OpenWrt Meeting - January 16, 2015
Attendees: Mathieu, Charlie, Luka, Kathy
Kathy and Allan were at CES last week showing off fun demonstrations using the node.js framework running on OpenWrt on an IPQ8064-based reference design (with 2x 11ac radios). Running the "smart framework" isn't the hard part. Securing the platform for adding all sorts of 3rd party code is.
To commercialize an "Internet of Everything" (IoE) ecosystem running on top of a router/gateway, OpenWrt is going to need better platform security, plus some means of checking the authenticity of the 3rd party code you might want to download to your router.
- Containers. Fortunately Luka Perkov is "Mr. Containers" with respect to OpenWrt. He has implemented LXC containers into OpenWrt. He ran 5 containers on a Buffalo WZR-600 DHP. So although running containers demands extra platform resources, it might be a good way to isolate 3rd party IoE apps from interfering with high-speed networking functions.
- Permissions via users/groups. Instead of everything running as root, adding user and group permissions is another option to control 3rd party applications from either inadvertently or maliciously interfering with the core networking and routing functions of the platform. Would adding this type of structure be similar to the increased resource load for containers? Unknown.
- Full hardware virtualization. QCA doesn't support that with the existing SoCs, but newest MIPS architecture cores do support it. So might be an option out in the future.
We did not have time to discuss "secure boot" options, but establishing a chain of trust from boot is another topic that will likely need to be addressed to meet new FCC restrictions.
How to use your smart phone or other device to authenticate which apps to download is another question we raised.
In general, QCA wants to promote 3rd party applications to our OEM customers who use our OpenWrt-based reference SDK as a starting point for their product development. Some applications are probably useful to be pre-installed binaries (for example, VoIP stack or virus scanning). Instead, IoE glue code running on node.js or new AllJoyn services or similar would most likely follow a post-load model. You only need to install additional code if it is needed for the types of connected IoE devices you buy for your home.
Potential for future meet-ups? Luka plans to attend FOSDEM. Dog Hunter/Linino (Mimmo) will also be there. https://fosdem.org/2015/
Kathy and Mathieu plan to attend Netdev 0.1: http://netdev01.org There will be a co-located mini-wireless summit: http://wireless.kernel.org/en/developers/Summits/Ottawa-2015
ELC in US is March 23-25. Anyone attending? http://events.linuxfoundation.org/events/embedded-linux-conference
When is the next monthly prpl/OpenWrt meet-up over Google Hangouts? Eric to arrange I hope? :)