rewrote quickstart, build-process

Revamped and updated documentation to install and build AGL images.
(removed whitespaces, added contribution guide, corrected rcar-gen3 section 7, added aglsetup.h flags to hardware support, some minor changes)

Bug-AGL: [SPEC-3633]

Signed-off-by: Shankho Boron Ghosh <shankhoghosh123@gmail.com>
Change-Id: Iedb6c7dc1661f4bc58b5f25ea5d188778c7ff908
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/documentation/+/25407
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>

1 files changed, 116 insertions, 0 deletions

diff --git a/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md b/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md
new file mode 100644
index 0000000..36c4df8
--- /dev/null
+++ b/docs/2_Architecture_Guides/2.2_Security_Blueprint/7_Connectivity/1.2.7.3_Cloud.md
@@ -0,0 +1,116 @@
+---
+edit_link: ''
+title: Cloud
+origin_url: >-
+  https://raw.githubusercontent.com/automotive-grade-linux/docs-sources/master/docs/security-blueprint/part-7/3-Cloud.md
+---
+
+<!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/architecture/master/security_blueprint-security-blueprint-book.yml -->
+
+# Cloud
+
+## Download
+
+- **authentication**: Authentication is the security process that validates the
+  claimed identity of a device, entity or person, relying on one or more
+  characteristics bound to that device, entity or person.
+
+- **Authorization**: Parses the network to allow access to some or all network
+functionality by providing rules and allowing access or denying access based
+on a subscriber's profile and services purchased.
+
+<!-- section-config -->
+
+Domain                       | Object         | Recommendations
+---------------------------- | -------------- | --------------------------------------
+Application-Cloud-Download-1 | authentication | Must implement authentication process.
+Application-Cloud-Download-2 | Authorization  | Must implement Authorization process.
+
+<!-- end-section-config -->
+
+--------------------------------------------------------------------------------
+
+## Infrastructure
+
+- **Deep Packet Inspection**: **DPI** provides techniques to analyze the payload
+  of each packet, adding an extra layer of security. **DPI** can detect and
+  neutralize attacks that would be missed by other security mechanisms.
+
+- A **DoS** protection in order to avoid that the Infrastructure is no more
+  accessible for a period of time.
+
+- **Scanning tools** such as **SATS** and **DAST** assessments perform
+  vulnerability scans on the source code and data flows on web applications.
+  Many of these scanning tools run different security tests that stress
+  applications under certain attack scenarios to discover security issues.
+
+- **IDS & IPS**: **IDS** detect and log inappropriate, incorrect, or anomalous
+  activity. **IDS** can be located in the telecommunications networks and/or
+  within the host server or computer. Telecommunications carriers build
+  intrusion detection capability in all network connections to routers and
+  servers, as well as offering it as a service to enterprise customers. Once
+  **IDS** systems have identified an attack, **IPS** ensures that malicious
+  packets are blocked before they cause any harm to backend systems and
+  networks. **IDS** typically functions via one or more of three systems:
+
+  1. Pattern matching.
+  2. Anomaly detection.
+  3. Protocol behavior.
+
+<!-- pagebreak -->
+
+<!-- section-config -->
+
+Domain                             | Object        | Recommendations
+---------------------------------- | ------------- | ----------------------------------------------------------
+Application-Cloud-Infrastructure-1 | Packet        | Should implement a DPI.
+Application-Cloud-Infrastructure-2 | DoS           | Must implement a DoS protection.
+Application-Cloud-Infrastructure-3 | Test          | Should implement scanning tools like SATS and DAST.
+Application-Cloud-Infrastructure-4 | Log           | Should implement security tools (IDS and IPS).
+Application-Cloud-Infrastructure-5 | App integrity | Applications must be signed by the code signing authority.
+
+<!-- end-section-config -->
+
+--------------------------------------------------------------------------------
+
+## Transport
+
+For data transport, it is necessary to **encrypt data end-to-end**. To prevent **MITM** attacks,
+no third party should be able to interpret transported data. Another aspect
+is the data anonymization in order to protect the leakage of private information
+on the user or any other third party.
+
+The use of standards such as **IPSec** provides "_private and secure
+communications over IP networks, through the use of cryptographic security
+services, is a set of protocols using algorithms to transport secure data over
+an IP network._". In addition, **IPSec** operates at the network layer of the
+**OSI** model, contrary to previous standards that operate at the application
+layer. This makes its application independent and means that users do not need
+to configure each application to **IPSec** standards.
+
+**IPSec** provides the services below :
+
+- Confidentiality: A service that makes it impossible to interpret data if it is
+  not the recipient. It is the encryption function that provides this service by
+  transforming intelligible (unencrypted) data into unintelligible (encrypted)
+  data.
+- Authentication: A service that ensures that a piece of data comes from where
+  it is supposed to come from.
+- Integrity: A service that consists in ensuring that data has not been tampered
+  with accidentally or fraudulently.
+- Replay Protection: A service that prevents attacks by re-sending a valid
+  intercepted packet to the network for the same authorization.
+  This service is provided by the presence of a sequence number.
+- Key management: Mechanism for negotiating the length of encryption keys
+  between two **IPSec** elements and exchange of these keys.
+
+An additional means of protection would be to do the monitoring between users
+and the cloud as a **CASB** will provide.
+
+<!-- section-config -->
+
+Domain                        | Object                                    | Recommendations
+----------------------------- | ----------------------------------------- | ---------------------------------
+Application-Cloud-Transport-1 | Integrity, confidentiality and legitimacy | Should implement IPSec standards.
+
+<!-- end-section-config -->