AliOS Things Linux Edition v1.3.0 Release Note

Release Date: 2019.04

Release Version: 1.3.0

Abstract

AliOS Things Linux Edition release 1.3.0 has new features added as follows:

Kernel

Kernel updated to 4.9.155 and additional kernel security patches are applied to evade potential security issues.

Security

• System
  Update several software packages and similarly, security patches are also applied. CVE patches list:
  CVE-2017-1000158 CVE-2017-18207 CVE-2018-1060 CVE-2018-1061
  CVE-2017-11671 CVE-2018-6797 CVE-2018-12015 CVE-2018-6913
  CVE-2017-12883 CVE-2017-12837 CVE-2018-6798 CVE-2017-6519
  CVE-2018-6942 CVE-2018-7738 CVE-2017-7375 CVE-2018-9251
  CVE-2018-14567 CVE-2017-18258 CVE-2017-7376 CVE-2017-5130
  CVE-2016-9318 CVE-2017-16932 CVE-2018-14404 CVE-2017-3737
  CVE-2018-0732 CVE-2018-0739 CVE-2017-3735 CVE-2017-3736
  CVE-2017-3737 CVE-2017-3738 CVE-2018-0737 CVE-2017-15906
  CVE-2017-6888 CVE-2017-12562 CVE-2018-13139 CVE-2017-14245
  CVE-2017-14246 CVE-2017-14634 CVE-2017-17456 CVE-2017-17457
  CVE-2018-19661 CVE-2018-19662 CVE-2017-17484 CVE-2017-14952
  CVE-2018-11236 CVE-2017-18269 CVE-2018-1000001 CVE-2018-6551
  CVE-2018-11237 CVE-2018-6485 CVE-2017-16544 CVE-2017-15873
  CVE-2017-0553 CVE-2016-6252

• Secure storage
  Secure storage, in the form of a library, is available for protecting sensitive data. Applications can access secure storage through APIs in libsecstore.h. Each application, running as an unique user, can have it's own secure storage. To use secure storage, add inherit secstore in the application's recipe. Examples are given in libsecstore/secstore-test_1.0.bb.

Virtualization

• uContainer
  uContainer is an ultra light weight IoT container tool, with footprint as small as 100k and quite little memory usage, can run on resource constrained IoT devices.
  • Isolate filesystem, network and PIDs
  • Support OCI bundle
  • Support docker images
  • Support downloading images from docker registry
  • Limit CPU and memory usage of application running in containers

Middlewares

• OpenVINO
  Support OpenVINO based on Intel corei7-x86 esdk

• Aliyun IoT Linkkit C-SDK
  Update to C-SDK 3.0.1, release note.

• OTA
  Upgrade to use MbedTLS 2.16

Development

• eSDK
  Support four types of eSDK, based on raspberrypi 3b, Intel corei7-x86, qemuarm and qemux-86

Hardware

New hardware platforms supported

• MediaTek
  • SeeedStudio LinkitSmart MT7688 (Mediatek MT7688AN chipset with MIPS24KEc core)
    • Linux kernel with OpenWRT patches
    • Flashing via MT7688 u-boot
    • JFFS2 filesystem image
    • OpenWRT backported WiFi drivers and MT76 driver compiled out-of-tree

AliOS Things Linux Edition v1.2.0 Release Note

Release Date: 2018.09

Release Version: 1.2.0

Abstract

AliOS Things Linux Edition release 1.2.0 has new features added as follows,

Kernel

• Preempt RT

The Real Time Linux project aims at minimizing the amount of kernel code that is non-preemptible (https://wiki.linuxfoundation.org/realtime/start). Full-RT kernel, adopting PREEMPT_RT patch, is customized for RaspberryPi and Rockchip BSPs.

System

• SysVinit

Fix the bug that SysVinit keeps respawning the serial console when UART is disabled on 64-bit Raspberry Pi 3. UARTs can be enabled by setting ENABLE_UART = "1" in BUILD_DIR/conf/local.conf.

• Tiny Distro

A tiny distribution can be enabled by adding DISTRO = "alios-tiny" in BUILD_DIR/conf/local.conf, in which musl libc and busybox are used and kernel is configured for smaller size.

• ADB

Add adb tool for rk3308 boards

• NTP

Add ntp servers in domain aliyun.com for ntp time synchronization.

Security

• Keychain

keychain SDK is provided with keychain service and irot service in it, which provides secure storage, access control and data migration. APIs are provided in keychain.h and recipes-keychain/keychain/test/keychain-test-1.1/sec_sst_test_store.c has a demo in it.

Middleware

• Linkkit
  Link Platform, provided by Alibaba Cloud, is a professional platform designed for IoT market development. The goal of Link Platform is to provide data path with enhanced security and powerful performance to facilitate communication between devices (e.g. sensor, embedded devices, etc.) and cloud.
  Linkkit SDK included in AliOS Things Linux Edition provides device-side capabilities of the Link Platform. Lots of powerful components are introduced, such as MQTT, CoAP, OTA, etc. With the help of Linkit SDK, it becomes extremely efficiently and conveniently to connect to and communicate with Alibaba cloud.

• uMesh
  uMesh is a wireless mesh network stack implementation with following features:

  • RF standards independent, currently 802.11/802.15.4/BLE are supported, and more can be supported
  • Routing mesh, support Tree Topology, Mesh Topology and Layered Tree&Mesh Topology
  • Self-healing, no single point of failures
  • Low Power Mode
  • EAP(Extensible Authentication Protocol) with ID2
  • Seamless IPv4/IPv6 integration providing Socket programming environment

  Major enhancements with this release include:

  • whitescan issues fix (e.g. memory leak)
  • add callback to notify upper layer when nodes' status changes
  • reduce the channel list number to short the period of discovering the network
  • add cli component for debugging
  • fill the raw socket header dst field with peer mac for unicast instead of broadcast
  • add random number before becoming leader to avoid the conflicts
  • implement umesh_bcast_send and recv interface exposed out
  • implement keep alive message and leader down/recover sync mechanism
  • expose out the extended netid set/get APIs

• OTA
  An over-the-air update is the wireless delivery of new software or data to smart devices, especially IoT devices.
  Wireless carriers and OEMs typically use over-the-air (OTA) updates to deploy the new operating systems and the software app to these devices.

  Facilitates the following:
  Allows OEMs to repair bugs in new units;
  Allows OEMs to remotely install new software updates, features and services, even after a device has been purchased.
  Support secure download channel and firmware digital signature verification.

  How they work:
  IoT devices can receive OTA updates in a variety of ways. With edge-to-cloud OTA updates, a microcontroller receives firmware images from a remote server to update the underlying application.
  Gateway-to-cloud OTA updates use an internet-connected gateway that receives updates from a remote server to update the software app itself, the software app's host environment or the gateway's firmware.

• Breeze SDK for WiFi configuration
  Breeze SDK in AliOS Things Linux Edition introduces an easy and simple way for the WiFi device to obtain AP information through bluetooth connection. Here are the steps on how the Breeze SDK works:

  • User chooses the device to configure on App
  • User inputs AP information (SSID/password) on App
  • User starts the configuration process
  • App setups bluetooth connection with the WiFi device, and then send the AP information to device
  • WiFi device finishes obtaining the AP information, and then connects to the specified AP

Virtualization

Support for Moby and Beluga are added.
Moby Docker-compose 1.22.0 added and compose file format 3.7 is supported (docker-compose 1.22 release https://github.com/docker/compose/releases/tag/1.22.0).

Beluga, based on Moby Project, is a Docker compatible container engine aimed at IoT applications. Beluga has comparatively smaller size and higher performance, thus can well adapt to multiple IoT devices with constrained CPU performance, memory space and lower network throughput.

Hardware

New hardware platforms supported

• Rochchip

  • rockchip-rk3308-evb-aarch32, rockchip-rk3308-smart-voice-a1-aarch32 and rockchip-rk3308-voice-module-aarch32
  • support Realtek WiFi/Bluetooth dual-mode chip rtl8723ds with customized bluetooth configuration tool rtk_hciattach

• Montage

  • support MIPS architecture SoC Montage M88WI6608

Test

LTP(Linux Test Project) delivers test suites that validate reliability, robustness, and stability of Linux. (https://github.com/linux-test-project/ltp)
Customized LTP test suites are provided for Intel, RaspberryPi, rk3308 and Montage M88WI6608.

AliOS Things Linux Edition v1.1.0 Release Note

Release Date: 2018.06

Release Version: 1.1.0

Abstract

AliOS Things Linux Edition is an open-source operating system (OS) for Internet of Things (IoT) released by Alibaba Group.

Based on Yocto Project, AliOS Things Linux Edition is tailored for IoT devices and has powerful features that support IoT device development.

This release of AliOS Things Linux Edition is the first public version. Features involved are listed as follows:

Security

AliOS Things Linux Edition is designed to provide high security for IoT devices. In this version, following security features are provided.

• Secure boot provides integrity protection for bootloader and kernel since system bootup. Only bootloader and kernel signed by the trusted key can boot, and it also provides tamper-proofing protection for bootloader and kernel.

• IMA is a kernel integrity subsystem. Depends on its security policy, IMA can provide integrity protection for filesystem after system bootup, which means programs and files cannot be tampered illegally and only trusted programs can be run.

• AppArmor, a popular Mandatory Access Control (MAC) in linux kernel, provides fine-grained access control for programs. Security policies can be defined to provide a minimum permission set for critical programs. What attackers can do is limited even if the program is vulnerable, which can effectively defend 0-day attack.

• LUKS, an encrypted storage solution, can encrypt the full disk or a specific disk volume. It can protect sensitive data from being exposed even if the disk where data resides in is stolen.

• TPM supplies security guarantee for other security features based on hardware. It provides high security from silicon level.

Middleware

Living Link is platform service which provides customers with a smart devices developerment management platform, especially for smart life area.

The service includes online device definition, device debugging,device encryption, cloud API, APP development SDK kits, operation management and data analytics, coving the whole lifecycle from smart device development, app development, cloud development and operation management.

The platform provides services on domestic sites and global sites,to improve device performance of connectivity worldwide.

Virtualization

KVM-Virtualization and  Containerization Technology are supported. 

• KVM(Kernel-based Virtual Machine) is a virtualization infrastructure for Linux on hardware containing virtualization extensions, which turns the Linux kernel itself into a hypervisor. A wide variety of guest operating systems can  work with KVM.  To enable KVM support, "kvm" option should be added into DISTRO_FEATRUES. QEMU is provided as a userspace KVM virtual  machine tool, which supports varieties of operating systems acting as guests. KVMTool, a lightweight userspace tool is also provided, while it only supports Linux guest. 

• Containerization is an operating-system-level virtualization method for deploying and running distributed applications without launching an entire VM for each application. Instead, multiple isolated systems, called containers, run on a single host and access a single  kernel. To enable container support, "container" option should be added into DISTRO_FEATRUES. Docker, based on Moby project, is provided as a container tool. It utilizes the resource isolation features of the Linux kernel  such as cgroups and kernel namespaces, and also a union-capable filesystem, for example, OverlayFS, to allow independent "containers" to  run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines. 

Hardware

AliOS Things Linux Edition supports the following hardware platforms:

• Intel Generic

• Raspberry Pi 3 Model B

• NXP LS1043A-RDB

• Rockchip RK3308

• VIA ARTiGO A820