ELISA Project Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend.
Title: Functional safety with Xen, Zephyr and Linux for avionics, automotive and industrial
Date: Wednesday, May 13, 2026, 7:00-8:00 Pacific / 14:00-15:00 UTC / 15:00-16:00 CET
Speaker: Ayan Kumar Halder, Sr. Member of Technical Staff, AMD; Matthew Weber, Associate Technical Fellow and Chief Software Architect Linux, Boeing
How to Attend: Register here in advance to attend for free. And please add the webinar joining details to your calendar from the confirmation email you will receive upon registering
Description:
Open-source hypervisors and operating systems are increasingly being considered for safety-critical systems across avionics, automotive, and industrial domains. This talk presents the ongoing work to bring functional safety capabilities to the Xen hypervisor alongside Zephyr RTOS and Linux, targeting deployment in mixed-criticality systems. We begin with the big picture: a system-level design showing how Xen, Zephyr, and Linux can be composed to meet the needs of different safety domains — from avionics (DO-178C) to automotive (ISO 26262) and industrial (IEC 61508). We then dive deep into the concrete work items that have been upstreamed or published, including MISRA C fixes, safety- critical features in Xen such as MPU support, along with requirements, architecture specifications, test specifications, and tests. We conclude sharing how to collaborate with ELISA and Xen FuSa efforts to collaborate on an open safety case!
We will describe the various means of testing with some examples – domain based tests, fault injection tests, internal interface tests based on gdb, fuzzing, platform emulation for testing, unit tests based of ceedling and coverage measurement (branch, line, function, MCDC). All these tests are aimed at validating Xen as safety element out of context. We will also describe how we plan to reduce the code to be safety certified by introducing fine granular configurations describing the hardware features. Besides, we will describe how Xen enforces freedom from interference between different VMs based on capabilities and properties. Thus, we ensure that Xen can meet the safety guidelines set by ISO 26262, IEC 61508 and DO-178C.