 Okay welcome everybody so we are pleased to have you here so our talk is called CIP install sustainable software stacks and long-living products CIP stands for civil infrastructure platform and in this talk you will learn what this is what purpose of this is who's contributing how you can contribute and first of all let us introduce ourselves so maybe Yoshi to start hi I'm Yoshi from Toshiba and also CIP and I'm working at CIP as a technical steering committee chair to discussing our more technical directions about that. Thank you for coming. Thanks Yoshi we are doing this talk together so I'm worst line with Siemens and we are just about to get started now so civil infrastructure and industry trends so what is coming and what is upcoming and so price it's a lot about Internet of Things IoT and you all see or we all see around us a lot of devices get connected like cars for example not just uploading data but also uploading or exchanging information with servers in order to enable new business models and like like car sharing apps and things like that but also in industry in the city area there are a lot of systems which get connected at the moment to enable also yeah just gathering data to do predictive maintenance to do better quality inspection optimizations regarding production and so on and the same is true for for smart cities so there are a lot of hidden systems in the city which get connected to gather data about power consumption and even and traffic flow and more and more connected to each other and data is matched energy function weather forecasts and everything and but the special thing compared to maybe these typical devices we all know is that there are still these old systems behind ensuring the normal operation of the whole infrastructure like controlling the trains on the rails like also smaller systems like ticket gates all the hundreds of system managing power grids for example or in the power plants controlling turbines and similar devices and many more so a building automation is controlling light fire safety products that is all this telecommunication equipment which which helps us to also do these broadcasts here which is is running in the background and we highly rely on the systems not the health care and I already mentioned it also the industry so this is a smaller domain on affecting every body but there are a lot of automation systems helping to run the production and at the precision we needed and the efficiency we need it and when talking about IOT the question is what's so special about all the systems and why does it need why do we have the need for a project created in this area so if you look at classical conzi my IT devices so it looks basically like this you have light bulbs or other devices TVs connected to a central server and if you look if you compare this to systems installed in infrastructure systems and industry yeah you see this immediately it's much more complicated there are more systems involved interacting with each other and we have what we call these industrial grade requirements like robust 24-7 operation and even operation if certain things do not work like the the connection to the cloud for example so if you use your smartphone or it does not it matters too much so it's maybe annoying but it does not affect anybody else in the in quite a case what we have is we really have to ensure that all these systems are mentioned are constantly working and also another topic is the bottom line guarantee latency throughput and report responsiveness that's because of these systems are interacting with the physical world so you really are interacting with physical processes with real traffic and so on so we really have to guarantee times here we are talking about real-time systems and this in total is what we call industrial grade systems in addition to this one other speciality if you want the system is that they live quite long so if you look at some control systems they look somehow like what you see on that slide so they are really old and that also means the systems we built today will stay there for a while and we somehow have to ensure that the system can work such such a long time and all this together we are living in a connected world that opens up much more possibilities of cyber attacks so security is also the big question how to ensure this and we really have a lot of devices and at the moment we have a lot of devices which are have different we had to have different computer or software architectures in okay let's go to the next slide so this summarizes basically what are the challenges so we talked about industrial grade systems we are reliability some times functional safety and real-time capabilities and then we have to build sustainable software stacks so systems are living for for decades not for years we have to ensure backwards compatibility and I am just getting the message that the audio is quite bad so maybe we will try to switch to the phone just a second oh sorry this is talking the audio is not working well so we need to switch from PC to phone so please wait a moment sorry about that so it should be better now can you hear me yeah I can hear you thank you very much for waiting okay so this slide summarizes what I was talking about so our systems which are part of civil infrastructure which are part of industry have to be industrial grades in the sense that they have to be reliable sometimes we have functional safety requirements they very often need to fulfill real-time capabilities the systems live for a long time like decades not years we have a need a strategy how to exchange things so the backwards compatibility and security wise yes we have also to consider how do we ensure security over the years that means security vulnerability management this means we need a robust software update concept and of course behind that we have to ensure that there are no regressions in the system and how do we solve these challenges so systems become more complex and one thing is that a development which we see on this slide which is true for for the whole IT world that we build more and more and so-called on so-called commodity components which are open source mostly and that's proprietary differentiating part gets percentage wise smaller and smaller in those systems and that's why we also said why don't we also team up for these domains so for people who build systems which which have a long lifetime and have these industrial requirements and then start to start to to develop a strategy on this and not only a strategy but also really developing software we'll come to this so one part of this is that at the moment we noticed or a couple of years ago we noticed that we even in these big companies like Toshiba itachi Siemens and and others we have a lot of different software stacks around which all have to be maintained and so there was a strong demand for a harmonization to agree on starting with the Linux kernel to to agree on the same kernel to agree on the same packages used the same sources the same infrastructure and so forth that's why we created this project just called civil infrastructure platform and this basically consists of parts which are the foundation for industrial Linux distribution so and since we started small and had a few partners we started with the kernel which was the most pressing demand at that time and said okay let's team up for the kernel and extend the existing long term support initiatives up to 10 years maybe more but that's something we we thought we could commit on and then and this is happening now extend this by the packages which everybody needs so for very small systems where you can be pretty sure that this is in and so we are continuously extending the extending the story so how does this use then in the company so we take the lower parts out of these project out of the civil infrastructure and then we have a layered approach and put domain specific extensions on on top most of them are then coming from from yeah from the Debian releases in this case so they are not part in the upper areas of the CRP project so the maintenance and the development of these packages is then in the responsibility of the respective units of the companies but at least we have a common base and we are continuously extending this and yeah the next slide basically shows the same so we of course use what is there in terms of long term support so the Debian long term support and extended long term support programs and this together then results in a sustainable maintainable way of base for distributions and a lot of people were asking us why are you doing this why I'm not just jumping to the next to the latest kernel version the reason is that there are a lot of restrictions behind their certification for example and switching the operating system so switching the kernel and packages above to a newer version would mean insist these systems running the complete test process up to the system test doing the certification again and this is really a lot of work which is which we try to avoid so in many cases it's easier to backport security patches for example it's less work and if we share this work like we do in this program it's it's even less compared to doing this alone so the setup of the project is the setup of the project is like this so how does this work we have several companies so this is renaissance Siemens Toshiba code think sabbatras to touchy moxa and play at home at the moment who teamed up and these companies provide two things basically so this is their own people this is developers and maintainers on one side and this is budget on on the other side and there's an error between budget and developers this should mean that we can extend our team of developers and maintainers by using some of the budget to hire additional people from the kernel community or from different projects or just people who are good at what they are doing and so we have a common budget we do a cost sharing on the things which we want to drive this is developers and there's an error down this means we are also funding projects which are important for us like if we have requirements which we wanted to place in debian packages or in we want to push also some real-time Linux efforts we are also funding certain tasks in these respective projects and the policy or the strategy here always is we don't want to create something on our own so the policy is upstream first so we are always working together with the upstream projects we are using whatever is there and we are trying to push back all the changes we need to the upstream projects so with this I would like then to switch over to Yoshio goes a little bit into the detail of the actual work of the project and the progress of the last year all right thank you very much to us so from now on I directly talking about the current latest status update for CIP projects so CIP is around to solve our key issues since we like the stable Linux and also reliable Linux and so on so we currently have a lot of issues as you can see in this slide there are a lot of books but some of them is only allowed so we currently focusing on the six activities and this first one is a super long term support then we expand our CIPD to real-time and so on so the reason why we expand our CIPD step-by-step is we prioritize for the topics from the request of our customer requirements and also our actual requirements for CIP infrastructure so this is a CIP governing structure and project marking so each project focusing on scopes for CIP kind of work zones so every CIP activities it is on to ensure industrial grade for CIP infrastructure and systems and some of them are focusing on the sustainability for example CIP core and things there's a lot on the CIP card and CIP core itself to expect its stability for the systems so this kind of works on the from our technology and also each working groups working on the specific topics to ensure it goes so as I said we have some absolute policy so CIP you can see in CIP project they also have many projects already running so there are goals for example CIP needs to real-time future to use Linux in the industrial controlling systems but a real-time projects already exist so that means real-time Linux project is upstream for us CIP try to contribute this kind of upstream project first to involve its goals and then I use the upstream core results in the CIP platform project to manipulate and to configure for our use case and that is the result of CIP open source space area so in the left side corner there are many contributed projects by CIP we also have other interest projects like software data, real-time hypervisor something like that so this kind of innovative project currently considering to use CIP members for the future candidate in the CIP base layer so this is a structure how we work with upstream communities and also to create open source base layer so this is the most important for us to create our open source base layer for industrial systems so let me describe more details for the each working groups from now so this side so CIP is super long-term support current development so we have CIP current team in the CIP project and the project is metering by Ben Hatching he is also working on deviant current maintainers and those kind of works for the stable relationships so he meters our maintenance of Hiro and Abel so to us the stable community because our maintenance is experienced current developer but we also try to have more experience from experienced stable maintenance so that's why we have this structure and maintenance and under the maintenance we have a couple of developers to maintain and to review the CIP corner and purchase so we work with upstream corner so our upstream is mainline also stable release so currently there are six stable releases when you see the current of all sites and we picked up two current versions for super long-term support so first one is version 4.19 we currently maintain the latest versions and 4.4 is our first CIP super long-term support current so to create CIP long-term support channel we first pick up the LTS channel then we start work with long-term stable teams so that means we also review the parties and also of course the review result to the stable maintenance so this is how we work together with stable current team and the next slide so also currently related topics. LTS channel development is also currently ongoing but unfortunately LTS is not mainline yet so we address the activities to mainline our main LTS channel because currently LTS current patch is separated with mainline current that means if we want to use stable current in the future we need to create stable T-colon so that makes twice which means we need to maintain stable current and stable T-colon so when this LTS channel is masked we also address and contribute to the stable stable project so that makes much easier for not just only LTS channel users but also our use cases so this is why we address and contribute to the LTS channel project and after we joined the LTS projects there are a lot of progress so we are looking forward to mainline LTS current purchase so this is a current version of project 3 URL so our first project is 4.4 and that is released on 2017 November 2017 January so this is our very first release and it's about three years and the project is 10 years and we are releasing so yeah so that is our plan for the color maintenance and the next one is 4.19 that was released one year and a half years ago and project 3 URL is 229 so maybe some thing is also direct to know what is the next current version so we currently running to test because next current versions because our expected to the current units is nearly two to three years so that means we will decide for the next one so this is the CEP's current development statistics so in total CEP 4.4 current is released four to five times and the current is released nine to ten times so we currently release almost periodically but after a few years later we changed the release video because it's stability from the current so that is what we are doing and the next one shows the CEP 4.4 CEP 4.4 is mostly focusing on the user-level programs and our goal for CEP 4.4 is to provide a reference implementation with CEP 4.4 package and currently we have two suppliers, one for tiny and that we use for small IoT devices and controlling devices and the other one for them that is for much richer environment something like IoT catering and currently both implementation is available on the website you can find both CEP 4.4 and CEP 4.0 so we are using Debian to create a CEP 4.4 this area that is why we start finding for the Debian HD's project to make more stable this area. Then I pick up some of the Debian packages from the Debian projects on the road so Debian HD's project to create our base layer. So this structure is currently we are working on and for the testing is to provide a test environment to test the CEP higher and CEP core packages. So currently we will test the distributed testing environment on AWS, VLava and RCI and this is the kind of structure for the CEP system. So we have two profiles for CEP 4.4 and CEP 4.4 to create the root file systems by using CEP kernel and also Debian partition. And when we create each proper root file system we run on the VLava environment on CEP different hardware. So that is controlled by VLava and AWS and the results are also going to show CEP project. So currently we use RLava and CEP project and we also contribute to CEP project to improve their activities. So to make them more stable is our built layer. So in CEP testing we currently have six, seven different supports and one different support candidate on that. So each different support is a CEP test kernel but some of the supports only support the latest CEP test kernel. That's because the older kernel doesn't support newer hardware. So we currently plan to increase our different supports to make more stable and also more useful kernel. So that's different supports are decided by a CEP developer standing committee. So if you would like to increase more different supports, please talk with us. So this is the kind of a way to involve this project. And the fifth one is security working groups. So security is one of the most important topics nowadays because in IoT devices many of devices connected to network to provide their functionalities which means also that kind of devices with some security risks. So in security working group goals, at the beginning we tried to provide guidelines and different implementations to ensure the standard deployment. So currently we're focusing on the IEC 2.6443 standard. And in our team case, you can see the nice side box and also yellow blue boxes. So we just implemented test cases to ensure this standard and also we directly provide guidelines and evidence for that. And current status is already completely taken in the case of IEC 2.6443 as this requirement. And current status is when you would like to have a gap assessment with cyber certification body because a certification body satisfy CRT base area to ensure other cyber standards. So without certification body assessment, we can't see anything. This is almost certified or not. So we just started the cyber certification assessment with a certification body. So that is very interesting. And we look forward for this result. And the last one is a software update. So our goal is for the software update is to incorporate common solutions for software updates going to CRT core. So nowadays many devices connected to the network and we have to manage all of them. And we use specific solutions but we try to create more direct solutions for other use cases. So currently we use a cyber update for the base updating systems. And the data updating system is currently controlling the whole system. So we use that with our current state to create alternative limitations by using both systems. And this is the safe update of our view. So this is a bit complicated but this is our latest result. So I mean, you use this result. You can make sure that the system image is exactly the same as we expected. And also that is security loaded and also installed. So this is an important feature for industry use cases. So all implementation is available on the website. You can also find our data update in CRT infrastructure wiki. And currently we implemented expensive implementations but this is still kind of perfect for the data. So our future plan is we just require it's code for more stable and flexible implementations. So let me summarize our activities. So we currently have 6 activities from Khan and Maitreya and software updates. So our activities are dedicated to ensure the secret of open source space area. So also collaboration is a most important aspect to rearrange our open source space area. So thank you very much. Let me change tools for concluding this talk. No, I needed to unmute. Yes. So as we said, I think we motivated why so-called open source space layer how we call it for industrial great software is really needed. And I think we are doing this the right way. So there are several big companies which teamed up and create this. So it's big companies, all of them have in common somehow to have products which are long-living, which are living in industry environments, which are living in city and traffic and so on requirements. And also with Renes, we have a semiconductor on board and they are providing their boards with CIP support out of the box. And we saw this in the test set up. On your slide, we have four test labs running up and running, ensuring that there's no regression. And I think the way to success is here to not build new things. To team also up with the other open source projects to work upstream. And it also helps to harmonize the tool change and to also work on this to improve the tool change, to build Linux-based embedded systems and to ensure the quality of the releases at the end. So that's basically the main conclusion. Again, we have a slide showing all the companies who are at the moment actually contributing and we of course hope to get others on board. So be it from the industry space, from the infrastructure space or from the semiconductor area and I think this will get more important in the future and especially also in times like this we see how important this infrastructure is for us and that's important to have a sustainable not only hardware but also software stack supporting this. You'll see on that slide. We'll upload the slides by the way to Sked Arc. This was one of the questions and they will find all the links. So feel free to join the mailing list. So it's an open source project. So everyone can contribute or just read it. And of course there's the website and the Linux Foundation entry pages and Yoshi already mentioned the Wiki which is also open to everybody. And last but not least, of course there are Git repositories which we will try to. That's it. I think we have a couple of minutes left for questions. So feel free to ask questions. Maybe use the questions panel. There are some questions already. So maybe we start with the first one which I found. One question is there a dedicated CIP layer available for your tool? Maybe Yoshi, this goes in your direction. So we currently use YOKUTO as tools. So we currently use Bitfake as tools from YOKUTO. But we currently use Debian source code. So we don't use actually YOKUTO source code. The reason why is at the beginning of our project, there are no features for the long term support in the YOKUTO project. So that is why. And also Debian has more than five years maintenance period. So this is why we choose Debian source code. This is Bitfake. That is the answer for these questions. So the answer is not there. Partly yes, but I'm not exactly using YOKUTO itself. Yeah, the thing is the commitment about the releases and the support. And for us, YOKUTO is at the moment not committed to have a release plan. So it's done in some cases and some cases not. And so it's, we are conservative and we need a long term plan. And so Debian is as far as the base, which allows us to build the systems. Okay, then there's the questions on verified and secure boot. What actually is the plan there? I'm not sure what it's meant. Yeah, the question is that it should be done more basically. And maybe we could also refer to the security working group. They're actually discussing what to include into CIP and whatnot. Regarding the actual question regarding the verify and so on. Yoshi, can you answer this? So security boots is one of the important features as well. That's the use cases. But currently we are not good parts. So this is the kind of our future plan. I think that's all for the moment. If there's still some questions open, just feel free to contact us. You have the contact information and the slides. There's the mailing list, which is always a good place to place questions. Maybe it's also interesting for others. And with this, I think. Yes, questions. I can find the other questions. The last question is. Something related to the CIP. How do we use CIP? And how difficult do we use CIP? It's their project. Sorry, I missed that one. Maybe it's just deleted. So let me answer these questions. How do we use a CIP colonel to migrate CIP colonel to CIP colonel? I really expect that to be here. Just move from the CIP colonel to the SPS colonel, to other vendor colonels. Because we try to mix between the CIP colonel and server colonel. Okay, I think that would have been all questions. So thank you again for attending. And I think we have pretty much in time. We have like three minutes left. So I think it's okay to say goodbye and hopefully see you on the mailing list or hopefully also pretty soon on a physical event. Thank you very much. Thank you very much.