This week, Konsulko Group CEO Pete Popov will be attending the Linux Foundation’s Open Source Leadership Summit in Half Moon Bay, California. The OSLS has always been a premier forum for open source leaders convene to drive digital transformation with open source technologies, and learn how to collaboratively manage the largest shared technology investment of our time. An intimate event, OSLS fosters innovation, growth and partnerships among the leading projects and corporations working in open technology development. Hope to see you there.
Building a DIY SOHO router using the Yocto Project build system OpenEmbedded, Part 1
I spend my days working on embedding Linux in devices where the end user doesn’t typically think about what’s running inside. As a result, I became motivated to embed Linux in a device that’s a little more visible, even if only to myself. To that end, in this series of articles I will discuss how to build your own SOHO router using the Yocto Project build system, OpenEmbedded.
I realize that many people may be asking the question, “Why build our own router when there are any number of SOHO routers available on the market that are specifically built using good Open Source technologies?”. Commonly, when this question is answered in other guides the major reasons for Roll Your Own (RYO) tend to be better performance and enhanced security. While these are both true, that’s not the primary motivation behind this series. While projects like pfSense and OpenWrt are wonderful for a “turn-key solution”, they don’t meet one of my primary requirements. My requirement is to use my favorite Linux distribution creation tools, and gain a stronger understanding of the inner working of these tools when building a system from the ground up. This is why I’ve chosen to build my router with OpenEmbedded.
What are the Yocto Project and OpenEmbedded? To quote from the former’s website:
The Yocto Project (YP) is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture.
The OpenEmbedded Project (OE) is the maintainer of the core metadata used to create highly flexible and customized Linux distributions and a member of the Yocto Project. As a long time developer and user of YP and OE, these projects have become my favorite tools for creating customized distributions. It’s also something that we frequently use and support commercially at Konsulko Group.
Let’s consider what software is required to meet the functional requirements of the SOHO router. My high-level requirements are:
- Wired/Wireless networking – basic network connectivity
- Firewall – necessary when a device is on the Internet
- Wireless access point – required to support the end user’s many WiFi devices
- Over-The-Air (OTA) software update – My initial software load will be improved and bug fixed in the same manner as any commercial product and requires a simple update path
OpenEmbedded provides all of these features as well as other advanced features I’d like to leverage such as container virtualization.
With the question of software features settled, the next issue is hardware selection. One of the major advantages of OpenEmbedded is that it runs on a wide range of processors and boards, so there are many options. Depending on one’s specific use case, one option is to use any x86-64 based system with two or more ethernet ports. For example, the SolidPC Q4 or the apu2 platform. Another direction would be to use an ARM CPU and look at the HummingBoard Pulse, NXP i.MX6UL EVK, or even the venerable Raspberry Pi 3 B, and making use of a USB ethernet adapter for secondary ethernet. If you have a specific piece of hardware in mind, so long as there’s Linux support for it, you can use it. I did pick something from the above list for my specific installation. However, this guide is intended to be hardware agnostic and so I will highlight any hardware-dependent portions along the way.
Now it’s necessary to further develop detailed requirements and expectations that we have for the router. First, the device is expected to be able to perform all of the standard duties of a modern SOHO router. It’s not just a WiFi access point and IPv4 NAT. It also must handle complicated firewall rules, and support public IPv6 configuration of the LAN (when the ISP supports IPv6). This is an advanced router, so it’s not enough to simply pass along the ISP-defined DNS servers. I may like to push my outbound traffic, with a few exceptions for streaming services, perhaps, through a VPN. OpenEmbedded, via various metadata collections stored in layers, supports all of these features with its core layer and a few of the main additional layers.
I’m selecting Mender for self-managed A/B style OTA upgrades. Why? I don’t have redundant routers, and I’d like to be able to both experiment with enabling new features and updates (such as a new Linux kernel version or other core component), firewall changes, and minimize downtime if anything goes wrong. Neither myself nor my users (my family) are tolerant of much in the way of Internet outages, so the ability to fall back to a known good state with just a reboot is a major feature. I want the router to be kept as current as possible, and with A/B style updates there’s much less state to maintain from release to release. As a result, the router installation will be made as stateless as possible. If a component parameter is configured by the router administration, it comes in the installation image. This will not only help with rollback, but also make it much easier to back up the router. Having the exact config file for something like dnsmasq is a lot more portable than an nvram export that’s tied to a specific hardware model, just in case of lightning strikes.
As a framework component for enabling some advanced router features, LXC will be included via the meta-virtualization layer to support containers. I realize that many people will be asking, “Why would anybody want containers on a router?”. The answer is, quite simply, that there are many good examples of router-appropriate software that’s well managed by containers rather than directly on the installation itself. In this guide, I use the example of pi-hole as an advanced router feature that I want to enable. A container allows us keep it current in the manner which the project itself recommends. The container also supports the goal of keeping a minimum amount of state on the device that must be backed up elsewhere. Could Docker have been used here instead? Potentially, yes. Due to some peculiarities of the IPv6 deployment by my ISP, LXC is much easier to deploy than Docker.
Finally, lets talk about security. For this first guide, what that means is that YP does its best to keep software up to date with respect to known security issues as well as making it easy to enable compiler-generated safeguards such as -fstack-protector-strong and string format protections. On top of that there are layers available which support various forms of owner-controlled measured boot and various Linux Security Models such as Integrity Measurement Architecture (IMA). As the former is hardware dependent we’re going to leave that to a follow-on series as the specific hardware I’m using lacks certain hardware components to make that useful. As for IMA, it can be difficult to combine that with containers so it too will be covered in another series.
[Go to Part Two of the series.]
Once again this year at SCaLE, the Southern California Linux Expo, the E-ALE (Embedded Apprentice Linux Engineer) project will give a tutorial series driven by volunteer professional speakers who present apprentice-level material in a way that beginners can understand and use the information. Most tutorials also provide hands-on training, usually with embedded hardware designed and built by E-ALE volunteers. This is the only associated cost, other than conference attendance fees.
On Saturday, March 9, Konsulko Group CTO Matt Porter will provide an Introduction to IIO and Input Drivers, a guided hands-on lab where the students write a new driver that leverages the IIO and Input kernel subsystems.
On Tuesday, March 5, Konsulko Group’s Scott Murray and Matt Ranostay will present
Building an AGL Telematics Profile Demonstration Platform at the Automotive Grade Linux All Member Meeting in Tokyo, Japan.
The recently-added AGL telematics profile serves as a base for building headless telematics device images. The talk will discuss what the profile includes and outline how it can be used. We will walk through a practical use case, describing use of the profile to build an AGL demonstration platform for an insurance company’s driver data collection device, including reading CAN data from a vehicle’s OBD-II port and sending it to a provider’s servers using a wireless connection, and the effort to integrate these on the demonstration AGL telematics platform.
If you are attending at AGL AMM, we hope to see you at this session.
Please join us at FOSDEM, the annual free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather in Brussels.
If you are at the event on February 2, you may want to attend an informal, no-host dinner of embedded and automotive community developers. Be sure to register if you plan to go.
Leon Anavi, Konsulko Group senior software engineer will give two talks at FOSDEM:
Making Open Source Hardware for Retrogaming on Raspberry Pi in which he will explain how to use device tree overlay for a simple gamepad, and The Software Developer’s Guide to Open Source Hardware.
We hope to see you there.
Automotive Grade Linux is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for all technology in the vehicle, from infotainment to autonomous driving.
At CES 2019 in Las Vegas, January 8-11, Konsulko Group is helping support the AGL Booth in the Westgate Hotel Pavilion, booth 1614.
If you are visiting CES, please stop by to see a demo of the award-winning AGL Unified Code Base (UCB), an open source software platform for infotainment, telematics and instrument cluster applications, along with demos from more than 15 AGL members.
2018 has been a very important year for Konsulko Group.
We are privileged to work with outstanding customers, helping them build the software for exciting and essential devices and vehicles. From Level 5 autonomous taxis and open source automotive platforms to innovative consumer devices, from lifesaving medical devices and advanced robotic surgery tools to the high-end networking equipment that powers the Internet, these are all products that impact and even shape our lives, now and into the future.
In addition to our commercial activity, we continued our community work in key open source projects, including the Linux kernel, Yocto Project, OpenEmbedded and Automotive Grade Linux, and participated at open source conferences around the world, like FOSDEM, ELC/ELCE, FOSSASIA, TuxCon and OpenFest.
We accelerated our work with Automotive Grade Linux and the Linux Foundation, supporting AGL development, demos and member meetings in North America, Europe and Japan, as well as presenting multiple technical talks at all four Embedded Linux Conferences, developing the AGL Deep Dive workshop and providing expert training, both as a Linux Foundation Authorized Training Partner and via the Embedded Apprentice Linux Engineer program found at leading conferences (e-ale.org).
Finally, we continued to grow our company, welcoming new engineers, increasing the size of our European development center in Bulgaria and opening a new branch in Sweden.
Hopefully, 2018 has been merely a prelude to great things coming in 2019. We look forward to working with all of you in the coming year.
Konsulko Group is very pleased to be a sponsor of OpenFest, November 3-4, 2018 in Sofia, Bulgaria. As a team of embedded Linux and Open Source Software community and industry veterans, we are always happy to support important OSS events.
Headquartered in California, Konsulko works with customers throughout North America, Europe and Asia to develop and maintain Open Source-based solutions for products. Our European subsidiary, Konsulko Ltd is based in Sofia.
Konsulko’s focus is upstream and production software design, enablement, optimization, and maintenance for customers in a wide array of embedded software markets including automotive, networking, industrial, medical devices and IoT.
Our senior leadership have been contributors in the Linux kernel and other OSS communities since the late 1990s. Konsulko engineers are involved today in many Open Source projects, including the Linux kernel, U-Boot, Yocto Project, OpenEmbedded, AGL, and GENIVI. Members of the Konsulko team have been key participants in major software projects with Google, Sony, NEC, Nokia, Nvidia, MIPS, Texas Instruments, NXP, Juniper Networks, Huawei, Robert Bosch, Groupe PSA, and Jaguar Land Rover.
If you are attending OpenFest, we’d love to talk with you about engaging Konsulko’s engineering expertise and experience on your project. Or if you’re a software developer with a passion for Linux, please contact us during or after OpenFest about joining the Konsulko team.
This week, Konsulko Group is coming to Dresden, Germany to the Automotive Grade Linux All Member Meeting. Matt Ranostay will present State of Connectivity in AGL, an overview and roadmap of bindings and binding APIs in the current and upcoming release of AGL. Scott Murray will speak on the developer panel.
Next week, Konsulko engineers will travel to Edinburgh, UK to give four technical sessions at co-located Linux Foundation events.
* At the OpenIoT Summit, Leon Anavi will speak about Open Source MQTT Brokers, a lightweight publish/subscribe machine-to-machine protocol with a reliable bi-directional communication in (near) real-time, and at Embedded Linux Conference Europe, Comparison of Voice Assistant SDKs for Embedded Linux Devices, including Google Assistant and Amazon Alexa as well as an open source alternative, Mycroft.
* At ELC Europe, Scott Murray will explore Building Container Images with OpenEmbedded and the Yocto Project, discussing container size, reproducibility, security vulnerability fixing, and license compliance.
* As part of special Embedded & IoT Apprentice Engineer Tracks (additional track registration required), Konsulko Group CTO Matt Porter will present Introduction to IIO and Input Drivers.
We hope to see you in Dresden or Edinburgh, or both.
Embedded Linux Conference (ELC) is the premier vendor-neutral technical conference for companies and developers using Linux in embedded products. For the past 13 years, ELC has had the largest collection of sessions dedicated exclusively to embedded Linux and embedded Linux developers.
Co-located with both the Open Source Summit Europe, the leading conference for developers, architects, the open source community and industry leaders to collaborate and share information, and OpenIoT Summit, the only Internet of Things (IoT) event focused on the development of open IoT solutions, ELC Europe will be held in Edinburgh, UK, October 22-24, 2018.
Registration for one of the three co-located conferences allows you to attend the other two as well.
Konsulko engineers will present four technical sessions:
Leon Anavi will give two presentations –
* at the OpenIoT Summit, Open Source MQTT Brokers, a lightweight publish/subscribe machine-to-machine protocol with a reliable bi-directional communication in (near) real-time, and
* at ELC Europe, Comparison of Voice Assistant SDKs for Embedded Linux Devices, including Google Assistant and Amazon Alexa as well as an open source alternative, Mycroft.
At ELC Europe, Scott Murray will explore Building Container Images with OpenEmbedded and the Yocto Project, discussing container size, reproducibility, security vulnerability fixing, and license compliance.
As part of special Embedded & IoT Apprentice Engineer Tracks (additional track registration required), Konsulko Group CTO Matt Porter will present Introduction to IIO and Input Drivers.
We hope you are able to attend. We’ll see you in Edinburgh in October.
Helping companies around the world develop successful products, offering consulting, product engineering, support and capability building at every stage of the engagement.
99 South Almaden Boulevard
San Jose, California 95113