IN THIS ISSUE

ENGINEERS GUIDE TO
ANDROID & EMBEDDED
LINUX 2016
CONTENTS www.eeecatalog.com/embeddedlinux

Vice President & Publisher

Clair Bright
Editorial
Executive Editor
Lynette Reese
lreese@extensionmedia.com
Android & Embedded Linux Managing Editor
Anne Fisher
afisher@extensionmedia.com
Linux Containers: Smart Home Smarts Senior Editors
By Asif Awan, Layered Insight 4 Chris Ciufo
cciufo@extensionmedia.com
Move Over Apple Car; Linux is Going to Drive Caroline Hayes
Gabe Moretti
By Lynnette Reese, Executive Editor 7 Dave Bursky
Creative/Production
Production Traffic Coordinator
LS Jerrett
Product Showcases Graphic Designers
Nicky Jacobson
Simone Bradley
Application Solutions Senior Web Developers
Slava Dotsenko
CPU or Single Board Computers
Mariam Moattari
EMAC, Inc. Advertising / Reprint Sales
PPC-E7-3354 10 Vice President, Sales
Embedded Electronics Media Group
Clair Bright
cbright@extensionmedia.com
(415) 255-0390 ext. 15
Sales Manager
Elizabeth Thoma
(415) 255-0390 ext. 17
ethoma@extensionmedia.com

Marketing/Circulation
Jenna Johnson
To Subscribe
www.eecatalog.com

Extension Media, LLC Corporate Office

President and Publisher
Vince Ridley
vridley@extensionmedia.com
(415) 255-0390 ext. 18
Vice President & Publisher
Clair Bright
cbright@extensionmedia.com
Vice President, Business Development
Melissa Sterling
msterling@extensionmedia.com
Human Resources / Administration
Darla Rovetti

Special Thanks to Our Sponsors

Embedded Systems Engineering is published by Extension

Media LLC, 1786 18th Street, San Francisco, CA 94107.
Copyright 2016 by Extension Media LLC. All rights
reserved. Printed in the U.S.

2 &/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69

r




November 2016

 IoT Data Protection

Your SSD data is safe with:

0UK\Z[YPHS[LTWI\PSK*[V*
)\PS[PUvtGuard WV^LYMHPSWYV[LJ[PVU
vtSecure ^P[OZLSMLUJY`W[PUN[LJOUVSVN`

Worth protecting?
Then, protect.

Solid State Storage and Memory

Industrial Embedded Technology for Our Interconnected World

 engineers guide to Android & Embedded Linux
Linux Containers: Smart Home Smarts
Why containers can satisfy the application isolation requirements for
embedded devices in our homes, on our wrists, and more.
By Asif Awan, Layered Insight
T hough most embedded devices do just one thing and do it very
well, securing that one application on the device has always been
challenging. That challenge arises due to the constrained nature of
processor, memory, and power. Further compounding the challenge,
most embedded devices are now connected and do many more things
than just one. Also, many applications that deal with our personal
information are being supported in embedded devices. For example,
many wearables are being used either as endpoints to facilitate user
authentication or as a key computation hop to collect and perform
transactions for healthcare and finance use cases respectively. As more
and more things connect in our homes, we humans have become one
more connected thing inside our smart homes, and when we venture
out, mobile devices become extensions of our physical beings.
Many security operations, Public Key Cryptography computations
as an example, are processor-intensive and hence also end up con-
suming more power than normal computations. In mobile embedded
devices, such as wearables, that additional power use means charging
the device more often, thereby conflicting with the devices primary
attributethat of mobility.
Figure 1
4 &/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69

r




November 2016
While anything and everything is getting connected to
the cloud, containers have brought about a major dis-
ruption to the cloud infrastructure space. Containers
offer attributes of workload portability and more effi-
cient hardware utilization and are perfectly suited for
ephemeral microservices. Trusted Computing Groups
TEE (Trusted Execution Environment) architecture
does offer a solid security paradigm for isolating
regular and secure applications, but that architecture
relies heavily on the support from underlying hardware
and the OS. However, I believe containers can be used
to satisfy the application isolation requirements for
embedded devices.
HARDWARE RESURGES
The perfect trifecta of cloud computing, ubiquitous
connectivity, and open source software stacks for pro-
cessing huge amounts of data has led to the smartness
of everything. While data pertaining to every aspect
of existing things are being collected and processed
in order to make those things smart, new devices
are thrown in the mix to create newer interactions
with day-to-day human lives or to deeply analyze the
existing interactions. All of this has led to a resurgence
of new hardware devices: from wearables to smart
home sensors to beacons to connected self-driving cars
to smart cities to drones, etc.
This second coming of the hardware revolution is fur-
ther fueled by easy availability of cheap single-board
computers and microcontrollers such as Raspberry Pi
and Arduino. As an example, it is very easy for anyone
to quickly put together a system of smart sensors at
home that send alerts or notifications based on certain
predefined rules, using such single-board computers
and open source software such as OpenHAB.
IMMUTABLE INFRASTRUCTURE
Containers enable an application development and
deployment lifecycle that lends flexibility to developers
 The Premier Conference Devoted
to Implementing IoT Technology
in Embedded Systems

t
8IBU
ZPV
OFFE
UP
LOPX
UP
TFDVSF
*P5
%FWJDFT t
/FUXPSL
1FSGPSNBODF
3FMJBCJMJUZ
BOE
.FUSJDT

t
3FMJBCJMJUZ
BOE
4FDVSJUZ
%FNBOET
PG
UIF
*OEVTUSJBM*P5 t
*P5
BT
B
4FSWJDF
t
0QUJNJ[JOH
*OEVTUSJBM
&NCFEEFE
*NQMFNFOUBUJPOT
t
$SFBUF
1SPEVDUT
XJUI
1SPWBCMZ
)JHI
6TFS
7BMVF
t
#VJME
-PXFS
1PXFS
BOE
NPSF
4FDVSF
*P5
%FWJDFT
t
*P5
4UBOEBSET
t
8IBU
EPFT
*OUFSPQFSBCJMJUZ
NFBO
GPS
*P5 t
&NCFEEFE
$MPVE
$PNQVUJOH
t
8JEF"SFB
8JSFMFTT
5FDIOPMPHZ
GPS
*P5
BOE
..
%FWJDFT t
4FNJDPOEVDUPS
5FDIOPMPHJFT
PG
UIF
'VUVSF


GPS
*P5
t
5IF
*OUFSOFU
PG
5IJOHT
UIBU
TFF
#SJOHJOH
7JTVBM

*OUFMMJHFODF
UP
&NCFEEFE
%FWJDFT
t
"OE
NVDI
NPSF

Plan now to attend

April 26-27, 2017 - Santa Clara Convention Center, CA USA
r
&/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69
&/(*/&&34 (6*%& 50 "/%30*%  &.#&%%&% -*/69
 engineers guide to Android & Embedded Linux
in choosing whatever software stack is best suited for the application.
At the same time, containers let the DevOps team decide and define
the underlying immutable infrastructure stack that should be used
for running the containers. This flexibility has a key implication: the
application team and the DevOps teams can work completely inde-
pendently, and test out their changes, without having to worry about
the impact of their changes on the other teams progress. This process
improvement can significantly speed up the release cycles, as the entire
OS and application stack dont have to be qualified for every change (as
is the case with application software released as virtual machine [VM]
images). Hence, application developers can quickly try out changes to
their application logic and also to the software stack without having
to worry about running those changes, and the support those changes
would need from the OS stack, with the DevOps guys.
EMBEDDED DEVELOPMENT AND PRODUCTION PERKS
Containers offer multiple additional benefits during development and
in production for embedded devices.
t
New containerized applications could be easily introduced and
deployed on the devices without impacting any of the existing
applications. The existing applications would continue to rely on
their specific dependencies, in their containers, while being com-
pletely transparent to the newly introduced application in their
environment.
t
Independently optimize an application and its dependencies without
touching other applications or the underlying infrastructure.
t
Parallelize the development process: different development teams
can independently build and test applications, choosing whatever
software stack is best suited for their applications, without having
to agree on, and hence settle for, a jack-of-all-trades-but-master-
of-none software stack that works for all the applicationswithin
their assigned memory footprint and other embedded limitations.
t
Over-the-air application updates could be easily applied to, and even
reverted from, the containerized applications without being concerned
Figure 2: Access to Raspberrry Pi and other inexpensive single-board
computers and microcontrollers has led to a cascade of new devices.
6 &/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69

r




November 2016
about having to physically reset hard-to-reach devices in
case the update doesntt go through correctly.
ENHANCED SECURITY
As mentioned earlier, security is becoming increasingly
important for connected embedded devices, especially
for something like a smart home hub that controls all the
devices and sensors in a connected home. While the secu-
rity concerns, from a threat perspective, remain the same,
containers could be used effectively on embedded devices
to address the security concerns.
A dual-layered approach of separating out well-container-
ized applications from the underlying infrastructure could
prevent a compromise in one application from spreading
to other applications or to the kernel. Whats more, the
segregation of a monolithic software stack into multiple
cleanly isolated parts leads to faster testing and updates for
bugs and security patches, thereby reducing the window of
opportunity for attacks.
External sandboxing of containers, using a Mandatory
Access Control (MAC) approach such as SELinux or
AppArmor, could be used to limit the capabilities of the
applications to predefined system calls. Alternately, or in
addition to, security could be baked into the containers
by putting probes in various different network, I/O and
application layer calls of interestand used to provide deep
visibility into the runtime operations of the containers and
also for restraining the application from doing anything
thats abnormal to its behavior.
BEYOND THE TRADITIONAL
Containers offer promising alternatives to the traditional
approaches for developing, testing, and deploying applica-
tions on embedded devices. Containers are already being used
actively for deploying service side components of the fast-
growing IoT space, so despite the hardware limitations on the
embedded devices, I expect the container runtime (Docker
has already been ported onto Raspberry Pi by resin.io) and
most importantthe developer toolchains to be migrated
sooner than later. The bulkier container lifecycle management
and orchestration layer doesnt need to be migrated onto the
embedded ecosystem. The reason containers should be used
on embedded devices, as explained above, totally differs from
the rationale for making them part of the compute infrastruc-
ture layer.
Asif Awan is a successful serial entrepreneur with broad business
and technology expertise that spans the enterprise, healthcare
and financial industries; and cloud, mobile and deep-learning
technologies. He is the founder and CEO of Layered Insight,
www.layeredinsight.com, a container-security startup based
in the San Francisco Bay Area that has built an industry-first,
container-native deep visibility and security solution.
 engineers guide to Android & Embedded Linux

Move Over Apple Car; Linux

is Going to Drive
Automotive Grade Linux is collaborating to build the car of the future through rapid
innovation with eight major automotive OEM supporters. Toyota, for one, has made significant
contributions to AGL and plans to include AGL in Toyota vehicles in the next few years.

By Lynnette Reese, Executive Editor, Extension Media

C ars have a long way to go to catch up with the user

experience offered by smartphones. At present,
every manufacturer has its own In-Vehicle Infotain-
ment (IVI) with a different organization, touchscreen
layout, and navigation. Automotive Grade Linux (AGL)
has much to offer as an open source platform that will
provide a standardized, open operating system and
application framework. AGL is being developed collab-
oratively amongst over 80 member companies, sharing
development work spanning standard parts that col-
lectively make a common framework.
AGLs ambition is to reduce the software
design cycle to 12 months....
Automotive Grade Linux (AGL), a collaborative open-source project
for developing a Linux-based distribution for use in automotive elec-
tronics, is at its core an operating system. AGL has been around since
2012 but has seen tremendous growth over the past two years with
Toyota, Honda, Ford, Jaguar Land Rover, Mitsubishi Motors, Subaru,
Nissan, Mazda, and several other members coming on board. AGL is a
custom distribution (distro) based on the Yocto Project and begins

IVI typically encompasses GPS navigation, phone

interface, video or rear view cameras, rear passenger
entertainment, and may use a combination of touch-
screen displays, physical buttons, and voice recognition.
The picture is very different for Android smartphones,
who share a common framework. The benefits could be
rather striking; a rental car navigation screen could be
in Klingon, but a familiar framework across all makers
would allow you to change language settings quickly
and punch in an address. In short, the difference in user
experience between Android phones and Infotainment
is stark. That will change dramatically within the next 2
3 years, however, as the model moves to open source. Figure 2: The AGL framework in use for automotive climate controls. Every
OEM will have its own look, but the rst 80% of the application is AGL, the
last 20% is OEM customization.

eecatalog.com/embeddedlinux r
&/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69 7
 engineers guide to Android & Embedded Linux

with a stripped-down version of the Linux kernel. Version 2 of the AGL

Unified Code Base (UCB) was released in July 2016 at the Automotive
Linux Summit. UCB Version 3 is expected in December 2016 and is
the first release that is targeted to install in vehicles. AGL is gaining
momentum. Since the end of 2014, there has been 105% growth in
developer participation, and now close to 600 developers are on the
AGL mailing list.

PLAYING CATCH-UP
AGL will do much more than reduce frustration when driving unfa-
miliar vehicles, however. AGL will save money, improve the overall
user experience by incorporating the best ideas from all AGL mem-
bers, enhancing the security by incorporating hundreds of years
worth of broad-based software security experience into AGL and dis-
till AGL into the best platform via the proven success of Linux and the
open source model. Hosted by the non-profit The Linux Foundation, Figure 3: An AGL test set-up for a wheel input device.
AGL is royalty-free and frees automotive OEMs to focus on their core
competency: designing cars, not software. The automotive industry AGL, although four years old, relaunched under a new
has fallen behind smartphones in ease-of-use and functionality. strategy a couple of years ago, borrowing the best soft-
Consumers paying $500 or more for navigation in cars expect a smart- ware components from AGL, GENIVI, and Tizen IVI
phone experience. The 100-year old automotive supply chain model for the AGL platform. This new combination code base
for software has a 36-month production cycle, a time frame over is what AGL calls the unified code base, or UCB, and
which three iPhones can be released. AGLs ambition is to reduce the unifies the best of AGL, Tizen IVI, and GENIVI for
software design cycle to 12 months with shorter deployment cycles the entire industry. Tizen IVI was an open project ini-
and more frequent software updates. AGL will also enable a robust and tially led by Samsung and Intel but was aimed more at
global ecosystem of compatible hardware, software, user interfaces, consumer electronics. GENIVI is open source software
and a variety of applications. from the GENIVI Alliance. However GENIVI targets a
specification that allows multiple different vendors to
AGL is made up of several expert groups, be compliant with different code, versus AGL, which
a group of like-minded developers that has a code first mindset and focuses on building a
get together and work on an area of the software base that provides automakers and suppliers
system. Dan Cauchy, Executive Director with the same starting point for production programs.
of Automotive Grade Linux at The Linux AGL recognizes the contributions of the open Tizen IVI
Foundation, says that Automotive and GENIVI modules within AGL.
Grade Linux has the ultimate goal of
expanding from IVI into the instrument Additional flourishes can be added by the manufacturer,
cluster, telematics, heads-up display much like smartphones often carry carrier-specific
(HUD), Advanced Driver Assistance features and functions, however, the basic underlying
Systems (ADAS), Functional Safety, and functionality is the same across Android-based oper-
eventually Autonomous Vehicles. ating systems, and AGL will be no different. Developers
will be able to add differentiating features, such as voice
How did we get to the point where cars recognition, but the foundation will share a commonality
Dan Cauchy, Linux Foundation
needed operating systems? Older vehi- that not only facilitates rapid time-to-market, but allows
cles had direct wiring for electronics, but engineers to become experts on a common code base
with hundreds of different electronic functions in modern vehicles, rather than learning several proprietary systems over a
Electronic Control Units (ECUs) became the norm, mainly because lifetime. AGL is a full distro, including middleware, and
wiring harnesses became too bulky and cumbersome to wire indi- an app framework.
vidual control loops throughout a car. ECUs control small but often
complex control loops to handle algorithms for everything from oper- EXPERT GROUPS
ating door mirrors, automatic lighting functions, to luxury functions Collaboration is not new to Linux, but it is new to auto-
such as variable chassis suspension at the touch of a button. There motive. Nevertheless, there are several expert groups
can be a hundred or more ECUs in luxury vehicles, and the number of presently working on AGL focused on System Architec-
ECUs is reaching a limit. Greater integration of hardware and software ture, Application Framework and Security, Continuous
is needed to address the high number of ECUs. Integration and Automated Testing, Connectivity and
User Interface (UI) and Graphics.

8 &/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69

r




November 2016


The System Architecture Team defines the overall
technical architecture per the strategy set by the
steering committee and oversees how reference soft-
ware and hardware solutions are implemented.
The Application Framework and Security expert
group are building a foundational application frame-
work for all AGL apps, so every design builds on a
common shared framework. Security begins at a low
level on the stack and necessarily permeates common
functions. For example, in addition to cooperation
with secure hardware, apps will be cryptographi-
cally signed and verified at installation and removal.
There are also plans to provide a secure boot in the
AGL framework to ensure that the car will not boot
on a changed image unless a specific encryption key
is provided. The User Interface (UI) and Graphics
expert group is responsible for the design and archi-
tecture of driver-facing features such as multimedia,
navigation, speech recognition and the home screen.
The Connectivity expert group is concerned with
CAN bus, LIN, MOST, Ethernet AVB, and an abstrac-
tion layer referred to as the automotive message
broker, which abstracts the messaging to a firewalled
vehicle bus. They are also responsible for remote
vehicle interactions, cloud connectivity and how user
devices connect to the IVI system. The Continuous
Integration and Automated Testing group uses stan-
dard tools like JTA, LAVA, Gerrit and others.
THE FUTURE OF AGL
After the AGL IVI is released, ongoing improvement,
additions, and updates are expected indefinitely. How-
ever, the focus of AGL will shift beyond IVI to address
other areas such as instrument cluster, telematics,
heads-up display (HUD), Advanced Driver Assistance
Systems (ADAS), Functional Safety and eventually
Autonomous Vehicles.
The UCB distribution has been architected to allow
different profiles to be created from the same code
base to address all software applications in the car. As
Cauchy explains, It is in the AGL charter to implement
code supporting the instrument cluster, which are
often digital displays and have similar requirements
in common with IVI. Thus, using the same IVI code
base and another iteration with Yocto to define specific
meta data for new layers, AGL will have code specific
to instrument clusters that OEMs can customize. Dan
goes on to state, Another profile, if you will, will yield
a heads up display (HUD). Telematics is next, and has
already begun, with the formal establishment of an
expert group planned before the end of the year.
eecatalog.com/embeddedlinux
engineers guide to Android & Embedded Linux
AGL telematics will involve telemetry and sharing telematics data,
which includes connecting to the cloud and creating the whole con-
nected car, enabling functions such as remote updates that can
replace visits to the dealership. Beyond IVI and telematics is ADAS,
which Dan indicates may not be addressed until next year at the
soonest. ADAS requires an operating system for system-level coor-
dination including multiple sensors, cameras, and LIDAR to assist
with keeping to a lane and collision avoidance, for example. Dan
admits that this is farther out on AGLs roadmap but went on to state,
Functional Safety certifications will be required for ADAS, and this
will take some time. However, once we achieve ADAS, the next logical
step is to leverage that and move forward to build software for fully
Autonomous Vehicles, and that is part of our roadmap.
Version 3 of the AGL UCB, or the Charming Chinook distro, will
be released late in 2016, with a demonstration planned for CES 2017
showing the home screen with multiple display capability (front and
rear seat), video playback, audio routing and the AGL app framework.
CONCLUSION
Linux is certainly a proven model for establishing a successful collab-
orative model that breeds innovation. Examples of Linux in daily life
include Android on smartphones and the Apache web server (which
exists in 50% of all web servers worldwide.) However, Linux is also
used in nuclear power plants, entire systems of trains and their con-
trol, as well as in aeronautics.
AGL presents a new methodology for the automotive industry. Its suc-
cess remains to be seen but judging from the success of carrier-grade
Linux, and the fact that eight major OEMs and multiple technology
companies are participating towards the success of AGL, one can
imagine the future of AGL. Companies like Apple that aim to compete
in automotive have a serious competitor in AGL but are also easily able
to sell a differentiating application layer or a custom distribution, since
open-source allows deep transparency down to the kernel.
AGL is still accepting participants for expert groups, which means
entering on the ground floor of a significant opportunity is possible.
As a non-profit, AGL is never going to IPO. But defining success by
collaboration, not quarterly results, is a good thing.
Lynnette Reese is Executive Editor, Embedded Systems Engineering and
Embedded Intel Solutions, and has been working in various roles as an
electrical engineer for over two decades. She is interested in open source
software and hardware, the maker movement, and in increasing the number
of women working in STEM so she has a greater chance of talking about
something other than football at the water cooler.
r
&/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69 9
 engineers guide to Android & Embedded Linux

EMAC, Inc.
PPC-E7-3354

CPU or Single Board Computers

CPU or Single Board Computers

Compatible Architectures: ARM

Compatible Linux and Android OS: Embedded Linux & Android

Designed and manufactured in the USA, the PPC-E7-3354 is

a compact, low power consumption ARM Panel PC with a
7 inch WVGA (800 x 480) color TFT LCD and resistive touch
screen. The PPC-E7-3354 comes with EMACs Embedded
Linux distribution installed and fully congured on the
onboard ash disk. This allows a software engineer to
concentrate on writing applications without worrying about
hardware conguration and setup.

The PPC-E7-3354 utilizes a System on Module for the TECHNICAL SPECS

processing core. This allows the user to easily upgrade
the core of the system, when more memory, storage or
processing power is required. The PPC-E7-3354 uses a 1GHz
fanless embedded ARM Cortex-A8 System on Module with
Video and Touch. The SoM provided with the PPC-E7-3354
supports up to 512MB of Embedded SDRAM, Up to 16GB
of embedded eMMC Flash, 16MB of serial data ash and a
MicroSD card socket. Typical power consumption is 6 Watts
and the LED backlight can be shut off to further decrease
power consumption. The PPC-E7- 3354 offers three RS-232
serial ports, and one RS232/422/485 port. It includes two
USB 2.0 host ports, a USB 2.0 OTG port, I2S audio port with
stereo line-in/line-out, RJ45 for wired Ethernet and a battery
backed real time clock. The Panel PC has a wide voltage input
of 12-28V and is ready for a variety of installations. Optional
Wi and Bluetooth can be added to the USB connections.
Texas Instruments AM3354 1.0GHz ARM Cortex A8 based
Processor
512MB SDRAM, 16MB serial data ash, 4GB eMMC Flash,
Micro-SD Flash Card Socket
16x General Purpose I/O, Timer/Counters & Pulse Width
Modulation (PWM) ports, 1x I2C Port
3x RS232 & 1x RS232/422/485 Port, 2x USB 2.0 Host port,
1x USB 2.0 OTG port, 1x CAN, 10/100 Ethernet
1x I2S Audio port with Stereo Line-In/Line-Out,
4x A/D Channels with 10-bit A/D Converter

http://www.emacinc.com/sales/linuxengguide APPLICATION AREAS

Industrial Control, Industrial Automation, Data Acquisition,
Qty 1 Price is $550. OEM and Quantity Pricing Available Test & Measurement, Human Machine Interface (HMI)

FEATURES & BENEFITS AVAILABILITY

7 WVGA (800 x 480) Resolution color TFT LCD Now
with an LED Backlight that is Software Controlled
for On/Off & Brightness

Resistive Touchscreen Interface

Wide voltage power supply, 12-28V DC

Wi and Bluetooth (Optional) CONTACT INFORMATION

EMAC OE Embedded Linux EMAC, Inc.

2390 EMAC Way
Carbondale, Illinois 62902
United States
Tel: (618) 529-4525
Fax: (618) 457-0110
info@emacinc.com
www.emacinc.com

10 &/(*/&&34
(6*%&
50
"/%30*%

&.#&%%&%
-*/69

r




November 2016 t




"QQMJDBUJPO
4PMVUJPOT