08/18/2015 at 00:23 •
Published 1st Video of 2mins to meet Stage 2 requirements. Had a lot of difficulties with the video editing, disturbing to found out that under Linux it has not been improved a lot. Regardless video is a fact and will be continuing to update.
1. Link to video on youtube added in main project description.
2. Link to presentation (updated) used in the video
3. Added TPM as part of components list, will update with exact part number asap. The issue is to find easy to use package and to find TPM 2.x and not TPM1.x ,which have a big difference.
4. Will push TPM related code this weekend, also I think is best to fork the Trusted U-boot on IAMCIty GitLab repo and to push the 3.14 official BSP kernel. If possible will use 4.1 kernel as it's the next LTS and must have even better SoloX support than 3.14.
5. On hardware , expect the TPM search I'm doing, will ping F&S for the HW platform status.
- Also need to notify you, as well them, that will have to use an usb camera interface for the IAMCIty PoC. That I think will also accelerate the HW platform arrival.
Time constrains are more tight than I initially thought. Even maybe understood, but that's for me to deal with ;-)
Will do my best this weekend to push 1 more update about TPM, HW platform and some source code for the attestation part. Also maybe I can provide some info on DSP and GNU octave, but am not yet sure.
Thanks once more for your interest and time!
08/07/2015 at 00:48 •
* Please find here IAMCIty Introduction and 1st Presentation the 1st technical related presentation of what's currently known. I myself expected to be more in-deep, but expect 2 more to come before 17 August. So stay tuned on next 2 weekends ;) Also there I'm mentioning the Sponsor of the hardware development platform for IAMCIty with links and just a brief info about the Company.
* Updated IAMCIty Logo - This is only 1 of 20+ versions available currently to me:
Graphical work by Grozdan Tomov, naturally my supportive father with free and engineering spirit = ))
* Earlier today pushed Final concept of operations for IAMCIty, added Freescale tag to the project.
* Now I'm officially submitting the project for #Hackaday2015Prize
To be honest a bit pass midnight, but had to finish this. And must admit expected to take me less time to produce 1st brief technical overview of what's currently known. So long-story short after F&S "put a check mark" on HW development platform, I've started getting more technical. But I'm a bit foundation type of 'person'. Can't release something that I'm not sure is true, so currently withdrawing drafts, notes, that will produce 2 more presentations in next 2 weekends before 17th of August (as said above). Attestation and External operations would be the targeted topics - 1 presentation each. And will be starting the DSP algorithms research and development in the meantime.
Now lets push this project log and enter the project into Hackaday2015Prize.
Grenoble/Europe = )
08/06/2015 at 01:38 •
Very Quick update:
* Finally released the final "Concept of operation" of #IAMCIty = ) ( Being self-ironic ;-) )
* Also today I'll be releasing the 1st of many technical presentation
* More good news Surprisingly as completely out of the blue received amazing sponsorship offer from F&S Elektronik Systeme GmbH (https://www.fs-net.de/) , a German-based company producing Single Board Computers and Modules for industrial purposes , and of course not only for that one purpose. They expressed the wish to grant me a Development platform for IAMCIty! And platform exactly with SoloX SoC. More valuable information about the generous sponsorship and the platform itself + links with technical details find below. But even more detail stay tuned for the presentation mention above, to follow today.
* Will be releasing the IAMCIty LOGO again today ! A lot of catching up to do.
* Added Freescale tag to the Project - why , well it's for more than one reason, keep reading below if curious :-)
Before I give you the interesting info let me say that past months with no update on IAMCITY for me actually were very extensive.Tody is going to be one of the peaks, but it's for a very good reason - To push forward IAMCIty and start the actual RnD process. That can make me only happier than before ! And it does :-) It will be even super if someone following the project gets some joy from all the updates that are and will take place today.
All of the Final conpect of operation can be possible only with extensive, enhanced and modern Security features of the Computational Device. In an embedded systems those device where once only Microcontroller units (MCU), then came the System on Chips (SoC) solutions. Now there are Microprocessor Unit (MPU) type of Solutions and finally Hybrid solutions, which fall into the category of SoC. Those hybrids can integrate both MPU, MCU and even FPGA. Which is the really interesting part. For this PoC the choice fall upon i.MX6 SoloX which features such Security extensions. And is to a sense hybrid solution for me as it features asymmetric multicore design. Combining both worlds of Cortex-M4 and Cortex-A9. My very rough definition would be “close to real-time MCU” plus “application MCU”. What makes it stand-out from most other ARM-based SoC, even having similar internal architecture. SoloX includes built-in secure boot mechanism and surrounding built-in peripherals for that, then we have the hardware accelerated encryption peripherals built-in and even ARM IP for securing one embedded application called TrustZone. Where TrustZone received its power features in ARMv8, ARMv7 architecture still has it's edge, even there.
Thanks to F&S Elektronik Systeme GmbH (Official company web-site: https://www.fs-net.de/ ), I'll be given a development platform based on i.MX6 SoloX SoC that I will use for IAMCIty Research & Development. The platform it-self will have at its heart this module “efus™A9X“ holding the SoloX CPU/SoC and necessary peripherals, including of course RAM and Flash memory for the firmware ( official product page: https://www.fs-net.de/en/products/efus/efusa9x-freescale-imx-6solox/ ). For the actual RnD process of the device IAMCIty is going to be that module is going to be installed in a Carrier / Base board “efus™ Base Board“ (official product page: https://www.fs-net.de/en/products/startinterfaces/efus-base-board/ ). NB: Currently the Base board for “efus™ A9X” is not yet officially released.
NB: SoloX is not pin-to-pin compatible with other Members of the i.MX6 series SoC (please check images from 08.06 project log).
So thank You again F&S Elektronik Systeme for not only deciding to sponsor me and IAMCIty in particular, but also to in-fact deciding to give early access to such hardware as one complete EVM/Development platform for SoloX. And this way IAMCIty received its Hardware foundation = ) And also the saved budget on the platform can go for other needed parts in the process of developing IAMCIty. Again possible, because of the generous Sponsorship !
Also I would like to thank Freescale for extensive communication over Twitter, which made me even more driven to push for IAMCITy. That shows there's a usefulness in social networks, but more is to show that leading companies are taking time to read-understand-reply to an individual. Which is … well – amazing in my book. I've now added of course the Freescale tag to IAMCIty project :-) For more than one reason, and not only HW related, being direct ;-)
UDOO also responded to my messages on Twitter and for that I'm also thankful. They put an effort to follow the tread and reply more than once as well – I appreciate it !
On the non-technical part I must thank greatly to @Sophi Kravitz from Hackaday.io, who literally didn't gave up to 'ping' me about IAMCIty. It was not the count for sure, which was not so high, but the content that the “pings” contained. Which from my perspective where indeed very brief, yet very well directed. And the last ping had the greatest impact to be honest. But to be completely honest , only because the previous messages have created the foundation for that. Big thumbs-up for the efforts and time Sophi ^_^
Again - Thanks to everyone who made that project go forward , again ! Because that was one of those moment when you are not sure if you can keep up with your own interests and desires due to constantly evolving dynamic everyday life. And there's the technical twist that you have to keep moving forward, cause there's no pause of technical advancements nowadays. One way or another tomorrow something NEW will be invented and other will be getting into release to production. So keep pushing forward. Direction is only one way => FORWARD.
Grenoble / France
06/07/2015 at 18:30 •
As professional activities took over my time fully past 2 weeks, my most sincere set goal for DraftV2 release had to be dropped, yet I'm going for the *Final Version of the Concept as I've made the next step - Selected a HW Platform - iMX6-SoloX*
You will see attached 4 Image at end of post - All are from the official Freescale Site for i.MX6SoloX, which follows - http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=i.MX6SX .
Fey Key Points "Why iMX6-SoloX is my choice for Hearth of #IAMCIty = ) ?"
0. Secure Solution:
FYI: Page Number 441 of total 4687 - Document Number: IMX6SXRM, Rev 0, 2/2015 Chapter "System Security" - Abstract of Security Features from Official Freescale Documentation High Assurance Boot (HAB) feature in the System Boot up to RSA-4096 signature verification • Secure Non Volatile Storage (SNVS) • TrustZone (TZ) Architecture in the ARM Cortex A7 Platform, TrustZone aware Interrupt Controller (GIC) and TrustZone Watchdog Timer (WDOG-2) • TrustZone Address Space Controller (TZC-380) - providing security address region control functions on DDR memory space. • On-chip RAM (OCRAM) with TrustZone protection using OCRAM controller. • 32 Kbyte of on-chip Secure RAM • On chip OTP (OCOTP) with on-chip electrical fuses • Central Security Unit (CSU • Resource Domain Controller (RDC) • Secure JTAG Controller (SJC) • Locked mode in the Smart Direct Memory Access (SDMA) controller • DryICE (real-time monitors for frequency, temperature and voltage) • 10 tamper pins with 5 active tamper detection sources support • Hardware Cryptographic Accelerators • Symmetric: AES-128, AES-192, AES-256, DES, 3DES, and ARC4 • Hash Message Digest and HMAC: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, and MD-5 • Public Key RSA (up to 4096 bit) and ECC (up to 1023 bit) • DPA protection for 3DES engine • True and Pseudo Random Number Generator
*1. iMX6 SoloX is based on a known Series of MPUs with Known ARM Architectures*
1a. Known ARMv7 Architecture - Cortex-A9 for main MPU
1b. Known ARMv7 Architecture - Cortex-M4 for secondary MCU
*2. Freescale iMX6 as ARM Series, yet New SoloX are already known in some degree to me*
2.1 A lot of info & community
2.2 Have experience with Freescale's ways - Doc & BSP
2.3 ARM TrustZone - Secure & Non-secure world (just in a nutshell)
2.4 There's an MCU which can coup hopefully well , with the need of Real-time Operations (Capability)
*3. Image Camera Interface - More than 1 option, but there's a catch "optional analog camera"*
3a 24-bit RGB
3b 1ch LVDS
3c 2x20-bit CSI
3d Analog NTSC
4. Image Processing for iMX6, through the A9 core; is in focus.
+ I intend to use the HW acceleration available
+ Including ARM's NEON instructions
+ Every other DSP capabilities (instructions) present that can be of service to #IAMCIty = )
+ DPS & acceleration used through GNU Octave or some sort of Native C "sane madness"
Side note1: I do not intend to brute-force the DSP process with 1GHz ARM A9 Core.
Side note2: Goal is for efficient use & which means Optimization & Actual HW use.
Side-note3: Not just SW rolling on-top of some Hi-techy HW ;)
+ There's OpenCV as described in the AppNote, but that doesn't overlay with my Goals.
Pleas find link below for the AppNote mentioned:
IMO: Although If You look at the Freescale's Engineer Face - Perhaps that's not so straightforward solution :D Not a very smile face for an Engineer (generally) :P
Will use the A9 MPU to run Linux & run the Main Image Processing + Data Communication + Security on some Level (TrustZone further explanation). Then the M4 MCU will handle the Sensitive as Speed, Latency & again Security Operations, including actuators related operations.
For A9 there's TrustZone in place 100% , which is A very good thing ! :-)
For M4 TrustZone must be verified & if at all applicable as ARM's M4 IP do has some set of it AFAIK, it's ARMv7 ;-)
Cause for sure it was not my 1st, I wanted more Bare-metal M4, even M7 solution, but realism needed to take side in this idea of mine. Also support for iMX6 in Linux was put over an year ago - http://lwn.net/Articles/598434/ .
From here on I'm pushing to catch-up the delay of V2 + the actual 0 technical update what-so-ever for 1 month++ .
*Set Goal* - Update everything to *A Final Concept*
When - ASAP - This month (June) or early in the next (July)
*Follow-up step / Next Goal* - That *Final Concept* I'm going to start developing to an actual HW & SW.
When - Early next month at best.
*I will do my best to follow if ANY feedback comes from You guys*. Yet I must inform you that I'm about to undertake my job relocation this coming week. Hopefully will write my next update from Grenoble,France with even bigger smile from an even better mood after I've completed my relocation tasks :-)
Thank You for Your time & I do hope You will bare with me a bit more until there's actual Technical update so the "Big Picture" start to become clearer.
*ATTACHED 4 IMAGES FROM the OFFICIAL FREESCALE Web Site for i.MX6SoloX:*
PS: For those of you & Only you who seek more explanation to why I could not manage to push my Draft V2 the week I set for it & in a Long story-short kind of way: Prof. & Personal Technical activities must not interfere , but also 1 must take precedence over the other. At this stage Prof. are the one that take over. Still things are looking very good & I strongly believe that I'll have more than enough time for the 17th August Deadline - from which point I have to set more time & develop a lot, which is my intend from the start. I felt that I own that ... explanation of sort , simply because when one man (any human i.e ) states something he must come through - Either way it's just words.
05/24/2015 at 20:22 •
Hello to everyone :-)
Like I've said - I expected by end of the month to have Draft V2. And today I spent almost my whole Sunday clearing that DRAFT V2 paper.
Surprise for You & Me - Is that I cleared out a lot of stuff, added a lot of info, including Technical Details & in the end I decided to go for a Presentation, which to be very very in-deep of my design ambitions of this "Secure IoT Idea".
I'm expecting to finish that Presentation within several days. At best day or two, at worst by end of this week.
My goal here is to clear out as much as possible specific Technical details (as I've already done with few) so I can start Designing the real thing. The actual #IAMCIty = ) prototype. I've started that process with the selection of the Development board/ main Hardware platform.
So this is going to be the last "wishful thinking" full of words post before I upload some time this New week - Draft V2:
(1) the Presentation with Technical details and very much cleared Principles of operation
(2) Brief description update & Long description update on http://Hackaday.io page
(3) Very few, yet I believe good for a start - block schemas
(4) Now #IAMCIty = ) has it's own Logo too ^_^ But more on that along with the Draft V2 (pre-final) release ... let's call it a release :D
Talk to you soon & I hope 'upload Draft v2' very soon, for sure ASAP !
Also I want to express again to the few showing their interest & everyone following, but not so obviously:
Thank You for your interest, which is amazing - it's based on just Text/Concept expressed only with words. But that same Text/Concept is what's been driving me forward + my vision of this Idea & soon2be #2015HackadayPrize SUBMITTED PROJECT.
Till then - be positive & GL = )
05/13/2015 at 04:29 •
To all interested people ( users & 3rd parties :D ) :
* I'm extremely busy and trying to manage 2 prof. projects & 2 personal
* 1 of which - this one ;-) & :-| because it's obvious that I'm not very able to do so
* I'll try to up-date to Draft v2 ASAP (my guess within this month), incl.
- some block schemes
- some flow charts for SW/Code (Firmware to be exact)
- some ideas (only few of which survived the day, because I've not written and now are forgotten ... until the time they come around in my thoughts again ;-) /*lets hope :D*/)
* I'm seeing a lot of buzz on Cortex-M7 front & Cortex-A + FPGA front (Hybrids)
- still not sure which will be the better way to go
- I very much wanted a M7 dev. as strong RTOS option & some DSP capabilities
- but Cortex-A + FPGA is very promising way to go too
* Will see once I updated the Draft v2 and get You (whoever you are & all) up-to-speed
+ I clear the design further on paper (black&white) = )
Thank You for Your time !