Wind River
at Embedded World 2021

The next frontier of digital transformation comes at the intelligent edge. This can provide faster, more responsive computing, and as computing becomes cheaper and smaller, this kind of system becomes ubiquitous. But edge computing comes with its own set of challenges. For example, unlike the homogeneity of a data center, there are vast variations between edge devices, many of them having been tailor-made for a specific purpose. This means that integrating the system for applications becomes more difficult. Another example is security. While access to physical data centers can be limited, edge devices are located in disparate locations, where they can be accessed and dismantled.

To combat the host of issues presented by transformation at the edge, digital frameworks and architectures have to be examined and restructured to adapt to the new workspace. This requires a new set of skills, such as deployment paradigms, to be able to keep up with the edge. Combining skills, toolchains, and methods from both cloud environments and embedded domains becomes increasingly important. We need to rethink how these new intelligent systems are built, and retool ourselves to prepare for an intelligent systems world.

Autonomous embedded systems, such as those in planes, trains, automobiles, and robots, are undergoing dramatic change. The compute, storage, HMI, and general-purpose connectivity are being factored out of traditional embedded software. Those fundamental elements—in addition to orchestration, management, provisioning, and resource partitioning—are moving to IT infrastructure that has its genesis and roots in mobile, desktop, and cloud computing. Embedded software is now often packaged, configured, and deployed as if it is a general-purpose IT application, dramatically changing the way embedded systems are constructed. In this context, they have been deconstructed to be minimalist execution engines that are deployed into or alongside supporting infrastructure.

This presentation describes the industry trends that have resulted in this evolution and discusses the new system architectures, emerging hardware, platform/application software touchpoints, and new technologies that enable embedded systems to be built faster and to do more, while getting smaller. It will cover system architectures involving complex multicore SoCs, virtualization and virtio, resource pinning for real-time, HW and SW islands, asymmetric multiprocessing, IPC in a heterogeneous OS environment, and relevant open source. This talk goes deep but is also broadly relevant to computer scientists and technology leaders who create, deliver, and capture embedded software value.

DevOps is enabling faster deployment and more secure software to devices by tightly coupling development and operations functions. Much of the security focus is on “shifting left” the security testing in the development lifecycle of the software. However, to put the “Sec” (security) into DevSecOps, the development environment of that DevSecOps pipeline itself must first be secured. This presentation provides a summary of:

• A security assessment of the essential elements of a DevSecOps environment
• The methods used to secure the environment, including:
  • Hardware Security Module / Private Certificate Authority
  • Identity management / privileged access management
  • Mutually authenticated communications
  • Security validation tools
  • Event logging / security information and event management
  • Zero Trust Network principles
• Practical usage of the distributed, immutable, and ephemeral (DIE) principles in furthering the security of the DevSecOps environment
• Lessons learned in engaging a third-party penetration test company to confirm the DevSecOps environment is indeed secure

Embedded system development is a team sport. It combines knowledge from multidisciplinary teams, which can introduce challenges such as uncertainty in requirements and ambiguity in design handover. By adopting continuous testing, a technique commonly used in Agile methodology, a team can gain insights into the system both before and during implementation, which improves team communication, software quality, and delivery speed.

In this talk, we will share our experience creating a practical DevOps pipeline that orchestrates embedded software tests on demand with containers and Kubernetes in order to make decisions more traceable, measurable, and repeatable. A clear test workflow helps improve collaboration and create shared values, and as a result, greater confidence in product delivery.

There are growing demands to incorporate AI into embedded software in order to create smarter edge devices, where often data is rich, but processing resources are limited. Care must be taken when designing these AI implementations, and design engineers will need to justify how these intelligent algorithms arrive at a particular decision based on a given set of input data.

In this talk, we will share our experience using simulation and simple Python code to gain insight by 1) manipulating input feature sets to explain how a model makes decisions; and 2) reducing the complexity of the model in order to make it more easily understandable. These techniques not only improve the debug process and improve model performance, they also help others understand models' behavior. More importantly, together they comprise an essential step in designing a truly dependable system that builds trust with end users by helping them solve real-life problems at the right place and in the right time.

In 2009, a Belgium engineer named Patrick Debois launched the first DevOps Days. This event was a success and the hashtag #DevOps ultimately appeared on Twitter for the first time. Ten years later, DevOps is widely used in the industry and has even been extended to incorporate security as DevSecOps. Although originally created for enterprise IT systems, due to the convergence of IT and operational technology (OT) the adoption of DevSecOps for embedded systems development provides the potential to accelerate the pace of innovation and deployment of new capabilities.

In this paper, we will explore how DevSecOps can be applied to industry. We will discuss the challenges of traditional development approaches and integration, and how the use of DevSecOps pipelines and containerized tool workflows can accelerate software development and improve robustness and security testing.