Ostro™ OS: Version 1.0.0 Release Notes

May 03, 2016

[Updated May 18th]

Ostro™ OS is a Linux* based operating system optimized for the Internet of Things. This OS is built with security in mind, and integrates rigorous security reviews through all stages of development. Ostro project allows for easy integration of connected device features such as broad support for communication and networking protocols, device to device interconnectivity standards, sensors, and device update. The project provides pre-configured images that provide a base for easy configuration. Through open source development, Ostro Project will advance its development by expanding support for tools and hardware, in addition to other advancements in security, device management capabilities, connectivity stacks and file systems.

Features in the 1.0 Release of Ostro OS include:

• Application Framework
• Yocto Project Extensible SDK (eSDK)
• Firewall Support
• IoTivity
• Node.js
• Secure Boot
• Software Update Support
• Soletta
• Linux Kernel 4.4, Linux kernel 3.10.98 (32-bit) for the Intel Edison platform
• Secure storage and Single Sign-On (gSSO support)
• Numerous bug fixes improving overall security and stability

Please look through our Ostro OS documentation for more information.

SUPPORTED PLATFORMS

The Ostro OS supports these hardware and virtual machine platforms:

• GigaByte GB-BXBT-3825
  a gateway solution powered by an Intel® Atom™ E3825 dual-core processor
• Intel Galileo Gen2
  an Intel® Quark x1000 32-bit, single core, Intel Pentium® Processor class
  SOC-based board, pin-compatible with shields designed for the Arduino Uno R3
• MinnowBoard Turbot
  a MinnowBoard MAX compatible board featuring an Intel® Atom™ E3826 1.46 GHz
  Dual Core CPU, offering a compact, affordable, and powerful open hardware design with
  a growing ecosystem of add-on cards to extend its functionality.
• Intel Edison
  an ultra small Intel® Atom™ SoC dual-core 32-bit CPU-based compute module aimed
  at small IoT and wearable computing products
• Beaglebone Black
  a low-cost, community-supported development platform for developers and hobbyists. It is based
  on an AM335x 1GHz ARM® Cortex-A8
• VirtualBox
  a cross-platform general-purpose full virtualization application for x86
  hardware, targeted at server, desktop and embedded use

Ostro OS images can be built and modified using Yocto Project tools, as described in the Getting Started Guide. Testing and validation is done with 64-bit images for the GigaByte, MinnowBoard Max compatible, and VirtualBox environments.

Top Known Issues

Software Update not working on slow networks

The software update client may receive improper latest version information from the server update on very slow networks, blocking the device from updating. The issue has been documented and reported upstream.

Bluetooth on Edison is not enabled by default

To manually enable Bluetooth for Edison please run the command:
# connmanctl enable bluetooth

System keeps rebooting on first boot

If you run into automatic reboot on first boot, please modify the system BIOS time:

• For GB-BXBT: (Press Delete to enter BIOS)

Main->System Date/System Time

• For MinnowBoard Max: (Press F2 to enter BIOS when booting)

Device Manager ->System Setup -> Main -> System Date/System Time

Enabling WiFi on platforms using the Intel 7260 chipset radio

When scanning for wireless networks, connmanctl will hang without output. The issue is documented in this upstream kernel bug. To work around this, run:

# connmanctl disable wifi
# connmanctl enable wifi

And then, quickly (within 2 seconds) re-run

# connmanctl scan wifi

NOTE: To connect to a wireless network,the same workaround is needed. If you want to connect an AP, please disable and enable wifi with connmanctl before running the command

# connmanctl connect <AP service>

Frequently Asked Questions

Which Ostro OS image should I download?

The Ostro Project provides three pre-compiled development images:

• ostro-image-noswupd: an Ostro OS core (minimal) image with connectivity and some additional tools for interactive command line usage.
• ostro-image-swupd: same as the ostro-image-noswupd image, but adds the software update swupd command line tool. With swupd, this image can be updated to newer Ostro OS releases.
• ostro-image-swupd-dev: same as ostro-image-swupd image plus additional tools and files used for on-target development. All supported runtimes are already installed (as defined in the "world-dev" bundle).

How does the software update mechanism (swupd) work?

Ostro OS comes with software-update technology tailored for IoT products. This means efficient delivery of selected and quality assured software from a single, vendor controlled stream. The update technology copes with the fast paced IoT environment and allows live updates and reduced downtime by only restarting needed services. Read the Software Update documentation for more information.

How do I use the enhanced SDK (eSDK)?

You can read more about the Yocto Project eSDK in the Yocto Project SDK Manual. The script to setup the eSDK can be downloaded from the Ostro Project Release SDK directory appropriate for your platform architecture. If you need to include your own additional components into the eSDK, you will need to rebuild the eSDK itself and distribute that. If you encounter a failure during that rebuild, you may need to modify ~/ostro_sdk/conf/devtool.conf to include the line:

         sdk_targets = ostro-image-swupd

and rebuild the eSDK with the command:

        $ devtool build-sdk

What is the Application Framework?

The application framework is simple and focused on how to start each application in its desired environment. It will generate a systemd service based on the application type as defined in its manifest. Currently, the supported types will provide services that will open firewall ports, set correct user and groups permissions, sandbox in container if desired, and stitch the file system as required by the application. This means applications may have their own file system view, with parts of the system being hidden or write-protected, they may have a private network or even no network at all. For more information about the application framework please consult the documentation. Read the Application Framework documentation for more information.

How do I configure the Ostro OS firewall?

With Ostro OS release 1.0, firewall rule enforcement is active by default. To configure the firewall settings, please read the Ostro OS Firewall configuration documentation.

What is the Ostro OS security foundation?

Ostro OS uses the IMA/EVA kernel integrity subsystem to detect files that have been altered, either maliciously or inadvertently. Ostro OS uses traditional discretionary access controls, Linux capabilities, and mandatory access control to provide an integrated security environment.
Read the Ostro OS Security Architecture documentation for more information.

What is Soletta?

Soletta Project is a development framework that makes writing software for IoT devices easier. By abstracting hardware and operating system details from a program, Soletta Project allows developers to easily write software for controlling actuators and sensors and communicating using standard technologies. Both portable and scalable, Soletta Project enables developers to reuse their code and knowledge in all stages of development and across different platform sizes, even the smallest smart devices. More information about Soletta is available
on the Soletta Project website.

What is IoTivity?

IoTivity is an open source software framework enabling seamless device-to-device connectivity to address the emerging needs of the Internet of Things. It provides an open-source implementation of
the Open Connectivity Foundation (OCF) specifications. For additional information on IoTivity check out iotivity.org.

---

Ostro is a trademark of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.

Ostro™ OS: Version 1.0 Pre-release Notes

March 2, 2016

Ostro™ OS is a Linux based operating system optimized for the Internet of Things. This OS is built with security in mind, and integrates rigorous security reviews through all stages of development. Ostro project allows for easy integration of connected device features such as broad support for communication and networking protocols, device to device interconnectivity standards, sensors, and device update. The project provides pre-configured images that provide a base for easy configuration. Through open source development, Ostro Project will advance its development by expanding support for tools and hardware, in addition to other advancements in security, device management capabilities, connectivity stacks and file systems.

Key features of Ostro OS include:

• Linux* OS tailored for Internet of Things applications
• Intel® Quark™ and Intel® Atom™ processor support
• Application Framework support for Node.js, Python and C/C++ applications
• RESTful APIs for System Status and Open Connectivity Foundation (OCF) resource discovery
• JavaScript APIs based on the OCF specifications
• Security features: Trusted Boot, Applications Memory Isolation and Impersonation Prevention, Integrity Verification
• Rich set of communication and IoT interconnectivity for Bluetooth*/BLE, WiFi, 6LowPAN, and CAN bus
• VirtualBox* VM support
• Customized and configured using Yocto* Project build tools

SUPPORTED PLATFORMS

The Ostro OS supports these hardware and virtual machine platforms:

• GigaByte GB-BXBT-3825
  a gateway solution powered by an Intel® Atom™ E3825 dual-core processor
• Intel Galileo Gen2
  an Intel® Quark x1000 32-bit, single core, Intel Pentium® Processor class
  SOC-based board, pin-compatible with shields designed for the Arduino Uno R3
• MinnowBoard Turbot
  a MinnowBoard MAX compatible board featuring an Intel® Atom™ E3826 1.46 GHz
  Dual Core CPU, offering a compact, affordable, and powerful open hardware design with
  a growing ecosystem of add-on cards to extend its functionality.
• Intel Edison
  an ultra small Intel® Atom™ SoC dual-core 32-bit CPU-based compute module aimed
  at small IoT and wearable computing products
• VirtualBox
  a cross-platform general-purpose full virtualization application for x86
  hardware, targeted at server, desktop and embedded use

Ostro OS images are supported and can be built using the Yocto Project tools, as described in the Getting Started Guide. Testing and validation is done with 64-bit images for the GigaByte, MinnowBoard Max compatible, and VirtualBox environments.

Top Known Issues

Bluetooth on Edison not enabled by default

To manually enable Bluetooth for Edison please run the command:
# connmanctl enable bluetooth

System keeps rebooting on first boot

If you run into automatically reboot on first boot, please modify the system BIOS time:

• For GB-BXBT: (Press Delete to enter BIOS)

Main->System Date/System Time

• For MinnowBoard Max: (Press F2 to enter BIOS when booting)

Device Manager ->System Setup -> Main -> System Date/System Time

Enabling WiFi on platforms using the Intel 7260 chipset radio

When scanning for wireless networks, connmanctl will hang without output. The issue is documented in this upstream kernel bug. To work around this, run:

# connmanctl disable wifi
# connmanctl enable wifi

And then, quickly (within 2 seconds) re-run

# connmanctl scan wifi

NOTE: To connect to a wireless network,the same workaround is needed. If you want to connect an AP, please disable and enable wifi with connmanctl before running the command

# connmanctl connect <AP service>

Frequently Asked Questions

Which Ostro image should I download?

The Ostro Project provides two different pre-compiled images, ostro-os and ostro-os-dev. Despite the name, both are compiled as development images. The difference is ostro-os-dev includes development (gcc) and debugging tools (strace, valgrind, etc.). There are no pre-compiled production images.

What is the application framework?

The Application Framework has two components: an installer and a systemd generator. The details of the installer are still being decided, depending on which format 3rd-party applications will be delivered. At least bundles (as defined by the Clear Linux* Project for Intel® Architecture) and XDG-APPs are being considered as alternatives. In either case, the installer will be a simple wrapper script with minimal additional functionality around a utility that takes care of installing an application. The systemd generator component produces systemd service files for the applications using information from the application manifest. You can read the Application Framework documentation for more information .

What is the Ostro OS security foundation?

Ostro OS uses the IMA/EVA kernel integrity subsystem to detect files that have been altered, either maliciously or inadvertently. Ostro OS uses traditional discretionary access controls, Linux capabilities, and mandatory access control to provide an integrated security environment. You can read the Ostro OS Security Architecture documentation for more information.

Does Ostro OS allow root user login?

Superuser access on a target device is based on local and remote access requirements, which are defined as follows.

Local access:

Use keyboard or a serial cable terminal connection to open a root shell on the target device. No login credentials are necessary.

NOTE: Instant root access using the local method is enabled in the Ostro OS 1. 0 Pre-release and all snapshots leading to the final release. Ostro OS is under active development and no pre-built image should be used for production purposes at this point. For more information about Ostro OS images, please consult the documentation.

Remote access:

By default, Ostro OS prevents logging in remotely using SSH. You’ll need to generate a private/public key pair to enable SSH access to the target device.

• Prepare an ssh key pair on your workstation, either using an existing host ssh key pair (in $HOME/.ssh/), or by generating a new ssh key pair (refer to this generating an ssh key help)
• Connect to your target device using a serial port terminal program
• Save the contents from your workstation’s $HOME/.ssh/id_rsa.pub public key file to the device's $HOME/.ssh/authorized_keys , either by editing the authorized_keys file with vi or copying it using a USB thumbdrive..
• Make note of your devices ip address (using ifconfig) and reboot the device.
• Login from your host using ssh with your private key (from host) and the ip address of your device,
  for example:

# ssh [email protected] -i $HOME/.ssh/id_rsa

What is the Open Connectivity Foundation?

Billions of connected devices (devices, phones, computers and sensors) should be able to communicate with one another regardless of manufacturer, operating system, chipset or physical transport. The Open Connectivity Foundation (OCF) is creating a specification and sponsoring an open source project to make this possible. OCF will unlock the massive opportunity in the IoT market, accelerate industry innovation and help developers and companies create solutions that map to a single open specification. OCF will help ensure secure interoperability for consumers, business, and industry.

The OCF unifies the entirety of the former Open Interconnect Consortium (OIC) with leading companies at all levels – silicon, software, platform, and finished-goods – dedicated to providing this key interoperability element of an IoT solution. The OCF sponsors the IoTivity open source project which includes a reference implementation of our specification available under the Apache 2.0 license. The OCF also includes all the activities formerly sponsored by UPnP Forum. This Open Connectivity FAQ has more information.

What is IoTivity?

IoTivity is an open source software framework enabling seamless device-to-device connectivity to address the emerging needs of the Internet of Things. It provides an open-source implementation of the OCF specifications. For additional information on IoTivity check out iotivity.org.

---

Ostro is a trademark of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.