summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--audio/4a-framework.md6
-rw-r--r--audio/bluez-alsa.md113
-rw-r--r--audio/index.md7
-rw-r--r--getting-started/machines/R-Car-Starter-Kit-gen3.md15
-rw-r--r--getting-started/setup-sdk-environment.md4
-rw-r--r--getting-started/source-code.md4
-rw-r--r--getting-started/troubleshooting.md38
-rw-r--r--security-blueprint/README.md2
-rw-r--r--security-blueprint/annexes/ConfigNotes.md15
-rw-r--r--security-blueprint/part-4/1-General.md42
-rw-r--r--security-blueprint/part-4/2-Memory.md20
-rw-r--r--security-blueprint/part-4/4-Debug.md6
12 files changed, 220 insertions, 52 deletions
diff --git a/audio/4a-framework.md b/audio/4a-framework.md
new file mode 100644
index 0000000..d54f12b
--- /dev/null
+++ b/audio/4a-framework.md
@@ -0,0 +1,6 @@
+# AGL Audio High Level Binding (4A)
+
+The Audio High Level Binding is the upper layer in the Audio 4A architecture.
+
+Presentation is available:
+[4a-presentation-by-audiokinetics](https://schd.ws/hosted_files/aglammeu17/aa/HighLevelAudio_DresdenAMM_Final_0.pdf)
diff --git a/audio/bluez-alsa.md b/audio/bluez-alsa.md
new file mode 100644
index 0000000..bbdef77
--- /dev/null
+++ b/audio/bluez-alsa.md
@@ -0,0 +1,113 @@
+# bluez-alsa
+
+## Introduction
+
+Bluetooth Audio ALSA Backend allow bluetooth audio without PulseAudio.
+
+This project is a rebirth of a direct integration between Bluez and ALSA. Since Bluez >= 5, the build-in integration has been removed in favor of 3rd party audio applications. From now on, Bluez acts as a middleware between an audio application, which implements Bluetooth audio profile, and a Bluetooth audio device.
+
+github source : [bluez-alsa](https://github.com/Arkq/bluez-alsa)
+
+## Add bluez-alsa to an AGL image
+
+You can add bluez-alsa to your image
+
+```yocto
+IMAGE_INSTALL_append = "bluez-alsa"
+```
+
+## Check bluez-alsa status
+
+You can check the bluez-alsa status by running:
+
+```bash
+systemctl status bluez-alsa.service
+```
+
+## Stop pulseaudio
+
+You must disable pulseaudio if you want to use bluez-alsa
+
+```bash
+systemctl --user stop pulseaudio
+```
+
+or disable pulseaudio bluetooth support
+
+```bash
+vi /etc/pulse/default.pa
+#.ifexists module-bluetooth-policy.so
+#load-module module-bluetooth-policy
+#.endif
+
+#.ifexists module-bluetooth-discover.so
+#load-module module-bluetooth-discover
+#.endif
+```
+
+## Connect your Bluetooth device
+
+You need to connect a bluetooth device
+
+```bash
+$ bluetoothctl
+[bluetooth]# pair ${BT_ADDR}
+[bluetooth]# connect ${BT_ADDR}
+[bluetooth]# info ${BT_ADDR}
+```
+
+Here somes documentation links:
+
+* [Bluetooth headset from archlinux](https://wiki.archlinux.org/index.php/Bluetooth_headset)
+* [Bluetooth Headset from gentoo](https://wiki.gentoo.org/wiki/Bluetooth_Headset)
+* [Bluez A2DP AudioSink for ALSA](http://www.lightofdawn.org/blog/?viewDetailed=00032)
+* [Bluez A2DP](http://www.lightofdawn.org/wiki/wiki.cgi/BluezA2DP)
+
+## Test bluez-alsa speacker
+
+```bash
+wget http://www.kozco.com/tech/piano2.wav
+
+aplay -D bluealsa:HCI=hci0,DEV=${BT_ADDR},PROFILE=a2dp ./piano2.wav
+```
+
+## Add bluez-alsa pcm config to alsa
+
+```bash
+vi /etc/asound.conf
+# Bluetooth headset
+pcm.btheadset {
+ type plug
+ slave.pcm {
+ type bluealsa
+ device "${BT_ADDR}"
+ profile "a2dp"
+ }
+ hint {
+ show on
+ description "Bluetooth Audio ALSA Backend"
+ }
+}
+```
+
+Doc [asoundrc](https://alsa.opensrc.org/Asoundrc)
+
+Test bluez-alsa pcm
+
+```bash
+aplay -D btheadset ./piano2.wav
+```
+
+## Test gstreamer player
+
+```bash
+gst-launch-1.0 uridecodebin uri=file:///mnt/Holy-Mountain.mp3 ! alsasink device=btheadset
+```
+
+## Test bluez-alsa phone
+
+After connected your phone with bluez:
+
+```bash
+bluealsa-aplay ${BT_ADDR}
+```
diff --git a/audio/index.md b/audio/index.md
deleted file mode 100644
index 19c4945..0000000
--- a/audio/index.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# AGL Audio Framework
-
-## Pulseaudio Plugin
-
-Source code is hosted on [gerrit:staging/agl-audio-plugin](https://gerrit.automotivelinux.org/gerrit/gitweb?p=staging%2Fagl-audio-plugin.git;a=summary)
-
-Documentation is available on [IoT.bzh site](http://iot.bzh/download/public/2016/audio/AGL-PulseAudio-Audio-Routing.pdf)
diff --git a/getting-started/machines/R-Car-Starter-Kit-gen3.md b/getting-started/machines/R-Car-Starter-Kit-gen3.md
index bd59990..c40fcb4 100644
--- a/getting-started/machines/R-Car-Starter-Kit-gen3.md
+++ b/getting-started/machines/R-Car-Starter-Kit-gen3.md
@@ -1,4 +1,4 @@
-# AGL Kickstart on Renesas R-Car Starter Kit Gen3 V2.23 (h3ulcb, m3ulcb)
+# AGL Kickstart on Renesas R-Car Starter Kit Gen3 V2.23 (h3ulcb, m3ulcb, salvator-x)
Here is a non exhaustive list of hardware parts that could be used to setup the R-Car Starter Kit Gen3 board development environment:
@@ -14,6 +14,9 @@ For more information and latest news, please check :
* [elinux page for h3ulcb][R-car h3ulcb]
* [elinux page for m3ulcb][R-car m3ulcb]
+* [elinux page for salvator-x][R-car salvator-x]
+
+Note that the Salvator-X has NDA restrictions, so less documentation is available both here and elsewhere.
The following documents may also be helpful:
@@ -60,6 +63,11 @@ export MACHINE=h3ulcb
export MACHINE=m3ulcb
```
+* for machine **h3-salvator-x**:
+
+ ```bash
+export MACHINE=h3-salvator-x
+
Now, init your build environment:
```bash
@@ -101,6 +109,8 @@ grep -w -e "^MACHINE =" $AGL_TOP/build/conf/local.conf
MACHINE = "h3ulcb"
or
MACHINE = "m3ulcb"
+or
+ MACHINE = "h3-salvator-x"
```
Configure for Release or Development:
@@ -151,7 +161,7 @@ Follow the documentation on the [eLinux.org wiki][R-car loader update] for the e
### Update the firmware stack
-As an AArch64 platform both the **h3ulcb** and **m3ulcb** have a firmware stack that consists of multiple parts. In both cases we have **ARM Trusted Firmware**, **OP-Tee** and **U-Boot** in use. Starting with Eel you must update the firmware to at least the version referenced here. For the exact steps required to flash the device see the eLinux.org wiki for **[h3ulcb][R-car h3ulcb firmware update]** or **[m3ulcb][R-car m3ulcb firmware update]** respectively. In both cases the files listed in the table will be found in the *\$AGL_TOP/build/tmp/deploy/images/$MACHINE* directory as specified in previous steps.
+As an AArch64 platform both the **h3ulcb** and **m3ulcb** have a firmware stack that consists of multiple parts. In both cases we have **ARM Trusted Firmware**, **OP-Tee** and **U-Boot** in use. Starting with Eel you must update the firmware to at least the version referenced here. For the exact steps required to flash the device see the eLinux.org wiki for **[h3ulcb][R-car h3ulcb firmware update]** or **[m3ulcb][R-car m3ulcb firmware update]** respectively. In both cases the files listed in the table will be found in the *\$AGL_TOP/build/tmp/deploy/images/$MACHINE* directory as specified in previous steps. The Salvator-X firmware update process is not documented on eLinux.
## Prepare the SD-card on the host
@@ -507,6 +517,7 @@ Detailed guides on how to build AGL for Renesas boards and using AGL SDK inside
[R-car m3ulcb firmware update]: https://elinux.org/R-Car/Boards/M3SK#Flashing_firmware
[R-car h3ulcb]: http://elinux.org/R-Car/Boards/H3SK
[R-car h3ulcb firmware update]: https://elinux.org/R-Car/Boards/H3SK#Flashing_firmware
+[R-car salvator-x]: https://elinux.org/R-Car/Boards/Salvator-X
[R-car loader update]: http://elinux.org/R-Car/Boards/Kingfisher#How_to_update_of_Sample_Loader_and_MiniMonitor
[R-car yocto]: http://elinux.org/R-Car/Boards/Yocto-Gen3
[rcar Linux Drivers]: https://www.renesas.com/solutions/automotive/rcar-demoboard.html
diff --git a/getting-started/setup-sdk-environment.md b/getting-started/setup-sdk-environment.md
index 3479a21..8ef742c 100644
--- a/getting-started/setup-sdk-environment.md
+++ b/getting-started/setup-sdk-environment.md
@@ -45,10 +45,10 @@ A pre-built image is available on automotivelinux download public site and can b
First, download and load the image in your local Docker instance:
```bash
-wget -O - https://download.automotivelinux.org/AGL/snapshots/sdk/docker/docker_agl_worker-3.0.tar.xz | sudo docker load;
+wget -O - https://download.automotivelinux.org/AGL/snapshots/sdk/docker/docker_agl_worker-latest.tar.xz | sudo docker load;
docker images;
REPOSITORY TAG IMAGE ID CREATED SIZE
- docker.automotivelinux.org/agl/worker 3.0 42009148bc03 6 days ago 926.9 MB
+ docker.automotivelinux.org/agl/worker 5.0 42009148bc03 6 days ago 926.9 MB
jenkins latest 55720d63e328 5 weeks ago 711.9 MB
hello-world latest c54a2cc56cbb 5 months ago 1.848 kB
```
diff --git a/getting-started/source-code.md b/getting-started/source-code.md
index 567128b..9bf1d96 100644
--- a/getting-started/source-code.md
+++ b/getting-started/source-code.md
@@ -122,11 +122,11 @@ You can choose your source release
### Download Latest Stable Release
-To download all layers for the for the latest stable release, dab 4.0.2:
+To download all layers for the for the latest stable release, eel 5.0.2:
```bash
cd $AGL_TOP
-repo init -b dab -m dab_4.0.2.xml -u https://gerrit.automotivelinux.org/gerrit/AGL/AGL-repo
+repo init -b eel -m eel_5.0.2.xml -u https://gerrit.automotivelinux.org/gerrit/AGL/AGL-repo
repo sync
```
diff --git a/getting-started/troubleshooting.md b/getting-started/troubleshooting.md
index 95a08ac..a9dcaff 100644
--- a/getting-started/troubleshooting.md
+++ b/getting-started/troubleshooting.md
@@ -107,29 +107,29 @@ If you don’t want to touch the ligthmediascanner service, you can also add a f
## Configuring the Audio hardware
AGL uses alsa as Audio configuration master. If the correct HW is not setup, the Audio system will fail to start what will also fails the demo Home Screen launch.
You need to configure Audio in 2 places
- * alsa
- * 4A HAL
+* alsa
+* 4A HAL
### alsa
The file /etc/asound.conf (at the beginning) tells which hardware will be used.
For example on an Intel Minnow or UP board your need to enter the following configuration.
-```json
- pcm.Speakers {
- type dmix
- slave {pcm "hw:PCH,3"}
- ipc_key 1001 # ipc_key should be unique to each dmix
-}
+```bash
+ pcm.Speakers {
+ type dmix
+ slave {pcm "hw:PCH,3"}
+ ipc_key 1001 # ipc_key should be unique to each dmix
+ }
```
The correct value (here hw:PCH,3) can be obtained with the command:
```bash
-aplay -l
-**** List of PLAYBACK Hardware Devices ****
-card 0: PCH [HDA Intel PCH], device 3: HDMI 0 [HDMI 0]
- Subdevices: 1/1
- Subdevice #0: subdevice #0
-card 0: PCH [HDA Intel PCH], device 7: HDMI 1 [HDMI 1]
- Subdevices: 1/1
- Subdevice #0: subdevice #0
+ aplay -l
+ **** List of PLAYBACK Hardware Devices ****
+ card 0: PCH [HDA Intel PCH], device 3: HDMI 0 [HDMI 0]
+ Subdevices: 1/1
+ Subdevice #0: subdevice #0
+ card 0: PCH [HDA Intel PCH], device 7: HDMI 1 [HDMI 1]
+ Subdevices: 1/1
+ Subdevice #0: subdevice #0
```
Using hw:PCH rather than hw:0 will avoid you many trouble.<br>
NOTE that the device number is not always 0. If you give no device number, alsa will assume device 0 (and the not the first available device), what can fail your configuration.<br>
@@ -143,11 +143,11 @@ For info HW device for common configuration are:
### 4A HAL configuration
AGL 4A needs to know which HAL shall be used. This is configured in the file:
-```
+```bash
/usr/agl-service-audio-4a/ahl-agl-service-audio-4a-config.json
```
At the beginning of that file you will find the slected HAL (note the there is no correct default value).
-```json
+```bash
{
"version": "0.2.0",
"policy_module": "AudioPolicy_v1",
@@ -189,5 +189,5 @@ Once that you have built your image on the SD card, uncompress the desired map i
(YourMountPoint will vary with your build system).<br>
You can also use the script from the image to install the Mapdata on your SD card but there is little adavange in using that method. e.g.
- * download_mapdata_jp.sh /YourMountPoint
+* download_mapdata_jp.sh /YourMountPoint
diff --git a/security-blueprint/README.md b/security-blueprint/README.md
index 5513dcc..4ae67de 100644
--- a/security-blueprint/README.md
+++ b/security-blueprint/README.md
@@ -2,7 +2,7 @@
This document presents the different attacks that can be envisaged on a recent car in order to be able to create a set of tests verifying the security of Automotive Grade Linux (AGL).
The more general utility behind this document is to protect the manufacturers, customers and third party from potential financial and information loss.
-This document is firstly based on the existing security-blueprint.
+This document is firstly based on an existing AGL security-blueprint.
**For security to be effective, the concepts must be simple. And by default, anything that is not allowed is forbidden.**
diff --git a/security-blueprint/annexes/ConfigNotes.md b/security-blueprint/annexes/ConfigNotes.md
index 6de1ca6..23b202a 100644
--- a/security-blueprint/annexes/ConfigNotes.md
+++ b/security-blueprint/annexes/ConfigNotes.md
@@ -139,6 +139,10 @@ Domain | `Config` name | `Value`
------------------------------ | ------------------------- | -------
Kernel-General-ModuleSigning-1 | `CONFIG_MODULE_SIG_FORCE` | `y`
+Domain | `Variable` name | `Value`
+------------------------------ | ------------------------- | -------
+Kernel-General-ModuleSigning-2 | `kernel.modules_disabled` | `1`
+
Domain | Object | _State_
------------------------ | ------------------- | ----------
Kernel-General-Drivers-1 | `USB` | _Disabled_
@@ -154,10 +158,6 @@ Domain | `compiler` and `linker` options | _State_
Kernel-General-OverwriteAttacks-1 | `-z,relro` | _Enable_
Kernel-General-OverwriteAttacks-2 | `-z,now` | _Enable_
-Domain | `compiler` and `linker` options | _State_
-------------------------------- | ------------------------------- | --------
-Kernel-General-LibraryLinking-1 | `-static` | _Enable_
-
Domain | `Config` name | `Value`
------------------------------ | ---------------- | -------
Kernel-Memory-RestrictAccess-1 | `CONFIG_DEVKMEM` | `n`
@@ -192,9 +192,10 @@ Domain | `compiler` and `linker` options | _State_
----------------------------- | ------------------------------- | --------
Kernel-Memory-StackSmashing-1 | `-fstack-protector-all` | _Enable_
-Domain | `compiler` and `linker` options | `Value`
-------------------------------- | ------------------------------- | -------
-Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2`
+Domain | `compiler` options and `config` name | `Value`
+------------------------------- | ------------------------------------ | -------
+Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2`
+Kernel-Memory-BufferOverflows-2 | `CONFIG_FORTIFY_SOURCE` | `y`
Domain | `Config` name | `Value`
------------------------ | ---------------------------- | -------
diff --git a/security-blueprint/part-4/1-General.md b/security-blueprint/part-4/1-General.md
index f279b17..444c97d 100644
--- a/security-blueprint/part-4/1-General.md
+++ b/security-blueprint/part-4/1-General.md
@@ -24,7 +24,7 @@ Kernel-MAC-1 | Add MAC config note.
## Disable kexec
-This prevents someone who gets root from supplanting the kernel. This can be used as a way to bypass signed kernels.
+**Kexec** is a system call that enables you to load and boot into another kernel from the currently running kernel. This feature is not required in a production environment.
<!-- section-config -->
@@ -34,6 +34,12 @@ Kernel-General-kexec-1 | `CONFIG_KEXEC` | `n`
<!-- end-section-config -->
+<!-- section-note -->
+
+**kexec** can load arbitrary kernels but signing of new kernel can be enforced like it is can be enforced for new modules.
+
+<!-- end-section-note -->
+
--------------------------------------------------------------------------------
## Disable kernel IP auto-configuration
@@ -80,7 +86,7 @@ Kernel-General-LegacyLinux-1 | `CONFIG_USELIB` | `n`
## Disable firmware auto-loading user mode helper
-The firmware auto loading helper, which is a utility executed by the kernel on `hotplug` events requiring firmware, needs to be set `setuid`. As a result of this, the helper utility is an attractive target for attackers with control of physical ports on the device. Disabling this configuration that is supported in **Linux 3.9 and greater**.
+The firmware auto loading helper, which is a utility executed by the kernel on `hotplug` events requiring firmware, can to be set `setuid`. As a result of this, the helper utility is an attractive target for attackers with control of physical ports on the device. Disabling this configuration that is supported in **Linux 3.9 and greater**.
<!-- section-config -->
@@ -90,6 +96,12 @@ Kernel-General-FirmHelper-1 | `CONFIG_FW_LOADER_USER_HELPER` | `n`
<!-- end-section-config -->
+<!-- section-note -->
+
+It doesn't strictly need to be `setuid`, there is an option of shipping firmware builtin into kernel without initrd/filesystem.
+
+<!-- end-section-note -->
+
--------------------------------------------------------------------------------
## Enable Kernel Panic on OOPS
@@ -152,7 +164,7 @@ since that would provide a facility to unexpectedly extend the available attack
To protect against even privileged users, systems may need to either disable
module loading entirely, or provide signed modules
-(e.g. CONFIG_MODULE_SIG_FORCE, or dm-crypt with LoadPin), to keep from having
+(e.g. `CONFIG_MODULE_SIG_FORCE`, or dm-crypt with LoadPin), to keep from having
root load arbitrary kernel code via the module loader interface.
This configuration is supported in **Linux 3.7 and greater** and thus should only be enabled for such versions.
@@ -165,6 +177,16 @@ Kernel-General-ModuleSigning-1 | `CONFIG_MODULE_SIG_FORCE` | `y`
<!-- end-section-config -->
+It is also possible to block the loading of modules after startup with "kernel.modules_disabled".
+
+<!-- section-config -->
+
+Domain | `Variable` name | `Value`
+------------------------------ | ------------------------- | -------
+Kernel-General-ModuleSigning-2 | `kernel.modules_disabled` | `1`
+
+<!-- end-section-config -->
+
--------------------------------------------------------------------------------
<!-- pagebreak -->
@@ -236,12 +258,18 @@ Kernel-General-LibraryLinking-1 | Keep this part?
<!-- end-section-todo -->
-It is recommended that dynamic linking should generally not be allowed. This will avoid the user from replacing a library with malicious library. All libraries should be linked statically, but this is difficult to implement.
+It is recommended that dynamic linking should generally not be allowed. This will avoid the user from replacing a library with malicious library.
<!-- section-config -->
-Domain | `compiler` and `linker` options | _State_
-------------------------------- | ------------------------------- | --------
-Kernel-General-LibraryLinking-1 | `-static` | _Enable_
+Domain | Object | Recommendations
+------------------------------- | --------------- | --------------------------------
+Kernel-General-LibraryLinking-1 | Dynamic linking | Should generally not be allowed.
<!-- end-section-config -->
+
+<!-- section-note -->
+
+Linking everything statically doesn't change anything wrt security as binaries will live under same user:group as libraries and setuid executables ignore `LD_PRELOAD/LD_LIBRARY_PATH`. It also increases RSS footprint and creates problems with upgrading.
+
+<!-- end-section-note -->
diff --git a/security-blueprint/part-4/2-Memory.md b/security-blueprint/part-4/2-Memory.md
index 822c928..d7af446 100644
--- a/security-blueprint/part-4/2-Memory.md
+++ b/security-blueprint/part-4/2-Memory.md
@@ -44,6 +44,15 @@ Kernel-Memory-Swap-1 | `CONFIG_SWAP` | `n`
<!-- end-section-config -->
+<!-- section-note -->
+
+- Enabling swap at runtime require `CAP_SYS_ADMIN`.
+- Swap block device is usually under root:disk.
+- Linux never swaps kernel pages.
+- If swap disabling is not possible, swap encryption should be enabled.
+
+<!-- end-section-note -->
+
--------------------------------------------------------------------------------
<!-- pagebreak -->
@@ -79,10 +88,10 @@ Domain | `Config` name | `Value`
--------------------- | -------------------------- | -------
Kernel-Memory-Stack-1 | `CONFIG_CC_STACKPROTECTOR` | `y`
-Other defenses include things like shadow stacks.
-
<!-- end-section-config -->
+Other defenses include things like shadow stacks.
+
--------------------------------------------------------------------------------
## Disable access to /dev/mem
@@ -137,9 +146,10 @@ Emit extra code to check for buffer overflows, such as stack smashing attacks.
<!-- section-config -->
-Domain | `compiler` and `linker` options | `Value`
-------------------------------- | ------------------------------- | -------
-Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2`
+Domain | `compiler` options and `config` name | `Value`
+------------------------------- | ------------------------------------ | -------
+Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2`
+Kernel-Memory-BufferOverflows-2 | `CONFIG_FORTIFY_SOURCE` | `y`
<!-- end-section-config -->
diff --git a/security-blueprint/part-4/4-Debug.md b/security-blueprint/part-4/4-Debug.md
index 5a1eb24..cce5fc0 100644
--- a/security-blueprint/part-4/4-Debug.md
+++ b/security-blueprint/part-4/4-Debug.md
@@ -16,6 +16,12 @@ Kernel-Debug-Symbols-1 | `CONFIG_DEBUG_INFO` | `n`
These kernel debug symbols are enabled by other config items in the kernel. Care should be taken to disable those also. If `CONFIG_DEBUG_INFO` cannot be disabled, then enabling `CONFIG_DEBUG_INFO_REDUCED` is second best.
+<!-- section-note -->
+
+At least `CONFIG_DEBUG_INFO_REDUCED` should be always enabled for developers to convert addresses in oops messages to line numbers.
+
+<!-- end-section-note -->
+
--------------------------------------------------------------------------------
## Disable Kprobes