-
Overview
-
redpesk OS releases
-
Security updates
-
Redpesk OS Tips and Tricks
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
OP-TEE within redpesk
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
Kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
PERM-CHECK extension
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Binder Overview
The binder provides the way to connect applications to the services that it needs.
It provides a fast way to securely offer APIs to applications written in any language and running almost anywhere.
- The binder is developed for redpesk and AGL (Automotive Grade Linux) but it is not bound to them.
- The binder is the usual name.
- The binary is named afb-binder.
- The name afb-binder stands for Application Framework Binder.
Each binder is in charge to bind one instance of an application or service to the rest of the system, applications and services.
Within Redpesk, the connection between services and applications is automatically set up by the application framework, using the binder.
The basis of the binder
The following figure shows main concepts linked to the binder.
The shown elements are:
-
The SECURITY CONTEXT
The primary intention of any binder is to provide a secured environment for any application.
On redpesk, the security context is ensured by [Smack], the security context of the application or service. -
The BINDER
This is the central element.
It makes possible to run HTML5 applications and provides the unified access to APIs provided by the bindings.Running a pure HTML5 application doesn’t require any binding.
In that case , the binder acts as a simple HTTP server for the web runtime. -
The BINDINGs
A binding adds one API to the binder.
An API is a set of verbs that can be called using either REST over HTTP or a kind of JSON RPC.
bindings are either:
- dynamically loaded libraries in the binder process
- remote service running on the same host
- remote service running on other hosts
When acting as an HTTP server, the binder treats the language settings of the HTTP requests to provide internationalized content as specified by widget specifications.
-
The APPLICATION
An application connects to the binder to get access to the API that it provides or to get its HTTP services to access resources.
Interconnection of binders
The AGL framework interprets the widget/application manifests to setup the bindings configuration of the binders.
The figure below shows that binders are interconnected.
The figure shows 4 several application/service: A, B, C and D.
The application A might use an API that is shown as a local binding but that in reality runs within the context of D.
The application framework of Redpesk takes care of making the plumbing working.
Role of binders in micro service architecture
Inside the redpesk micro-service architecture, the binder is used for two main purposes, either together or separately:
- Entry point of user applications for using micro-services
- Interconnection of services together
The interconnection of services together
Bindings
The bindings are dynamically loaded libraries that bring callable APIs to the binder. The API brought by bindings can be exported to other bindings