The prpl foundation is an open-source, community-driven, collaborative, organization. It mainly targets and supports the MIPS architecture – but it is open to all –, with a focus on enabling next-generation datacenter-to-device portable software and virtualized architectures.

1. Introduction to prpl
Art Swift, president prpl Foundation
Embedded Linux Conference Europe (ELCE) 2014
10/15/2014

2. Mission
‘prpl’ is an open-source, community-driven, collaborative, non-profit
foundation targeting and supporting the MIPS architecture
– and open to all –
with a focus on enabling next-generation datacenter-to-device
portable software and virtualized architectures
Introduction October 14, 2014 to prpl – ELCE 2014 2

3. Our founding members
Introduction October 14, 2014 to prpl – ELCE 2014 3

4. prpl core strategies
Introduction October 14, 2014 to prpl – ELCE 2014 4

5. Why open-source?
• Enabling the IoT and Big Data revolution
needs collaborative minds
• Fragmentation will slow down innovation
• More eyeballs = more secure
• Community benefits
– Large ROI benefit – up to 4x gain
– Time-to-Market & lower TCO
– Stronger ecosystem
– Faster innovation through focus on core
competency
Introduction October 14, 2014 to prpl – ELCE 2014 5

6. Our initial PEGs (prpl Engineering Groups)
Introduction October 14, 2014 to prpl – ELCE 2014 6

7. What’s coming next?
Tools and
Tool
Chains
Secure
Hypervisors
Prpl Stamp
Hardware Certification
Program
Fully tested, open
source supported,
development HW from
prpl partners for
different markets
CI20 – a great example from Imagination!
Introduction October 14, 2014 to prpl – ELCE 2014 7

8. prpl engineering work
▪ Virtualization Ecosystem
▪ Hypervisors (eg KVM, Fiasco.oc)
▪ OS
▪ Data Center – Redhat, Ubuntu, Debian, CentOS
▪ Networking –Montavista, OpenWrt
▪ Embedded/IoT & Mobile - Android, Chromium,
Tizen, WebOS, RTOSs, Yocto
▪ Kernel (device tree, power mgmt, multi-threading)
▪ Portability
▪ JITs (V8, openJDK, etc)
▪ Emulation (QEMU)
▪ Tools (SDK, IDE)
▪ Platform
▪ UEFI and boot loaders
▪ Optimization
▪ Intrinsics (eg SIMD) and libraries (eg memcpy) –
■ Multimedia - video, audio, speech
■ Networking
■ Security
■ Networking (multi-core friendly and aynchronous)
■ e.g. BGP, OVS, snort, routing protocols, DPI
Introduction October 14, 2014 to prpl – ELCE 2014 8

9. Introduction October 14, 2014 to prpl – ELCE 2014 9

10. Portability, Virtualization, and Compute
Context: What is the vision for prpl and
what is driving our decisions?
Introduction October 14, 2014 to prpl – ELCE 2014 10

11. The diverse and insecure IOT world!
Which will generate and transmit Mountains of Data!
Introduction October 14, 2014 to prpl – ELCE 2014 11

12. Diversity and Big Data: The Internet of Cow
1.5B cows
200MB/yr/cow
=
300,000 GB
(0.3 petabytes)
per year
Introduction October 14, 2014 to prpl – ELCE 2014 12

13. Diversity and Big Data: Turbines
12,000 turbines
500GB/day each
=
6 million GB
(6 petabytes)
per day
Introduction October 14, 2014 to prpl – ELCE 2014 13

14. Little Data  Big Data  Huge Data
• Each successive node in the IoT chain adds
– Data and Storage requirements
– Processing Requirements
– Multi-tenant Requirements (i.e. security)
Bytes
Megabytes
Terabytes
Petabytes
Exabytes
ZETTABYTES
(1000^7)
Introduction October 14, 2014 to prpl – ELCE 2014 14

15. Key Enablers for IoT
• Processing power
• Networking infrastructure and connectivity
• Low cost, secure devices
• Storage
• Loads and loads of secure, portable software
• A way to make money
Introduction October 14, 2014 to prpl – ELCE 2014 15

16. IoT Market Challenges
• Scale
– Billions of devices (identity & authentication management, in-field updates, dynamic interactions, big data, real
time data mgmt.)
• Multiple technologies and standards
– Creation of technology silos
– Established / emerging / competing
– Standardization is a key enabler
• Solutions are highly fragmented
– Need for common/flexible platforms
– Applications environments with multiple PKIs or Roots of Trust
• Low power requirements
– Operate for 2 years on a coin battery
• Cost limitation
• Long life cycles
Security
Introduction October 14, 2014 to prpl – ELCE 2014 16

17. Introduction October 14, 2014 to prpl – ELCE 2014 17

18. Introduction October 14, 2014 to prpl – ELCE 2014 18

19. More connected homes, more problems
• “Smart refrigerators and TVs
hacked to send out spam …”
– NBC news
• If hackers can exploit a
weakness in a single type of
Internet-connected home
appliance or system—such as
an Internet-connected door
lock—they may be able to
harm thousands of people at
once.
Introduction October 14, 2014 to prpl – ELCE 2014 19

20. Target Breach: an anatomy
$200M cost,
CEO ousted
1 HVAC systems
Compromised
credentials from
HVAC vendor
monitor temp.
changes for seeing
how long
customers stay
2
Malware
programs
installed on
HVAC systems
3
Unified backend
systems at store
(and most
retailers)
4
PoS system
breached
5
Millions of credit
card numbers
start flowing out
6
Breach
detected! Manual
intervention was
needed
7
Introduction October 14, 2014 to prpl – ELCE 2014 20

21. IoT Security Chain (device-to-datacenter)
Sensors
Nodes
Aggregation Points
Routers /Gateways
STBs
Cloud
HW Root of Trust + Secure Boot => Secure Over The Air/Wired Field Updates
Secure sensor data for
sensitive applications (e.g.
medical, industrial, enterprise)
Enable in field device personalization (add/remove features)
Future proof designs with flexible programmable architecture
Private Data Disposal
Secure Server + Secure
Network => Secure
Services
Secure Remote Monitoring
Protect Intellectual Property against SW cloning (e.g. proprietary algorithms)
Intellectual Property Tampering Detection
Intrusion Detection and Secure Remote Monitoring
Introduction October 14, 2014 to prpl – ELCE 2014 21

22. Platform security – one approach
Through hardware virtualization support and secure hypervisors
• Secure boot process starts out in
ROM
• After bootloader, the root of
trust (hypervisor) is verified and
loaded
• Iteratively verifies next stage of
boot until HLOS (optionally
inclusive)
• Secure partition(s) able to access
full memory map. Non-secure
can access only its partition.
Non-Secure
App
Non-Secure
App
Non-Secure
App
Non-secure HLOS (e.g.
Android)
Secure App 1
Secure App 2
Secure
OS 1
Secure App 3
Secure & Protected Hypervisor
Virtualized N-core MIPS i6400 CPU
Virtualized I/O and Memory thru entire SoC Complex
Secure
OS 2
Introduction October 14, 2014 to prpl – ELCE 2014 22

23. Exploring Virtualization
Multiple Secure Domains More Reliable & Predictable
Secure Hypervisor
CPU 1 CPU 2 CPU 3 CPU 4 CPU 1
Secure Monitor
CPU 2 CPU 3 CPU 4
Secure Hypervisor
CPU 1 CPU 2 CPU 3 CPU 4
CPU 2 CPU 3 CPU 4
More Powerful & Efficient Safer!
CPU 1
• Global Platform considering
certifiable containers
Secure Monitor
• Secure services can only affect their
container, not the overall system
CPU 1
Secure Hypervisor
CPU 2 CPU 3 CPU 4 CPU 1
Secure Monitor
CPU 2 CPU 3 CPU 4
Introduction October 14, 2014 to prpl – ELCE 2014 23

24. Summary: what will prpl do?
• Focus on the software “glue” necessary to carry secure
structured and unstructured data from the device to the
datacenter
• Example:
– Secure hypervisors for multiple tenants
– Portable software, such as JITs
– SaaS, PaaS, IaaS OTA secure
– Programming models to enable big data processing (eg hadoop) over
heterogeneous processors
Embedded
nodes
OpenWrt
hub
Networking
backbone
Datacenter
Introduction October 14, 2014 to prpl – ELCE 2014 24

25. How to Get Involved in prpl
Mailing list
lists.prplfoundation.org
Wiki
wiki.prplfoundation.org
Forums
forum.prplfoundation.org
Code
github.com/prplfoundation
Introduction October 14, 2014 to prpl – ELCE 2014 25

26. Resources
• http://prplfoundation.org
• http://www.cisco.com/web/about/ac79/docs/in
nov/IoE_Economy.pdf
• http://theinstitute.ieee.org/benefits/standards/s
etting-the-stage-for-the-internet-of-things
• FTC Workshop on IoT and Security (Nov ‘13)
• art (at) prplfoundation (dot) org
Introduction October 14, 2014 to prpl – ELCE 2014 26

27. Thanks!
Art Swift, president