diff options
Diffstat (limited to 'agl-specs-v1.0/00-doorsNG-skimed.md')
-rw-r--r-- | agl-specs-v1.0/00-doorsNG-skimed.md | 4203 |
1 files changed, 4203 insertions, 0 deletions
diff --git a/agl-specs-v1.0/00-doorsNG-skimed.md b/agl-specs-v1.0/00-doorsNG-skimed.md new file mode 100644 index 0000000..c5ffbd5 --- /dev/null +++ b/agl-specs-v1.0/00-doorsNG-skimed.md @@ -0,0 +1,4203 @@ +--- +# Master Header for Jkyll +--- + +![](media/picture8.jpeg)![](media/picture9.jpeg)Version 1.0 +Automotive Grade Linux +Requirements Specification +May 28, 2015 +www.automotivelinux.org +www.linuxfoundation.org +![](media/picture10.jpeg)Automotive Grade Linux Requirements Spec v1.0 +![](media/picture94.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**1 Automotive Grade Linux** +1.1 Overview +Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open +source software solutions for automotive applications. Although the initial target for AGL is In- +Vehicle-Infotainment (IVI) systems, additional use cases such as instrument clusters and and +telematics systems will eventually be supported. AGL has participants from the Automotive, +Communications, and Semiconductor Industries and welcomes contributions from individual +developers. +By leveraging the over \$10B of investment made in the Linux kernel and other open source +software projects, the AGL Workgroup: +· +Enables rapid software innovation for automotive suppliers to keep up with the demand +from consumers for better IVI experiences +· +Utilizes the talents of thousands of open source software developers dedicated to +maintaining the core software in areas like the Linux kernel, networking, and +connectivity, used in systems across numerous industries +The goals of the Automotive Grade Linux Workgroup are to provide: +· +An automotive-focused core Linux operating system stack that meets common and +shared requirements of the automotive ecosystem with a broad community of +support that includes individual developers, academic organizations and companies. +· +A transparent, collaborative, and open environment for Automotive OEMs, Tier One +suppliers, and their semiconductor and software vendors to create amazing in-vehicle +software. +· +A collective voice for working with other open source projects and developing new open +source solutions. +· +An embedded Linux distribution that enables rapid prototyping for developers new to +Linux or teams with prior open source experience +This results in faster time to market by jump-starting product teams with reference applications +running on multiple hardware platforms. +Page 5 of 159 + + > **Term** > **Definition** + ------------ ------------------------------------------ + > A2DP > Advanced Audio Distribution Profile + > AGL > Automotive Grade Linux + > AVRCP > Audio Video Remote Control Profile + > FS > File System + > GPS > Global Positioning System + > GPU > Graphical Processing Unit + +![](media/picture95.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +1.2 Document Scope +The scope of this document is to define the architecture of the Automotive Grade Linux software +platform. The requirements are broken up into an overview of the Architecture and a description +of each of the layers in the architecture followed by the requirements for each module in the +various layers. The Architecture Diagram and the layout of the specification take into +consideration all of the components that would be needed for an IVI system; however the are +missing requirements for individual modules. As the spec continues to evolve those sections will +continue to be filled in. +The main goal of this document is to define the core software platform from which applications +can be built. As such, this document does not define application requirements except in a single +case (Home Screen). Application requirements will be developed by various projects that use the +AGL platform. Those application requirements can be used to drive new or revised +requirements into the platform. +At this time there is no plan to use this specification to create a compliance or certification +program. The specification is used as blueprint to guide the overall work of AGL and to derive +work packages for companies and individuals to complete in order to attain the goals of the AGL +Workgroup. +1.3 Glossary of Terms + + > HFP > Hands Free Profile + -------- ------------------------------------- + > IBOC > In-Band On Channel + > LTSI > Long Term Support Initiative + > NTP > Network Time Protocol + > OEM > Original Equipment Manufacturer + > OS > Operating System + > OSS > Open Source Software + > SDL > Smart Device Link + > STT > Speech to Text + > TTS > Text to Speech + +![](media/picture96.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**2 Architecture** +The Automotive Grade Linux Software Architecture diagram is below. The architecture consists +of five layers. The App/HMI layer contains applications with their associated business logic and +HMI. Generally applications are out of scope for this document since they are product specific +for the OEM that is developing a system based on AGL. +The Application Framework layer provides the APIs for creating both managing and running +applications on an AGL system. The Services layer contains user space services that all +applications can access. The Operating System (OS) layer provides the Linux kernel and device +drivers along with standard OS utilities. +Page 7 of 159 +![](media/picture97.jpeg)![](media/picture98.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**3 App/HMI Layer** +Applications may use a web based framework or a native framework. A system may include +applications that use different frameworks. Coordination of applications between frameworks is +performed by the AGL App Framework. The diagram represents possible applications that could +appear in a given system, but is not all inclusive. Reference applications may be provided by AGL +Page 8 of 159 +![](media/picture99.jpeg)![](media/picture100.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +to demonstrate the capabilities of the platform. +3.1 Home Screen +Home Screen provides the Home User Interface (Home UI) of the system which meets the +following requirements: +· Rich User Experience (Rich UX) +· Driver Distraction mitigation +· Variations support +Rich UX covers requirements such as usability and user satisfaction. Driver Distraction mitigation +covers requirements on display control and user operation behavior while vehicle is in motion to +minimize driver distraction. Variations support covers requirements to support customization of +design and behavior of the system to meet the different needs of vehicle type, destination and +grade. +**3.1.1 Layout** +The following use cases are considered for Layout. +· +Home Screen developer changes the Home UI by using a customizable layout definition. +Page 9 of 159 +![](media/picture101.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**3.1.2 System UI Parts** +The use case assumed about System UI Parts is as follows. +· +An application or System uses status bar and on-screen in order to notify information to +a user. +· +User uses the system setting UI in order to change settings. +· User uses software keyboard in order to input characters. +**3.1.3 Application Management** +The use case assumed about Application Management is as follows. +· +A user downloads and installs or updates the delivery application from application store. +· A user uninstalls the delivery application. +· +A user launches the installed delivery application or the pre-installed application. +· Also a user terminates those applications. +**3.1.4 Application Switch** +The use case assumed about Application Switch is as follows. +· +User switches application via application history or application stack. +· +The system switches application according to Driving Mode status. +**3.1.5 Application History** +Application switching by application history is assumed as follows. +· +The system records the order of the applications in the order in which the application is +displayed. +· +The order of application that is recorded is updated each time the display of the +application is switched. +· +Screen of the application is displayed in the order in which they are recorded in the +history at the time of switching applications. +Page 10 of 159 +![](media/picture102.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +‑ Specification of operation +- User runs a swipe from the edge of the application screen area. +‑ Specification of action +- The order of the screen is managed order management list (application history). +- List order update opportunity(Update has determined a display of the application) +- Application starts or stops. +- Allowed to stand between the screen N seconds after the swipe. +‑"N seconds"‑User defines the value of any. +- User to operate the screen after you swipe. +‑"operation"‑Screen tap. Menu display. Other. +Figure 5‑2 represents a sample Home Screen depicting the above mentioned use cases. +Page 11 of 159 +![](media/picture103.jpeg)![](media/picture104.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**3.1.6 Application Stack** +Application switching by application stack is assumed as follows. +· +The user specifies the type of any order. The system records the order of the application +to the rule as of the specified type. +· Examples of the types of any order +· Application start-up order +· +Screen of the application is displayed in the order in which they are recorded in the stack +Page 12 of 159 +![](media/picture105.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +when switching applications. +‑ Specification of operation +· +User runs a swipe from the edge of the application screen area. +‑ Specification of action +· +The order of the screen is managed order management list (application stack). +· +List order update opportunity.(Application start-up order as an example) +· +Application that started at the end of the list when the application is started is added. +· +Application that has stopped from the list when the application is stopped will be +deleted. +Figure 5-3 represents the switching example depicting the application of the above switching. +Page 13 of 159 + + -------------------------------------------------------------------------------------- + > **No** > **Use Case** > **Role** > **Description** + ---------- ----------------- --------------- ----------------------------------------- + > 1-1 > Layout > GUI Layout > Function to define a customizable + > > + > definition > GUI Layout definition. + -------------------------------------------------------------------------------------- + +![](media/picture106.jpeg)![](media/picture107.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**3.1.7 Role of Home Screen** +Table 5-1 describes the role of the Home Screen to satisfy the purpose and use cases +Page 14 of 159 + + ---------------------------------------------------------------------------------------------------- + > 1-2 > Change Layout > Function to apply the customized + > + > GUI layout definition. + ------- --------------------- ------------------------ --------------------------------------------- + > 2-1 > System UI Parts > Status Bar > Function to display the + > + > information from application or + > + > system. + > + > Function to quickly access and set + > + > certain system settings. + + > 2-2 > On-screen > Function to display a popup + > + > window such as alert messages. + + > 2-3 > System Setting > Function to display system + > + > settings menu regarding GUI, + > + > such as locale and network. + + > 2-4 > Software > Function to display software + > > + > Keyboard > keyboard. + + > 3-1 > Application > Application > Function to download + > > > + > Management > Management > applications from application + > + > store. Function to install, uninstall + > + > and update the downloaded + > + > applications. + + > 3-2 > Application > Function to launch/terminate + > > + > Launcher > applications. + + > 4-1 > Application > Application List > Function to switch applications by + > > + > Switch > installed application list. + + > 4-2 > Application History > Function which switches + > + > application in order by + > + > applications history. + + > 4-3 > Application Stack > Function to switch application in + > + > any order. + ---------------------------------------------------------------------------------------------------- + +![](media/picture108.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**Table 5-2: Relevance of the Role and Purpose** +Page 15 of 159 + + ----------------------------------------------------------------------------------------------- + > **No.** > **Role** > **Rich UX** > **Driver** > **Variations** + > > + > **Distraction** > **support** + > + > **mitigation** + ----------- --------------------------- ---------------- ------------------- ------------------ + > 1-1 > GUI Layout definition > ‑ > ‑ > ‑ + + > 1-2 > Change Layout > ‑ > ‑ > ‑ + + > 2-1 > Status Bar > ‑ > ‑ + + > 2-2 > On-screen > ‑ > ‑ + + > 2-3 > System Setting > ‑ > ‑ + + > 2-4 > Software Keyboard > ‑ > ‑ + + > 3-1 > Application Management > ‑ > ‑ + + > 3-2 > Application Launcher > ‑ > ‑ + + > 4-1 > Application List > ‑ > ‑ + + > 4-2 > Application History > ‑ > ‑ + + > 4-3 > Application Stack > ‑ > ‑ + ----------------------------------------------------------------------------------------------- + +![](media/picture109.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**3.1.8 Requirements** +**3.1.8.1 Layout** +Home Screen must provide a mechanism for customizable GUI layout definition by each vehicle +type, each destination and each grade. +Home Screen must provide a mechanism for a customizable GUI layout definition for different +vehicle type, destination and grade. +GUI layout definitioncan be definedsuch as the following items: +(In addition, items that can be defined is not limited to the following.) +· screen resource (Display, Layer Type, Area) +Page 16 of 159 +![](media/picture110.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· sound resource (Zone, Sound Type) +· input resource (Device, Event Type) +· UI Component to be used in the entire system +· transition effect (Animation effect) +· Background image +Home Screen must provide a mechanism to apply customized GUI layout definition. +**3.1.8.2 System UI Parts** +Home Screen must provide a mechanism to display two or more information simultaneously to +the status notification area. +Home Screen must provide a mechanism to displaying status to status notification area. +· Current Time: Displaying clock capability +· +Icons of Status: Displaying icons for notify information from applications +· +Status Message: Displaying text for notify information from applications +· +Communication Status: Status of mobile communication and wireless communications +(Wi-Fi, Bluetooth, etc.) +Home screen must provide an interface to retrieve information from application for notification. +Home Screen must provide a mechanism to show popup window into on-screen window. +Home Screen must provide GUI method to hide on-screen window by user operation. +Home Screen must provide a mechanism to hide on-screen window within a specified duration. +Home Screen must provide an interface for applications to request to show popups. +Home Screen must provide an interface for applications to cancel the previously requested +popup. +Page 17 of 159 +![](media/picture111.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Home Screen must provide a mechanism to show text information, draw images and show +software switch like button in the on-screen window. +Home Screen must provide a mechanism to specify attributes such as position and size of On- +screen window. +Home Screen must support a mechanism to specify other window display effect when the On- +screen window is displayed. (e.g. tone down) +Home Screen must provide system setting menu regarding GUI, such as locale and network. +Home Screen must provide a mechanism to change current date and time setting. +Home Screen must provide a mechanism to change timezone setting. +· +The platform must set up the date, time and timezone according to a current position +automatically. +· +Home Screen must provide a mechanism to set up turning on and off of the automatic +date/time/timezone setup. +Home Screen must provide a mechanism to change language setting. +Home Screen must provide a mechanism to change wireless communications (Wi-Fi, Bluetooth, +etc.) setting. +· Enable/Disable +· Connect/Disconnect +· Search the devices +· Display the list of available and/or registered devices +Home Screen must provide a mechanism to change mobile communication setting. +· Enable/Disable +Page 18 of 159 +![](media/picture112.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· A setup and change of various attributes +· Display the list of registered devices and select device +HomeScreen must support to change the appearance of a screen to a user's liking. +These are as follows. +· Tone of a screen. +· Appearance of a window frame. +· Animation effect when screen transition was occurred. +Home Screen must support a mechanism to set or change master audio volume. +Home Screen must support a mechanism to set or change display brightness. +Home Screen must provide a mechanism to show software keyboard. +Home Screen must provide a mechanism to apply default settings (e.g. theme, local, wallpaper) +to a new user, when a user is added by the User Manager. +**3.1.8.3 Application Management** +Home Screen must provide a mechanism to manage downloaded application package. +· Display downloaded application list from application store. +· Download the application +· Install the downloaded application +· Uninstall the downloaded application +· Update the downloaded application +Home Screen must provide a mechanism to launch the application. +Home Screen must provide a mechanism to terminate the application. +Page 19 of 159 +![](media/picture113.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**3.1.8.4 Application Switch** +Home Screen must provide a mechanism to show the list of installed applications. +Examples of assumed application list +· list of application name +· list of application’s icon +· list of live thumbnail for all the running applications +Home Screen must provide a mechanism for switching display application in order by application +history. +Home Screen must provide a mechanism for the application stack in any order. For example, +such as launch order or display order. +Home Screen must provide a mechanism for the system to switch applications. +For example, when Driving Mode changes, system must be able to switch application based on +policy. +**4 Application Framework Layer** +The Application Framework layer provides the methods needed to create software applications +and their user interfaces. The platform can support multiple application frameworks any of +which may be built into an SDK or product build. The application framework contains any code +specifically written for that framework as well the bindings to the Services and Operating +Systems layers that the application framework provides for its applications. +4.1 AGL Application Framework +The AGL Application Framework provides basic services to all applications regardless of the +framework they are implemented in so that there is a standard method providing the services. +Page 20 of 159 +![](media/picture114.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**4.1.1 Application Manager** +Application Manager describes requirements for AGL application lifecycle function. Application +lifecycle contains application installation/removal and launch/hide/resume/kill. +**4.1.1.1 Requirements** +AGL System must support application lifecycle (install/uninstall, launch/kill, suspend/resume) based on +appid/pid via launcher. +AGL System must support a database to store application metadata (appid, exec path etc.). +AGL System must provide an interface to get a list of installed applications. +AGL System must provide an interface to get the state of an application. +AGL System must provide application privilege control. +**4.1.2 Window Manager** +A window system is a software component that facilitates an implementation of graphical user interface. A +window system is responsible for managing display devices, Graphics Processing Units (GPUs), input +devices, and graphics memory. A window system works with the software component named window +manager that is responsible for a layout management of windows, and a routing of user interactions. +A window manager is as software component that is responsible for a layout management of +windows. +Window manager of automotive middleware layer makes up for traditional window management +system to be satisfied IVI’s complex requirements, typically requested from Policy Manager. +Also, AGL aims to provide well-portability among various hardware platforms. +Page 21 of 159 + + -------------------------------------------------------------------------------------------------------- + > **No.** > **Role** > **Description** + ----------- ----------------------------- -------------------------------------------------------------- + > 1 > Window drawing > Provide capability to draw a window to any place + > + > and any size and any scale. + > + > Also provide capability to change visibility of the + > + > window. + + > 2 > Overlay of multiple > Provide capability to overlay two or more windows + > > + > windows > with any z-order. + > + > Also provide capability to use hardware layer + > + > efficiently. + + > 3 > Visual effect > Provide capability to adapt visual effect as below. + > + > · Animation effect to change visibility + > + > · Animation effect to transit between two or + > + > more windows + > + > · Visual effect for a window, such as gray-out + > + > and transparent. + + > 4 > Frame rate control > Provide capability to control dynamic frame rate + > + > change. This is useful if system resource was + > + > shortage. + + > 5 > Multiple hardware layer > Provide capability to use hardware layer efficiently + > > + > support > if hardware supports two or more hardware layers. + -------------------------------------------------------------------------------------------------------- + +![](media/picture115.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**4.1.2.1 Use** **Case** +Please refer “screen resource control” of Policy Manger section. +**4.1.2.2 Role** +Table 7-148 describes the role of window manager to be satisfied above purpose and use +cases. +Page 22 of 159 + + ---------------------------------------------------------------------------------------------- + > 6 > Reduced dependency of > Provide well-defined interface to reduce + > > + > hardware > dependency of hardware. Well-defined interface + > + > also makes it possible to increase the effect of + > + > portability and development cost. + ----- --------------------------- ------------------------------------------------------------ + > 7 > Multi window / multi > Support multi window management and multi + > > + > display > display. + + > 8 > Compatibility > From the compatibility point of view, AGL should + > + > use public API, and shall not rely on hardware + > + > specific API. + ---------------------------------------------------------------------------------------------- + +![](media/picture116.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**4.1.2.3 Requirements** +4.1.2.3.1 Window Drawing +System must provide a mechanism to manage surfaces, such as create, delete, make visible and +make invisible. +System must provide a mechanism to create and delete surface. +When surface is created or deleted, system must notify status change to GUI resource. +This notification mechanism makes possible to assign surface to proper area by GUI resource. +System must provide a mechanism to change visibility per each surface. +And, provide an interface to change visibility. +All the surfaces must be set to invisible for initial state. +Surface will be visible only if GUI resource issues to change visibility. +System must provide a mechanism to move surface’s area. If area size was different between +previous area and new one, then system must support to fit into new area by VIC.4.1.4. +*System must provide a mechanism to fit surface into area. Because, size of area may differe*nt +Page 23 of 159 +![](media/picture117.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +from size of surface. +If resize was happened, system must notify to surface’s owner application. +If size of surface and size of area was different, system must provide a mechanism to fit surface +into area by squeeze. +If size of surface and size of area was different, system must provide a mechanism to fit surface +into area by using combination of scaling and trimming function. +That means, system must provide a mechanism to fit surface into area keeping original aspect +ratio. This makes it possible to fit by “pan & scan”. +If size of surface and size of area was different, system must provide a mechanism to fit surface +into area by using combination of scaling and background color. +That means, system must provide a mechanism to fit surface into area keeping original aspect +ratio. System also provides a mechanism to fill background color into redundant pixels. This +mechanism makes it possible to do “letterbox” method. +4.1.2.3.2 Overlay of Multiple Windows +System must provide a mechanism to create and delete a layer. +Layer must have a concept of z-order. That means, display order for each layer is decided by +their z-order attribute. +Z-order attribute is fixed value. So, if application wants to change display order of surfaces, +then, attached layer must be changed. +System must provide a mechanism to create and delete “area” to display surface. +Area is a concept which defines where to display in specific layer. +System must provide a mechanism to attach surface to any layer. +Also, system must be able to change attached layer. +And, provide an interface to attach and change. +Page 24 of 159 +![](media/picture118.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System must provide a mechanism to assign surface to any area in a layer. +And, provide an interface to assign surface to any area. +System must provide a mechanism to change visibility per each layer. +That means all the surfaces belonging to same layer will be changed visible or invisible at the +same time. +And, provide an interface to change visibility per layer. +Initial state must be set to invisible. +System must provide a mechanism to enable superimposed display based on z-order of each +layer, and disposition of surfaces. +4.1.2.3.3 Visual Affect +System must provide a mechanism to apply animation effect when visibility change was +happened. +Per each animation, system must provide a mechanism to apply below attributes. +- Duration +Animation type +System must provide typical animation effects, such as slide-in, slide-out, zoom-in and zoom- +out. +Also, system must provide a mechanism to add, delete and change animation effect easily by +plug-in architecture. +System must provide a mechanism to apply animation effect when move surface was happened. +Per each animation, system must provide a mechanism to apply below attributes. +· Duration +Animation type +System must provide typical animation effects, such as slide-in, slide-out, zoom-in and zoom- +Page 25 of 159 +![](media/picture119.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +out. +Also, system must provide a mechanism to add, delete and change animation effect easily by +plug-in architecture. +System must provide a mechanism to make effect to surface. +And, provide an interface to set effect type from application and other software components. +System must provide a mechanism to make specific surface to gray-out. +System must provide a mechanism to make specific surface to low brightness +System must provide a mechanism to add, delete and change effect for surface easily by plug-in +architecture. +4.1.2.3.4 Frame Rate Control +System must provide a mechanism to reduce frame rate independent from refresh interval of +application. +System also provides a mechanism to set frame rate as 0fps, independent from refresh interval +of application. +This function is useful to keep whole system quality even if high load status, such as live +thumbnail and moving surface. +4.1.2.3.5 Multiple Hardware Layer Support +If hardware supports two or more hardware layers, system must provide a mechanism to use +hardware layers efficiently. +· +Never use software overlay when superimposing two or more hardware layers +Assign hardware layer for graphical high load function, such as video playback +4.1.2.3.6 Reduced Dependency of Hardware +Page 26 of 159 +![](media/picture120.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Window Manager must be able to retrieve system structure regarding displays and layers of +each display. And system must provide a mechanism to adapt any structure without re-build, +such as by using re-configuration. +4.1.2.3.7 Multi Window +AGL specifies that automotive grade Linux shall manage multiple windows owned by multiple +processes on a display. +AGL specifies that automotive grade Linux shall support multi-headed display. +4.1.2.3.8 Compatibility +AGL specifies that automotive grade Linux shall have a window manager that uses only public +APIs provided by Window System and OpenGL/ES 2.0 for rendering and user interaction. +AGL specifies that automotive grade Linux shall have a window manager that relies on a +standard rendering API such as OpenGL/ES 2.0 only. The window manager shall not rely on any +hardware specific API. +A window system and OpenGL/ES 2.0 API are responsible for a hardware abstraction. +**4.1.3 Policy Manager** +**4.1.3.1 Overview** +4.1.3.1.1 Purpose +Policy Manager collects information and makes decisions based on them. To do that, Policy +Manager collects lots of status, such as user operation and application status, then issue Vehicle +Info Control or Resource Control to provide information. Policy Manager controls two types of +resource, one is called “GUI resources” such as screen and sound, and other one is called +Page 27 of 159 +![](media/picture121.jpeg)![](media/picture122.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +“System resources” such as CPU and memory. +4.1.3.1.2 GUI Resources +(1) Definition +· About Control of GUI Resources +AGL is supposed the following devices in this feature. For example, display with touch panel, +speaker, and microphone. And AGL defines that “GUI resources” are resources that provide user +or is provided by user on those devices, such as windows, sound streams and input events. +**Figure 7-1: GUI resources** +Page 28 of 159 +![](media/picture123.jpeg)![](media/picture124.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Policy Manager controls GUI resources according to external conditions. For example, Policy +Manager limits the information of GUI resources while the vehicle is driving, because, the too +much information distracts the attention of driver from driving operations. +· Associated Software Architecture +The software architecture of Policy Manager and related components regarding GUI resources +control is as below. +**Figure 7-2: Associated Software Expected Use Case** +Page 29 of 159 + + ----------------------------------------------------------------------------------------------------------------------------------------------------- + > **No** > **Component** > **Description** + > + > **.** + ---------- ------------------------ --------------------------------------------------------- ------------------------------------------------------- + > 1 > Homescreen > Request to control of GUI resources. + + > 2 > Applications > Request to output or input of GUI resources. + + > 3 > UI Component > Receive driving mode and day night mode. And + > + > then provide the corresponding feature to + > + > applications UI such as input limitation and + > + > changing the theme. + + > 4 > Application Manager > Detect application installation. Then Notify the + > + > definition of GUI resources such as role by + > + > application configurations. + + > 5- > Vehicle > Window Manager + > > + > 1 > Info + > + > Control + + > 5- > Sound Manager + > + > 2 + + > 5- > Input Manager + > + > 3 + + > 5- > Vehicle Info Distributor + > + > 4 + + > 5- > User Manager + > + > 5 + ----------------------------------------------------------------------------------------------------------------------------------------------------- + +![](media/picture125.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Policy Manager is related with the below components. +(2) Role +Page 30 of 159 + + ----------------------------------------------------------------------------------------------------- + > **ID** > **Role** > **Description** + ---------- ------------------------------ ----------------------------------------------------------- + > 1 > External condition > (1) Receives the external conditions. + > + > collection + + > 2 > Judgment of priority of > (1) Receives the input/output/control request of + > > + > GUI resource > GUI resources. + > + > (2) Judgment the GUI resource owner according to + > + > external conditions. + + > 3 > GUI resource control > (1) Issue the GUI resource control according to + > + > judgment. + > + > (2) Notify the driving mode and day night mode + > + > that is calculated by external conditions. + ----------------------------------------------------------------------------------------------------- + +![](media/picture126.jpeg)![](media/picture127.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Policy Manager has the below role. +Page 31 of 159 +![](media/picture128.jpeg)![](media/picture129.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**Figure 7-3: Definition of Role** +GUI resource classifies screen resource, sound resource and input resource. Details of each +resource type are as follows: +a. Screen Resource +a-1. External Condition Collection +Policy Manager collects the below definition that is related with screen resource. +**Figure 7-4: Definition of screen resource** +• Concept of Display, Layer, Layout and Area +AGL supports not only one physical display but also two or more displays. Each display has one +or more layer. And each layer must be connected to one layout defined by Homescreen. Layout +Page 32 of 159 +![](media/picture130.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +consists of one or more areas. “Area” is graphics composed area to display specific graphics +window. +The z-order of layers is flexible. Policy Manager decides the z-order of each layer depending on +objectives of them. For example, layer-1 was used as “phone call notification”, and layer-2 was +used as displaying “map”, then Policy Manager will decide that layer-1 should be upper than +layer-2. +Layer is created by application including Homescreen. When application creates layer, +application specifies layer type. Layer type is roughly categorized as “Basic” and “Interrupt”. +“Basic” layers are used to display application itself such as media playback, map drawing and +setting menu. “Interrupt” layers are used to display overlay windows such as information alert +and enlarged view. +When application creates layer with ”Basic” type, application must specify layout type for it. On +the other hand, the case layer with “Interrupt”, application must specify corresponding “Basic” +layer. The layout of “Interrupt” layer is followed by “Basic” layer’s layout. +From the capability of Policy Manager point of view, the main purpose of layer is to decide z- +order. In other words, if there is a scenario to change z-order of two or more windows triggered +by system status change and/or user operation, then such kind of window must assign to +individual layer. +• Concept of Layer Owner, Role and Surface +“Layer owner” is application which created that layer. “Layer owner” can request each area of +that layer. When “Layer owner” requests specific area, “Layer owner” also specify “Role” of +area. “Role” represents how to be used that area, and used to define z-order of layers by Policy +Manager. +“Layer owner” also can request to change “Role” for specific area, however, whether “Role” +change is acceptable or not is decided by Policy Manager by using policy rule. +One area should connect to one graphics window. AGL defines the term “Surface” as graphics +window to display into one area. +Page 33 of 159 +![](media/picture131.jpeg)![](media/picture132.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Surface is a canvas to draw graphical image by application. To show via physical display, surface +drawn by application must be assigned to specific area. Figure 7-16 describes simplest example +to assign one surface to full screen with one layer. If layer has two or more areas, then +corresponding surfaces are mapped to each area. According to example of Figure 7-16, surface +is fit to area size as “squeeze”, however AGL also provide a way to fit as “letterbox” and “pan & +scan”. +**Figure 7-5: Definition of Surface** +• Subdivision of “Interrupt” Layer +Basically, “Basic” layer corresponding to “Interrupt” layer is used to display application’s main +surface. However there are some exceptions. For example virtual keyboard is not needed main +surface. However, to follow this layer type rule, virtual keyboard must have corresponding +“Basic” layer. But this “Basic” layer never used to display. Also on-screen, such as alert message +is not needed main surface too. But it must have corresponding “Basic” layer from same reason. +According to above concept and some exceptions, AGL defines four layer types described +as Table 7-3. +Page 34 of 159 + + --------------------------------------------------------------------------------------------------------- + > **No** > **Type** > **Summary** > **Example** + ---------- ------------- -------------------------------------------------------- ----------------------- + > 1 > Basic > This is application’s basic screen. Typically, > Map of navigation + > + > application requests this layer at first time. + + > 2 > Interrupt > This is application’s popup screen. > Enlarged view of + > + > navigation + + > 3 > On-screen > This is system popup screen. Typically, On- > Warning message + > > + > screen service (e.g. Homescreen) requests > popup + > + > this layer. + + > 4 > Software > This is the software keyboard screen. > Software keyboard + > > + > keyboard > Typically, software keyboard service + > + > requests this layer. + --------------------------------------------------------------------------------------------------------- + + ------------------------------------------------------------------------------------------------------ + > **No** > **Contents** > **Summary** > **Example** + ---------- ---------------- ------------------------------------------------------- ------------------ + > 1 > Role > This is screen owner (such as application or > Navigation + > + > service) role. + + > 2 > Sub role > This is specific screen role. > Enlarged view + ------------------------------------------------------------------------------------------------------ + +![](media/picture133.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +a-2. Judgment of Priority of GUI Resource +Policy Manager receives the request with “Role” that is related with each screen resource. Role +is the category name of screen resource priority. Role is used to judgment of priority by Policy +Manager. Table 7-4 and Figure 7-6 describes the definition of role and sub role. +Role consists of role and sub role. Role is screen owner role such as “Navigation” and “Software +Page 35 of 159 +![](media/picture134.jpeg)![](media/picture135.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +keyboard”. Sub role defines when layer type of the screen resource is not “Basic”. Sub role is +popup screen role such as “Enlarged view” (of Navigation). +**Figure 7-6: Definition of Role and Sub role** +The screen resources are sorted of priority that is related to role by Policy Manager. If display +has two or more layers, then all layers will be superimposed by z-order. +In addition, Policy Manager decides the area of "Interrupt" layer using role. Area of "Interrupt" +layer must be same area of the related "Basic" layer. "related" means that "Role" (is not "Sub +role") of "Basic" and "Interrupt" is same. For examples, if "Interrupt" layer is set “Navigation” +role and “Lane guidance” sub role, this is set in same area of "Navigation" role. +a-3. GUI resource control +Policy Manager controls the screen resources using Vehicle Info Control. Policy Manager only +issues to control the screen resources but it is actually controlled by Vehicle Info Control +directly. +Page 36 of 159 +![](media/picture136.jpeg)![](media/picture137.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +There are three types of screen resource control: +One is allocation of each surface such as position, size and size-fitting method. +Second one is visibility control. Basically, visibility should be “ON” during area owner was +assigned. However, visibility may set to “OFF” during driving mode due to driving restriction. +Last one is order control of each layer. Policy Manager decides the order of each layer, and issue +z-order information for each layer. +b. Sound Resource +b-1. External Condition Collection +Policy Manager receives the below definition that is related with sound resource. +**Figure 7-7: Definition of Sound Resource** +• Zone +Zone is a place in the car, such as driver zone, passenger zone, rear seat zone. Each zone can +play at the same time. +Page 37 of 159 + + ------------------------------------------------------------------------------------------------- + > **No** > **Type** > **Summary** > **Example** + ---------- ------------- ---------------------------------------------- ------------------------- + > 1 > Basic > This is application’s basic sound. > Music of media + > + > player + + > 2 > Interrupt > This is application’s interrupt sound. > Guidance of + > + > Navigation + + > 3 > Beep > This is beep. Typically, Homescreen > Display touch sound + > + > requests this type. + ------------------------------------------------------------------------------------------------- + +![](media/picture138.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +• Sound type +Sound type is the category of sound resource. Sound type must be set by each sound resource +owner such as application. If application wants to play sound, it must be assigned to proper +sound type of proper zone. Only one sound stream can occupy specific sound type of specific +zone. In other words, if two or more sound streams should be mixed in same zone, then each +sound stream must assign to individual sound type. +AGL supports the following sound type, however it’s just sample and should be configurable. +• Stream +Stream is connection of sound resource that is made in applications. Sound is transferred in +stream. +b-2. Judgment of Priority of GUI resource +Policy Manager receives the request with “Role” that is related with each sound resource. Role +is the category name of sound resource. Role is used to judgment of priority by Policy +Manager. Figure 7-8 describes the definition of role. +Page 38 of 159 +![](media/picture139.jpeg)![](media/picture140.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**Figure 7-8: Sample Role** +The sound resources in the same zone and same sound type are switched along the priority that +is related to role by Policy Manager. In other words, the sound resources of different zones or +different sound type are not switched. They are mixed. +b-3. GUI Resource Control +Policy Manager controls the sound resources using Vehicle Info Control. Policy Manager only +issues to control the sound resources but it is actually controlled by Vehicle Info Control +directly. +There are two types of sound resource control: +One is playback control such as play, pause and stop. Policy Manger issues to play sound for +sound area owner, and if area owner was changed, then issue to stop previous playing sound +Page 39 of 159 +![](media/picture141.jpeg)![](media/picture142.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +stream and to start play latest area owner. +Other one is volume control. Two or more sound streams of same zone may playback +simultaneously if each sound streams are assigned to different sound type. In this case, Policy +Manager specifies volume parameter for each sound stream. For example, if route guidance and +music playback are mixed, assign higher volume to route guidance and volume down for music +playback. +c. Input Resource +c-1. External Condition Collection +Policy Manager receives the below definition that is related with input resource. +**Figure 7-9: Definition of Input Resource** +• Device Name +Device name is identity of input device such as steering SW and microphone. +• Event Type +Event type is logical group of input event from each input device such as volumes and +temperatures. +c-2. Judgment of Priority of GUI resource +Page 40 of 159 +![](media/picture143.jpeg)![](media/picture144.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +If application wants to be notified input event, it must request input event notice with device +name and event type. The request is judged whether to notify by Policy Manager using policy +DB. And Vehicle Info Control notifies input event to applications along the result of the +judgment as below. +**Figure 7-10: Definition of routing rule** +OEM special switch means product variant configuration in Figure 7-10. +c-3. GUI Resource Control +Policy Manager controls the input resources using Vehicle Info Control. Policy Manager only +issues to control the input resources but it is actually controlled by Vehicle Info Control directly. +Input resource control is to specify event target to Vehicle Info Control. +4.1.3.1.3 System Resources +(1) Definition +Policy Manager controls System resources according to external conditions. For example, Policy +Manager limits memory usage of background applications when memory shortage was occurred. +Page 41 of 159 + + ---------------------------------------------------------------------------------------------------- + > **ID** > **Role** > **Description** + ---------- ----------------------------- ----------------------------------------------------------- + > 1 > External condition > (1) Receives the external conditions. + > + > collection + + > 3 > System resource control > 1. Issue the System resource control according + > + > to external condition change. + > + > 2. Kill process(s) forcibly according to external + > + > condition change. + ---------------------------------------------------------------------------------------------------- + +![](media/picture145.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Policy Manager controls System resources by using “Resource Control” of kernel layer. So, +target resources are CPU, memory, storage bandwidth and network bandwidth. +**4.1.3.2 Requirements** +4.1.3.2.1 Screen Resource +(1) External Condition Collection +System must provide a mechanism to receive the definition that is used judgment of resource +owner. +System must provide a mechanism to receive the physical display information. Because system +uses physical display information with to control surface to other system. The receive +information must include as follows. +a. ID +b. Display resolution (Vertical and horizontal number of pixels) +c. DPI +d. Connected ECU +Page 42 of 159 +![](media/picture146.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System must provide a mechanism to receive the layout definition. Layout definition must be +able to identify the all areas of display. As a result, system recognizes the available area list +according to current layout of each display. +The receive definition must include the follows. +a. ID +b. Area list +System must provide a mechanism to receive the area definition. Area is set application surface +by system if the request is accepted by system. As a result, application surface displays on the +device. +The receive request must include the follows. +a. Layout ID +b. ID +c. Area position (Coordinate of the upper-left) +d. Area size (Length \* Width) +System must provide a mechanism to receive the layout type of each display. System can specify +the available areas if layout type is defined. The receive information must include the follows. +a. Display ID +b. Layout ID +System must provide a mechanism to receive the priority rule. Because system must judge the +providing resource using it when the request is collision. +The receive information must include the follows. +a. Role +b. Priority +System must provide a mechanism to receive the vehicle status. Because system must judge +driving mode. +The receive information must include the follows. +a. Velocity +Page 43 of 159 +![](media/picture147.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +b. Brake status +System should provide a mechanism to receive the vehicle status. Because system should judge +day night mode. +The receive information should include the follows. +a. The brightness of the interior +System should provide a mechanism to receive the user status. Because system should judge the +providing resource using it. +System should provide a mechanism to receive the infrastructure status. Because system should +judge the providing resource using it. +(2) Judgment of Priority of GUI Resource +System must provide a mechanism to assign resource owner to the requested resource +according to external condition. This means that system judges the providing resource. +System must provide a mechanism to receive the layer request. System allocates the physical +resource. Application must request the area on this layer if application needs to display the +resource. +The receive request must include as follows. +a. Role +b. Layer type +The receive request should include as follows. +c. Display ID +System must provide a mechanism to receive the area request. System sorts layers in order by +priority that is related with the specified role. Then system displays the application surface on +the specified area on the specified layer. +The receive request must include as follows. +a. Role +Page 44 of 159 +![](media/picture148.jpeg)![](media/picture149.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +b. Layer ID +The receive request must include as follows when layer type of the specified layer is “Basic”. +Because there is a specification that the area on layer except basic type must be located on the +related basic type area. +c. Area ID +**Figure 7-11: Sequence to display** +System should provide an interface to request both screen and sound resource simultaneously. +In this request, requester should choose below options. +a. +Requester needs both screen and sound. For example, if screen resource was available, +but sound resource was occupied by other owner of higher priority, then, request should +be refused. +b. +Requester wants screen and sound resource as much as possible. For example, if screen +resource was available, but sound resource was occupied by other owner of higher +priority, then, only screen resource should be assigned to requester. +Page 45 of 159 +![](media/picture150.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System should provide a mechanism to receive the request of forcibly acquire and forcibly +release. System should be able to forcibly acquire and forcibly release request during system +running. System should raise the requested surface to the top of the display. +The receive request should include the follows in addition to the information of the normal +request. +a. Effective period (Can set unlimited) +System should not raise the other surface above its during effective period. +System should provide a mechanism to receive the request that is specified the following effect. +a. The effect at the transition +b. The effect of display surface +System must provide a mechanism to judge priority of resources. The screen resources are +sorted of priority that is related to role by system. If display has two or more layers, then all +layers will be superimposed by z-order. +System must provide a mechanism to judge visible surfaces according to vehicle running state. +System must hide the surface that has too much information. +(3) GUI Resource Control +System must provide a mechanism to issue the resource control according to judgment. +System must provide a mechanism to issue the following resource control. +a. Visible / Invisible +b. Change position +c. Raise +The receive request must include as follows. +i. Surface ID \*Only case of visible. +ii. Display ID \*Only case of visible. +iii. Layer ID \*Only case of visible. +Page 46 of 159 +![](media/picture151.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +iv. Position (Coordinate of the upper-left) \*Only case of visible and change position. +v. Size (Length \* Width) \*Only case of visible. +System should provide a mechanism to set the following effect of the surface to other system. +a. The effect at the transition +b. The effect of display surface +4.1.3.2.2 Sound Resource +(1) External Condition Collection +System must provide a mechanism to receive the definition that is used judgment of resource +owner. +System must provide a mechanism to receive the zone definition. Because system uses zone +information with to control stream to other system. The receive information must include as +follows. +a. ID +b. Sound device ID +System must provide a mechanism to receive the sound type definition. Because system uses +sound type information with to control stream to other system. The receive information must +include as follows. +a. ID +(2) Judgment of Priority of GUI resource +System must provide a mechanism to assign resource owner to the requested resource +according to external condition. This means that system judges the providing resource. +System must provide a mechanism to receive the owner request. System must be able to receive +request during system running. +Page 47 of 159 +![](media/picture152.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +The receive request must include as follows. +a. Role +b. Zone ID +c. Sound type ID +System should provide a mechanism to receive the request of forcibly acquire and forcibly +release. System should be able to forcibly acquire and forcibly release receive request during +system running. +The receive request should include as follows in addition to the information of the normal +request. +a. Effective period (Can set unlimited) +System must assign resource owner as requested. And system must not assign resource owner +by other request on same area during effective period. +System should provide a mechanism to receive the request that is specified the following effect. +a. The effect at the transition +b. The effect of output sound +System must provide a mechanism to judge priority of resources when there are two or more +resources on same sound type on same zone. System judges the providing resource by priority +of resources that is related to role. +\* Boundary of the role between Policy Manager and application. +Page 48 of 159 +![](media/picture153.jpeg)![](media/picture154.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Figure 7-12: Boundary of role (Case of reverse) +System should provide a mechanism to manage order of the owner request. Because system +should provide a mechanism to hold the request until the request is approved. +For example, if current playing interrupt sound completed, select the next play interrupt sound +from request history based on the priority. +(3) GUI Resource Control +System must provide a mechanism to issue the resource control according to judgment. +System must provide a mechanism to issue the following resource control. +a. Mute / Unmute +b. Change zone +The receive request must include as follows. +i. Stream ID +ii. Device +In the case of multi-channel speaker, the receive request should include as follows. +iii. Channel ID +Page 49 of 159 +![](media/picture155.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System should provide a mechanism to set the below effect of the sound to other system. +a. The effect at the transition +b. The effect of output sound +4.1.3.2.3 Input Resource +(1) External Condition Collection +System must provide a mechanism to receive the definition that is used judgment of resource +owner. +System must provide a mechanism to receive the input device information. Because system uses +input device information with to control input event to other system. The receive information +must include as follows. +a. ID +System must provide a mechanism to receive the event type definition. Because system uses +input device definition with to control input event to other system. The receive definition must +include as follows. +a. ID +b. Related event IDs +(2) Judgment of Priority of GUI resource +System must provide a mechanism to assign resource owner to the requested resource +according to external condition. This means that system judges the providing resource. +System must provide a mechanism to receive the owner request. System must be able to receive +request during system running. +The receive request must include as follows. +a. Input device ID +Page 50 of 159 +![](media/picture156.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +b. Event type ID +System should provide a mechanism to judge whether to accept request according to the +limitation routing rule of policy DB. +(3) GUI Resource Control +System must provide a mechanism to issue the resource control according to judgment. +System must provide a mechanism to issue the following resource control. +a. Set the routing rule +The receive request must include as follows. +i. Input device ID +ii. Event type ID +The receive request must include either as follows. +iii. The allowed application +iv. The denied application +System should provide a mechanism to set the following information. +a. Application that has active surface +System should notify the touch event from touch panel to user operating application. This +feature is needed because there may be case that privilege application such as Homescreen +changes the active surface. +4.1.3.2.4 System Resources +(1) External Condition Collection +System must provide a mechanism to collect external conditions to be used by Policy Manager +to decide proper system resource. +Page 51 of 159 +![](media/picture157.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Policy Manager must detect creation and deletion of process. +To detect creation of process, Policy Manager can assign proper system resource to created +process. +Also, to detect deletion of process, Policy Manager can assign resources of deleted process to +other active processes. +To assign proper system resource to specific process, system must provide a mechanism to +identify process’s role. In other words, Policy Manager must recognize the purpose of each +active process. +Policy Manager must detect current memory consumption periodically. +To detect current memory consumption, Policy Manager can control maximum memory to each +process to prevent memory shortage. Also, Policy Manager may kill processes which were +thought as not so important process. +Policy Manager must detect current CPU consumption periodically. +To detect current CPU consumption, Policy Manager can control priority to each process to keep +system performance. Also, Policy Manager may kill processes which seem to be in unexpected +busy state. +System must provide a mechanism to notify application status change to Policy Manager. +Application status includes as below. +· GUI resource status, such as foreground or background. +· +Resuming last status or not. When system starts up or log-in user changes, system must +resume last status. In this case, Policy Manager should assign much resource to last +application to resume quickly as much as possible. +(2) System Resource Control +System must provide a mechanism to change assigned system resource per process or process +group according to external conditions. +According to policy based decision, Policy Manager must assign proper system resource to +target process or process group by using “Resource Control” of kernel layer. (typically cgroups +Page 52 of 159 +![](media/picture158.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +will be used) +System must provide a mechanism to kill process or process group forcibly. +4.1.3.2.5 Resource Management +Resource Management shall consist of three functional components - Resource Manager, Policy +Manager, Connection Manager. +Resource Management shall provide CORBA interfaces to rest of the components in the system. +Each resource request shall be in form a: +AppID, +SourceID, +RequestorZoneID, +NeedAll Flag (to specify if all the resources need to be allocated ), +Required Resource List. +Resource Management shall be able to handle resource requests for Audio Sinks (eg: Cabin +Speakers, HeadPhones) +Resource Management shall be able to handle resource requests for Video Sinks (eg: Display) +Resource Management shall be able to handle Source arbitration (Mic, WavPlayer instances, +Tuners etc.) +Resource Management shall be able to validate all the input parameters for a resource request +from resource requestors. +Resource Management shall be able to keep track of all the available resources. +Use CCF data to identify all the resources that are possible in the system. (static identification) +Page 53 of 159 +![](media/picture159.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Use dynamic registration by the resource owners to identify what resources out of the above list +are available at a point of time in the system. (dynamic identification) +Resource Management shall inform about resource availability and unavailability in the system +through status update. +Resource Management shall support stacking/queuing of resource requests. +> Receive the requests from the resource requestors. +> Handle each request in chronological order and check for policy validation through Policy +Manager. +> Add the validated requests into a priority queue. +> Process each request from the top of the queue for establishing the connection. +> If a request is still in the pending queue and the requestor requests to withdraw the request, it +shall be removed from the queue. +Each request for resource shall be handled as an independent request irrespective of any earlier +request by the same requestor. In case of multiple resources requested in a single request, it +shall be treated as a single request and will be processed based on the request parameters. +If the NeedAll flag is set by the requestor, it shall either grant all the requested resources to the +requestor or none of them shall be granted. There shall be no partial allocation of resources. +If the NeedAll flag is not set, it shall be able to do partial allocation of resources i.e. grant +some/all of the resources requested by the requestor. +Resource Management shall provide an interface to a request owner to remove/withdraw an +existing resource request. +Resource Management shall check for every requested resource against a pre-defined set of +policies if the request can be served at this point of time or not. Below is a list of possible inputs +for the policy decision: +> Currently Free or InUse Sink status +> Who is the resource owner of the currently used sink resource (if it is in use) +Page 54 of 159 +![](media/picture160.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +> Priority of the new requestor compared to the currently using requestor. +Resource Management shall use the system state as an additional input to make a decision if a +request can currently be serviced or not. Below system states can be taken as input to the +policy decision: +> Based on the speed restriction setting for a specific region, a request can be granted/kept +pending. +> Low Power Mode, Eco Mode, System errors shall also be used to make policy decisions. +At any point of time it shall maintain the following information for each ZONE for use by +resource requestor: +> Zone ID +> Allocated Source Instance +> Allocated Sink Instance +> Mute status +Resource Management shall not consider requirements to achieve a specific feature functionality +(e.g. : Lowering audio volume of rest of the sinks when a phone call is in progress) as an input to +the resource management policy. +Resource Management shall not provide support for requirements to achieve a specific feature +functionality (e.g.: Pausing a pausable source when phone call is in progress). +Resource Management shall maintain priorities for all non-entertainment sources (eg: +AMFM\_TA, PHONE\_NORMAL, NAV\_VG, etc. shall all have priorities). In case two sources have +same priority, the first requestor shall be granted a resource. In case of difference in priorities, +the highest priority resource request shall be the one that is granted the resource. +Resource Management shall maintain same priority for all entertainment sources (eg: MP, DVD, +AMFM\_NORMAL, etc. shall all have the same priority). The last received Entertainment resource +request will be the one that is granted the resource. +A valid (parameter and policy validated) resource request shall never be denied to the requestor. +It shall either be granted or kept as a pending request in the priority queue. +Page 55 of 159 +![](media/picture161.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Resource Management shall be responsible for reporting a broken resource status. +It shall be the responsibility of the resource requestor to remove the request from Resource +Manager if the resource is no longer needed. +Resource Management shall assign a sink instance (the specific instance allocated out of all +available instances of the requested sink type for a particular zone) to a resource request, once +the request is granted against the set policy. +Resource Management shall maintain connection state of an already granted connection. +Possible connection states are Active or Passive. +> When a source has the primary (master) control over a sink, the connection state will be +active. +Ex: In normal mode, a driver requesting for AMFM source to Driver HeadPhone Sink connection. +> When a source has the secondary (slave) control over a sink, the connection state will be +passive. +Ex: Driver using the AMFM source, at the same time the rear passenger requesting for same +AMFM source on Rear headphone sink. +Resource Management shall be responsible for connecting/building a new source-sink +connection using the underlying platform support. +Resource Management shall be responsible for removing/releasing an existing source-sink +connection using the underlying platform support. +Resource Management shall request to mute the audio sink before an existing connection is +removed/released. +Resource Management shall provide an interface to unmute the audio sink when a connection is +re-established and the active source is ready to use the sink for audio routing. +Resource Management shall provide an interface to unmute an audio sink. +Page 56 of 159 +![](media/picture162.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Resource Management shall inform the resource requestor when the sink is connected and ready +to be used for audio routing. +Resource requestor needs to inform the Resource Manager when they are ready to start audio +routing. This information shall be used to unmute the allocated sink. +Resource Management shall maintain the system connection table at any point of time. +Connection table contains information regarding which sink is currently allocated to which +source instance. +Resource Management shall support handling of change in behaviour based on Limo setting: +> Share the source between the Rear Seat headphone (Limo mode owner) and Cabin Speakers. +System shall support 4 ForegroundBeep sinks and 2 ForegroundSpeech sinks. 2 additional sinks +are reserved for Engine noise synthesis which is outside the scope of this document. Additionally +1 FG speech sink and 1 FG beep sink is reserved for future use by ISC. +The number of sinks supported by the system shall be configurable through LCF parameter. +Headphones shall not be required to support any foreground sinks. +In case of Foreground sources and Tuner interrupt sources, any sink that is taken away from a +source because of a high-priority interruption, need to be returned back to the previous source +(if the request from the previous source is still valid and it's the next highest priority request). +As part of requirement to improve connection handling efficiency, it shall have exceptions to not +disconnect the active connection while switching between any Tuner Source-Sink Background +connection to another Tuner Interrupt Source with same sink connection. +It shall inform Resource Manager about a errors/failure in any of the existing sinks. +It shall inform Resource Manager about a errors/failure in any of the existing sources. +Page 57 of 159 +![](media/picture163.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It shall provide the error state information about all resources to the Platform Error State +Manager. +It shall inform the resource requestors in case the request is for an erroneous or faulty sink. +It shall wait for the application manager to notify it to prepare for shutdown. +It shall interact with the data storage manager to access (read and write) persistence data. +It shall interact with the data storage manager to access CCF data. +It shall support rules/exceptions (Blacklist) that define resource allocation strategy based on +current system scenario. +E.g.: If there is a blacklist rule that says a Speech session shall not be allowed while phone call +is in progress, then even if a FG sink is available, Speech shall be denied resources and kept as a +pending request. +It shall provide an interface to receive Limo mode setting status. +It shall provide an interface to receive status when a rear-user selects to take Cabin control. +It shall use interfaces of early app to receive information if it's already using Audio/Video +resources and update its internal status accordingly. +On any change in input to the Policy Manager (system state) it shall reevaluate all active +connections and reconnect or disconnect if required. +E.g. An Amp gets disconnected, then all active connects have to be disconnected. +Once the Amp gets reconnected, the connection info shall be reevaluated and final set of +connections shall be rebuilt with Amp. +It shall provide CORBA interfaces to the Resource Manager. +Page 58 of 159 +![](media/picture164.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It shall be responsible for connecting/building a new source-sink connection using the underlying +platform support. +It shall be responsible for removing/releasing an existing source-sink connection using the +underlying platform support. +It shall request to mute the audio sink before an existing connection is removed/released. +It shall provide an interface to unmute an audio sink. +System shall support 4 ForegroundBeep sinks and 2 ForegroundSpeech sinks. 2 additional sinks +are reserved for Engine noise synthesis which is outside the scope of this document. Additionally +1 FG speech sink and 1 FG beep sink is reserved for future use by ISC. +The no. of sinks supported by the system shall be configurable through LCF parameter. +It shall inform Resource Manager about a errors/failure in any of the existing sinks. +Headphones shall not be required to support any foreground sinks. +It shall wait for the application manager to notify it to prepare for shutdown. +It shall interact with the data storage manager to access (read and write) persistence data. +It shall interact with the data storage manager to access CCF data. +**4.1.4 Sound Manager** +A sound manager is a mechanism in which a sound output demand in two or more zones from +two or more applications is arbitrated, an audio server manages control of a sound output and a +policy manager manages a mediation rule. +Page 59 of 159 + + ---------------------------------------------------------------------------------------------------- + > **No.** > **Role** > **Description** + ----------- --------------------------- ------------------------------------------------------------ + > 1 > Routing sound streams > To route each sound stream to proper zone(s). + + > 2 > Mixing level control > Mixing two or more sound streams after volume + > + > control of each sound streams. + + > 3 > Sound effect > Provide a capability of sound effect as follows, + > + > · When changing sound stream. E.g. fade-in, + > + > fade-out and cross-fade. + + > 4 > Reduced dependency of > Provide well-defined interface to reduce + > > + > hardware > dependency of hardware. Well-defined interface + > + > also makes it possible to increase the effect of + > + > portability and development cost. + ---------------------------------------------------------------------------------------------------- + +![](media/picture165.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +A zone is a place in the car divided by the purpose of output power of sound like a driver zone, a +passenger zone, and a rear seat zone. Each zone can play at the same time. Refer to "Sound +resource" of "7.1.1.2 (2) Role" of "7.1 Policy Manager" for the details of a zone. +Applications that play and capture audio via the audio server, applications that control things like +volume and routing via the audio server, and a policy manager that works with the audio server +to implement automatic audio policies. +**4.1.4.1 Use Case** +Please refer “sound resource control” of Policy Manger section. +Table 7-14 describes the role of sound manager to be satisfied above purpose and use cases. +**4.1.4.2 Requirements** +Page 60 of 159 +![](media/picture166.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +4.1.4.2.1 Routing Sound Streams +System must provide a mechanism to manage sound “zone”. +Refer to "(2) Sound resource" of "7.3.1.2.2 Role" of "7.3 Policy Manager" for the details of a +zone and how to manage zone. +System must provide a mechanism to manage one or more connected sound devices, and each +channels of each sound device. +One or more sound devices are usually connected to a system, and each sound device consists +of one or more channels. And each channel outputs the sound of a monophonic recording. +For example, as for a stereo sound, a speaker is connected to each of two channels, and it is +arranged at the driver side of a car, and the passenger seat side. If a telephone call is got when +outputting stereo music from both of speakers, only the channel of a driver side needs to lower +musical volume, and needs to mix and output the sound of a telephone (to louder sound than +music). For this reason, the system needs to recognize and control each channel of each sound +device. +The system must determine the route which outputs two or more sound streams to two or more +zones. +Although the output place zone of a sound stream may change dynamically according to the +present state of vehicles and a policy manager makes the decision, sound manager requires the +mechanism in which a route is smoothly changed based on the determination of policy manager. +System must provide a mechanism to manage two or more sound zone as grouped zone. +System must provide a mechanism to do volume control for specific zone. +All the sound outputted to a certain zone is adjusted by the volume of the zone. +System must provide a mechanism to control sound stream. +Control of a sound stream is as follows. +· +Mute/unmute: System must provide a mechanism to do mute or unmute to any sound +stream. +· +Suspend/resume: System must provide a mechanism to suspend or resume to any sound +Page 61 of 159 +![](media/picture167.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +stream. +Volume control: System must provide a mechanism to change volume to any sound stream. +4.1.4.2.2 Mixing Level Control +The system must offer the mechanism for arbitrating two or more sound streams outputted to +the same zone according to a policy manager's arbitration. +System must provide a mechanism to do mixing after volume control of each sound streams. +System must provide a mechanism to attenuate sound volume when other sound stream +requested to play into same sound zone. +In this case, system must also provide a mechanism to return to the volume before attenuating +the volume of a sound stream when interrupted sound stream was ended. +System must provide a mechanism to mute sound volume when other sound stream requested +to play into same sound zone. +In this case, system must also provide a mechanism to unmute sound volume when interrupted +sound stream was ended. +System must provide a mechanism to suspend sound stream playback when other sound stream +requested to play into same sound zone. +In this case, system must also provide a mechanism to resume playback when interrupted sound +stream was ended. +4.1.4.2.3 Sound Effect +When sound stream was changed, system must provide a mechanism to do sound effect. +System must provide typical sound effect such as fade in and fade out. +System must provide a mechanism to add, replace and delete sound effect easily by using plugin +architecture. +Page 62 of 159 + + ------------------------------------------------------------------------------------------------------------------------- + > **No.** > **Input type** > **Associated device** > **Description** + ----------- ------------------- -------------------------- -------------------------------------------------------------- + > 1 > Key > Steering switch > Simple key event. + > + > Deliver to application. + + > 2 > Keyboard > Virtual keyboard > Keyboard event. + > + > Deliver to application, then use input + > + > method backend if needed. + + > 3 > Touch > Touch panel > Touch event, such as start, stop and move. + > + > Also supports double click and multi-touch + > + > capability. + > + > Deliver to application. + + > 4 > Sound > Microphone > Sound input. + ------------------------------------------------------------------------------------------------------------------------- + +![](media/picture168.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +4.1.4.2.4 Reduced Dependency of Hardware +Sound Manager must be able to retrieve system structure regarding sound device and channels +of each device. And the system must enable addition/deletion of a sound device by the means +which does not need rebuild of systems, such as a configuration. +**4.1.5 Input Manager** +The Input Manager provides a capability to deliver input events to the proper application +depending on request from Policy Manager. Policy Manager will decide event target per each +input area. Also, the IVI system may use various car-oriented input devices such as steering +switch. Input manager provides a capability to abstract such kind of input event. +**4.1.5.1 Use Case** +Please refer “input resource control” of Policy Manger section. + + --------------------------------------------------------------------------------------------------------- + > **No.** > **Role** > **Description** + ----------- --------------------------- ----------------------------------------------------------------- + > 1 > Abstract device event > Provide capability to abstract from device event to + > + > application readable event name, such as “volume + > + > up” and “right arrow”. + + > 2 > Event delivery > Provide capability to deliver input event to specified + > + > application. + --------------------------------------------------------------------------------------------------------- + +![](media/picture169.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Deliver to application or voice recognition +engine. +Table 7-14 describes the role of input manager to be satisfied above purpose and use cases. +**4.1.5.2 Requirements** +**4.1.5.3 Abstract Device Event** +System must provide a mechanism to re-configuration regarding input devices without re-build. +Because, connected input devices may different by car grade, car type, destination and optional +equipment. +**4.1.5.4 Event Delivery** +System must provide a mechanism to deliver any input event to any application. +System must provide an interface to apply event delivery rule by using attribute pair “device id” +and “destination application id”. +Device id specifies a logical device name. Logical device name will link to physical device by +UIM.2.1.2. +Page 64 of 159 +![](media/picture170.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Also, system must provide a mechanism to change event delivery rule dynamically. +System must provide a mechanism to link between logical device name and physical device. +System must provide a mechanism to deliver any input event to any application depending on +delivery rule defined in UIM.2.1.1. +System must provide a mechanism to inhibit any event delivery. +This function makes it possible to restrict input event during driving mode. +**4.1.6 User Manager** +**4.1.6.1 Use Case** +**4.1.6.2 Personal Identification** +User manager provides multi-user environment. A car may be used by two or more people, and a +person may use two or more cars, by using rent-a-car, for example. +**4.1.6.3 User Preference** +Multi-user environment provides same user experience for each user. +Also, multi-user aims seamless personal data sharing not only between cars but also including +other devices such as smartphones and smart TVs. Furthermore, it will include seamless data +sharing from your home and your office. +Identify the person, and log-in to the IVI system as a specified user. Personal identify may be +provided by traditional user name and password pair, smart key or biometrics. +Once a user has logged-in to IVI system, IVI system should provide personalized user +experience. For example, Bob uses English, but Alice uses French. Also, Bob likes rock-music, +*but Alice likes classic-music. In this case, English and rock-music should be selected when B*ob is +Page 65 of 159 +![](media/picture171.jpeg)![](media/picture172.jpeg)![](media/picture173.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +logged-in, and Japanese and classic-music should be selected when Alice is logged-in. +**Figure 7-24 : Provide Logged-in User’s UE (User Experience)** +**4.1.6.4 Rent-a-car and/or Replacing a Car** +When Bob uses a rent-a-car, same preference should be adapted as if he rode his own car. If +Bob’s preference was stored in a cloud, then this can be supported. However, security is +important in this scenario. For example, Bob must not be able to access to other user’s +preference. +**Figure 7-25 : User data sharing between cars** +Page 66 of 159 +![](media/picture174.jpeg)![](media/picture175.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**4.1.6.5 Seamless Data Sharing** +Cloud-based user data syncing will enable seamless data sharing between IVI systems and +smart-phones, home networks and accessing from your offices. +**Figure 7-26 : User data sharing over the cars** +**4.1.6.6 Role** +**Error! Reference source not found.** describes the role of the User Manager to satisfy the above +purpose and use cases. +**Table 7-17 : Role of User Manager** +**No.** **Role** **Description** +Page 67 of 159 +![](media/picture176.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +1 User identification +Provide a mechanism to identify user, such as user +name and password pair, smart key and biometrics. +Provide a mechanism to log-in to the IVI system as +a specified user. +When a different user logs in, proper user +preference for the user must be applied, and +resume last state of corresponding user. +Also, each application can store application’s data +per user. In such cases, proper user data must be +applied when a different user logs in. +2 User preference +Provide a mechanism to apply user preference of +logged-in user. +User preference includes the following data. +· User interface, such as locale and wall- +paper. +· Resume last application’s status of specified +user. +· Application specific data. +3 User data management +Provide a mechanism to manage cloud based user +data. +The following capabilities are required. +· Download user data of the logged-in user +from the cloud. +· Update cloud data if the user data was +updated by user operation or otherwise. +· Periodically sync-up w/ cloud because user +data may be updated by other devices. +In addition to the above basic capabilities, user data +cache is essential for a car, since a car may not +always have a reliable network connection. +4 Security Because cloud based sharing user data may be +accessed from any place, user data must be +protected from unexpected data access. +Page 68 of 159 +![](media/picture177.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +So, IVI system must provide security mechanism +regarding accessing to cloud based user data. +**4.1.6.7 Requirements** +4.1.6.7.1 User Identification +System must provide a mechanism to identify logged-in user. +System must provide a mechanism to enter user name and password, and verify password to +identify logged-in user. +System should provide a mechanism to read smart key attribute to identify logged-in user. For +example, using NFC. +System should provide a mechanism to identify logged-in user by using biometrics. +4.1.6.7.2 User Preference +When a logged-in user is identified, system must apply user preference depending on the +currently logged-in user. +System must provide a mechanism to apply personalized user experience as follows. +- Locale settings +- UX theme +Wall paper +System must provide an easy mechanism to add plugin function and/or attribute of personalized +user experience. +Page 69 of 159 +![](media/picture178.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System must provide a mechanism to switch application data per user, and apply logged-in +user’s application data automatically. +When user is identified and logged-in, the system must apply last status of logged-in user. Last +status refers to the status of the system as the current logged-in user has last logged-out of the +system. Specifically, last status includes the following. +- Foreground applications. That means displayed applications. +Background applications. +When user logs in for the first time, the system must apply user preference for new log-in user. +System must provide a mechanism to apply default preference attributes for new log-in user. +System must provide default preference attributes and HMI to apply for first time log-in user. +4.1.6.7.3 User Data Management +System must provide a mechanism to manage user data. +AGL defines “user data” as a general term which includes all the data necessary to realize user +preference. +User data shall be stored in the cloud. The cloud provides user data not only to IVI systems but +also other systems and/or devices such as smartphones, Home-PCs, business-PCs, HEMS and +home electronics. +System must provide a mechanism to apply user preference and to supply user data to +application by using cloud based user data. +System must provide a mechanism to download cloud based user data and apply it as user data +of the IVI system. +When user data is updated in the IVI system, then the system must upload updated user data to +the cloud. +Also, since other device or system may update shared user data elsewhere, system must provide +Page 70 of 159 +![](media/picture179.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +a mechanism to sync with the cloud periodically to keep user data in the IVI system up-to-date. +Because the IVI system is not necessarily connected to a network, the system must provide a +mechanism to cache downloaded user data. +If the IVI system re-connected to a network, system must sync with the cloud as soon as +possible. +4.1.6.7.4 Security +Because user data may include personal information, system must provide a mechanism to +protect user data from risks including but not limited to leakage, tampering and theft. +System must provide a mechanism to protect user data when accessing to the cloud. +- +System must authenticate communication entity. In other words, IVI system must +authenticate cloud server, and cloud server must authenticate client such as IVI system, +smartphone or PC. +- +System must provide a mechanism to encrypt transported data via a network. +- +System must provide a mechanism to transport data via a network with protection +against falsification of data from unauthorized access or illegal access. +- +Cloud server must provide a mechanism to authenticate individual user, and provide +user data only to the authorized user. +Because, two or more user’s user data may be stored in IVI system as a cache, system must +provide a mechanism to protect cache data from other users. The protection of cached data to +include not only the current multi-user environment risk, but also the risk of attacks against +cached data. In other words, only logged-in user’s cache data can be accessed. +4.2 Web HMI +Web based HMI. Contains applications, web runtime environment, and web-based home screen. +**4.2.1 Web API** +Page 71 of 159 +![](media/picture180.jpeg)![](media/picture181.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It is discussed that HMI parts of IVI system will be developed using HTML5. APIs to use service +function in IVI system from web applications is needed. Audio Visual API provides APIs for audio +visual equipment control to web applications. (e.g. Media files on storage, CD, DVD, BT-Audio, +Photo, etc.) +Web applications use Audio Visual API to play audio visual contents on IVI system. Use case of +Audio Visual API is shown in Figure 6-1. +**Figure 6-1: Use case of Audio Visual API** +**4.2.1.1 Requirements** +Audio Visual API must provide API to select Audio Visual contents. +· Select content using URL +· +Select content using contents list provided by multimedia subsystem +Page 72 of 159 +![](media/picture182.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Audio Visual API must provide API to playback Audio Visual contents. (Media file on storage, CD, +DVD, BT-Audio, Photo, etc.) +· Play +· Pause +· Fast-forward +· Rewind +· Track up +· Track down +· Select playmode (Repeat/Random) +Audio Visual API must provide API to control a volume. +· Volume up +· Volume down +· Mute +Audio Visual API must provide API for metadata access about Audio Visual contents. +Audio Visual API must provide API for notifications. +· The case that playback state is changed +· The case that Audio Visual contents is add / removed +Audio Visual API must provide API to play AM/FM radio. +· Change the frequency. +· Change the broadcasting stations. +· Receive the list of broadcasting stations. +· Select the preset channel. +· Get the information of the broadcasting station. +Audio Visual API must provide API to play digital radio. +· Store the broadcast program information. +Page 73 of 159 +![](media/picture183.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· Get the broadcast program information. +· Get the play time. +· Play the radio broadcast cached. +AGL System must support a web API to access Vehicle information. +AGL System must support web API to control STT/TTS daemon. +AGL System must support web API to control navi engine. +AGL System needs to provide a Web API to allow peer to peer communication between two web +apps. +AGL System needs to provide an API to allow peer to peer communication between a web app +and a native app. +AGL System must support access control over app to app communications. Service provider +should be able to restrict subscriber. +AGL System must support W3C/HTML5 DOM, Forms and Styles. +AGL System must support W3C/HTML5 Device APIs: Touch Events, Device Orientation, +Network Information +AGL System must support W3C/HTML5 Graphics APIs: canvas, canvas 2D context, and SVG +AGL System must support W3C/HTML5 Media: audio and video tags, user media and web audio +AGL System must support W3C/HTML5 Communication APIs: websocket, web messaging, +server sent events, session history of browsing context +*AGL System must support W3C/HTML5 Storage APIs: Web storage, File, Database, Web S*QL +Page 74 of 159 +![](media/picture184.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AGL System must support W3C/HTML5 Security APIs: Cross-Origin Resource Sharing, HTML5 +The iframe element, Content Security Policy 1.0. +AGL System must support W3C/HTML5 UI APIs: Clipboard, DnD, Web Notifications +AGL System must support W3C/HTML5 Performance APIs: Web workers, Page Visibility, Timing +control, Navigation timing +AGL System must support W3C/HTML5 Location API: Geolocation +AGL System must support W3C/HTML5 Widget: Widget Packaging and XML Configuration, +Widget Interface, XML Digital Signatures for Widgets, Widget Access Request Policy +AGL System must support Khronos WebGL API. +**4.2.2 Web Runtime** +The Web Runtime module contains the bindings for the Web Application Framework to access +the AGL Application Framework and Services. +**4.2.2.1 Requirements** +AGL system Web Runtime shall provide full web application lifecycle management (e.g., +installation/removal). +AGL System Web Runtime shall provide full execution environment for web apps (i.e., launch, +view generation, rendering, etc.) +AGL system Web Runtime shall provide a mechanism to implement plugins/extensions to add +better device/platform integration. +Page 75 of 159 +![](media/picture185.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AGL system Web Runtime shall provide a mechanism to manage apps' access control and also to +categorize apps with different privileges. +System must provide high level GUI components for Web application. +At least, below components are required. +· Text labels +· Button +· Radio button +· Check box +· Tab panel +· Animation (e.g. MNG, GIF animation) +· Slider +· Accordion list +· Anchor +· Text input form +· Dropdown list box +· Date picker +4.3 Native HMI +The Native HMI provides an application framework for those applications that are not written +using Javascript or other web technologies. +**4.3.1 Native App Runtime** +The Native Runtime module contains the bindings for the Native Application Framework to +access the AGL Application Framework and Services. +**4.3.1.1 Requirements** +System must provide high level GUI components for native application. +Page 76 of 159 +![](media/picture186.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +At least, below components are required. +· Text labels +· Button +· Radio button +· Check box +· Tab panel +· Animation (e.g. MNG, GIF animation) +· Slider +· Accordion list +· Anchor +· Text input form +· Dropdown list box +· Date picker +**4.3.2 Native Application Framework** +The platform can support multiple application frameworks any of which may be built into an +SDK or product build. The application framework contains any code specifically written for that +framework as well the bindings to the Services and Operating Systems layers that the +application framework provides for its applications. +**5 Services Layer** +The Services Layer contains user space services that all applications can access. Generally the +services provide either an IPC type interface or a subroutine/ function API. These interfaces +remain the same for a given implementation and it is up to the Application Framework Runtime +modules to provide access to these interfaces to the applications. Since we are trying to avoid +unnecessary interface shims, it is not necessary for AGL to define standard service layer +interfaces for a given module. Unless otherwise specified the API depends upon the interfaces +provided by the open source packages chosen for a module. Different implementations may +choose different packages for a given function and it is left to the Application Framework +runtime to adjust to any new interfaces, +Page 77 of 159 +![](media/picture187.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1 Platform Services +Platform Services Layer. Conventional Linux platform services +**5.1.1 Bluetooth** +This document describes requirements regarding registration, (dis)connection and device +information management between Bluetooth device and infotainment system. Necessary +Bluetooth profiles in automotive use case are defined here. +**5.1.1.1 Requirements** +The Telephony system shall be designed to +support a minimum of BT3.0+EDR, but shall be possible to upgrade to Bluetooth 4.0+EDR +without hardware upgrade. +A Bluetooth hands-free system shall provide the following BT profiles: +· Core 2.0 + EDR inc. GAP (Generic Access Profile) +· HFP (Hands Free Profile) +· OBEX (Object Exchange) +· OPP (Object Push Profile) +· PBAP (Phonebook Access Profile) +· SPP (Serial Port Profile) +· SDAP (Service Discovery Access Profile) +If the BT system is designed to operate with BT Media Players (E.g. control and stream music +from), the system shall also support the following incremental BT profiles: +· A2DP (Advanced Audio Distribution Profile) +· AVRCP (Audio Visual Remote Control Profile) +The link key shall be minimum 128 bits. The encryption key is negotiated and shall be set at the +Page 78 of 159 +![](media/picture188.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +highest supported value by the remote device. The Telephony system shall be capable of +generating up to 128-bit encryption key. The Telephony system will not be the limiting device in +encryption key length negotiation. +When implemented by the remote device Simple Secure Pairing 'Numeric comparison' method as +default pairing mechanism. However when remote device is limited a configurable priority +scheme will be adopted where the order of mechanisms will be determined at configuration +time. +The Telephony system shall provide Bluetooth Power Class 2. The operating range of Class 2 is +10 meters and maximum power is 2.5 mW (4 dBm). +The Telephony system shall have provision for 1, 3 and 5-slot packet transmission. It shall +allow using five-slot packet transmission for faster data rate. +The Telephony system shall use IrMC standards as directed by the BT specification. It is a +standard from IrDA, including IrOBEX for object exchange including vCards, vCalendars, etc. +vCard is the electronic business card. It is used for Personal Data Interchange (PDI). vCards are +often attached to e-mail messages, and can be exchanged on Instant Messaging. vCard contain +name and address information, phone numbers, and e-mail addresses. +vCard version 2.1 is widely adopted by e-mail clients. It contains FN, N, PHOTO, BDAY, ADR, +LABEL, TEL, EMAIL, MAILER, TZ, GEO, TITLE, ROLE, Logo, Agent, ORG, NOTE, REV, SOUND, +URL, UID, Version, and KEY properties. +vCard version 3.0 is IETF standards format. It is defined in following two parts: +MIME Content-Type for Directory Information +vCard MIME Directory Profile +It contains NICKNAME, CATEGORIES, PRODID, SORTSTRING and CLASS properties along with +the vCard version 2.1 properties. +The touch-screen or head unit HMI must have the ability to delete a Bluetooth device and any +associated data (E.g. phonebook, voicemail number) when required, even if the BT device list is +not full. +The Telephony system shall use SCO link for voice data if eSCO link is not supported else eSCO +Page 79 of 159 + + ------------------------------------------------------------------------------------------------------------- + > **No.** > **Feature** > **Support in HF** > **AGL** + ----------- ------------------------------------------------------------- ----------------------- ----------- + > 1 > Connection management > Mandatory > x + + > 2 > Phone status information > Mandatory > x + + > 3 > Audio Connection handling > Mandatory > x + + > 4 > Accept an incoming voice call > Mandatory > x + + > 5 > Reject an incoming voice call > Mandatory > x + + > 6 > Terminate a call > Mandatory > x + + > 7 > Audio Connection transfer during an ongoing call > Mandatory > x + + > 8 > Place a call with a phone number supplied by the > Option > x + > + > HF + + > 9 > Place a call using memory dialing > Option > - + + > 10 > Place a call to the last number dialed > Option > - + ------------------------------------------------------------------------------------------------------------- + +![](media/picture189.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +shall be used. +5.1.1.1.1 Hands Free Profile +The Telephony system shall implement Hands-Free Profile (HFP) as per the hands-free Profile +specification version 1.6 or later. +The Telephony system shall enable a headset, or an embedded Hands-Free unit to connect, +wirelessly, to a cellular phone for the purposes of acting as the cellular phone's audio input and +output mechanism and allowing typical Telephony functions to be performed without access to +the actual phone. +It shall provide following roles: +Hands-Free unit (HF) + + > 11 > Call waiting notification > Option > x + ------- ------------------------------------------------------ ---------- ---------- + > 12 > Three way calling > Option > x(\*1) + > 13 > Calling Line Identification (CLI) > Option > x + > 14 > Echo canceling (EC) and noise reduction (NR) > Option > x + > 15 > Voice recognition activation > Option > x + > 16 > Attach a Phone number to a voice tag > Option > - + > 17 > Ability to transmit DTMF codes > Option > x + > 18 > Remote audio volume control > Option > - + > 19 > Respond and Hold > Option > x + > 20 > Subscriber Number Information > Option > x + > 21a > Enhanced Call Status > Option > x + > 21b > Enhanced Call Controls > Option > - + > 22 > Individual Indicator Activation > Option > - + > 23 > Wide Band Speech > Option > x + > 24 > Codec Negotiation > Option > x + +![](media/picture190.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +\*1: Does not support Multi-party (conference) call +The Telephony system shall be able to use the AT+CGMM query/response to determine the +model of the phone over the HFP profile connection. Whatever is returned shall be stored as a +string in a phone model CGMM variable. +· Phone Model CGMM: +· Type: string +· Max length: 200 chars +Page 81 of 159 +![](media/picture191.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· Persistence: No +A property shall exist for each device which is connected to the system. +The request shall be made each time a HFP Service Level Connection is established with the +device. +The Telephony system shall be able to use the AT+CGMI query/response to determine the +Manufacturer of the phone over the HFP profile connection. Whatever is returned shall be +stored as a string in a phone model CGMI variable. +· Phone Model CGMI: +· Type: string +· Max length: 200 chars +· Persistence: No +A property shall exist for each device which is connected to the system. +The request shall be made each time a HFP Service Level Connection is established with the +device. +The Telephony system shall be able to use the AT+CGMR query/response to determine the +revision of the phone over the HFP profile connection. Whatever is returned shall be stored as a +string in a phone model CGMR property. +· Phone Model CGMR: +· Type: string +· Max length: 200 chars +· Persistence: No +A property shall exist for each device which is connected to the system. +The request shall be made each time a HFP Service Level Connection is established with the +device. +5.1.1.1.2 Advanced Audio Distribution Profile (A2DP) +The Telephony system shall implement Advanced Audio Distribution Profile as per the A2DP +specification version 1.2 or later. +Page 82 of 159 + + > **No.** > **Codec** > **Support** > **AGL** + ----------- ------------------- --------------- ----------- + > 1 > SBC > Mandatory > x + > 2 > MPEG-1,2 Audio > Option > - + > 3 > MPEG-2,4 AAC > Option > - + > 4 > ATRAC family > Option > - + + > **No.** > **Feature** > **Support in SNK** > **AGL** + ----------- -------------------- ------------------------ ----------- + > 1 > Audio Streaming > Mandatory > x + +![](media/picture192.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +The Telephony system shall use this profile for audio streaming. This profile shall be use to +realize distribution of audio content of high-quality in mono or stereo on ACL channels. +It shall provide following roles: +Sink (SNK) - A device is the SNK when it acts as a sink of a digital audio stream delivered from +the SRC on the same piconet. +Items marked with "x" in AGL column in Table 20 should be supported. +Decode functions of codec marked with "x" in AGL column in Table 21 should be supported. +Copyright protection technology SCMS-T should be supported. +5.1.1.1.3 Phone Book Access Profile +Page 83 of 159 +![](media/picture193.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +The Telephony system shall implement Phonebook Access Profile as per the PBAP specification +version 1.1 or later. +The Telephony system shall use this profile to allow exchange of Phonebook Objects between +devices. +Phonebook is automatically downloaded into the system from mobile device for browsing. The +Telephony system shall store user's Phonebook and the Phonebook details of the connected +device shall be available to the user. The Telephony system shall manage the contacts by, listing +and copying contact information. +It shall provide following roles: +· Phonebook Client Equipment (PCE) +It shall provide following types of Phonebook objects: +· The main Phonebook object +· The Incoming Call History object +· The Outgoing Call History object +· The Missed Call History object +· The Combined Call History object +A Bluetooth hands-free system must download the phonebook from the connected BT device +automatically if the BT device has provision for the transfer of phonebook data. The Phonebook +download shall be performed by any one of the following methods listed in priority of usage: +· Using PBAP profile +All the BT device's phonebook entries must be transferred - those on any external memory (E.g. +SIM) and also any stored in the BT device's memory. +The number type data (if stored with the contact) shall also be transferred and stored in the +vehicle phonebook. The Phonebook shall be associated to only the BT device it was downloaded +from. +5.1.1.1.4 Dial Up Networking (DUN) Profile +Dial-Up Networking Profile (DUN) has to be supported as well as Profiles/Protocols for +necessary lower layers. +Page 84 of 159 + + > **No.** > **Service** > **Support in DT** > **AGL** + ----------- ------------------------------------------- ----------------------- ----------- + > 1 > Data call without audio feedback > Mandatory > x + > 2 > Data call with audio feedback > Option > - + > 3 > Fax services without audio feedback > N/A > - + > 4 > Fax services with audio feedback > N/A > - + > 5 > Voice call > N/A > - + > 6 > Incoming calls > Option > x + > 7 > Outgoing calls > Mandatory > x + +![](media/picture194.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It has to comply with the specification for “Data Terminal (DT)” +Items marked with "x" in AGL column in Table 23 should be supported. +5.1.1.1.5 Object Push Profile (OPP) +Object Push Profile (OPP) has to be supported as well as Profiles/Protocols for necessary lower +layers. +It has to comply with the specification for “Push Server”. +Items marked with "x" in AGL column in Table 24 should be supported. +**Table 24 : List of OPP Push Server Supporting Functions** +Page 85 of 159 + + > **No.** > **Feature** > **Support in CT** > **AGL** + ----------- -------------------------------------------- ----------------------- ----------- + > 1 > Connection establishment for control > Mandatory > x + > 2 > Release connection for control > Mandatory > x + > 3 > Connection establishment for browsing > C6 > x + + ------------------------------------------------------------------------------------- + > **No** > **Feature** > **Support in Push Server** > **AGL** + > + > **.** + ---------- ---------------------------- --------------------------------- ----------- + > 1 > Object Push > Mandatory > x + + > 2 > Business Card Pull > Option > - + + > 3 > Business Card Exchange > Option > - + ------------------------------------------------------------------------------------- + +![](media/picture195.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.1.1.6 Audio/Video Remote Control Profile (AVRCP) +The System shall implement Audio / Video Remote Control Profile version 1.6. +The system shall use this profile for audio streaming control for each connected media device +plus one remote control.. +The system must comply with the specification for Controller (CT) items marked with "x" in AGL +column in Table 25 should be supported. +C2: Mandatory if device supports Metadata Attributes for Current Media Item or optional +otherwise +C3: Mandatory to support at least one Category +C4: Mandatory if Category 2 supported, excluded otherwise +C6: Mandatory if Browsing (item 18) is supported, optional otherwise +EX: Excluded +Page 86 of 159 +![](media/picture196.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +4 Release connection for browsing C6 x +5 AV/C Info commands Option x +6 Category 1: Player/Recorder C3 x +7 Category 2: Monitor/Amplifier C3 - +8 Category 3: Tuner C3 - +9 Category 4: Menu C3 - +10 Capabilities Option x +11 Player Application Settings Option x +12 Metadata Attributes for Current Media Item Option x +13 Notifications C2 x +14 Continuation C2 x +15 Basic Group Navigation Option x +16 Absolute Volume C4 - +17 Media Player Selection Option x +17.1 - Supports Multiple Players Option x +18 Browsing Option x +18.1 - Database Aware Players Option x +19 Search Option - +20 Now Playing C6 x +20.1 - Playable Folders Option x +21 Error Response EX - +22 PASSTHROUGH operation supporting press and Option x +Page 87 of 159 + + ------------------------------------------------------------------------------ + > **No** > **Feature** > **Support by the MCE** > **AGL** + > + > **.** + ---------- ------------------------- ----------------------------- ----------- + > 1 > Message Notification > C1 > x + + > 2 > Message Browsing > C1 > x + + > 3 > Message Uploading > Option > x + + > 4 > Message Delete > Option > - + + > 5 > Notification > C2 > x + > + > Registration + ------------------------------------------------------------------------------ + +![](media/picture197.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +hold +The AVRCP profile realisation shall implement an Inform Battery Status of CT parameter and +pass this information up to so it can be passed to the User. +5.1.1.1.7 Message Access Profile +Message Access Profile (MAP) has to be supported as well as Profiles/Protocols for necessary +lower layers. +It has to comply with the specification for “Message Client Equipment (MCE)”. +Items marked with "x" in AGL column in Table 26 should be supported. +C1: The MCE to support at least one of the C1-labelled features +C2: The MCE shall support Message Notification Registration if it supports Message +Notification. Not applicable otherwise. +Page 88 of 159 + + > **No.** > **Feature** > **Support in PANU** > **AGL** + ----------- ------------------------------------------ ------------------------- ----------- + > 1 > Initialization of NAP/GN service > - > - + > 2 > Shutdown of NAP/GN service > - > - + > 3 > Establish NAP/GN service Connection > Mandatory > x + +![](media/picture198.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.1.1.8 Serial Port Profile (SPP) +The Telephony system shall implement Serial Port Profile as per the SPP specification version +1.1 or later. +It shall provide following roles: +Initiator - This is the device that takes initiative to form a connection to another device. +Acceptor - This is the device that waits for another device to take initiative to connect. +Following features shall be provided by the Supplier: +Establish link and setup virtual serial connection +Accept link and establish virtual serial connection +Register Service record for application in local SDP database +5.1.1.1.9 Personal Area Network (PAN) Profile +Personal Area Network Profile (PAN) has to be supported as well as Profiles/Protocols for +necessary lower layers. +It has to comply with the specification for “PAN User (PANU)”. +Items marked with "x" in AGL column in Table 27 should be supported. +Page 89 of 159 + + > 4 > Lost NAP/GN Service Connection > Mandatory > x + ----- ------------------------------------------- ------------- ----- + > 5 > Disconnect NAP/GN Service Connection > Mandatory > x + > 6 > Management Information Base (MIB) > - > - + +![](media/picture199.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.1.1.10 Service Discovery Profile (SDP) +The Telephony system shall implement Service Discovery Application Profile as per the SDAP +specification version 1.1. +The Telephony system shall use this profile to locate services that are available on or via devices +in the vicinity of a Bluetooth enabled device. +It shall provide following roles: +Local Device - A device that initiates the service discovery procedure. +Remote Devices(S) - A device that participates in the service discovery process by responding to +the service inquiries generated by Local Device. +The following features shall be provided by the Supplier: +Search for services by service class +Search for services by service attributes +Service browsing +5.1.1.1.11 Device Information Profile +Device Identification Profile (DIP) has to be supported as well as Profiles/Protocols for +necessary lower layers. +Items marked with "x" in AGL column in Table 28 should be supported. +**Table 28 : List of DIP Supporting Functions** +Page 90 of 159 + + > **No.** > **Feature** > **Support** > **AGL** + ----------- ----------------------- --------------- ----------- + > 1 > SpecificationID > Mandatory > x + > 2 > VendorID > Mandatory > x + > 3 > ProductID > Mandatory > x + > 4 > Version > Mandatory > x + > 5 > PrimaryRecord > Mandatory > x + > 6 > VendorIDSource > Mandatory > x + > 7 > ClientExecutableURL > - > - + > 8 > ServiceDescription > - > - + > 9 > DocumentationURL > - > - + +![](media/picture200.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.1.1.12 Bluetooth Smart Ready +Bluetooth Smart Ready shall be supported. +It shall comply with Bluetooth Low Energy standard. +5.1.1.1.13 Generic Object Exchange Profile (GOEP) +The Telephony system shall implement Generic Object Exchange Profile as per the GOEX +specification version 2.0 or later. +The Telephony system shall use this profile to facilitate the exchange of binary objects between +devices. The usage model shall be Synchronization, File Transfer or Object Push model. +It shall provide following roles: +Server - This is the device that provides an object exchange server to and from which data +objects shall be pushed and pulled, respectively. +Page 91 of 159 +![](media/picture201.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Client - This is the device that can push or/and pull data object(s) to and from the Server. +The following features shall be provided by the Supplier: +Establishing an object connection +Pushing a data object +Pulling a data object +Performing an action on data objects +Creating and managing a Reliable Object Exchange Connection +5.1.1.1.14 Generic Audio/Video Distribution Profile +The Telephony system shall implement Generic Audio/Video Distribution Profile as per the +GAVDP specification version 1.2 or later. +The Telephony system shall use this profile to specify signalling transaction procedures between +two devices to set up, terminate, and reconfigure streaming channels. +It shall provide following roles: +Initiator (INT) +Acceptor (ACP) +Following are the feature requirements for this profile: +Connection +Transfer Control +Signalling Control +Security Control +Note: This profile is currently being enhanced to version 1.3. Release date of this version is not +yet finalized. The Telephony system shall be able to upgrade to the newer version in the future. +5.1.1.1.15 Bluetooth Diagnostics +**5.1.2 Error Management** +The Error Management module provides platform error handling mechanisms. This includes +Page 92 of 159 +![](media/picture202.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +detecting system errors that occur after start up to provide a recovery function by localized +restart. In addition, +in case of a broad ranged malfunction, Error Management provide quick detection and recovery +to issue in a short amount of time. +**5.1.2.1 Use Cases** +5.1.2.1.1 System Surveillance and Recovery +While using in-car information device, if the whole system or part of the function stops, an +immediate error detection and automatic recovery will be needed. For example, when updating +the screen while route guidance is on or voice recognition cannot be used, restart the function to +try and recover. When an error occurs in the core of a system such as an output communicating +middle ware, reboot the whole system to try and recover. +There are several supposed cases for system surveillance such as a case where the system that +adopted AGL and monitors by itself or monitored by the system that has not adopted AGL. The +AGL Error Management scope includes parts of the system that adopted AGL. +The way of recovery has to be assessed by the status of the system behavior. For example, even +if the way to recover the car navigation error might be reboot, the system reboot should not be +done when the car navigation is displaying back camera image. Because of these use cases, Error +Management should focus on the degree of importance for surveillance list process and the +degree should be adjusted by its behavior status. +5.1.2.1.2 Collecting Information +For when the system failure occurred after the launch, the most urgent item is a prompt +recovery but what is also a point that is worth noting is to collect the information to specify the +cause for its failure. Therefore, gathering information with the minimum recovery time is needed. +With Linux system, memory image dump (core dump) of generally abended process is used. On +the other hand, a scale of middleware which is an in- car application is increasing and has come +Page 93 of 159 +![](media/picture203.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +to the point where the time to dump the entire memory image is impermissible. To avoid this, +the Error Management function will provide the system to leave the light log. +**5.1.2.2 Requirements** +Prevent the system failure shutoff and also in case of failure provided the function that judge its +status automatically and recover +The Error Management module should support both surveillance of the whole system and each +process. +The Error Management module should monitor the memory usage of whole system cyclically. +When memory usage exceeds set threshold value, a set action should be done. Cycle, threshold +value, action is changeable by AGL user. +Kernel function that requires Error Management surveillance, driver has to send a notification +to Error Management when an error occurs. The subjects that sends error notifications are +output communication or disk I/O. +Error Management should be able to execute the action after obtaining the error notification +by kernel function and the driver. Action should be changeable by AGL user. For example, an +error for CAN communication is critical so system restart could be done but USB communication +error can be ignored since it may be caused by a compatibility issue between devices. +Error Management should monitor processes for existence or non-existence, when abended it +should execute a set action. The set action should be changeable by the AGL user. Termination +of resident process is a defect but termination of a temporal behaving process is correct so +those two should be able to set separately. +Error Management should monitor the process with a set cycle and when it goes over threshold +value, should be able to execute the set action. Cycle, threshold value, action should be +changeable by AGL user. The subjects of surveillance are CPU usage and memory usage. +Should be able to vanish process forcibly including subsidiary process +Page 94 of 159 +![](media/picture204.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Make the software that works by system have the concept of level importance. +Appropriate recovery depending on the level of importance. The level of importance should be +adjustable depending on the status of operation by coordinating with Policy. +The process that detecting an external communication error within the Error Management +module and recovering has to be set to complete before external monitoring detects. +The application that is monitored by the Error Management modulehas to be independent as +more than one process. +The application that is monitored by the Error Management moduleshould not combine multiple +applications to one process. Application’s runtime part does not have the structure where +multiple applications can be moved by the same process. +Service providing side has to be nondense to the application. For example, the Service providing +process such as a software keyboard should not go wrong with the state of App. Such as +process crash, exit, etc.. +An application has to be nondense to an application. When linking two application one ends +suddenly the other will not become abnormal state. +The process that communicates with the external system has to be independent from the other +process while recovering that does not include system restart so that it can notify alive towards +external side. +When the software that is under the surveillance of RAS can not recover with one restart +additional process can be done such as deleting the subject files that were registered +beforehand. +The system has to have a structure where overwrite the files that are stored in a pinned file +system without destroying them. +Page 95 of 159 +![](media/picture205.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +When system down occurs (kernel panic), should be able to collect the information need for +analyzing. +When making the system down happen intentionally( BUG\_ON etc.),make sure to leave a +message that can specify the cause. +Both the log which is for debug and can take time to output and the log that leaves minimum log +in a short period of time have been equipped and able to select. +In any abnormal cases log output does not lock the system (stand by for spin lock etc.) or +system down does not occur (self-destruction on log output process). +Should be able to leave the aberrance occurred in kernel area on the log. +Should be able to select the level of log output. +Should be able to record the aberrance log with the time of occurrence. +Should be able to obtain the information linked to the system resources. +Should be able to leave the information corresponding to core dump in a short period of time. +Both the log which is for debug and can take time to output and the log that leaves minimum log +in a short period of time have been equipped and able to select. +As the smallest amount of information, the following information should be left. +· Register information +· Process logical memory map +· +Stack dump or back trace from the exceptional place of occurrence +· Time of occurrence +· +Information that can specify the occurred process thread (name of an executing +file‑name of the thread etc.) +Page 96 of 159 +![](media/picture206.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· The signal that occurred +Lightweight core dump is a core dump that can set the restrictions below. +· +Select the memory mapping category of process executing memory image that targeted +for an output. +· +Specify the order of an output and output high-priority memory mapping first to prevent +dropping the information needed. +· +Output only the memory mapping that is linked to the abnormal process (text area). \[O\] +· +Compress the data for each memory mapping category and output up to the fixed +maximum size. +· +NOTE information of ELF header and program header will not change. +Selectable memory mappings are the following. +· anonymous private mappings +· anonymous shared mappings +· file-backed private mappings +· file-backed shared mappings +· private huge page +· shared huge page +Setting parameters of the output context are the following. +· +Memory mapping category which is for an output object can be set. +· The order of outputting memory mapping can be set. +Should be able to leave the log in increments of process. Possible to filter and have a look in +increments of process. +Should be able to leave a trace log in increments of process during process crash. Should be +able to leave a trace log in increments of process during system running, if necessary. +Should be able to obtain the information related to system resource of process. +Page 97 of 159 +![](media/picture207.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +There should be a structure to be able to error trace among the whole process in a user space. +**5.1.3 Graphics** +Graphics subsystem; HMI input, wayland, windowing, etc. +**5.1.4 Location Services** +Location services includes support for GPS, location, and positioning services including dead +reckoning. Time of day support is also included in Location Services since time is a primary +output of the GPS receiver. +**5.1.4.1 Position** +**5.1.4.2 Time of Day** +With Linux, time adjusting is generally done by using date command or NTP but since in-car +device can obtain the accurate time from GPS, GPS time is often used as Abs Time. Because of +its advantage where this GPS demand can be done anywhere in the world, it would continue in +future. Therefore, we are going to need a structure for adjusting the Linux system time. +**Monotonic and Absolute Time Support** +As a weak point of GPS, when cold start, it takes a long time to obtain the accurate time. +Because of this, it will not set the right time for booting the system and will adjust it while it’s +moving. As for in-car device, the demand to make the system boot faster is rather strong and +Abs Time can vary while it’s working for one of the middle ware applications. +On the other hand, although POSIX API which is used as a standard for Linux, provides the time +that has not been effected by the adjusting in case of a simple latency, but for resource latency, +some of them can only set with Abs Time. Therefore, in-car Linux needs an API that supports +Monotonic Time. +**Kernel Time Precision** +Page 98 of 159 +![](media/picture208.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +In-car device needs to support all kinds of communicating system such as CAN. Those +communicating system includes the device that needs ms order procedure. +In Linux Kernel space, jiffies are used as mere time. However 1jiffies time differs depending on +the CPU architecture and the architecture differs depending on SOC. Because of this, the lowest +value for unit of time that AGL environment has to support needs to be decided. +**5.1.4.3 Requirements** +Should be able to adjust the system time from GPS middle ware. +Adjust the system time after the time is determinate. +GPS middle ware has to have the system where it can implement GPS driver control parts using +the plugin (source plugin). Must tolerate proprietary GPS component. +GPS middle source plugin must tolerate proprietary. Source plugin has to be a license that is not +imposed a duty to open source. For example, header library’s license that is needed to make +Source plugin can not be GPL or LGPL. +When waiting, can use both absolute time and monotonic time +Resource obtaining time out such as mutex, semaphore can use both absolute time and +monotonic time. +Resource obtaining time out such as mutex, semaphore can use both absolute time and +monotonic time. +System time must be able to use consecutively at least until 2099. +Absolute time has to support leap year and leap seconds. +1 jiffies have to be smaller than 1ms. +Page 99 of 159 +![](media/picture209.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Time waiting that involve context switch, must be done with the accuracy over 1ms. +From timer / ISR, can boot tasklet with the accuracy 1ms. +A system has to be able to handle time with at least the accuracy 1ms. +**5.1.5 Health Monitoring** +Platform monitoring services such as watchdog or active monitoring +**5.1.6 IPC** +Standard platform interprocess and interprocessor communication mechanism. +**5.1.7 Lifecycle Management** +Startup, shutdown, state change, etc. +**5.1.8 Network Services** +Includes standard networking protocols such as TCP/IP via any networking physical layer +including Wifi, Bluetooth, or ethernet. +**5.1.9 Persistent Storage** +Power safe persistent storage +**5.1.10 Power Management** +Amount of ECUs in the car and their complexity has grown dramatically over last decade. Needs +in processing power are constantly growing to catch up with demands of automotive industry. +*This, in turn has impact on power budget and temperature/heat dissipation characteristic of* +Page 100 of 159 +![](media/picture210.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +modern ECUs +In parallel, success of green, electric cars is pushing power budget limits down as never before, +in distant future we may see “battle for watts” in automotive electronics. Finding optimal +balance between performance and ECU operating modes, frequencies, voltages is also important +for overall durability characteristic. +Suspend/resume techniques and retention of the ECU in lower power states now becoming +more welcomed over traditional cold boot approaches. +Linux community has been working on power management architecture for many years, it has +become a state of art framework and set of components that addresses needs not only +consumer electronics industry, but also industrial automation, security, etc.) +**5.1.10.1 Requirements** +AGL kernel shall allow switching between active and suspend states. Exact definition of suspend +states is platform/architecture-specific (e.g. “suspend to memory”, “suspend to disk” +/“hibernate” correspond to S3 and S4 in ACPI terminology) +Kernel and peripheral device drivers shall not be affected by suspend/resume transitions. +AGL kernel shall provide sufficient APIs for application to control active/suspend state +transitions and receive appropriate events/notifications. Kernel should not initiate power state +transitions if no requests provided from applications. +Detailed definition of steps/actions required for suspend/resume sequence is out of the scope of +this specification (it is also platform-dependent). +AGL kernel for SMP configurations shall allow enabling/disabling of individual cores (or group of +cores) (NOTE: on some platforms/architectures enabling/disabling may be achieved by putting +core in one of its low power states) +AGL kernel shall only provide mechanism for applications to request enabling/disabling particular +cores from SMP group. +Page 101 of 159 +![](media/picture211.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AGL kernel shall support CPU frequency and voltage scaling. Exact definition of operating points +(table of frequencies/voltages allowed by hardware) is platform/architecture-specific (moreover, +some of operating points may be omitted/ignored in AGL kernel as their impact on power budget +insignificant) +Kernel and peripheral device drivers shall not be affected by CPU frequency and voltage scaling +Only application-defined policies shall be allowed for CPU frequency and voltage scaling. +Default in-kernel governors/policies (e.g. on-demand or performance) shall not be used and they +may have negative impact on overall system performance/predictability +AGL kernel shall allow switching between active and idle states. Exact definition of idle states is +platform/architecture-specific (e.g. C0..C4 in ACPI terminology or WFI+… for ARM) +Kernel and peripheral device drivers shall not be affected entering/leaving one of idle states +Only application-defined policies shall be allowed for CPU Idle +AGL kernel shall support run-time power management of I/O (peripheral) devices +AGL kernel shall support I/O (peripheral) device voltage and frequency scaling +**5.1.11 Resource Management** +Resource and device management. +Resource Management shall provide an interface to be used for informing status of a resource +request by the Resource Manager. +**5.1.12 Telephony Services** +**5.1.12.1 Requirements** +Page 102 of 159 +![](media/picture212.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.12.1.1 Telephony variants +Purpose: To define the variants of Telephony +Requirement: +There will be 2 variants of phone system. +Variant 1: Front User only Telephony. +Variant 2: Rear and Front Telephony. +All variants will have Bluetooth capability. The feature will be configurable so that the feature +can be disabled via car configuration. +**5.1.13 Wi-Fi** +This Wi-Fi subsystem controls registration, connection management, and device information +management between a wireless LAN device and infotainment system. +Necessary Wi-Fi specification in automotive use case is defined here. +**5.1.13.1 Use Cases** +5.1.13.1.1 Construct WiFi Network +In-Vehicle Infotainment systems constructs 3 types of Wi-Fi networks. +a\. STA +In-Vehicle Infotainment system acts as a STA (Station) and connects to an external network via +an Access Point. +It also connects to Access Points which support Wi-Fi Hotspot. +b\. AP +In-Vehicle Infotainment system acts as an AP (Access Point) and connects multiple Wi-Fi devices +with an external network. +Page 103 of 159 +![](media/picture213.jpeg)![](media/picture214.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It also connects Wi-Fi devices which support Wi-Fi Hotspot. +c\. P2P +In-Vehicle Infotainment system and Wi-Fi device makes P2P (Peer to Peer) connection using Wi- +Fi Direct. +5.1.13.1.2 Miracast +In-Vehicle Infotainment system and Wi-Fi device shares a display using Miracast.-(a) +They are also remotely operated to a Wi-Fi device from the infotainment system, or vice versa, +by using UIBC (User Interface Back Channel).-(b) +**Figure 8-29 : Overview of Miracast** +a\. Shared Displayed Content +Page 104 of 159 +![](media/picture215.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Use case examples of shared displayed content are: +· +A passenger on the passenger seat views the multimedia content played on Wi-Fi Device +(e.g. Mobile) on In-Vehicle Infotainment system. +· +A rear seat passenger views the multimedia content played on In-Vehicle Infotainment +system on Wi-Fi Device(e.g. Rear seat monitor). +b\. Remote Operation +Use case examples of remote operation are: +· +A passenger on the passenger seat plays the multimedia content stored in Wi-Fi Device +(e.g. Mobile) by operating In-Vehicle Infotainment system. +· +A passenger on the rear seat controls air conditioner functionality in In-Vehicle +Infotainment system by operating a Wi-Fi Device (e.g. Mobile). +· +While the vehicle is in motion, a passenger on the rear seat controls the navigation +functionality in a passenger on the rear seat controls by operating a Wi-Fi Device(e.g. +Mobile). +5.1.13.1.3 DLNA +In-Vehicle Infotainment system connects with a DLNA device via Wi-Fi. +**5.1.13.2 Requirements** +5.1.13.2.1 Security +The WiFi module shall support security standard WEP. +It shall support 40 bit WEP encryption method. +It shall support 104 bit WEP encryption method. +It shall support security standard WPA Personal. +Page 105 of 159 +![](media/picture216.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It shall support TKIP encryption method. +It shall support CCMP encryption method. +It shall support security standard WPA2 Personal. +It shall support TKIP encryption method. +It shall support CCMP encryption method. +It shall support security standard WPA Enterprise. +It shall support TKIP encryption method. +It shall support CCMP encryption method. +It shall support security standard WPA2 Enterprise. +It shall support TKIP encryption method. +It shall support CCMP encryption method. +5.1.13.2.2 Simple Configuration +It shall comply with WPS (Wi-Fi Protected Setup) standard. +It shall be able to perform connection with PIN (Personal Identification Number) method. +It shall support Configuration Method for Display. +Page 106 of 159 +![](media/picture217.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It shall support Configuration Method for Keypad. +It shall be able to perform connection with PBC (Push button configuration) method. +It shall support Configuration Method for PushButton. +It shall be able to perform connection with NFC (Near Field Communication) method. +5.1.13.2.3 QoS +It shall comply with WMM (Wi-Fi Multimedia) standard. +It shall comply with WMM-PS (Wireless Multimedia Power Save) standard. +5.1.13.2.4 STA +The In-Vehicle system shall be able to function as a STA (Non-AP Station). +5.1.13.2.5 AP +The In-Vehicle system shall be able to function as an AP (Access Point). +5.1.13.2.6 WiFi Direct +It shall comply with Wi-Fi Direct standard. +It shall support the WiFi Direct functions as listed in Table 29. +Page 107 of 159 + + -------------------------------------------------------------------------------------------------------------------- + > **No.** > **Feature** > **(Reference)** + > + > **Support in Wi-** + > + > **Fi Direct** + ----------- ---------------------------------------------------- -------------------------- ------------------------ + > 1 > P2P Provision > ‑ > Mandatory + > + > Discovery + + > 2 > P2P Device Discovery > Scan Phase > Mandatory + + > 3 > ‑ > Find Phase > Mandatory + + > 4 > P2P GO Negotiation > ‑ > Mandatory + + > 5 > P2P Service Discovery > ‑ > Option + + > 6 > P2P Invitation > Temporary P2P Group > Option + + > 7 > ‑ > Persistent P2P Group > Option + + > 8 > Persistent P2P Group / Persistent Reconnect > Option + + > 9 > Intra-BSS Distribution > ‑ > Option + + > 10 > Concurrent Operation > ‑ > Option + + > 11 > P2P Service Discovery > UPnP > Option + + > 12 > ‑ > Bonjour > Option + + > 13 > ‑ > Wi-Fi Display > Option + + > 14 > ‑ > WS-Discovery > Option + + > 15 > ‑ > Vendor specific > Option + -------------------------------------------------------------------------------------------------------------------- + +![](media/picture218.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.13.2.7 Miracast +Page 108 of 159 + + -------------------------------------------------------------------------------------------------------------- + > ‑**No.** > **Feature** > ‑ > **(Refere** + > + > **nce)** + > + > **Suppor** + > + > **t in** + > + > **Miracas** + > + > **t** + ------------ ----------------------------------------------------- ----------------------- ------------------- + > 1 > WFD Device type > WFD Source > Mandat + > + > ory + + > 2 > ‑ > Primary Sink > Mandat + > + > ory + + > 3 > ‑ > Dual-role possible > Option + + > 4 > WFD Service > ‑ > Option + > + > Discovery + + > 5 > WFD connection establishment with Wi-Fi P2P > Mandat + > + > ory + + > 6 > WFD connection establishment with Wi-Fi TDLS > Option + + > 7 > Persistent WFD > via Wi-Fi P2P > Option + > + > Group + + > 8 > ‑ > via TDLS > Option + + > 9 > WFD Capability Negotiation (RTSP) > Mandat + > + > ory + + > 10 > WFD Session Establishment (RTSP) > Mandat + > + > ory + -------------------------------------------------------------------------------------------------------------- + +![](media/picture219.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It shall comply with Miracast standard. +It shall support the Miracast functions identified in Table 30. +Page 109 of 159 + + --------------------------------------------------------------------------------- + > 11 > AV Streaming and Control (MPEG-TS/RTP/RTSP) > Mandat + > + > ory + ------ --------------------------------------------------- ----------- ---------- + > 12 > WFD Standby (RTP/RTSP) > Option + + > 13 > Video CODEC formats > Option + + > 14 > Audio CODEC formats > Option + + > 15 > UIBC > Generic + + > 16 > HIDC + --------------------------------------------------------------------------------- + +![](media/picture220.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.1.13.2.8 WiFi Hotspot +It shall comply with Wi-Fi Hotspot standard. +In-Vehicle system which acts as an a STA(Non-AP Station)shall be able to connect with Hotspot +service. +In-Vehicle system which acts as an AP (Access Point) shall be able to provide Hotspot service. +5.1.13.2.9 DLNA via WiFi +The In-Vehicle system shall be able to connect with DLNA devices via Wi-Fi. +**5.1.14 Window System** +A window system is a software component that facilitates an implementation of graphical user +interface. A window system is responsible for managing display devices, Graphics Processing +Units (GPUs), input devices, and graphics memory. A window system works with the software +component named window manager that is responsible for a layout management of windows, +and a routing of user interactions. +Page 110 of 159 +![](media/picture221.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.2 Automotive Services +Automotive Services Layer contains services that are not found in a typical Linux distribution but +contains services specialized for automotive applications. +**5.2.1 Audio Services** +BTBF, equilization, mult-zone audio control, etc. +**5.2.2 Camera Services** +Standard interface to vehicle mounted cameras; backup camera, side and front cameras, etc. +**5.2.3 Configuration Services** +Service for storing configuration parameters. +**5.2.4 Diagnostic Services** +Diagnostic services. +(This is automotive diagnostics such as storing and retrieving DTC. ) +**5.2.5 Multimedia Services** +CD, DVD, Blu-Ray, MP3, etc. +(Factor out metadata into separate component.) +**5.2.5.1 Media Player** +In-vehicle multimedia system shall provide rich and robust user-experience that includes not just +Page 111 of 159 +![](media/picture222.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +support of multiple audio-video formats, but also variety of input and output audio/video +devices, both static and dynamically pluggable. In contrast to mobile or desktop applications, +there is normally more than one consumer of multimedia content in a car, with front- and rear- +seat passengers as well as driver all having independent requirements. +The following requirements are considered essential for in-vehicle multimedia system: +· +Supported multimedia formats shall correspond to major end-user expectations, i.e. the +ones encountered in mobile and desktop world. +· +Multiple audio / video sources and sinks, both static (i.e. always existing in the system) +and dynamic (i.e. appearing and disappearing when user connects a Bluetooth headset or +establishes a network connection.) +· +Multiple independent consumers of multimedia data and globally configurable routing of +audio / video processing chains. +Latency requirements of audio/video processing may also vary depending on a type of the data +processed; e.g. data from rear-view camera shall be decoded and visualized “instantly” in +comparison to a movie clip displayed on rear-passenger monitor, voice notification from +navigation software shall not be delayed significantly, speech data passed to and from +Bluetooth headset during phone conversation shall have reasonably bounded latencies and so +on. +It is considered that multimedia system may consist of multiple processing units, and therefore +processing load balancing mechanism shall be present. Mechanisms of audio/video processing +offloading to dedicated processing units (hardware acceleration) shall be provisioned, with +particular implementation freedom left for a silicon vendor. +The following requirements formalize these considerations. +**5.2.5.2 Requirements** +5.2.5.2.1 Media Containers +AGL shall provide an API that allows handling of various media data within the system. This +includes audio/video playback and recording as well as media streaming over the network. It +shall be possible to run multiple media streams in parallel for all IVI users, with configurable +input/output devices routing. Multimedia framework does not necessarily need to be isolated +from application (that is, it may run in the same address space as application), however it shall +be guaranteed that independent applications using the framework are isolated from each other. +Page 112 of 159 +![](media/picture223.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AGL shall provide support for extraction from media containers streams other than audio-visual, +for example subtitles. Application shall be able to retrieve timing information as well as stream +identification data from media container. +AGL shall provide support for major network streaming protocols such as: +· HTTP +· RTPS +· Digital Radio (DAB) +· DigitalTV (DVB-T) etc. +It shall be possible to extend the set of supported streaming protocols in accordance with +system requirements. +AGL shall provide a mechanism to utilize available hardware accelerators to offload +computationally extensive processing to specialized units in vendor-specific way. Such +extension, if available, shall be transparent to the applications. +Lip Synch must be implemented as plug-in software for Multimedia Framework. +AGL shall provide a mechanism to automatically detect type of media data contained in the +source file, and to instantiate all required components to organize data processing without +intervention of the application. It shall be, however, possible for application to control this +process if it is essential for its functionality. Example of such intervention would be selection of +particular audio track (in user-chosen language) or selection of particular video stream from +multiple choices. +AGL shall provide an API to control execution of audio/video processing chain, specifically shall +support the following functionality: +· +Selection of data source and destination (files, devices, network resources) +· Pausing/resuming of multimedia streams +· Rewinding in forward and reverse directions (for playback) +· Audio volume control on per-stream basis +· Retrieval of current stream position (timestamp) +Page 113 of 159 +![](media/picture224.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· +Notifications on error conditions preventing multimedia stream processing +AGL shall provide a mechanism to specify routing of input and output devices that are involved +into multimedia data processing. In particular, for playback scenario it shall be possible to +specify where audio and video data is rendered, and for recording scenario it shall be possible to +specify capturing source. It shall be possible to organize broadcasting of decoded raw +audio/video streams to multiple renderers as well. +AGL shall include a dedicated sound server that simplifies routing, mixing, post-processing and +synchronization of raw PCM audio streams. Specifically, the following functionality is expected: +· +Support for multiple audio sources and audio sinks with arbitrary (configurable) routing. +· Per-stream volume and audio effects control. +· +Resampling and format conversion (e.g. channels downmixing, sample width conversion). +· +Sample-accurate streams synchronization (e.g. for echo-cancellation purpose). +· Mixing and broadcasting of the audio streams. +AGL shall provide a mechanism to control sound server configuration in run-time, that is, to +specify the rules and policies defining system response to external events like adding or +removing of new audio device (e.g. Bluetooth headset connection), receiving of the phone call, +emergency system alarm output and so on. +AGL shall provide support for major multimedia containers, such as: +· MPEG2-TS/PS (ISO/IEC 13818-1) +· MP4 (MPEG-4 Part 14, ISO/IEC 14496-14:2003) +It shall be possible to extend the set of supported multimedia formats in accordance with +system requirements. +It must be possible to extend AGL to support additional optional multimedia containers such as: +· OGG (RFC 3533) +· 3GPP (ISO/IEC 14496-12) +· etc +Page 114 of 159 +![](media/picture225.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +5.2.5.2.2 Media Audio Codecs +AGL shall provide support for major audio codecs, such as: +· +MP3 (MPEG-1/2 Audio Layer-3, ISO/IEC 11172-3, ISO/IEC 13818-3) +· AAC (ISO/IEC 13818-7, ISO/IEC 14496-3) +It shall be possible to extend the set of supported audio codecs in accordance with system +requirements. +It must be possible to extend AGL to support additional audio codecs, such as: +· VORBIS (http://xiph.org/vorbis/) +· Windows Media Audio +· etc. +5.2.5.2.3 Media Video Codecs +AGL shall provide support for major video codecs, such as: +· MPEG-2 (ISO/IEC 13818-2) +· MPEG-4 Part 2 (ISO/IEC 14496-2) +· H.264 (MPEG-4 Part10, ISO/IEC 14496-10, ITU-T H.264) +It shall be possible to extend the set of supported video codecs in accordance with system +requirements. +It must be possible to extend AGL to support additional video codecs, such as: +· Theora (www.theora.org) +· Windows Media Video +· etc +5.2.5.2.4 Image File Formats +Page 115 of 159 +![](media/picture226.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +The system shall be able to perform all required operations on viewing of Image in BMP, up to 32 bit true +colour. +Compression formats +· RLE 8 bits/pixel +· RLE 4 bits/pixel +· Bit field or Huffman 1D compression +· JPEG or RLE-24 +· PNG +The system shall be able to perform all required operations on Viewing of Image in JPEG/JPEG 2000 +The system shall be able to perform all required operations on viewing of Image in JPEG XR/HD, including +Exchangeable Image File Format (EXIF) format. +The system shall implement the ability to perform all required operations on Viewing of Image in PNG, +including transparency +The system shall be able to perform all required operations on viewing of Image in GIF 87a and enhanced +version 89a and also animation in GIFF images. +The system shall be able to perform all required operations on viewing images in TIFF format. +The system shall implement the ability to perform all required operations on viewing of Image in WBMP +format. +The system shall implement the ability to perform all required operations on viewing of Image in WBMP +format. +**5.2.6 Navigation Services** +Navigation engine +Page 116 of 159 +![](media/picture227.jpeg)![](media/picture228.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**5.2.7 PIM** +Personal Information Manager; calendar, appointments, reminders, etc. +**5.2.8 Smartphone Link** +This section describes regarding Smartphone link. Smartphone Link is the technology which +realizes that video and audio streaming play which data from smartphone. And touch operation +is possible to share between IVI and smartphone. MirrorLink, Miracast, SmartDeviceLink and +AirPlay are technologies that realize Smartphone Link. By this technology, it is possible to use +smartphone content (map, music, browser...) by IVI. +Figure 8-30 shows the system structure of the Smartphone Link. +**Figure: 8-30** +Page 117 of 159 +![](media/picture229.jpeg)![](media/picture230.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AGL defines following requirements of Smartphone link. +1. The screen of smartphone shall be mirrored to IVI. +2. The sound of smartphone shall be linked to IVI. +3. The sound shall be synchronized with the screen. +4. IVI should operate smartphone. +5. The response time of operations from IVI should be less than 200ms. +6. If connection between smart phone and ivi was disconnected by external factor, then should +inform the "disconnection" to a user and return to the normal state. +This document describes “Miracast” and “SmartDeviceLink” from the reference of Smartphone +link. +**5.2.8.1 Miracast** +This section describes requirements regarding Smartphone link (Miracast). +Miracast is the display transfer technology using wireless connection which was defined by Wi- +Fi Alliance. Send screen data from source device to sink device and it realize display sharing +between source device and sink device. +Following figure (Figure: 8‑31) shows the system structure of Miracast. +**Figure: 8-31** +Page 118 of 159 + + ---------------------------------------------------------------------------------------------- + > **No** > **Requires** > **Description** + ------------ ----------------------------- --------------------------------------------------- + > SPL.1.1 > WFD Topology > Define role of Miracast + + > SPL.1.2 > Connection Topology > Define connection condition between + > + > a smartphone and an IVI + + > SPL.1.2. > P2P Topology > Define connection method of P2P (Wi-Fi + > > + > 1 > Direct). + + > SPL.1.2. > Wi-Fi Frequency > Define Wi-Fi frequency + > + > 2 + + > SPL.1.3 > Video Format > Define Video format + + > SPL.1.4 > Audio Format > Define Audio format + + > SPL.1.5 > Session Control > Define Miracast session state + + > SPL.1.6 > Link Content Protection > Define content protection function required + > + > for implementing Miracast + + > SPL.1.7 > Resource Management > Define resource management + ---------------------------------------------------------------------------------------------- + +![](media/picture231.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Follow reference documents to support Miracast if there was no description of this section. +**References** +\[1\] Wi-Fi Display Technical Specification Version 1.0.0 +\[2\] W-Fi Peer-to-Peer (P2P) Technical Specification Version 1.2 +\[3\] High-bandwidth Digital Content Protection System Interface Independent Adaption Revision +2.2 +\[4\] DCP (Digital Content Protection) <http://www.digital-cp.com/> +AGL provide display sharing technology between Smartphone and IVI system using Miracast. +Page 119 of 159 +![](media/picture233.jpeg)![](media/picture234.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +SPL.1.8 Fail-safe Control Define Fail-safe control +**Table 8-14: Smartphone Link (Miracast) Requirements** +**Figure: 8-32 State Change Diagram** +The states of Smartphone link (Miracast) is defined in Table 8-32. +Page 120 of 159 + + ------------------------------------------------------------------------------------------------------- + > **No.** > **State** > **Description** + ----------- ------------------------- ----------------------------------------------------------------- + > 1 > Idle > Smartphone link (Miracast) function is not initialized. + + > 2 > Initialized > Smartphone link (Miracast) function is initialized and + > + > waiting for Wi-Fi P2P connection from source + > + > device. + + > 3 > Connected Wi-Fi P2P > Established Wi-Fi P2P connection with source + > + > device. + + > 4 > Initiated > Smartphone link (Miracast) session is established. + + > 5 > Play > Streaming the audio and video content from source + > + > device to sink device. + + > 6 > Pause > Paused the streaming of audio and video content + > + > from source divide to sink device. + ------------------------------------------------------------------------------------------------------- + +![](media/picture235.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**5.2.8.2 Smart Device Link** +“Smart Device Link”, aka “SDL”, is template based approach of smartphone link capability. +Application itself is in a mobile phone, however, HMI is provided by IVI system. This approach +makes it possible to apply IVI adapted user experience, such as larger button to prevent driver’s +distraction and voice recognition. +That means, application requests to IVI system, then IVI system will respond by using remote +procedure calls. Application’s HMI will be rendered by IVI system by using IVI’s HMI framework +and/or policy, though all the application’s logic is contained in mobile phone. +SDL provides more suitable HMI for IVI rather than mirroring type approach, however, mobile +phone’s application must support SDL capability. In other words, only SDL supported +applications can be launched. +Page 121 of 159 +![](media/picture236.jpeg)![](media/picture237.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**Figure 8-33 : SDL overview** +**5.2.8.3 Requirements** +5.2.8.3.1 Miracast +System must provide a capability of Miracast as smartphone link function. +· +Support WFD Primary Sink and support MPEG2-TS(Video, Audio) streaming play which +from Source Device‑Smartphone‑. +· Supporting WFD Source is an option. +· +Support customize function using “Miracast setting file” which used for negotiation (\*1) +source device and sink device (\*1. Video format, audio format and other parameters). +· +Screen data which from Smartphone may not support Drivers Destruction, therefore take +measures to Drivers Destruction. (e.g. Disable Miracast during vehicle speed over +5Km/H) +· Support Wi-Fi P2P connection. +· +Follow reference \[1\] and reference \[2\] to support Wi-Fi P2P function, parameters in +Miracast connection and so on if there was no description of this section. +· Wi-Fi TDLS connection is an option. +· +AGL do not define confliction specification regarding Wi-Fi connection. (e.g. User select +Wi-Fi P2P connect ion during accessing Wi-Fi connection.) +· +AGL do not define confliction specification regarding Sink device operation when receive +Page 122 of 159 +![](media/picture238.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +connection request from Source device. (e.g. Connect automatically, ask user for +confirmation) +· +Support P2P Group Owner and P2P client as the topology of Wi-Fi P2P connection. +· +Support DHCP server and DHCP client for TCP/IP seamless connection after P2P +connection established. +· +Support 2.4GHz band for the frequency of Wi-Fi P2P connection. +· +Supporting 5GHz band is an option, but support DFS (Dynamic Frequency Selection) +function if support 5GHz band. +· Follow reference \[1\] for Video Codec. +· Support follow format for Video Resolution and Frame rate. +o 640\*480‑VGA‑‑Progressive 60 fps +o 1280\*720‑HD‑Progressive 30 fps +Regarding Video resolution and Frame rate, other formats are an option. +· Support follow format for Audio. +o LPCM 48ksps 16bit 2ch +o AAC 48ksps 16bit 2ch +Regarding Audio Format, other formats are an option. +When the state changes "Pause", take measures to give notice of pause for user. (e.g. pop-up +notification) +Screen data which from Smartphone may be protected by content protection, therefore support +content protection function. +· +AGL recommend HDCP function which described reference \[2\], \[3\]. But AGL do not +define HDCP function. Each vendor should support content protection function as for +Page 123 of 159 +![](media/picture239.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +vendor’s own reason. +· Support both encryption cases if support HDCP function. +o Case1 Videos data encryption +o Case2 Both video and audio encryption +Take notice that it is necessary to satisfy security requirements specified according to +DCP.(reference \[4\]) +· +Miracast must support interruption by other function. If some high priority event occurs, +then Miracast release screen and audio resources for the event. +· +It is selectable how to deal Miracast session. (Standby Miracast session or close Miracast +session.) +· +Support a notification to a user and returning to the normal state, if following events +happen. +o Failed to Wi-Fi connection +o Failed to establish Miracast session +o Wi-Fi link loss on Miracast +o Break Miracast connection from smartphone +5.2.8.3.2 Smart Device Link +System must provide a capability of Smart Device Link as smartphone link function. +System must provide a mechanism to render HMI of SDL according to template. +System must provide a mechanism to enable user interface regarding SDL by using touch panel +device of IVI device. +System must provide a mechanism to enable user interface regarding SDL by using voice +Page 124 of 159 +![](media/picture240.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +recognition of IVI system. +System must provide a mechanism to link Android device regarding SDL capability. Connectivity +method must be supported Bluetooth and/or Wi-Fi. +System must provide a mechanism to link iPhone device regarding SDL capability. Connectivity +method must be supported Bluetooth and/or Wi-Fi. +**5.2.9 Speech Services** +The Speech Services module provides voice recognition and synthesis for AGL applications. +AGL system voice framework must be able to record and interpret voice commands +AGL system voice framework must be able to convert text to synthesized speech +**5.2.10 Tuner Services** +The Tuner Services module provides a mechanism that allows different tuner types to plug into +the same API regardless of the receiver type. Support for AM/FM, HD Radio, SDARS, DAB, DRM, +TV Tuners etc is provided. The Tuner Services module shall allow multiple tuners to be present +in the same system and allow its clients to address each tuner in the system independently. +**5.2.10.1 Receivers** +The Receivers module of Automotive Grade Linux may control different receiver types including +AM, FM, Hybrid Digital (HD) Radio, SDARS, and DAB tuners. The module may access any +number of different tuners. For all tuner types the module supports accessing station data from +the tuner, changing the receiver frequency or station and reading station metadata about current +content. +The Receivers module shall provide a mechanism that allows different tuner types to plug into +the same API regardless of the receiver type. +Page 125 of 159 +![](media/picture241.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +The Receivers module shall allow multiple receivers to be present in the same system and allow +its clients to address each receiver in the system independently. +5.2.10.1.1 HD Radio +HD Radio is a proprietary In-Band on Channel (IBOC) system created and owned by Ibiquity. An +HD radio receives analog AM/FM signals and can also use digital information in a subband to +provide additional stations and/or enhance the audio quality of the main station. When the +receiver is decoding digital data for AM/FM playback it is commonly thought of as HD Radio. The +HD Radio system architecture shall conform to the broadcast system design proposed by the +iBiquity Digital Corporation detailed in RX\_SSFD\_5029. Both the HD hardware and functional +design shall meet all iBiquity Digital specifications, and satisfy the Type Approval specified by +iBiquity Digital. +The IBOC hardware is assumed to have three modes which will be used to describe the +requirements in this section. +1) AM - radio is decoding an over the air AM station. +2) FM - radio is decoding an over the air FM station. +3) HD - radio is decoding an AM or FM station using the subband for the over the air station. +Each requirement may refer to AM and/or FM and/or HD to specify the modes the requirement is +applicable to. +AM/FM/HD system shall be able to enable/disable the HD radio reception and present the status +to the system. +AM/FM/HD tuner shall be able to tune to a specified frequency and report the result of the +tuning process. The possible results are, Tuning successful and Tuning unsuccessful. If Tuning +successful event is notified by the tuner, it shall play the audio through the selected audio +output. If tuner notifies the Tuning unsuccessful event, the system shall inform that "No +Reception" is available in that specific channel. +AM system shall extract following parameters from a successfully tuned channel and present to +the system, which shall be added in the station database. +Page 126 of 159 +![](media/picture242.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· Frequency +· Mono/Stereo +FM system shall extract following parameters from a successfully tuned channel and present to +the system, which shall be added in the station database. +· Frequency +· PI Code (RDS only) +· PTY (RDS only) +· Radio Text (RDS only) +· PS Name (RDS only) +· Category (RDS only) +· Mono/Stereo +HD system shall extract following parameters from a successfully tuned channel and present to +the system, which shall be added in the station database. +· Frequency +· PTY +· No of HD channels available +· Radio Text +· Channel Name +· Category +· Bit rate +· Station Logo +· Artist Experience +The System shall allow the tuned frequency to be incremented or decremented. +The System shall be able to tune to the next/previous valid station as determined by signal +strength. +AM/FM/HD system shall be able to abort Seek Up/Down operations. +Page 127 of 159 +![](media/picture243.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +FM/HD system shall be able to set the stop sensitivity for seek over FM band and shall be +possible to adjust by software. +· Range: 15 – 40 dBµV +· Step: 1 dBµV +· Default: 20 dBµV +· +Other parameters like multipath shall be possible to use for determining Stop sensitivity +level. TBD, Supplier to suggest solution. +AM/HD system shall be able to set the stop sensitivity for seek over AM band and shall be +possible to adjust by software. +· Range: 20 – 40 dBµV +· Step: 1 dBµV +· Default: 34 dBµV +· +It shall be possible to have different setting depending on atmospheric conditions (e.g. +different for night and day). +The system shall be able to switch between AM and FM bands. +HD system shall be able to extract the Station Information Service (SIS) Short Name from the +SIS Protocol Data Unit (PDU) on the Primary IBOC Data Service (PIDS) logical channel and +present to the system. The implementation of SIS Short Name feature shall be in compliance +with iBiquity Digital specification "HD Radio™ Air Interface Design Description Station +Information Service Transport". +HD system shall be able to extract the Station Information Service (SIS) Long Name from the +SIS Protocol Data Unit (PDU) on the Primary IBOC Data Service (PIDS) logical channel and +present to the system. The implementation of SIS Long Name feature shall be in compliance +with iBiquity Digital specification "HD Radio™ Air Interface Design Description Station +Information Service Transport". +HD system shall indicate the HD channel number of current tuned channel. It shall be 1 to 8. +Page 128 of 159 +![](media/picture244.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +HD system shall extract the following PAD data from audio stream and present to the system. +· Song +· Artist +· Album +· Genre +· Comments +· Commercial +· Reference Identifier +The system implementation shall be in compliance with iBiquity Digital HD radio specification +"HD Radio Air Interface Design Description - Program Service Data Rev. C" +FM/HD system shall be able to receive and extract the RDS/RBDS data and present to the +system. The system implementation shall be in compliance with "BS EN 62106:2009, +Specification of the radio data system (RDS) for VHF/FM sound broadcasting in the frequency +range from 87,5 MHz to 108,0 MHz". +FM/HD system shall be able to enable/disable RDS/RBDS. When RDS/RBDS is enabled/disabled +the system shall indicate this. +FM/HD system shall be able to enable/disable the radio text display. +FM/HD system shall present the Alternative Frequency (AF) setting status to the system. +FM/HD system shall be able to enable/disable alternative frequency switching. +FM/HD system shall be able to notify the system when an Emergency Alert Interrupt is received. +FM/HD system shall be able to skip the Emergency Alert when it is on-air. +FM/HD system shall be able to notify the system when Emergency Alert Interrupt is received +through RDS. +Page 129 of 159 +![](media/picture245.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +FM/HD system shall be able to cancel the PTY31 interrupt notification. +FM/HD system shall be able to enable/disable the Traffic Announcement reception. +FM/HD system shall present the status of the FM traffic announcement to the system. +FM/HD system shall be able to skip the FM traffic announcement when it is on-air. +FM/HD system shall be able to enable/disable regionalisation. +FM/HD system shall be able to enable/disable the Traffic Message Channel (TMC) reception. +FM/HD system shall be able to enable/disable the Transport Protocol Expert Group (TPEG) +reception. +FM/HD system shall be able to receive the traffic updates from the Japanese traffic channels. +FM/HD system shall be able to enable/disable the News announcement reception. +FM/HD system shall be able to skip the News when being broadcast. +HD system shall decode PNG images which shall be in compliance with HD Design specification. +HD system shall be able to decode the channel icon PNG images and present to the system. +AM/FM/HD system shall be able to mute the audio output. +AM/FM/HD system shall be able to un-mute the audio output. +*HD system shall extract the album name, artist name, track number from the audio stream a*nd +Page 130 of 159 +![](media/picture246.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +present to the system. +The feature will store the data of a tagged song in non-volatile memory within the IMC. The +feature will be able to store at least 50 tags. +*5.2.10.1.1.1 Configuration* +AM/FM/HD system shall be able to configure the frequency band through local configuration +file. +AM/FM/HD system shall be able to configure the step frequency through local configuration file. +AM/FM/HD system shall be able to configure the seek stop level threshold through local +configuration file. +5.2.10.1.2 Database Requirements +AM/FM/HD system shall require a database to store the channel list information which contains +the following attributes: +· Frequency +· PTY (FM & HD only) +· Channel name (FM & HD only) +· Channel icon (HD Only) +· Category (FM & HD only) +AM/FM/HD system shall be able to update the channel list database based on the following +conditions: +· New channel is found +· Existing channel disappears +· +Channel list update shall not create any inconsistency on the current channel list +database. +Page 131 of 159 +![](media/picture247.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AM/FM/HD system shall sort the channel list database based on the channel name, and present +to the system. +AM/FM/HD system shall sort the channel list database based on the ascending order of the +frequency, and present to the system. +FM/HD system shall sort the channel list database based on the PTY (Program Type) category, +and present to the system. +AM/FM/HD system shall create favourite station database which consists of the following +information: +· Station name (FM and HD only) +· Frequency +· Status of HD (HD, HD1, HD2) +· HD SIS (HD only) +AM/FM/HD system shall be able to update the database based on following conditions: +· Favourite station changed +· Favourite station is removed +· New favourite is added +**5.2.11 Vehicle Bus / Vehicle Info Control** +Vehicle Info Control (VIC) provides a capability to access to various vehicle properties from +applications and/or other middleware. Standardized interfaces are provided to vehicle CAN, and +LIN bus. Figure 7-27 describes overall architecture of Vehicle Info Control. The main purpose of +VIC is to provide API to application and/or middleware. Vehicle Info Control has four main +functions. +· Vehicle Data Processing +· Communication between ECUs +· Vehicle Data Upload +Page 132 of 159 +![](media/picture248.jpeg)![](media/picture249.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· Simulator +**Figure 7-27 : Overview of Vehicle Info Control** +**5.2.11.1 Vehicle Data Processing** +Vehicle data is the information about the vehicle itself, and the information in cars (for example, +personal information on a driver, etc.). VIC deals with all the information which application +and/or middleware need within vehicles. The following data is contained in these. +· +Vehicle information about the vehicles itself, such as speed, a shift position,‑temperature +· User Information, such as a name, taste, etc. of a driver +· The operation history of a driver +Page 133 of 159 +![](media/picture250.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· +The operation state of the vehicles which middleware determined based on vehicle +conditions, such as speed and day and night +Vehicles data processing consists of the following functional elements further. +(1) Abstraction of Vehicles Data +In VIC, all vehicles data is treated as abstract data. it concerns and comes out of this to the kind +of car, or the country of the destination. For example, though speed is detected at the revolving +speed of the wheel, in VIC, vehicles data is abstracted and treated at speed and it provides for +application and/or middleware. Thereby, application and/or middleware can treat the vehicles +data of the same implications and the same unit. +(2) Maintenance of Vehicles Data +Each abstracted vehicles data is held. The vehicles data to hold is a current value and the past +value (history). +(3) Application / Middleware Interface (API) +The accessing function of the vehicles data from application and/or middleware is offered as API. +Acquisition of the current value of vehicles data or the past history, a setup of vehicles data, and +the change notice function of vehicles data are included in this. However, each vehicles data +restricts the application and/or middleware which can be accessed according to the importance +(access control). +(4) Vehicles Interface +It is a function for managing the various data of vehicles of in-vehicle networks, such as CAN +and FlexRay, etc. The component in which the exchange with actual vehicles performs the +exchange with vehicles by a vehicle type since it is various is not included in requirements. +However, the correspondence procedure of it and VIC is specified. It assumes that two or more +Vehicle Interface is prepared depending on a communication method with vehicles, etc. In +addition, the vehicles data which can be accessed for every Vehicles Interface is restricted. +**5.2.11.2 Communications between ECUs** +Page 134 of 159 +![](media/picture251.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +When a system consists of two or more ECUs, the vehicles data managed by ECU other than +ECU in which application and/or middleware are working shall also be treated. For this reason, +vehicle information processing communicates with it of other ECUs. Thereby, application and/or +middleware can be treated, without caring about by which ECU required vehicles data is +acquired. In addition, the communication function between ECUs also restricts the vehicle data +which each ECU can access. +**5.2.11.3 Vehicle Data Upload** +When a system consists of two or more ECUs, the vehicles data managed by ECU other than +ECU in which application and/or middleware are working shall also be treated. For this reason, +vehicle information processing communicates with it of other ECUs. Thereby, application and/or +middleware can be treated, without caring about by which ECU required vehicles data is +acquired. In addition, the communication function between ECUs also restricts the vehicle data +which each ECU can access. +**5.2.11.4 Simulator** +In the development environment of application and/or middleware, since actual vehicles data is +unacquirable, it is preparing the simulator which imitated actual vehicles, and makes +development environment construction easy. By a simulator, it assumes using the steering wheel +controller for PC games. Since this function is an object for development environment, let it be +an option. +**5.2.11.5 Requirements** +The system must hold vehicle information and must offer the mechanism in which application +and/or middleware can access vehicle information. +The system must provide application and/or middleware with vehicle information as an abstract +property. For example, the speed of vehicles must be not the number of rotations of a wheel but +the speed of a car. +System must provide a mechanism to add or delete vehicle property easily. +Page 135 of 159 +![](media/picture252.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System must support typical vehicle property as “standard property”. +As for a standard property, it is desirable for the same attribute name to be the same meaning. +System must provide a mechanism to add or delete custom vehicle property easily. +A custom property is a property which a system donor can add uniquely in addition to a standard +property. +Let the unit of the value of Vehicle Info Data be an international unit(meter, gram, …etc) +The value of Vehicle Info Data should have sufficient accuracy which application and/or +middleware need. For example, when a unit is made into Km/h, an integral value is not enough +as the accuracy of Velocity. It is necessary to change Km/h into MPH in the country of a mile +display. Moreover, it is because the error of the speed display is defined by law. +A vehicle information control facility requires the mechanism in which vehicle information is +stored. A lot of events generate some information at high speed. About such information, the +load to a system has few directions processed collectively. Moreover, when data is taken and +spilt by an application, the structure which can carry out recovery is required. +It is not realistic to accumulate all the information that changes at high speed. For this reason, In +corresponding to neither of the following, it shall not store the change data. +· +The amount of change of a value. It is not accumulated when the difference from the +accumulated newest value is less than a threshold value. +· +Lapsed time from the last change It does not accumulate, if time has not passed since the +newest accumulation. +About each vehicle information, the threshold value and cumulative dosage of accumulation need +to be able to set up easily. +In addition, it also makes it possible not to accumulate specific vehicle information. +System must provide an interface to application and/or middleware regarding vehicle property +access. +System must provide an interface to retrieve vehicle property from application and/or +middleware. +Page 136 of 159 +![](media/picture253.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Below attributes must include in this interface +· Zone(optional) +· Property name +· Value +· +Timestamp - Timestamp specifies last updated time of corresponded vehicle property. +System must provide an interface to set abstracted value to vehicle property from application +and/or middleware. +Below attributes must include in this interface. +· Zone(optional) +· Property name +· Value +System must provide an interface to subscribe status change of vehicle property from +application and/or middleware. +When status changed, system must invoke callback function with below attributes. +· Zone(optional) +· Property name +· Value +· Timestamp +· Sequence number +Timestamp specifies last updated time of corresponded vehicle property. +Sequence number is useful to check event order. +The acceptable value of change can be specified for vehicle information about the notice of +change of vehicle information. +In order to lower system-wide load, it will not notify, if it is change which is less than an +acceptable value even if vehicle information changes. +For example, although engine number of rotations changes every moment, in the case of the +application which displays it in 20 steps, it is not necessary to know less than several percent of +change. +Page 137 of 159 +![](media/picture254.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +It shall not notify the change, in corresponding to neither of the following. +· +The amount of change of a value - It does not notify, if the amount of change of the +value from the last notice of change is less than specification. +· +Lapsed time from the last change - From the last notice of change, if it is less than a +definite period of time, it does not notify. +Depending on application, the notice with a fixed cycle is more convenient than the notice at the +time of change. +What is notified only the specified cycle even if it changes two or more times into the specified +notice interval is made possible. +The data stored is acquired collectively. +Below attributes must include in this interface. +· Zone(optional) +· Property name +· Values +· Timestamps +It is desirable that the time range to acquire can be specified. For example, data from 10 +seconds before to the present, data from 13:20 to 14:00, etc. +There is an attribute for which change/reference is simultaneously needed in relation to mutual +in vehicle information. For example, latitude, longitude, and an altitude are changed +simultaneously. If these pieces of vehicle information is changed and referred to individually, the +newest longitude may acquire the value in front of one, and a current position may be unable to +recognize latitude correctly. For this reason, it is necessary to summarize the vehicle information +relevant to mutual and to access it. +Access of ones of those vehicle information is deterred until renewal of all the vehicle +information included in Property Set at the time of a setup of vehicle information is completed, +and renewal of ones of those vehicle information is deterred until it completes acquisition of all +those vehicle information at the time of reference. +The definition of the vehicle information included in Property Set is being able to change easily. +Or the thing which can be changed from a program during operation. +Page 138 of 159 +![](media/picture255.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System must provide a mechanism of access control per each property. For example, property +"velocity" can be accessed from only application A and B, but property "turn signal" can be +accessed from all applications. +System must also provide a mechanism of access control per each method even if same +property. For example, about "seat setting", all applications can get this property, but only +application C can set this property. +Permission for each property and method must be configurable easily. Because, access control +policy may be different per car type, grade and destination. +System must provide a mechanism to enable routing any vehicle property both within same ECU +and across two or more ECU’s. +If a Property Change event is received from VIC, change can be notified to all the applications, +middleware and other VICs which are subscribing change of the vehicle information. In addition, +the notice of change must be able to be distributed also to the application and/or middleware +which exist in a different ECU. +VIC can be requested to set the value specified as Property. +It can set, even if it exists on ECU from which an application and VIC differ. +The newest value can be returned immediately, without asking VIC to the acquisition demand +from an application. For this reason, keep the newest value of each Property. +Even if it is in ECU from which VIC of the Property differs, the demand from an application +responds. +It can exchange with two or more VICs. Addition and deletion of Data Provider can be performed +easily. +The data exchange between ECUs should be permitted by VIC. +All data transmission and reception from other Software Component are refusing. +Page 139 of 159 +![](media/picture256.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +The system should have a mechanism which communicates the stored vehicles. +The vehicle information to upload is being able to choose. +A selection condition is that the following specification is possible at least. +· Date-and-time range +· Object vehicles data +· The change threshold value of vehicles data +Enable change of selection of vehicle information easily. As for this, it is desirable for it to be +able to change dynamically from an external. +The simulator of vehicles data using the steering wheel controller for PC games, etc. as +substitution of actual vehicles in development environment is prepared. +Car Simulator is being able to notify the following vehicles data to vehicles data processing +activities through a vehicles interface function at least. +· Speed +· Shift position +· The direction of vehicles +· Latitude and longitude of a current position +· Turn signal +The steering wheel controller for PC games to be used is being able to obtain easily. Moreover, +it is desirable that two or more steering wheel controllers can be used. +VIC should fill the following performance specifications and performance. +It is a value on condition of H/W assumed that the following values will be used for in-vehicle +information machines and equipment in 2016. +Page 140 of 159 +![](media/picture257.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· Maximum number of properties : 4,096 +· Maximum number of property sets: 1,024 +· Greatest data storage time : 12 hours +It is a value on condition of H/W assumed that the following values will be used for in-vehicle +information machines and equipment in 2016. +· Get/Set method(one property) - 0.2ms +· Get/Set method(property set include 30 properties) -1.3ms +· Subscribe callback - 2.5ms (after change of a value) +· +GetHistory method(for within 3 minutes after the present) - 0.2ms +· +GetHistory method (older than 3 minutes from the present) - 50ms +VIC is being able to change without having composition which has pliability and extendibility +about the vehicles data to manage, and reconstructing the whole VIC about the kind and +attribute of vehicles data. +Vehicle Interface treats various kinds of in-vehicle LAN and sensors, and they are mounted by +various H/W according to a maker or a vehicle type. For this reason, VIC needs to be able to add +and change Vehicle Interface without reconstruction of VIC. +Abstraction of vehicles data is the duty of Vehicle Interface in principle. This is because it is +necessary to change the concreteness data depending on H/W of in-vehicle LAN or sensors. +However, an abstract vehicles data value may be decided by combination of the concreteness +vehicles data from two or more Vehicle Interface. In this case, VIC needs to change two or more +concreteness vehicles data into one abstract vehicles data. +Since this conversion is dependent on H/W of in-vehicle LAN or sensors, so it cannot be +mounted in the VIC itself. +In order to solve this, suppose that the mechanism in which such a conversion module can be +added without reconstruction of VIC is prepared for VIC. +**5.2.12 Telematics Services** +V2V, V2I, RVI, Traffic information, etc. +Page 141 of 159 +![](media/picture258.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +**5.2.13 Window System** +A window system is a software component that facilitates an implementation of graphical user +interface. A window system is responsible for managing display devices, Graphics Processing +Units (GPUs), input devices, and graphics memory. A window system works with the software +component named window manager that is responsible for a layout management of windows, +and a routing of user interactions. +AGL specifies that automotive grade Linux shall support multiple windows on a display. +AGL specifies that automotive grade Linux shall support multiple windows owned by multiple +processes to be rendered on a display. +AGL specifies that automotive grade Linux shall support rendering to off-screen buffer to +achieve flicker less rendering. +AGL specifies that automotive grade Linux shall support composition of windows with off- +screen buffers. +AGL specifies that automotive grade Linux shall support a translucent window, i.e. underlying +objects underneath the translucent window is visible depending on the alpha values of pixels. +AGL specifies that automotive grade Linux shall make OpenGL/ES 2.0 API compliant to Khronos +group available to clients for their rendering. +AGL specifies that automotive grade Linux shall have a window manager that uses only public +APIs provided by Window System and OpenGL/ES 2.0 for rendering and user interaction. +AGL specifies that automotive grade Linux shall support window manager that is replaceable by +configuration. +AGL specifies that automotive grade Linux shall provide a window system that abstracts the +*underlying display subsystem and GPU. AGL specifies that automotive grade Linux shall hav*e a +Page 142 of 159 +![](media/picture259.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +window manager that relies on a standard rendering API such as OpenGL/ES 2.0 only. The +window manager shall not rely on any hardware specific API. A window system and OpenGL/ES +2.0 API are responsible for a hardware abstraction. +AGL specifies that automotive grade Linux shall support multi-headed display where available. +AGL specifies that automotive grade Linux shall support mirroring of windows to multiple +displays. +AGL specifies that automotive grade Linux shall support hardware layers, such as DRM planes, +where available. +AGL specifies that automotive grade Linux shall compose windows using available hardware +acceleration capabilities. +AGL specifies that automotive grade Linux shall support management of windows and inputs +from users depending on statuses of a vehicle. The statuses of vehicle include a speed of a +vehicle, a motion of a vehicle, etc. For instance, the inputs may needs to be limited while the +vehicle reaches to the certain speed. +AGL specifies that automotive grade Linux shall abstract physical input devices such as buttons, +a touch panel, a control knob etc. +AGL specifies that automotive grade Linux shall support On-screen keyboard which takes input +from available physical input devices. +**6 Security Services** +Security framework +6.1 Access Control +Access Control describes requirements for AGL Access Control. +Page 143 of 159 +![](media/picture260.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Access control is a mechanism to grant / deny access to APIs/files in the system. +**6.1.1 Requirements** +AGL system must support a system-wide access control mechanism. +**7 Operating System Layer** +7.1 Kernel +**7.1.1 Linux Kernel** +Automotive Grade Linux uses the Linux Kernel. The kernel is constantly evolving with a new +release about every sixty days. The automotive industry has design cycles of three to five years +for IVI systems. Somehow a balance must be struck between updating operating system and +kernel every few months and keeping up to date with modern features that the kernel and the +rest of the open source community provides, +**7.1.1.1 Requirements** +AGL kernel shall be based on Long Term Support Initiative (LTSI) kernel. +At the moment LTSI kernel is the only open source/public kernel that gets closer to automotive +industry needs – it has certain automotive industry demanded components integrated, it is fully +aligned with Linux LTS trees so it leverages security fixes and/or generic bugfixes adapted by +Linux community, LTSI kernel merge window is more flexible to industry demands and allow to +accumulate wider set of features, components and bugfixes relevant for industry (comparing to +regular Linux kernel merge/release cycle). LTSI kernel is thoroughly validated manually and with +the help of automated tools to track and discover anomalies and regressions. +AGL development process should utilize bug tracker with ability to mark bugs as open/fixed on +particular distribution branches. Open bugs should have direct impact on release decisions. +Page 144 of 159 +![](media/picture261.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +7.2 Boot Loader +7.3 Hypervisor +TBD. Need to add very basic “background” regarding virtualization, explain about OS-level +virtualization/isolation, then about type1/type2 hypervisors (virtualization). In modern IVI +systems OS-level virtualization is widely used (applications isolation, combination of Android +and Linux apps together), future – maybe Linux/IVI + ADAS + Instrument Cluster = guests on +top type1 hypervisor. +**7.3.1 Requirements** +AGL shall provide OS-level mechanisms for running multiple isolated instances (containers) that +have its own directory structure, network devices, IP addresses and process table. The +processes running in other containers shall not be visible from inside a container. +AGL Linux should be configurable to work as Type-1 “bare-metal” hypervisor “guest”. Following +functionality shall be supported by AGL Linux “guest”: +· IPC (with hypervisor and other “guests”) +· +“paravirtualized” device drivers for peripherals shared with other “guests” (unless +virtualization abstraction is supported by hardware) +7.4 Operating System +**7.4.1 File Systems** +File system (FS) requirements for AGL concentrate on Reliability, Accessibility, and Serviceability +as their main characteristics. +· +*Reliability*means data integrity protection, automatic error detection and correction, +tolerance to power failures, robustness under stress I/O load in multi-process +environment, extended lifetime via use of wear leveling and bad block management +techniques. +Page 145 of 159 + + ------------------------------------------------------------------------------- + > **FS Requirements** > **R-FS References** + ------------------------------------------------------ ------------------------ + > 6. File Systems (P1) > 2. btrfs + > > + > 6.1. Robust File System for managed internal > 2.1. + > > + > storage (P1) > btr + > > + > 6.1.1. Power failure tolerance (P1) > fsc + > > + > 6.1.2. Quick recovery after power loss > k + > > + > (P1) > 3. ext2 + > > + > 6.1.3. Multi-threaded I/O (P1) > 3.1. + > > + > 6.1.4. On-demand integrity checker (P1) > e2 + > > + > 6.1.5. Read-only mode (P1) > def + > > + > 6.1.6. Non-blocking unmounting (P1) > rag + > > + > 6.1.7. Means for optimizing I/O > 4. ext3 + > > + > performance if it may degrade under > 5. ext4 + > > + > certain conditions. (P2) > 5.1. + > > + > 6.1.8. File space pre-allocation (P2) > e4 + > > + > 6.1.9. Meta-data error detection (P2) > def + > > + > 6.1.10. File data error detection (P2) > rag + > > + > 6.1.11. Online integrity checking (P2) > 5.2. + > > + > 6.1.12. Write timeout control (P2) > e2f + > > + > 6.1.13. Compression support (P2) > sck + > > + > 6.1.14. Quota support (P2) > 6. vfat + > > + > 6.1.15. I/O process priority (P2) > 7. UBIFS + > > + > 6.1.16. File system event notifications > 8. Generic + > + > tools and + > + > APIs + > + > 8.1. + > + > fan + ------------------------------------------------------------------------------- + +![](media/picture262.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +· +*Accessibility*means ability to use external storage devices, as well as accessing +designated parts of internal file system over secure wired or wireless connections. +· +*Serviceability*means ability to upgrade AGL as a whole or by updating individual +packages, and availability of file system checking and optimization tools. +![](media/picture263.jpeg)Automotive Grade Linux Requirements Spec v1.0 +(P2) +6.1.17. Logical block size control (P2) +6.1.18. Snapshots (P2) +6.2. File System for non-managed internal +storage (P1) + +May 28, 2015 + +otif + +y + +8.2. + +fst + +rim + +6.2.1. All P1 requirements from +FS.1.1.x list (P1) +6.2.2. Wear leveling (P1) +6.2.3. Error detection/correction (P1) +6.2.4. Tolerance to flipping bits (P1) +6.2.5. Read/write disturb awareness +(P1) +6.2.6. Bad block management (P1) +6.2.7. As many P2 requirements from +FS.1.1.x list as possible (P2) +6.2.8. Wear leveling statistics (P2) +6.3. File Systems for removable storage (P1) +6.3.1. Restricted functionality from +security point of view (P1) +6.3.2. Automount/autounmount (P1) +6.3.3. Automatic synchronous flushing +of modified data to physical media (P2) +**7.4.1.1 Requirements** +AGL shall provide a set of file systems to support the following types of storage devices: +internal managed (SSD, eMMC, etc.), internal non-managed (raw NOR and NAND FLASH +memory), removable managed (USB stick, SD card). +AGL shall provide robust file system suitable for use on managed internal storage devices, +Page 147 of 159 +![](media/picture264.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +AGL shall provide robust file system suitable for use on non-managed internal storage devices, +AGL shall provide a set of file systems popular on removable media devices. +A system must be able to withstand power failures under heavy load of meta-data-intensive, +and data-intensive operations, including power-failures during OS startup, and shutdown. +A file system must be able to restore good data and meta-data state after unexpected power +interruption without performing the full time-consuming integrity check. Such recovery should +not add more than a second to the normal boot process after power failure on idle system. +Normally this is achieved via journal- or log-based (also known as transactional or copy-on- +write) operation. +A file system must be able to handle meta-data-intensive, and data-intensive I/O from multiple +threads and/or processes simultaneously. +A file system must have integrity checking tool with ability to execute it on-demand. +A file system must be able to switch between read-only, (when no data is committed to physical +storage device), and read/write modes in runtime. E.g. via “mount –o remount,ro <device>” +command. +AGL must support “lazy” (delayed) unmounting. +AGL should provide means for optimizing potentially degraded I/O performance after prolonged +file system and storage use. Often, this refers to offline or online file system defragmentation. +Another example is periodic fstrim execution on SSD storage. +A file system should be able to pre-allocate space for created/extended files on request. This +may be used to minimize fragmentation of frequently written files. +A file system should have an option of automatic error detection in its meta-data. +Page 148 of 159 +![](media/picture265.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +A file system should be able to associate error detection codes with separate blocks of stored +data, and to verify the data against the codes in runtime upon each read from a physical device. +A file system should have a utility for meta-data integrity checking on mounted partition. +A file system should allow changing timeout after which it flushes modified data to physical +media. +A file system should support automatic data compression. +It should be possible to enable file system quotas for particular users and/or groups. +AGL should allow to set I/O scheduling class and priority for particular processes. +AGL should allow user space applications to subscribe for file and directory change notifications. +Making logical block size equal to a power of physical block size may improve physical I/O +performance, and decrease file fragmentation impact. +A file system should allow creation of snapshots. +A file system must perform wear leveling before writing data, so that the limited number of +erase/program cycles is evenly distributed across all device blocks. +A file system must support the following error detection/correction algorithm(s): BCH4, BCH8. +A file system should not just be able to detect/correct a number of flipped bits but should also +actively prevent the issue from happening in the first place, especially after unexpected power +interruption. Known techniques include forced reprogramming of blocks that were in use at the +time of power failure, and copying data to a fresh block after detected error correction. +A file system should not just be able to detect/correct errors caused by read/write disturb +Page 149 of 159 +![](media/picture266.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +phenomenon but should also actively prevent the issue from happening in the first place. Known +techniques include limiting the number of read cycles between erases, and copying data to a +fresh block after detected error correction. +A file system must perform bad block detection and management transparently to file system +users. +Current FLASH wear-related statistics should be accessible via user-space utility. +A file system must support noexec, and nodev mount options. +A file system must be able to automatically mount plugged-in removable media, and +automatically unmount it when unplugged. +A file system must support sync mount option. +AGL shall provide a set of file systems to support the following types of storage devices: +internal managed (SSD, eMMC, etc.), internal non-managed (raw NOR and NAND FLASH +memory), removable managed (USB stick, SD card). +**7.4.2 Resource Control** +In IVI system, it depends time and occasion that which application and/or middleware should be +higher priority. Resource control provides basic functionality regarding proper resource +allocation for each process and/or process group. +(cgroups) +**7.4.2.1 Use Case and Role** +If end user specified a destination and started route guidance, map drawing following current +position and voice and/or visual guidance should be treated as higher priority than others. +On the other hand, if end user is watching a movie, movie player and decoder should be assigned +Page 150 of 159 + + ------------------------------------------------------------------------------------------- + > **No.** > **Role** > **Description** + ----------- -------------- ---------------------------------------------------------------- + > 1 > Priority > Allocate resource via its own priority. High priority + > + > process and/or process group should be assigned + > + > more resource. + + > 2 > Time slot > To share resource per time slot. + + > 3 > Release > Forced release of partially or whole allocated + > + > resource. + + > 4 > Grouping > Grouping two or more processes, and allocate + > + > resource per defined process group. + ------------------------------------------------------------------------------------------- + +![](media/picture267.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +to higher priority than others. +Important point is that it may assign two or more high priority application and/or middleware at +the same time. And, one function may be provided from two or more processes. +Table 9-33 describes the role of resource control to be satisfied above purpose and use cases. +AGL assumes four types of resources, CPU, memory, storage bandwidth and network +bandwidth. Table 9-34 describes associated roles per each resource type. +**Table 9-34 : Functions of System Resource Management** +**7.4.2.2 Requirements** +7.4.2.2.1 Priority +System provides a mechanism to set resource priority per each process. +Page 151 of 159 +![](media/picture268.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +System provides an interface to set and refer resource priority of specific process. +This interface must be called from other process. +CPU resource must support “priority” based resource management. +Resource Manager should dynamically change the ratio of offering resources according to the +status of resources using by system. And its configuration must be changed easily. +Resource Manager should log the status of resources using by system. +Resource Manager should offer resources separately to threads of user land and threads of +kernel. And Resource Manager should treat the bottom half and software interrupts as high +priority tasks. +7.4.2.2.2 Time Slot +When two or more process request to same resource at the same time, system must provide a +mechanism to mediate to guarantee the time slot to obtain specific timeframe for each +processes. +System must provide an interface to set specific timeframe to obtain time slot per each process. +System must provide a mechanism of resource sharing by time slot regarding CPU, storage +bandwidth and network bandwidth. +Scheduler should detect the status of resources for each thread. +Scheduler must not run the specific thread for more than 10 micro second. +Scheduler should guarantee that threads can run periodically. +Scheduler should control the dispatches that occur extremely. +Page 152 of 159 +![](media/picture269.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +7.4.2.2.3 Release +System must provide an interface to release all or partial resource which had obtained by +specific process. +System must provide a mechanism of resource releasing regarding memory resource. +7.4.2.2.4 Grouping +System must provide a mechanism to group two or more processes regarding resource +management such as priority, time slot and releasing. System must able to assign same +attributes to grouped processes altogether. +System must provide an interface to group two or more processes from other process. +System must provide a mechanism to group regarding CPU, memory, storage bandwidth and +network bandwidth. +**7.4.3 Startup/Shutdown Control** +Boot/Shutdown Control is a mechanism to control boot and shutdown of a program running in a +user space. The order of boot/shutdown in the target program can be easily swapped depending +on the product configuration. Boot/Shutdown Control supports both “static order” which +boots/shuts down the program according to the static dependency of each program, and +“dynamic order” which swaps the order dynamically in specific conditions. +**7.4.3.1 Use Cases** +(1) Static Modification of Boot/Shutdown Order +a. +Setting up of Boot/Shutdown Order Based on Product Configuration +To support various product configurations, the integrator configures/modifies orders of boot/shutdown +for all programs running on the target device. +Page 153 of 159 +![](media/picture270.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +b. +Configuring the Order of Boot/Shutdown during a Program Development +In order to evaluate a developed program, the developer modifies only the order of the developed +program in target programs. +c\. Configuring the Order of Boot/Shutdown when Software Update +Maintainer modifies the order of boot/shut down for a program to be updated when software update. +(2) Dynamic Modification of Boot/Shutdown Order +a. +Prioritized Boot of the Features which the User was Previously Using +It dynamically modifies the boot order of the target program in order for last used features (e.g. audio) to +be operated by priority when ACC turns ON. +b\. Prioritized Boot of Update Functionalities +Update related programs are booted by priority when connected with maintenance kit and ACC turned +ON. +**7.4.3.2 Requirements** +Boot/Shutdown Control shall start components, which are configured to be started. +Boot/Shutdown Control shall ensure that dependent components are started in the order that +has been configured. +Boot/Shutdown Control shall start independent components in parallel. +Boot/Shutdown Control shall stop components, which are requested to be stopped. +Boot/Shutdown Control shall ensure that dependent components are stopped in the order that +has been configured. +Page 154 of 159 +![](media/picture271.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Boot/Shutdown Control shall be configurable by run level to start corresponding modules. +**7.4.4 Database** +Due to the nature of AGL operating environment, it is very important for DB engine to guarantee +database instance integrity after power failures. Other important feature for generic system +database engine is rich set of bindings to various programming languages. +Below is short summary for better understanding of DBS Requirements and References +hierarchy. +1. Power failure tolerance (P1) +2. Quick recovery after power loss (P1) +3. Multi-threaded I/O (P1) +4. API bindings for C programming language +5. On-demand integrity checker (P2) +DB instance integrity must be ensured after power failures under heavy load of read and write +DB transactions. +DB engine must be able to quickly restore good data state after unexpected power interruption. +Such recovery should not add more than a second to the normal boot process after power +failure on idle system. +DB engine must allow read and write access to DB instance from multiple threads and/or +processes simultaneously. +DB engine API must be available for C-based applications. +DB engine should have DB instance integrity checking tool with ability to execute it on-demand. +DB engine must be able to quickly restore to a previously defined state after unexpected power +interruption during adding some data. +Page 155 of 159 +![](media/picture272.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +DB engine should have availability to merge some data from internal and external databases, +such as vehicle information database and databases at data center. +And DB engine should have accessibility to allow read access to DB instance during merging. +Also, DB engine should have durability not to break its data after unexpected power interruption +during merging. +**7.4.5 System Update** +Maintenance of in-vehicle devices is also an important role for any automotive system. There are +numerous use cases for updating the device software such as software failure,security patching, +bug fixes, and new features. Because automotive devices are battery operated and subject to +power cuts any System Updates must be robust enough to withstand sudden power loss. +System Update module should have a Robust version up function. +System Update moduleshould have a system difference version up function. +There should be a data update structure for each file or package (same as WindowsUpdate or +apt of Linux distribution). +There should be a data update structure for each file or package (same as WindowsUpdate or +apt of Linux distribution). +Difference update should be enabled for kernel, middle ware and application. +If power discontinuity (forced restart) occurs during update for differences, the system should +be recovered after choosing the status (before or after update) for each update target. +If power discontinuity (forced restart) occurs during update for differences, the status (during +update) should be detected and the system should restart. +Time required for applying patch should be 5 minutes maximum for single 10MByte data. +Page 156 of 159 +![](media/picture273.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +Memory usage for difference update should be maximum 1Mbyte. +Unit amount for difference data should be 10MByte maximum for difference update. +System Update moduleshould have full version up function for whole system. +Kernel, middle ware and application should be mass updated. System structure should allow +mass update. +There should be mass update structure for kernel, middle ware and application. +If power discontinuity (forced restart) occurs while mass update of kernel, middle ware and +application, the status (during update) should be detected and the system should restart. +If power discontinuity (forced restart) occurs while mass update of kernel, middle ware and +application, the status (during update) should be detected and the system should restart. +7.5 Device Drivers +Device drivers may be in kernel space or user space or a combination of both. +**7.5.1 Peripherals** +Typical IO device drivers such as SPI, USB, memory, I2C that are typically present on a SOC. +The flash process must be robust with an endurance of more than 10k write/erase cycles and +data retention over 15-years/10 ppm, assuming application specific worst-case conditions. For +optimised timing for downloading and restoring data the programming access time shall be less +than 50 s/byte average. +The EEPROM process must be robust with an endurance of more than 100k write/erase cycles +and data retention over 15 years/10ppm. Higher programming voltage than 5 V for Flash or +EEPROM is not allowed. +Page 157 of 159 +![](media/picture274.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +In applications that need to save data at power down, the programming access time must be +fast. (target <1ms/byte) +N.B. EEPROM functionality can be emulated in flash memory passing the requirements above. +**7.5.2 Graphics Drivers** +Graphics drivers provide the interface to the graphical resources (e.g., GPU) within the system. +This may include on-board graphical resources or a separate GPU from the main SOC. +**7.5.3 Video Drivers** +Video codecs allow the system to decode and/or encode video for playback or recording. Video +codecs will nearly always be hardware based. +**7.5.3.1 Requirements** +The system shall provide device drivers to access any hardware implementation of video +functionality. +**7.5.4 Audio Codecs** +**7.5.4.1 Requirements** +Automotive Grade Linux BSPs shall provide devices drivers to access audio codecs that are +implemented in hardware. +Automotive Grade Linux BSPs should provide software implementations for those audio codecs +that are required for AGL-based products and not supported in hardware. +**7.5.5 Automotive Devices** +Device drivers for automotive related devices. This may includes buses such as CAN, MOST, or +*LIN. Device drivers may be required for receivers (AM, FM, SDARS, etc). Drivers may also be* +Page 158 of 159 +![](media/picture275.jpeg)Automotive Grade Linux Requirements Spec v1.0 +May 28, 2015 +required to directly interface to sensors that may not be on the bus such as gyros used for +navigation or an air bag sensor for a telematics system. +**8 Notices** +Linux is a registered trademark of Linus Torvalds. +The Linux Foundation and Yocto Project are registered trademarks of The Linux Foundation. +Bluetooth is a registered trademark of the Bluetooth SIG Inc. +Miracast is a registered trademark of the Wi-Fi Alliance. +MirrorLink is a certification mark of the Car Connectivity Consortium. +AirPlay is a trademark of Apple, Inc. +Page 159 of 159 |