![Page 1: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/1.jpg)
11October2016TechnicalOverview
![Page 2: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/2.jpg)
ProblemandContext
Firstreleaseofasuccessfulconnectedproduct…
….nowmakethatrepeatableplease.
![Page 3: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/3.jpg)
• Opensourcenetworkingstacks:BluetoothHostandController
• Pre-empGve,GcklessRTOSwithpowermanagement
• SecurebootloaderandImageUpgrade
• FlashFSandAccessMechanisms
• Build&PackageManagement
• ManagementInterfacesSecureBootloader&FFS
OS HAL
Stats&Logging
Console&Shell
Config&Upgrade
Networking
Drivers
AnOpenSourceOSforMCUs
Power
Security
![Page 4: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/4.jpg)
IPProviders
MCUVendors
CloudProviders
End-Users
• Liberal,BSD-stylelicense• StrongLicensingandIPpolicies• Meritocracy• Freetocontribute,contributors
controlprojectdirecGon.• Historyofworkingwithlarge
organizaGons:IBM,Pivotal/EMC,MicrosoY.
• Manyyearsexperiencemanaginglarge,complexprojects(e.g.,Apache,Hadoop,Subversion)
WhyApacheSo<wareFounda?on?
ACommunityDrivenOS
Communitydrivenopensourcebestwaytomaintainhealthyecosystem
![Page 5: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/5.jpg)
• TicklessoperaGon:lowpowerhooks
• DriverInterface
• Pre-empGve,mulGtaskingRTOS• Strictpriority-basedscheduling• Upto253differentprioritylevels
• Unifiedbuffermanagement• ResourceuGlizaGontrackingandwatchdog
• High-resoluGonGmers
• Built-intasks:• Idle
RTOS
![Page 6: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/6.jpg)
• EventQueuesprovideamechanismfor“mostly-sleeping”asynchronoustasks
• Wake-upon:• MessagefromanotherTask• Timer• I/Ostatechange• Incomingpacket• Watchdog
• PerformoperaGons:• Sendanalert• Respondtoarequest• Scheduleawakeup
• Gobacktosleep
RTOS-EventDrivenModel
![Page 7: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/7.jpg)
BLE4.2 Wi-Fi
ApacheMynewtConnecGvityLayer(RunGme’sView)
Bluetooth5 LPWA 3GPP
HCI IPv4 IPv6+Thread IPv6
TCP UDPL2CAP
TLSorDTLS
CoAP,MQTT,HTTP
GATT
OIC1.1
Management AppApp
1.0–FirstbetaendofOctober!
Standards-basedIoTcommunicaGon
![Page 8: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/8.jpg)
Highlights:ApacheMynewtNetworking
• NordicnRF51andnRF52support• SimultaneousCentralandPeripheral
modes• Supportsupto32connecGons
• Combined(host+controller),host-onlyandcontroller-onlymode
• CompaGblewithBlueZ• 40%lesscodeversuslicensedbinaries
inperipheral-onlymode
Bluetooth4.2
Wi-Fi
• AbstractedinterfacetoWi-Fisupplicants,andsocketlayer
• LWIPintegratedtoprovidenaGve-IPsupport.
• SupportforWINC1500...moresoon!
![Page 9: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/9.jpg)
Highlights:ChallengesManagingConnectedProducts
• Well-defineddriversandHALinterfaces• Buildandpackagemanagementsystem
opGmizedtounderstandBSPandlinkopGons
Cross-plamormSupport
SoYwareUpgrade
• Buildtoolcreatessignedimages• ImagedownloadoverSerial,BLEandWi-Fi• BootloaderverifiesSHA-256/RSA/ECC-DSA
signature
Debugging
PowerMgmt
• ConsistentloggingandstaGsGcsinfrastructure• Coredumps• Kernel-levelsupport:sanity,stackguards,
memorytracking
• Hardsleepandwakeupsupport(lowRAMstates)
• Tickless‘idle’anddriversuspend• Networkingstacksleepmanagement
![Page 10: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/10.jpg)
Build,Package,andProjectManagement:newttool
• ComposableSystem• Open-sourceprojectcollaboraGon• Maintainingprivatecodetrees• Enforcedsourcecodelayout
• Build• ConfiguraGon• MulGpletargets• Sourcecodelayout
• 3rdpartySDKs
• PackageManagement
• Versioningandstability
• InstallandUpgrade• Unifiedmethodfor#includes
and#defines• DependenciesandAPIs
• GoSmallorGoBIG• VCSVersioning• VersioningScheme(major,
minor,rev)• Trackingbranches
• SystemconfiguraGon(alaDeviceTree)
• Toolchains• Targetmanagement• SDKcompilaGonrules
![Page 11: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/11.jpg)
BuildandPackageManagement:newttool(conGnued)
• ArGfacts• Debuggermaintenance• GeneraGonofflashimages,
upgradableimages
• IntrospecGon• Size• Packages• Versions
• EnforcedHierarchy• HW:MCU,BSP• APP
• SystemDefiniGon• Splitimagesforupgrade• RAMlocaGons• Flash
• bin/directory,withobjectfiles• MulGpletargetsstoredsimultaneously• CompilerdefiniGons,mapfiles
• Displaydependencies• SearchforfuncGonality• Versionsinstalled–trackingbranches
• BSP+App=BUILD• BSP->MCUdefiniGon
• LinkersecGonsdefinedbysystem• Tie-inwithflashlayout
![Page 12: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/12.jpg)
Highlight:ApacheMynewtSecurity
Provisioning
Upgrade
CommunicaGons
DataandTamper
• UniquedeviceidenGficaGon• CerGficateManagement• PreventcounterfeiGng
• Signedfirmwareimages(newttool)• Securebootloader
• LeverageeitherBLEorDTLSsecurity• RBACforcommandsbasedupon
idenGty
• Encryptedflashstorage• TPM/SmartCardaware• Supporthardwarekeyaccess
Designedforsecurityfromtheground-up
![Page 13: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/13.jpg)
HardwarePlamormSupport
• Hostprocessor,popularforBLE+Wi-Fi• OffloadprocessorforDSPprocessing• Extensive,qualityperipheralsupport• L*seriesprovidesreducedpowerconsumpGon
STMicroSTM32F/L34
• Suitableforsingle-chip/hostBLEdesigns• Controller-onlyoperaGonwithhostprocessor• Cost-effecGvenRF51,powerfulnRF52
NordicSemiconductornRF51/52
• ExtensivelowpowermodesandoperaGon• Richsetofperipherals• Community-supported:ArduinoZeroseries
AtmelSAMD/L21
Crossplamormsupportprovidesflexibilityandpriceleverage
MoreComingSoon
!
![Page 14: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/14.jpg)
• Moreboards(!)andprocessors(!)• PIC32MZ(MIPS-underway),NXPFRDM-K64,NXPKW41Z,STM32L4
• Wireless• Bluetooth5andBluetoothMesh• LPWA• ImprovedWi-Fi
• Wired:Ethernet• SensorAPIsandSensorManagement
• YouDecide!
What’sNext?
![Page 15: Technical Overview · Data and Tamper • Unique device idenGficaon • CerGficate Management • Prevent counterfeiGng • Signed firmware images (newt tool) • Secure bootloader](https://reader034.vdocuments.us/reader034/viewer/2022042219/5ec542047fc61b43a0179b48/html5/thumbnails/15.jpg)
THANKYOU
• MoreinformaGon:hyp://mynewt.apache.org/
• Jointhedevelopment,subscribetodev@list.
• Contributorswelcome!