account. So we had that very big things that we had to deal with The second big thing in Linux was that we have to deal with a managed device and this is a big importance To understand you know in in this world of the first them Especially we have very strong open community and people are saying, okay, I'm going to do my own system I want to hack the system in reality when you do certain type of device which are managed You are legally responsible by law when you give the device before working on Automotive I was working on television. I already had the same problem so in a managed device you cannot in reality let the user change the device Except if he really in a formal way has a traceable way to Prove that he actually decided to break it and so take the ownership And and that is a big issue we have because on a managed device Definitely any fault is going to be blamed to the poor guy who shipped and sell the product Now in the car industry is very strange because the guy who developed the product is not the guy who ship it So you buy a car from you know PSA or from Daimler or from BMW The radio system in it is not only coming from them. They bought it somewhere else And if you look at the very detail of the contract the responsibility is supposed to be with the one who provided the system Which could be an Armand or you know a continental or a Bosch But in reality from a user point of view, this is not the way it works You buy a car from Mercedes you go to the Mercedes dealer and you don't want to know if the radio system is coming from Bosch For continental from Armand if it doesn't work, you know, it's a guy who sold it the cars I will have to fix it so on a managed device very quickly the Responsibility of any problem come back to the guy who sold it and that's an important point the second Issues is that all the application which runs traditionally on a gated device are actually checked by the the guy who sell it and and you know the application which is for example capable to receive I Drive a Volvo and I can have the the internet streaming system Which is in the car? That is actually an application which has been gated by Volvo. They have tested it They have checked that it works We are not in in the world of Android or iPhone or PC where you can get an application You know from a store which has been kind of you know checks that he didn't do very bad thing or even on the PC on our Linux distribution, you know, you get it from the official distribution or from a friendly repo Within the distribution a user repo or even completely outside, you know, that that's not really possible and They have long life now in the car industry typically Time which is said varies depending who you talk to between 10 and 20 years Let's put something in the middle, you know around 15 When I was working in TV industry was typically 10 and before I was in the telecom industry where it was 23 years and three months don't ask me how it calculates that it must be a very one numbers of seconds but That is very very long time Especially within the computing world where we are used to make new system, you know every other day Okay, to be honest and I heard a lot of people saying the future is for rolling Distributions you say manage device it will take quite a bit of time before it does arrive Because you have a lot of constraint to not doing it and finally a very very big differentiation on a managed device is that there is no admin So if the system crash if the system is to be reinstalled you cannot rely on an admin You cannot rely on a skilled person. That doesn't exist. So everything has to be embedded into the device Now this is what we did in the automotive industry that what draw has been driving us And this is what is still driving us now the reason why I wanted to present that is because We believe that between the automobile and the industry in general and even in certain type of complex building or small cities There is a very very strong synergy and the fact that the feature we are providing are traditionally something which are Not surprisingly very different Yes, we have speed position and sensors now the fact that you have a speed position of a sensors for a milling machines or For knowing, you know if the light are working well in the city or if the door open in the car It actually doesn't make any difference from a software point of view. It's exactly the same type of framework The UI is dedicated and is very unique. It's exactly the same the UIs from a lift Is going to be very different from the UI you are going to have on a machine Which is controlling and weighing trucks when they get out of a query So you will have different UI every time You will have dedicated entry buttons You're going to get multimedia features now on the milling machine. You don't have multimedia feature Okay, well the guy is working on his machine. Nobody is going to let him access, you know his best streaming stuff So he can see series but in a lift You're going to have a multimedia because they want to do advertisement So it's not Uncommon to see them you're going to have an emergency phone service quite regularly a lot of devices will have an emergency call It might not be over a phone Typically in the factories and machines will have an emergency system that will have to connect on the phone Especially the guy working alone. So this type of services are not and heard of and finally it has to be remote diagnostic as well So it's not very different. We have the same things from an implementation point of view We are not different either This industry is using Linux I'm sorry to tell to the people who believe that Linux is the best and should everybody should use it because it's the Best they didn't use Linux because it's the best and because it's a nice as they used it because they had nothing else who could do the job Okay, and and quite often it was a connectivity into the network Which was one of the driver to have to sector to select the Linux And we come back to this issue of connectivity, you know, what type of bus do you have? You know in the industry you have plenty of different type of buses. Are they all managed by Linux? Yes So we already have that. Okay, if you are remote, what are you going to have like your 3g your 4g? Do we have that capability? Oh, yes, it happens that we'd integrate actually it for the cars so this is type of things we have and It has to be a hundred percent remote support now when you have a factory calling you you sold a big machines You know and you're living somewhere like me You know in Brittany in the very west of France and you have a guy calling you from Denmark and say my production line is stop You're not going to tell him. Okay. Let me look at the train table and I'm going to go to see you And you know next week you will have someone who maybe will be able to and fix your problem It's not going to be very good You know in general you're going to say okay, you know that your machine I have that contract with you and I'm going to log on my your machine I'm going to try to start again your your factory immediately So we are on a very very similar type of things So if the requirement are very similar and And we have you know in one way In a GL there's a the remit to still go in that direction Let's have a look at you know what we've been focusing on and and what potentially we could reuse We are focusing on the core. That's a very important things to understand in in a GL We are not really trying to do the application We know that the car manufacturers are far better than us to find people who can't make a very nice looking radio Or a very nice navigation application Now if you go and I invite you to have a look at our demos in the building a AW we will restart the demo tomorrow. We have a table there where we are showing AGL working on different hardware We have a demo obviously to show we have a get the UI and to let people understand what we have done But this is not what we are focusing on. We are really focusing on the core of the US Which allow you to build what you need on we are working on a reasonably recent Type of code. So we are based on your to do that too, which was released Just Before Christmas Okay, for some of you. This is ancient almost prehistoric. Okay. It was last year and For us in the industry. It's that's very new. Okay, and still very green The kernel we are using either 4 4 4 8 I Am going at least on the Intel side where I work pushing to 4 9 because I need a few features So we are working on kernel which are definitely reasonably recent and the reason is because we see later. We are using some security features from this kernel The reason to make backport But then hey once again you are by your own and my advice is try to use what we do rather than try to reinvent the wheel The security model has been one of our big driver It actually been mostly derived from Tyson It happens that for historical reason the team which is working on the security side of AGL has worked for numbers of them on ego first and TV side which had some security serious problem and then on tizen Common and tizen avi and now we are working on a gl Why do we stick to that model? There is a very simple reason to that the first one is that it's a pretty light model from An embedded point of view and secondly Samsung is just shipping millions of product, especially televisions With the same of very similar security model. And so we have a real test of them What is our goal a number goal and security and this is really cyber security is that People using a GL will not be the first to have their car lock You know one day someone will arrive to start a car in the morning wanting to go to work And it will have a nice drawing showing him a nice hacker saying hey You have to pay me 10 bitcoins if you want to go to work today And We don't want that to be an AGL car Okay, we rather to be it with another distribution now. It will happen And and we believe we are trying to do our best to avoid it to be us So now if you think about a factory you have exactly the same problem You know if you take a factory which is producing chocolate and you actually lock the factory chain You know during three days two weeks before Christmas you bankrupt them So it's a very nice way to deal with competition Once again, it will not be acceptable and that with IOT Especially when IOT come into the industry is a problem that need to be actually seriously looked at Now on the working point of view we are working on standard BSP provided by Yokto With the small caveats that the kernel has to be recent That means that you may not have to get everything a hundred percent open source It's nicer. It's easier, but it's not mandatory and it's not uncommon that some suck Have especially on the multimedia or on the communication channels some driver, which are not open source If they come with a BSP from Yokto, we are actually capable to actually work with them And because we want people to be able to work and write application without dealing with Yokto We provide an SDK ready for that So this is what we have today and this is January 17. So that what we did present at CS Three weeks ago and that what we are actually demonstrating a well again today and tomorrow In order to help people to write application We arrived to the conclusion that we needed to extract the writing of applications from the embedded business The reason is very simple if you look at the world business of developers You have roughly about half a million embedded developers Available in the world all of these people already have a job Numbers of them are old and there are more people of that class going on with time and that new people coming from university So the system makes that the solution is today bad and tomorrow it will be worse So we wanted to enable people to use Other type of developer to ride the middle way and to write the application now We look at what is available. We have about you know eight millions people working on mobile application And about seven million people working on web application We saw you know, this is a very nice things We would like to tap in and so we have tried to isolate our way to write application And middleware in such a way that we can actually use this type of people who are available And then you just need a few people doing really the very heart of the platform using your code So from an architecture point of view It's pretty traditional. It's not very easy to read. You will have to download my slides But we arrived to a very standard system where we have at the bottom We have the operating system. So this is a Linux layer Where you have your traditional drivers Plus your services which are embedded in your kernel On top of that, you are going to provide services and those services are typically what we call the middleware Most of them not all of them but most of them we actually run them As application and which means they're going to run in an isolated security context We'll see that in a minute And obviously you will further you're going to have the application framework which is really isolated Isolating the way we we progress communication between application and the core system And on top you have different type of Of application really which are running and which provide you know your connectivity and and whatever you wanted to do with the box The security system is Shown as vertical because it is in in everywhere point now I insist on that problem of security and here security is in the sense of cyber security We decided in a gl to put security from day one in the design I see some people here who came to see us from other a project a few years ago And and we had a long discussion on that can we add the security after the fact or do we have to make it from the beginning? Anyone who is cooking knows that if you put the salt as the last minute on the plate, it's not very good You have to put it when you cook only exception are the chips in belgium But Security is the same you cannot spread security at the end and hope that it will work Now some people still dreams that this is possible if one day they succeed and they demonstrate it We will be very happy to change our mind, but so far all people who have tried to do it like that had it wrong and have failed so We decided that we were going to go with the mass and assume that it was something pretty well accepted in the industry That that was a wrong way of doing it in order to get the security working you had to actually design it in And and the driver we had was very simple Everything which is not explicitly allowed is strictly forbidden Okay, and we actually put that in the entire system I have Had because I've been pushing that system for more than six years The only difference is that when I started the room was completely empty People say yeah, but how are you going to know what we what we need? And and my answer is very simple if you don't know what you're doing you should not do it Okay, and and that's a very important point So if people are coming to you and say, you know, we cannot put security on a white listing And just think it twice very seriously, you know, you should know what you're doing to do And one you have Decided that you were going in that model You have to provide a model to implement it and the way we actually implement it It is a set Of functionality The first one as a very obvious one Okay You don't want to run everything as root You know, we have all heard about the huge attack On ovh because that was the first one to actually Pass a one terabyte of data And why it was created because some video camera are running the application as root And a lot of embedded system are still done like that So that that's very basic Um, so you you have to look at that So using the the DAC is very important DAC for discretionary access system That's what we know as a the traditional access right from Linux But we also use a mandatory access system and and the difference is that on the mandatory access system The application cannot change a right So if the os says that application cannot write that file it cannot change it While otherwise as a user a you can always give right to use a b to use your file So if your application a is actually hacked it has a possibility to open the system With with mac it's not possible, you know that that is actually enforced as a policy level So you all know mac because sc linux on the center s or A federal or read at are actually using it's it's actually a mac And on the people using Ubuntu open Susie it's a parmore And smacks that we use is actually in the same family. We're using exactly the same module So we are probably using the lsn module from kernel and and it's just a way to activate it Which is lighter which take less cpu You cannot do things potentially as complex Which is good and bad As a bad side is that if you want to do things extremely complex You you may not be capable of doing the good thing is that when you read what you have done you are capable to understand it Which is not always the case otherwise And the second thing we did on On the access is not really directly there But we separated the access to the system with a mac with what is allowed to be done by an application And for that we have a system inherited from Tizen Which is a system of checking the privileges that what an application is allowed to do and we enforce it in different point of the system If you think about An equivalence or trying to secure a building that would mean that you you probably do a first step You know you do a fence around your building and that's your first door But actually what we also have done is that we we create like you know Side isolation so when you in floor one if you want to go third floor two here you have to get a special pass Otherwise you cannot do it The other point that we are looking at is how can you drop privileges and and we have in Different way to do it the first one is a mac actually the mac allow us to drop privileges And to stop application to make some specific call or to touch at specific resources But we also have other method into the Linux kernel to drop privileges And we have the bcom filter which are there Which are probably used by browser mostly today But we also have the namespaces which is another way to drop capability to go sideways within the system And and finally we have the cgroups and and the cgroup is another way to stop a system to do too much So we all we are using all of that The good thing is that it makes a system by layers and and the layers are pretty easy to understand And someone told me yes, it looks like an onion and onion have two particularity Once they are stinking and the second one they make you cry when you use them and Security could make you cry when you use it But it will make you less cry that if your customer gets a system lock So it's a question of decided what is more important Once you have segregated your app from your os You really have to think now it's a very great. I have an os is completely locked How i'm going to execute anything And and that where the application manager comment and you heard our friend Talking about os 3 before explaining that the application framework was creating some side effect to his system Yes, it does And and obviously the installation the running of an application the delete of an application is done Choose the application framework and is not part of the image Now people using desktop are very used to that system because that's the way you use a desktop In embedded is significantly less frequent Now our phones are working in that way as well. So it's it's not a complete new system But for embedded people is it's a little bit new So security manager is a complement to the mac and this is enforcing what an application is allowed to do Remember the initial statement everything which is not explicitly allowed is strictly forbidden So that the principle if an application when you install it has a right which is described in the metadata To say that this application is capable to talk on the networks and it will be allowed to talk the network Otherwise, it will not be allowed to talk on the network So that is provided as a tool and it we're using a project an open source project coming from samsung in poland called sanara And and finally we have implemented a system of service binders The service binder is a specific development to agl Which we believe is of a huge interest for people trying to do industrial linux What it is? Fundamentally, it's a demon which presents a standard api To provide a service. So we are separating the business logic from the ui But you can also slice your business logic in multiple compute entity which are running in independent security context So communication between them is done through web sockets With an authentication system That is interesting for two reasons the first one is that it allows you to use web developer because they know how to do that Hey, first problem. Where do I get the right to do people to write the code? The second interest rate is that when you develop your code You can run it outside. So you don't have to write your code on your target You can write your code on an external box use the network and just do the integration at the last minute Or you could decide to run your ui on a tablet. Oh, that can be very interesting where your maintenance guy is coming He just can connect to the box and he can use his ui or for remote debug And yet you don't have to develop anything extra to do it, you know, that's nice So it has a lot of nice beauty coming with it. Um, which are interesting So how you're going to do that? Very simple. You are going to create Agents and those agents are going to do very specific things. So in the example taken from cars We're going to have an agent talking for example to a can bus But if it is in industry, it would be talking to a mod bus, you know, it's not much difference And it's going to present this information Into a transport access and transport with access control enforcement, which is our web socket system That we call the binders And we're going to have Application which are going to talk to that system. So this is how you work So when you want to do an application on agl You just have to think that you're going to have to separate your business logic in smaller parts And you're going to work them independently either by the use of them or by The security level or by the fact you want them run them locally or remotely And then on top of it, you will plug the ui Now do you have to separate every single thing in slice? The answer is no We're still on a standard linux. So if you want to actually pack a number of things together in one If you want entity, you can it's not always the smartest things to do is not and sometimes it makes sense It's your call. We're not enforcing a way you have to slice it like that The only thing we're enforcing is that a binder is going to run is one security model Which means that it's not going to be able to hack things and to pass things to the other binder Like that and we had a very funny experience Uh, very interesting in in a workshop just before christmas in japan where our friends from Toyota we were doing integration for demo c s I decided to copy a file from one directory to another one because it would be very nice for the next application And when they try to run it, you know what the system just shoots them and we say hey, that's normal You know it it's designed for that. So you have definitely not that capability, but beside of that you really do what you want So Do I have to use always a web socket? The answer is no For legacy reason, we also have provided capability to work with debus Within the same system now should you do it? The answer is when you have to do it. Yes, but from a performance point of view It's going to hit you badly. So you you likely don't want to do it Secondly, if you are running on debus and you want to extract your stuff on another Computer even for development, you know, it's very nice You have your small box and you want to to debug on a pc where you you are writing your code That is significantly more difficult But if you have a legacy application working like that, there is capability to actually integrate it Which is of interest Now, where do we go? And that's a very important difference because between what we have which is what I have been presented today So if you download what is agl today, you will have what I have tell until now But The way we go is is the next step And and this is our roadmap If we can talk about the roadmap in open source, okay This is our wish list put it like that. Okay, assuming that we'll find enough people to do it And we are working on how to implement Probably a low level First use of the hardware for security. So we want to do that. So On arm, it will be a trusted boot a trusted zone and on Intel it will be a trusted execution zone The technology are slightly different. But when you look at the architectural levels, they are very very equivalent And our goal is to enforce a numbers of error like for example, the installation of applications How we can sign keys and so on. So that is executed there The other area of work is on the hypervisor and especially on low level hypervisor Um, we are looking at an open source project called gel house It doesn't mean we will use that one But definitely so so far that the one we're looking at because we don't know any other equivalent in open source And the idea is how we could actually let some very critical function be executed in an isolation in such a way that if linux crashes This function stays So if you do a lift it could be of interest to know that You know, if your multimedia player is for any reason crashing your linux box That's not going to make that the lift is going to fall down Okay, it may stop it at the level zero, which is a very interesting things to know Or when the fire brigade is going and put the key to say hey, this is fire You know that the lift is going to come to level zero and stop to work because when there is fire in a building the lift should not work So this is what we are working on. We are working on on that part The other part is that we would also love and that likely a longer term to have Potentially multiple linux type guess and the idea for example would be to have a linux a gl running the traditional and potentially for playing to have an android in a game But that it's a bit more complex And it might not be easy to have both at the same time. So our initial requirement is really on the low level Hypervisor level to implement some critical function Which likely is actually also more in line with what the industry want if you want to do an industrial linux, okay running You know one user interface and An android at the same time may not be the most important things to do in the lift Compared to have the capability to put the fire key downstairs and know the lift is going to go down to level zero This is where we are where we go Now if you want to build it When you're going to go on our website, you're going to find that we have A collection of look to layer We have two official boards that we are supporting one from renaissance one from intel and we have community board Which are supported from the outside communities The one which is really very nicely supported as a community board is definitely the raspberry pi three It's a very popular one and there is a very active team on it But we also have a qualcomm board which is supported and a texas board. So if you go to the demo Tomorrow you you will see actually the raspberry the intel and renaissance been demonstrated And in that we have multiple hacker board. So it means that you don't have to be in the automotive world to actually use a gl On the intel side Agl works on a laptop So it will work on a laptop or a knuck, but it also work on the miniboard and it works on the jewel Which are hacker board you can buy and we're on the internet on the renaissance side. It's actually working On the r3 Which is kind of available on the internet It's just coming but it's more likely going to be next month at six months And you have the raspberry pi three So you have boards you can buy and can start. So if you're doing your own design It's something which is not stopping you. You can do all your prototyping and all your proof of concept Without even have to work to wait for any hardware and You have without even bothering a hardening from day one Which is going to be very nice when you're going to tell to your boss Or to your customer, you know, we're using a distribution Where you have people who are looking at cyber security Um It doesn't mean they have planned everything. It doesn't mean they are the best But at least they have taken care of it and the model they are using Is actually surviving in the world on all the tizen tv, which is all the new connected tv from samsung Which has actually the biggest market share in the world Um, so we're talking about several hundreds of millions of devices in Numbers of countries which are resisting today to that problem. So it's it's a good base Compared to traditional embedded where the only thing you have is a trusted boot And as soon as you are connected on the internet You have nothing So you can try to redo the same thing Before you have the same level of knowledge you may spend a little bit of time Secondly, when you tell to your customers that you use a security model Which is deployed on hundreds of million of devices It's more credible than when you say, you know, I'm very smart and I know what I'm going to do and it will be good So that's coming from the beginning We provide the most critical services to to start with And an industrial project. We have the sensor capability. We have local remote local and remote ui design capability And we have, you know, all the tool to install the application to build an image. So that's actually coming for free And we designed it to add Extra things, you know, as I've said in a gl we're not trying to do a system that is going to be the same in every cars We try to provide the base core os with a few very critical elements Which are very difficult to develop By car manufacturers and their provider of Equipment in order to help them to speed their development. So it's same for you Ui we're not going to impose it that the good thing the bad thing is that we are not going to provide it You will have to do your own But on the other side the way to develop it is pretty simple And likely most of industrial design are going to use a web-based type of ui because that's the easiest things to implement Especially when you have to do the screen, which is remote quite often from the control unit is a very easy way of doing it Application and middleware are not going to be required to be developed on yokto Which will ease the fact that you don't have to get so many embedded experts to do the job And this is going to be a very good news if you have to do a project because hiring them is a bit of a nightmare So that also comes as part of it When you will write your application You will just have to package them the package format we use is the same as the w3c It doesn't mean that it has to be written in html 5. It just means that we use the same format Now it can be html 5 an application could be written in html 5 But it doesn't have to be and actually what we are showing today And on our demo for cs was mostly written in in qml But we still use the same format and with that you will have directly the firmware to start either a traditional application, which is really running as a cluster as an embedded closed system You could have some entertainment or you could actually connect directly with the cloud You have all the tool to do that In an embedded device with enforcement of a quite serious numbers of cybersecurity features Now As I've said the security model with this layer Is a pain and will make you cry So you really have to think How important that is for your own business We know that system are attacked And the the most Common model today, which was the biggest risk model I would say for the industry and and for the car industry in particular Is a ransom model the ransomware is likely the most common one Trying to get money or trying to put down the competitors is the most likely one And the idea is how can you immobilize immobilize a very expensive asset? And if you can't do that you can immediately get a very strong ransom It can be done for competitive advantage as well You may not want to block the system, especially in the industry For example, having the capability to know the reject Into a factory would allow you to know what the manufacturing cost of your competitor Once you know the manufacturing cost of your competitor, you know how much you have to go down to actually put him out of business You don't want this information to go in the public actually at Intel the yield, which is So the numbers of defect of a chip is one of the most Hardly kept secret because it it was a fortune from business point of view So you don't want that And then you have the indirect side, you know Having your device been used to do a dose Is not something which is going to use your business Think about these waters Without giving any brand whereas a vendor recently has to say, you know, if you want to fix the problems The only thing you can do is to bin your stuff and buy a new one Okay, and and every expert will tell you preferably from someone else This is not good for your business. So you you don't want that either You don't want to be easy entry point You know if if you develop a system which is going to go in a smart city And that system is used to actually make attack You're not going to sell to the second city You will be just put out So it's it's a very important thing to realize that the business is extremely Valuable the business of hacking the business of cracking the system is extremely profitable and You don't want to create it so In that you will have to Take two two into account too big saying the first one is security fundamental So in in a gl we are we're doing it all the time So if you use a gl for your project, you will have it the facto as I have said with the pain of having to use it as well Okay, but it's it's coming in you cannot even deactivate it Okay, some people try to deactivate it, but you have a lot of things that will not even work Um So that is coming with it And the good thing is that because we plan it from the beginning you will be able to apply patches You know all numbers of you i'm sure knows from embedded projects where They develop the stuff and and they were stuck on a kernel and you you know And they see the the list of cve that say hey, you know that kernel has 300 known You know back doors What are you going to do about it? You know, we would love to correct it, but we cannot Now the good thing is because we integrated that from the beginning in a gl We cannot make a system where we cannot change that And and because we don't do it for us if you if you reuse our code even for something else that will come for free um The second important point is that you cannot rely on human If you rely on human you do on security Human are unreliable So you have to rely on processes And um, this is an important point now. Why are they unreliable the first one you don't find them I told you there is about a half million embedded developers Now if you look at the embedded developer with a knowledge in security, you know I don't have the number, but I can tell you it's going to be very low Threes they are guessing at all and out of that one is there because you know reason why They is actually the highest committer in a gl is because he is in charge of actually most of the security mechanism um, so Yes, they are very very through them and and not only there are not many of them But luckily you're not going to be able to hire them because they have a job and they are very well paid So it is difficult um But on the other side human are not reliable because they have plenty of excuse for not doing it So if you give them half of an opportunity to not do it, they will actually let the security out And then you will come to the final project and say oh by the fact, what about security? Oh, yes, we would have loved to do it, but you know, we just we didn't have time Now if you work with our system The good thing is that you will have it from day one and you will have the pain from day one And you will learn to live with it Now if you don't want to live with it use something else But if you are interested it's coming with it And we don't do any black magic, you know the system and the basic principle of how to harden a system Have been known for quite a number of years. It's just that it was only done in very expensive technology I worked on on a big project at British telecom and I tell that to a lot of people Which had the capability and still has the capability to cut every single telephone line in the country 30 million houses Did we had some security? Yes Where's the problem as bad as today? No But you know, it was expensive Now when you do a camera You cannot afford to spend the same amount of money as when you do a full, you know operating system for a complete telco But with IoT you have to You know, if you do a smart City implementation, you have to think about it. And that's why we are actually proposing Our AGL for this type of usage. Now, there is a reason why we're pushing it. Okay, because We know that if you start to use our system, you will find perks You will add features You will potentially write documentation. That would be really cute But you know, we are going to get it back as well So we are interested let be honest, you know, it's not it's not a free I'll say our friends from Britain. There is no such free things as a free lunch Um, but we believe that we can provide you a real value and that in return we will have an equivalent Wish bring me to my conclusions. Okay, we believe we can help you. AGL is definitely industry friendly Um And and the point is that you can reinvent their own system yourself But some people who have been pretty well respected at least in this community Just believe that this is stupid as we do believe it is stupid Now with this I'm open for questions This is a view of what we can see when we fly about the place where we live Um, so which is a nice place in Brittany. So if some of you are coming, we're welcome to to visit us. Um And I also have put in the presentation, which is already on the website the link To AGL AGL documentation and actually a video I did post it last week on how to put AGL on an intel jewel Which is a demo which is running one of the demo running on the table with that. Is there any question? Yes Or Yeah, the question is pretty complex, which is you know about you know unique features and how to track them In AGL, we we fundamentally use what is available in the kernel We are not writing a new security feature The only thing we do is that we try to make them available by default In a way which makes sense But we don't rewrite things and and so far we've been really focusing on the cyber security And I know you're working more on the other side, which is a functional safety And we hope that next year we will have something to say about that. But this year we don't so we are not inventing anything We just use what is available And we try to make it Such in a such a way that you fundamentally use it without realizing they're using it So it's not that painful I hope it ends to the question. It's not really likely what you want to hear But that where we are today and that what we have to offer today Yes Is it it's a very valid question That's not done yet And we hope we will do it. So people getting in And actually trying to shake our system We we are not at that level yet where people have started to use it and shake it It's a very beginning to be honest. We presented CES three weeks ago And that was the first time that we were presenting application which we are running Completely outside of the core os and installed outside. So it's a bit green. We are working on it But yes, you are very welcome to look at that and and we want to improve it You know HGL we have if you put all the people working on the HGL, you know It's about 50 people depending who is counting It's a lot and it's a little at the same time But yes, it's something we definitely will do and we know that the people who are going to use a system At least in the car industry are going to do it Yeah Why would this the question is why did we select smack instead of acylinx? There is a very simple reason as the first one When we were working on tyson project We evaluated the hit in performance between acylinx and smack and one was about 15 percent or hardware and the other one was Three so, you know, that was already a big difference. Secondly When samsung did tyson 2 They went using smack in a very very extensive level because they didn't had sinera at the time And they ended by having a system with 22,000 rules And so they did a huge investment to remember to put down that system with these 22,000 rule to still use less than five percent cpu On a mobile phone So it was really, you know sharply attuned to embedded That was the first side. The second side was the complexity If when we looked at the default policy from acylinx At top of my head is 22,000 lines 30,000 lines is huge Okay, it might be even more than that. Jose, do you remember the number? We looked at it sometimes ago. It's huge. Okay And and so when you look at it Is no way to know how it works now the people who wrote it are very smart, you know, they are probably working for the nsa And they have done it mostly for originally read at and in that case We assume that it works. Okay, they may have kept a little bit Backdoors hidden here and there but at least for most of people. It's just very acceptable Um, but we are incapable to say, you know, if it does work or not for us And we are incapable to actually manage it So with mac we have a very small system. Actually the entire Mechanism is described on our documentation and it fits on I believe three pages Because we use it for very small things and then we use sin error So that's the two reasons performance and capability to master and to know what we are doing Last question Yes Yes Today today the system is static today code And uh, we're actually working on specification to allow to get a discovery That like a very equivalent to what you have in in debas for example, but today it's static and once again, it's because we do Provide manage devices That's not really a big problem for us But we know that that will have to improve Okay, and that's why we want you to help us. Okay. It's a good idea. You know, you should do it Okay, no more question Great. Thanks