*** aeiche has quit IRC | 00:50 | |
*** riazantsev has quit IRC | 01:14 | |
*** bharmon_ has joined #automotive | 01:28 | |
*** bharmon has quit IRC | 01:32 | |
*** gvancuts has quit IRC | 01:34 | |
*** gvancuts has joined #automotive | 01:35 | |
*** gvancuts has quit IRC | 01:41 | |
*** Spider has joined #automotive | 02:31 | |
*** Spider has left #automotive | 02:35 | |
*** riazantsev has joined #automotive | 02:42 | |
*** luyu__ has quit IRC | 03:48 | |
*** luyu__ has joined #automotive | 03:48 | |
weston | good morning | 04:02 |
---|---|---|
*** jlrmagnus has joined #automotive | 04:07 | |
*** jlrmagnus has quit IRC | 05:01 | |
weston | paulsherwood: hello | 06:11 |
*** jacobo has joined #automotive | 07:18 | |
*** KlausUhl has joined #automotive | 07:44 | |
*** apinheiro has joined #automotive | 07:54 | |
*** apinheiro has quit IRC | 08:04 | |
*** apinheiro has joined #automotive | 08:07 | |
*** klausbirken1 has joined #automotive | 08:17 | |
*** jonathanmaw has joined #automotive | 08:17 | |
*** klausbirken1 has left #automotive | 08:18 | |
*** klausbirken has joined #automotive | 08:20 | |
*** klausbirken has quit IRC | 08:26 | |
*** klausbirken has joined #automotive | 08:26 | |
*** CTtpollard has quit IRC | 08:35 | |
*** alex_h has quit IRC | 08:35 | |
*** ctgriffiths has quit IRC | 08:35 | |
*** CTtpollard has joined #automotive | 08:37 | |
*** ctgriffiths has joined #automotive | 08:37 | |
*** alex_h has joined #automotive | 08:37 | |
*** wschaller has joined #automotive | 09:00 | |
*** klausbirken has quit IRC | 10:54 | |
*** kratz00_work has quit IRC | 11:20 | |
*** kratz00_work has joined #automotive | 11:22 | |
*** klausbirken has joined #automotive | 11:25 | |
*** wschaller has quit IRC | 11:45 | |
*** riazantsev has quit IRC | 12:24 | |
*** waltminer has joined #automotive | 12:35 | |
waltminer | good morning. It is 7:30 and I have a big pot of coffee ready if anybody wants some | 12:36 |
* rjek has just finished brewing coffee too, and has congratulating himself for getting precisely the right about of water into the reservoir such that the coffee is precisely on the "12 cup" line on the carafe. | 12:37 | |
mdunford | rjek: It /says/ 12, but it really means 5 | 12:39 |
waltminer | heh | 12:39 |
rjek | I do have a rather large mug. | 12:40 |
*** wschaller has joined #automotive | 12:55 | |
paulsherwood | weston: hi :) | 13:02 |
*** mdunford has quit IRC | 13:07 | |
*** wschaller has quit IRC | 13:15 | |
*** apinheiro has quit IRC | 13:15 | |
*** apinheiro has joined #automotive | 13:28 | |
*** luyu__ has quit IRC | 13:28 | |
*** luyu__ has joined #automotive | 13:30 | |
*** riazantsev has joined #automotive | 13:42 | |
*** Tanikawa has joined #automotive | 13:49 | |
*** gvancuts has joined #automotive | 13:59 | |
*** yoshi_ito has joined #automotive | 14:03 | |
paulsherwood | == AGL Layer Design Meeting starts == | 14:04 |
paulsherwood | pre-discussion about the timing continuation of this meeting | 14:05 |
paulsherwood | (currently this is the last scheduled) | 14:05 |
paulsherwood | ps raises again question of whether this could be done in text, rather than phonecall | 14:07 |
paulsherwood | wm points out this project is less mature, state is changing - maybe irc is better for a mature situation | 14:07 |
paulsherwood | wm worries that text-only may be too slow | 14:08 |
paulsherwood | as pk pointed out, irc compromise is speed of typing, vs voice being use of language | 14:08 |
paulsherwood | wm asks Tanikawa-san how it is going | 14:10 |
paulsherwood | Tanikawa-san is able to boot to weston on porter board | 14:10 |
paulsherwood | has not needed to modify any recipes in meta-renesas | 14:10 |
waltminer | Tanikawa-san added two temporary files | 14:12 |
paulsherwood | there is discussion about who is to push meta-renesas (incuding some template files) | 14:12 |
weston | paulsherwood: sorry to jump in..and diswturbin...ohh renesas platform..which is the processor? | 14:14 |
paulsherwood | ps asks if there are other people besides tanikawa-san has access to gerrit for modifying repos and merging etc | 14:14 |
paulsherwood | weston: RCAR2 | 14:14 |
weston | R-Car H2? | 14:14 |
paulsherwood | i believe so | 14:14 |
yoshi_ito | R-Car M2 with PORTER BORAD | 14:14 |
weston | paulsherwood: ok thanks...some story I have for R-Car series :( | 14:15 |
weston | yoshi_ito: is not Koelsch? | 14:15 |
yoshi_ito | Not a Koelsch, Cheaper Board and Distributed software by eLinux.org | 14:15 |
weston | yoshi_ito: any links? | 14:16 |
yoshi_ito | It described in http://www.elinux.org/R-Car/Boards/Porter | 14:16 |
paulsherwood | https://gerrit.automotivelinux.org/gerrit/login/q/status:open | 14:17 |
paulsherwood | ps + wm to discuss the gerrit login/password process after this meeting | 14:18 |
paulsherwood | no call next week, wm and others are on vacation | 14:19 |
waltminer | paul try logging into gerrit now | 14:21 |
* paulsherwood will try | 14:21 | |
paulsherwood | Tanikawa-san will push the mirror, and create branch with temporary files and readme | 14:22 |
paulsherwood | ps will organise instructions for pushing patches into gerrit for review | 14:24 |
paulsherwood | wm will create an agl/test repo for people to play/experiment on gerrit workflow | 14:25 |
paulsherwood | ps asks if there is any reason that the base system layers for AGL distro need to be different from GENIVI Demo Platform system layers | 14:29 |
paulsherwood | Ito-san says that Munakata-san highlighted that AGL needs to be product grade, whereas GDP is focused on demo | 14:33 |
paulsherwood | we need to ensure packages are selected to meet automotive grade requirements | 14:35 |
paulsherwood | ps suggested that this could still justify starting from GDP and improving its components/choices to be automotive grade | 14:36 |
paulsherwood | wm says that Ned had expressed a different view | 14:36 |
paulsherwood | ps asked if Ned was speaking as GENIVI or as WR | 14:37 |
paulsherwood | ps states that he expects that GENIVI would be happy to see re-use and improvement of any/all GENIVI components/recipes etc to meet automotive grade product requirements | 14:39 |
paulsherwood | wm says let's get Tanikawa-san's work into gerrit and then establish how best to re-use GDP if possible | 14:42 |
paulsherwood | Tanikawa says maybe better to start from GENIVI baseline, but package groups do not fit AGL purpose (would need to re-group them) | 14:44 |
*** jlrmagnus has joined #automotive | 14:44 | |
paulsherwood | need to find a migration path between meta-ivi and meta-agl, but Tanikawa does not have a solution yet | 14:44 |
jlrmagnus | Morning | 14:45 |
*** mdunford has joined #automotive | 14:45 | |
paulsherwood | wm asks that jonathanmaw work with Tanikawa-san's work once it is in gerrit | 14:46 |
jonathanmaw | acknowledged. | 14:47 |
paulsherwood | http://lists.genivi.org/pipermail/genivi-projects/2015-August/000607.html | 14:48 |
paulsherwood | ps asks Tanikawa-san if he would consider trying this meeting on irc in future | 14:50 |
paulsherwood | Tanikawa-san said irc is better than telephone :) | 14:50 |
paulsherwood | Ito-san also confirms that irc would be better | 14:51 |
paulsherwood | so let's try that in two weeks' time :-) | 14:51 |
paulsherwood | == meeting ends == | 14:51 |
waltminer | ty paulsherwood | 14:52 |
waltminer | as far as I remember this a new high water mark for participation 45 people on the channel | 14:53 |
*** wschaller has joined #automotive | 14:54 | |
paulsherwood | :-) | 14:59 |
*** Tanikawa has quit IRC | 15:01 | |
*** yoshi_ito has left #automotive | 15:12 | |
*** KlausUhl has quit IRC | 15:26 | |
*** Joel_Replogle has joined #automotive | 15:30 | |
*** Joel_Replogle has quit IRC | 15:45 | |
*** bbranch has joined #automotive | 15:50 | |
*** scrumb has joined #automotive | 16:02 | |
*** aeiche has joined #automotive | 16:05 | |
jlrmagnus | rvi-test1 is going down for cloning. | 16:13 |
jlrmagnus | Should be up in a few hours. | 16:13 |
*** aeiche has quit IRC | 16:13 | |
*** scrumb has left #automotive | 16:14 | |
*** bbranch has quit IRC | 16:17 | |
*** klausbirken has quit IRC | 16:19 | |
*** scrumb has joined #automotive | 16:24 | |
*** scrumb has left #automotive | 16:28 | |
*** waltminer has quit IRC | 16:28 | |
*** wschaller has quit IRC | 16:39 | |
*** jonathanmaw has quit IRC | 16:45 | |
*** jacobo has quit IRC | 16:45 | |
*** waltminer has joined #automotive | 16:46 | |
*** emaj has joined #automotive | 16:52 | |
*** bbranch has joined #automotive | 17:23 | |
*** RzR has quit IRC | 17:30 | |
*** RzR has joined #automotive | 17:30 | |
*** waltminer has quit IRC | 17:36 | |
jlrmagnus | Cool new project just got approved. | 17:37 |
jlrmagnus | Hardware based CAN firewall with programmable rulesets. | 17:39 |
jlrmagnus | We have the core design down, and I'll put together documentation on this during the next couple of days. | 17:39 |
FelixH | if it's programmable it's hackable | 17:40 |
jlrmagnus | The rulesets are all signed by the OEM private key. | 17:40 |
jlrmagnus | Public key is permanently flashed (read only) into the device. | 17:40 |
jlrmagnus | FelixH, you are correct in your statement, but it will be really, really hard to crack that. | 17:40 |
jlrmagnus | It's an extremely simple system with very few states. | 17:41 |
FelixH | mhh theoricaly the full telemetry box software is signed with a key burned in chip | 17:41 |
jlrmagnus | Yes. But the TCU (telematics control unit) usually sits in the IVI, which today is easily compromised. | 17:41 |
jlrmagnus | We are trying to mitigate the effects of a hacked IVI. | 17:42 |
jlrmagnus | Hence the firewall. | 17:42 |
jlrmagnus | JLR will produce the hardware and give away samples for free to interesting projects. | 17:42 |
jlrmagnus | RVI will be used to push rules OTA from a backend server, to a Tizen box, and on to the CANFW. | 17:42 |
FelixH | I agree for the firewall but I think it should not be possible to update it OTA, only by wire | 17:43 |
jlrmagnus | There will be a switch on the board that will have to be flipped in order for the FW to accept new rules. | 17:44 |
jlrmagnus | If you trust your OTA chain enough, you leave that switch flipped all the time. | 17:45 |
FelixH | (if you want something you can tell the user you are 100% no OTA hack is possible) | 17:45 |
jlrmagnus | Else you flip it in the shop before you program it through a tool. | 17:45 |
FelixH | mhh good point for the switch | 17:45 |
FelixH | you always trust your OTA chain until it's hacked x) | 17:45 |
jlrmagnus | We should have this out in a few weeks. I'll slap together a power pointer and mail it out. | 17:49 |
*** aeiche has joined #automotive | 17:57 | |
FelixH | I'll look at it | 17:58 |
FelixH | Have you looked for already existing solutions? | 17:58 |
jlrmagnus | In a meeting. | 18:06 |
jlrmagnus | Example of such solutions: | 18:07 |
jlrmagnus | ? | 18:07 |
FelixH | I saw a company called Arilou claims to have done a can firewall but I don't know much more. | 18:10 |
FelixH | don't know why I assumed it was something more common... | 18:11 |
*** apinheiro has quit IRC | 18:30 | |
jlrmagnus | Very little info on Arilou | 18:33 |
FelixH | indeed | 18:43 |
aeiche | jlrmagnus, Did you go to the towersec talk at the Germany GENIVI AMM? | 18:44 |
bret | o/ from jaguar/lanrdrover pdx's office :) | 18:54 |
aeiche | Hi Bret | 18:55 |
bret | hey! | 18:56 |
*** aeiche has quit IRC | 19:12 | |
rjek | jlrmagnus: btw, have you considered making RVI simply a routing system, and then running RabbitMQ over it? | 19:37 |
*** aeiche has joined #automotive | 19:45 | |
*** waltminer has joined #automotive | 19:50 | |
waltminer | paulsherwood yoo-hoo | 19:53 |
* rjek blasts recent purchases out of hi fi | 19:55 | |
* rjek browses eBay for replacement power amplifiers | 20:03 | |
* waltminer has an amp that goes to 11 | 20:08 | |
rjek | How spinal :) | 20:09 |
* rjek always smiles when he notices that the BBC's websites' video players have volume controls that go up to 11. | 20:09 | |
waltminer | :) | 20:10 |
jlrmagnus | Back | 20:10 |
jlrmagnus | rjek: We can do that fairly easily. | 20:10 |
jlrmagnus | We can, for example, route rabbitMQ over SMS. Not efficient, but it works. | 20:10 |
* rjek currently has a Meridian Audio 596 -> 501 -> Cambridge Audio P500, but is looking to replace the P500 with a Meridian 556. | 20:11 | |
rjek | jlrmagnus: I see what RVI is trying to do, but it strikes me that it's trying to be routing, authentication, and messaging pattern all in one. | 20:11 |
* rjek always likes reusing other people's things, in general :) | 20:11 | |
jlrmagnus | Yes. Although it does those three things at a very basic level. | 20:12 |
rjek | routing and authentication is tricky to seperate when you have no single addressing scheme, but it strikes me that if RVI simply provided a routing system for streams, then you could just run TLS and RMQ over it. | 20:12 |
jlrmagnus | The core mission of RVI is secure and robust data transmission between two nodes, regardless of data link. | 20:12 |
rjek | Yes, the routing seems to be the important thing | 20:12 |
jlrmagnus | It is, but I can't see how we can break out security from it. | 20:13 |
jlrmagnus | If we only route simple messages (which is what we do today), but with no security, how do we stop spoofed RVI nodes from injecting traffic? | 20:13 |
rjek | Yes, it's tricky. But if it simply provided stream connections, then you could perhaps run TLS over it and leave authentication and secrecy to that | 20:13 |
FelixH | jlrmagnus: point to point security? | 20:14 |
jlrmagnus | Well. It is not streams only. SMS, being a typical case. | 20:14 |
rjek | P2P security doesn't exist unless you have a central authority or out-of-band confirmation of identify | 20:14 |
FelixH | if each node secure its messages a spoofed node can't talk | 20:14 |
jlrmagnus | FelixH, Even with end point validation, you can still DOS the intermediate routing points. | 20:14 |
FelixH | rjek: yes | 20:14 |
FelixH | DOS yes but not spoof it | 20:15 |
jlrmagnus | Correct. And that out-of-band authentication is rooted in the private key that signs the certificates. | 20:15 |
rjek | ie: see SSL/TLS certification authorities and PGP key signing | 20:15 |
jlrmagnus | rjek: That is what we are running a stripped version of, although using JWT instead of X.509. | 20:15 |
* rjek likes to distance himself from JSON in general :) | 20:16 | |
FelixH | In internal we did something very similar to RVI... | 20:16 |
jlrmagnus | It makes portability and interop easier. | 20:16 |
rjek | But only because I like writing data structures myself, and JSON hates humans | 20:16 |
jlrmagnus | We ran our initial protocol as BERT-RPC, which is much, much more efficient, but ran into all kinds of interop issues. | 20:16 |
FelixH | for the security every telematic box get a key in factory that the CPU transform in blackblob and our keyvault server keep the pair for communication | 20:16 |
rjek | Hmm, is SMS useful at all without running your own packetised protocol over it due to message length restrictions? | 20:17 |
jlrmagnus | FelixH: That is a prerequisite. | 20:17 |
jlrmagnus | We also need to rotate those keys as time goes on. | 20:17 |
rjek | Depends on their strength. DNSSEC requires routine rotation because the keys are so small (so they're not computationally expensive) | 20:17 |
rjek | s/not/so/ | 20:18 |
jlrmagnus | rjek: We have an initial run on the security implementation, mostly to learn and evaluate. | 20:18 |
jlrmagnus | High-level doc at: https://github.com/magnusfeuer/rvi_core/blob/master/doc/rvi_security.md | 20:18 |
jlrmagnus | I | 20:18 |
rjek | jlrmagnus: Hmm; in general I prefer to avoid creating new security systems because it's so easy to build something you can't break yourself. ie, I prefer using something already used, tested, and reviewed. | 20:18 |
rjek | Not that it's a panacea. | 20:18 |
jlrmagnus | am prepared to start over on the security implementation, but this is as far as we have come now. | 20:19 |
* rjek nods | 20:19 | |
jlrmagnus | Please note that we are using bog standard crypto stuff for this. | 20:19 |
rjek | Sure | 20:19 |
jlrmagnus | And it's just authentication and authorization, no encryption (yet). | 20:19 |
rjek | But while the CA PKI has its flaws, at least they're well understood and explored. | 20:19 |
jlrmagnus | We may end up using TLS after all, but the SMS issue remains. | 20:19 |
jlrmagnus | Agree. | 20:19 |
rjek | How show-stopping is the SMS issue, and could perhaps a different scheme be adopted for that? | 20:20 |
jlrmagnus | rjek, Have a look at the doc. The self-provisioning bit is totally broken, but the rest held up ok in a review by people who were not totally incompetent. | 20:20 |
FelixH | We only use SMS for emergency (like crashes) or if we have nothing else working | 20:20 |
jlrmagnus | It is a show stopper. SMS in 2G, 3G, and LTE has better coverage than a full-blown data link. | 20:21 |
rjek | Sounds like an HMACed message would do for that | 20:21 |
jlrmagnus | Close to what we are doing already. | 20:21 |
rjek | Sending a message saying "Help!" is much less security sensitive than "please unlock" | 20:21 |
jlrmagnus | ok? | 20:21 |
* rjek 's face burns from kimchi | 20:22 | |
rjek | jlrmagnus: I'll read that tomorrow. It's a bit late here now. | 20:22 |
jlrmagnus | np. | 20:22 |
FelixH | for lock/unlock we only do electric cars that are connected to a station when we have to give access to a new user | 20:22 |
FelixH | but obviously it will not work for everyone | 20:23 |
jlrmagnus | The more input we get on this, the better. We are talking to security outfits about the design, but would like to present them with something fairly mature. | 20:23 |
jlrmagnus | FelixH: Who are "we"? If you can tell. | 20:23 |
FelixH | BlueSolutions | 20:24 |
jlrmagnus | ok | 20:24 |
rjek | Right, good night fellow automotivites. | 20:24 |
jlrmagnus | Good night. Looking forward to continue the discussion. | 20:24 |
jlrmagnus | I | 20:26 |
FelixH | good night | 20:26 |
*** aeiche has quit IRC | 20:35 | |
*** waltminer has quit IRC | 20:57 | |
*** aeiche has joined #automotive | 21:01 | |
*** waltminer has joined #automotive | 21:05 | |
*** emaj has quit IRC | 21:55 | |
*** aeiche has quit IRC | 22:54 | |
*** waltminer has quit IRC | 23:31 | |
*** aeiche has joined #automotive | 23:31 | |
*** jlrmagnus has quit IRC | 23:38 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!