THE LINUX FOUNDATION PROJECTS
search
All Posts By

elisaproject

Aug 13

ELISA Project Welcomes Simone Weiss to the Governing Board!

By Ambassadors, Blog

We are excited to announce that Simone Weiss, Product Owner at Elektrobit, has joined the Governing Board of the Enabling Linux in Safety Applications (ELISA) Project. She brings a wealth of experience in functional safety, embedded systems, and open source leadership that will help guide ELISA’s mission to enable the use of Linux in safety-critical applications. One of Simone’s first tasks will be to lead the creation of a glossary in the ELISA Project directory.

ELISA Project Welcomes Simone Weiss to the Governing Board!Elektrobit has been an active contributor to the ELISA Project for several years, and Simone’s appointment reflects the company’s commitment to advancing the use of open source technologies in industries such as automotive, industrial, medical, and beyond.

“It’s an honor to join ELISA’s Governing Board. I’m looking forward to working with the community to support collaboration between industry and safety experts and drive broader adoption of Linux in safety-critical domains.” – Simone Weiss, Elektrobit

The ELISA Governing Board plays a critical role in setting the project’s strategic direction, ensuring sustainability, and supporting the vibrant technical community that underpins ELISA’s success. With the addition of Simone, the board strengthens its collective expertise and reaffirms its dedication to transparency, collaboration, and safety excellence.

Simone recently traveled to Open Source Summit North America, which happened in Denver, Colorado in June, to attend her first in-person Governing Board meeting. 

ELISA Project Governing Board 2025

Please join us in welcoming Simone to the ELISA Project Governing Board!

Jul 09
Arduino Portenta X8 as a Community Reference Hardware for Safe Systems – Highlights from the ELISA Project Workshop

Arduino Portenta X8 as a Community Reference Hardware for Safe Systems – Highlights from the ELISA Project Workshop

By Blog, Workshop

At the ELISA Project Workshop held May 7-9, 2025, in Lund, Sweden, co-hosted with Volvo Cars, Arduino co-founder and Head of Research at Malmö University, David Cuartielles shared an insightful session on using the Portenta X8 as a reference hardware platform for building safe and secure embedded Linux systems.

In his presentation, David walked through Arduino’s journey into Linux-capable hardware, the motivations behind creating the Portenta X8, and how it came to be through European-funded research projects. With industrial-grade capabilities, real-time microcontroller support, and built-in fleet management, the Portenta X8 stands out as a robust platform for prototyping secure and sustainable embedded Linux systems.

David also shared his insights into sustainability challenges in hardware manufacturing, highlighting Arduino’s ongoing research into biocompatible PCBs using PLA-flax substrates. The talk offers insights into balancing innovation with ecological responsibility, and how that might impact Linux-compatible hardware in the future.

To learn more, watch the session here. Slides available here.

Jun 11
ELISA Project workshop 2025 - Lund, Sweden

Recap of the ELISA Project Workshop 2025: Lund, Sweden

By Blog, Workshop

The ELISA Project’s workshop in Lund, Sweden brought together project members, contributors, and ecosystem partners for three days of focused collaboration and planning. From May 7 – 9, attendees convened at the Volvo Cars Lund Office to advance safety-critical Linux development and map out future goals.

On the afternoon of May 7, the workshop kicked off with welcome note by Philipp Ahmann (ETAS GmbH), Kate Stewart (Linux Foundation), and Robert Fekete (Volvo Cars), followed by an “Ask Me Anything” panel on ELISA and OSS safety applications featuring Philipp Ahmann and Gabriele Paoloni (Red Hat). David Cuartielles then demonstrated the Arduino Portenta X8 as community reference hardware for safe systems, and a cross-community case study highlighted collaboration with AGL, Eclipse S-Core, KernelCI, Xen, Zephyr, and more. The day closed with discussions on ELISA’s interaction with adjacent communities including Eclipse, Linaro, Rust, SPDX, and Yocto before an offsite dinner at Stäket.

Day 2 began with a comparison of Safety Linux vs. Safe(ty) Linux led by Philipp Ahmann and Paul Albertella (Codethink). Olivier Charrier (Wind River) and Alessandro Carminati (Red Hat) then explored hardware-level integration in the Linux kernel. After lunch, a series of special topics covered PX4Space (Pedro Roque, KTH), SPDX Safety Profile (Nicole Pappler, AlektoMetis), Safe Continuous Deployment (Håkan Sivencrona, Volvo Cars), and Resilient Safety Analysis (Igor Stoppa, NVIDIA). The afternoon sessions on KernelCI, BASIL & Testing (Luigi Pellecchia, Gustavo Padovan) and Requirements Traceability (Kate Stewart, Gabriele Paoloni) concluded with an engaging networking session.

On the morning of May 9, attendees discussed the Trustable Software Framework (Paul Albertella, Daniel Krippner) and examined Rust’s role in safety-critical applications. The final session on Best Practices Standard, presented by Philipp Ahmann, Gabriele Paoloni, and Olivier Charrier, distilled key takeaways and action items for ELISA’s roadmap. The workshop ended with stronger community connections and a clear plan for the project’s next steps.

We extend our thanks to Volvo Cars Lund for hosting, to all speakers and participants for their insights, and to the ELISA Project community for making this gathering a success. 

Videos from the workshop are now available on the YouTube channel of the ELISA Project. Watch the full playlist here.

Slides can be accessed here at the ELISA Project directory.

Keep an eye out for details on the next in-person workshop and virtual participation options here!

May 28

Criteria and Process for Evaluating Open-Source Documentation

By Ambassadors, Blog, Seminar Series

As the open source and safety (and security) communities collaborate more closely, there’s an opportunity to build trust by showcasing how open source development aligns with key safety principles. As part of the ELISA Seminar series, Pete Brink, Principal Consultant at UL Solutions and ELISA Project ambassador, recently presented the process designed to adapt to a variety of projects and contexts, including evaluation criteria.

This video aims to introduce a flexible, practical framework for evaluating documentation that supports trustworthiness in development practices. The goal is to empower teams to highlight their commitment to quality and safety in a way that works for them. Watch here:


The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

May 21

How open projects rethink safety culture

By Blog, Workshop

Written by Paul Albertella, ELISA Project TSC member, Chair for Open Source Engineering Process Working Group and Consultant at Codethink

This blog originally ran on the Codethink website. For more content like this, click here.

In 2016, Codethink started out on a journey to discover how open source software can be safely used to build safety-critical systems — that is, in products where people might be harmed if the software fails to do its job correctly.

Free / libre open source software (FLOSS) projects like Linux have clearly demonstrated the value of collaboration in public when creating software that is — amongst many other things — trusted as the backbone of the web and millions of smart phones. FLOSS projects have also established the essential role of transparency and rapid software updates in dealing with cybersecurity threats. When it comes to safety, however, the difficulties of making a case for using FLOSS in a solution have long been a frustrating obstacle for product developers.

Immediately following Codethink’s announcement about our latest milestone in this journey, I took part in two workshops focussing on safety and open source. This gave me the opportunity to talk about the Trustable Software Framework (TSF) and how we are using it in our development of CTRL OS. I also learnt more from other open source projects about their approaches to creating software where trustability is as important.

The workshops were hosted by Volvo Cars in the Swedish city of Lund, and our hosts also provided several enthusiastic participants. The events were organised by two open source projects that have common goals and challenges, but approach these from different perspectives and with different focuses. The Eclipse SDV project aims to build an automotive software stack to provide “an open technology platform for the software-defined vehicle of the future”. In contrast, the ELISA project is concerned with the use of Linux-based operating systems for safety applications in a range of different domains.

Image of Lund University Library

Day 1

Markus Bechter from BMW started the Eclipse SDV workshop by describing the approach to safety being developed for the Eclipse S-CORE or Safe Open Vehicle Core project. The intent is to establish a common set of development processes for components of this project, making the software amenable to safety certification using the ISO 26262 Automotive Safety Standard.

The Trustable Software Framework project was recently accepted into the Eclipse Foundation, so I gave the next presentation. TSF approaches the challenge of using FLOSS in safety more broadly: how can we make a case for using software that has not been developed following a process that conforms to an applicable safety standard? Since this describes the vast majority of existing FLOSS, including many of the tools and dependencies that S-CORE plans to use, an answer to this question is sorely needed, and TSF provides a methodology for making such a case.

After lunch, it was time to welcome a new set of participants and start the ELISA workshop. This began with an introduction to the project for newcomers (see my retrospective from last year’s workshop if you are also new to the project), followed by an Ask Me Anything discussion. Then we had a fascinating talk from David Cuartielles, a founder of the Arduino project who was recently honoured in the European Open Source Awards. After telling us about the latest Arduino (the Portenta x8) and the features of the boards that are relevant for trust, he went on to talk about a topic that he is passionate about: the DESIRE4EU project, which is exploring how to make printed circuit boards that are recyclable, in support of the European sustainable electronics goal.

The rest of the day focussed on the efforts of the ELISA Systems working group to describe and build systems involving Linux in combination with two other FLOSS components: the Zephyr RTOS and the Xen Hypervisor. This led naturally into a discussion of ELISA’s interactions with other adjacent open source communities.

Image of a presentation

Day 2

Philipp Ahmann and I started the second day with a discussion exploring some common misapprehensions about Linux and safety. We talked about some of the ‘routes’ to certification in the safety standards for pre-existing software, and why these are difficult to apply to open source software. We also explained why the notion of creating a ‘safe’ Linux is misleading, because safety can only really be understood in terms of a system, as opposed to an intrinsic property of a component. This led into discussions of various system models involving Linux, the use of complete redundant systems as part of a larger system design, and the role of hardware components in this, which was a perfect segue to the next session.

Olivier Charrier talked about the role of hardware integration in safety, describing how the responsibilities for achieving specific safety objectives as part of a system design are typically assigned to hardware and software components, and then refined or re-defined in a series of iterations to address the identified gaps. Alessandro Carminati then shared the results of a Linux Features working group investigation to build and analyse a minimal Linux configuration and identify a core set of features that must be considered for any Linux-based system.

After lunch we had a series of ‘special topic’ talks, beginning with interesting talks on PX4SPace — a flight control solution for drones that is being used to build robotic space vehicle solutions — and the SPDX Safety Profile, which extends the SPDX 3.0 ‘knowledge graph’ to include metadata relating to development processes for safety.

Håkan Sivencrona from Volvo then talked about Safe Continuous Deployment, emphasising the importance of building development processes that deliver an ongoing stream of ‘safe’ software deliveries using DevOps principles, not just one ‘blessed’ release that is never expected to change. Igor Stoppa’s talk on “Resilient Safety Analysis and Qualification” sparked a lively discussion, as he argued that any safety analysis of Linux must be based on a detailed understanding of the code, and that this might be a reason not to rely on more complex features or extensions of the kernel.

We then had a talk by Gustavo Padovan of the Kernel CI project, which recently became an associate member of ELISA. He explained that a key goal of the project is to enable projects and organisations testing the kernel to share their results with the wider kernel community by providing a common framework for reporting results. Recent developments include kci.dev, a command line tool enabling developers and maintainers to interact with Kernel CI, and a YAML config file format to enable Linux subsystems to share tailored test case executions for maintainers and the wider community.

The rest of the day focussed on requirements management and traceability, looking first at ELISA’s BASIL tool, and then at an initiative with the Linux Tracing subsystem to develop a low-level requirements specification approach. The latter involved documenting detailed requirements for each function in the kernel, which would be intended to support complete reimplementation of the functionality without reference to the code. One participant noted that this approach might enable the kernel to be re-written in Rust!

Image of a street lamp in Lund

Day 3

I kicked off the last day by reprising my presentation about the TSF from the Eclipse workshop for the ELISA attendees. Once again, the enthusiastic engagement and insightful questions from the participants were very gratifying, and Daniel Krippner helped to illustrate how the framework may be applied in practice by talking through his use of it as part of the Eclipse uProtocol project. Daniel and I followed this with a quick discussion of how Rust is becoming increasingly relevant in the safety sphere, and how this may be relevant for ELISA.

The workshop wrapped up with a discussion on the Open Source Best Practices Standard, an initiative that was launched earlier this year. It included a live survey collecting input from the audience about their awareness of existing standards and suggestions for projects to be considered for examples of best practices.

Key Takeaways

I’ve attended numerous ELISA workshops since the first one in 2019, and it was wonderful to note how many passionate and enthusiastic newcomers we had attending this time. We also had participants from a variety of different backgrounds, including academics from the local university and engineers from the rail, medical and aeronautics industries, as well as the always-prevalent automotive specialists.

ELISA’s increasing engagement with other open source communities, including those from the Eclipse Foundation and Linux Foundation projects, is also good to see. The growing interest in safety-related topics in these communities, building on the already well-established awareness of cybersecurity topics, is also encouraging. After the enthusiastic reception that my talks had last week, I am hopeful that the Trustable Software Framework can help to continue this trend, giving all open source projects a way to start engaging with these topics and to share their thinking and strategies for building trust with other projects and communities.

Stay tuned here for links to the videos and presentations.

Additional Resources:

May 14

Automated Testing Summit (ATS) 2025

By Blog, Industry Conference

In March, the ELISA Project welcomed KernelCI, a community-based open source distributed test automation system focused on building a collaborative ecosystem around upstream kernel development, to our ecosystem. The primary goal of KernelCI is to use an open testing philosophy to ensure the quality, stability and long-term maintenance of the Linux kernel. The Project is currently working on improved LTS kernel testing and validation; consolidation of existing testing initiatives; quality-of-life improvements to the current service; expanded compute resources; and increased pool of hardware to be tested. Learn more about why they joined the project here.

KernelCI will be hosting the Automated Testing Summit (ATS) 2025 on Thursday, June 26 from 9 am – 5 pm in Denver, Colorado, as part of  Open Source Summit North America. The Automated Testing Summit is a technical conference focused on the key challenges, tools, and infrastructure involved in testing and quality assurance for the Linux ecosystem — with an emphasis on upstream kernel development, embedded systems, cloud environments and CI integration.

Modern software stacks grow increasingly complex and heterogeneous. Ensuring their stability requires scalable, reproducible, and automated testing solutions that can operate across diverse hardware platforms, kernel versions, and integration layers. ATS brings together engineers working on KernelCI, test frameworks, lab automation, CI/CD pipelines, fuzzing, performance analysis, and more.

The event is a platform for in-depth technical talks, demos, and collaboration sessions that tackle real-world problems in automated testing. Topics range from designing interoperable systems for sharing test results, to debugging kernel regressions across distributed hardware labs.

ATS is currently accepting speaking proposals. Submit a proposal here by Sunday, May 18.

How to Register: Pre-registration is required.

To register to attend in-person at Automated Testing Summit 2025, add it to your Open Source Summit North America registration.

To register to attend virtually, please register here.

 

Apr 16

NEW FREE COURSE: Understanding the EU Cyber Resilience Act (CRA)

By Announcement, Linux Foundation Education

This blog originally ran on the Linux Foundation Education website. For more content like this, click here.

Quickly Grasp the Key Requirements of the CRA with this Express Learning Video Course

OpenSSF and Linux Foundation Education have announced the launch of Understanding the EU Cyber Resilience Act (CRA) (LFEL1001), a new, free, Express Learning video course that covers:

  • Key requirements of the EU’s Cyber Resilience Act (CRA)
  • Digital product impacts
  • Compliance strategies
  • How to navigate uncertainties in the law, including for open source software

The course is ideal for anyone needing to adapt to these new legal requirements, especially decision-makers and software developers – including those working with open source software – whose products may be commercially available in the EU.

“The Cyber Resilience Act (CRA) is critically important for all software developers and their managers to understand. It imposes requirements on many kinds of software, including open source, that have never been regulated before. The CRA applies even if the software wasn’t developed in the EU,” said David A. Wheeler, PhD, Director of Open Source Supply Chain Security, OpenSSF. “This completely changes the software development landscape. You could risk its substantial penalties, but it’s wiser to gain an understanding of it.”

EU Law with Global Impact

The CRA is a landmark law that imposes new requirements on products with digital elements, including software, that are made commercially available within the European Union. It also imposes significant penalties for failure to comply in certain cases. Given the global nature of software and hardware development, many organizations and individuals not based in the EU will find themselves affected by the CRA.

Understanding the EU Cyber Resilience Act (CRA) (LFEL1001) will help those affected better prepare to understand and meet their obligations of the law and avoid the significant penalties the law can enforce. This includes the CRA’s requirements for developing secure software and managing vulnerability reports. The course will also note some of the uncertainties in the new law, explain how some are being addressed and provide recommendations on how to deal with such uncertainties.

Understanding the EU Cyber Resilience Act (CRA) (LFEL1001) is a free, 90-minute, self-paced, e-Learning video course. Those who successfully complete the course receive a digital badge and certificate of completion.

Don’t Let the CRA Catch You Off Guard
Enroll Today!

Apr 09

New Initiative Seeks to Establish Open Source Software Best Practices Standard

By Blog, Industry Partners, Linux Foundation, News

In an era of rapid digital transformation, open source software has become the backbone of technological innovation across industries. The Linux Foundation Europe is proud to partner with Enabling Linux in Safety Applications (ELISA) Project to support an initiative, aimed at addressing a critical challenge in the software ecosystem. As the demand for open source software into regulated and safety-critical systems increases (e.g. in aerospace, automotive, and medical industries), the need for a robust, standardized approach to evaluate its quality and security has never been more urgent. This initiative promises to reshape how we assess and integrate open source software into mission-critical environments. Learn more in this blog article authored by Philipp Ahmann (ETAS GmbH) and Gabriele Paoloni (Red Hat).

An innovative new project is underway to establish a standardized approach for evaluating the quality and security of open source software (OSS). The increasing reliance on OSS in regulated and standards-driven sectors (like aerospace, automotive, and medical industries ) necessitates a robust framework for determining OSS trustworthiness. This project aims towards just this.

Current quality standards are often inadequate to the unique development processes of OSS, creating a significant barrier to the adoption of OSS in regulated industries.

This initiative will address this gap by:

  1. analyzing existing OSS development practices
  2. identifying key performance indicators (KPIs), and
  3. creating a framework to evaluate how well OSS projects align in front of the objectives safety & security standards as well as regulations.

The evaluation will be based on the project’s (open source) development practices.  Such a framework will be crucial for both quality management demanded by safety standards and the growing requests on software quality of cyber-resilience regulations (such as the Cybersecurity Resilience Act – CRA). The resulting standard will also support initiatives aimed at increasing the security and reliability of open-source operating systems.

Your Input is Crucial

To ensure this project accurately reflects the needs and realities of the OSS community, and the demands of regulated industries, we invite you to participate in a short survey. Your feedback will directly influence the development of this vital new standard. The survey will cover various aspects of OSS development, focusing on both safety and security, aiming to identify best practices and establish measurable KPIs. The deadline to submit your feedback is May 31, 2025.

About the Project:

The goal of this project is to evaluate and document established open source development best practices and to provide an assessment guide for the user to rate the quality of open source projects. This increases trust in open source software for the adoption in regulated industries, e.g. for safety critical systems.

image2-2

This shall be achieved via 3 project phases:

  • Phase 1: Analyzing existing literature, OSS projects, and relevant standards, including emerging cyber-resilience frameworks.
  • Phase 2: Defining a framework of OSS good practices and KPIs for both safety and security.
  • Phase 3: Testing and refining the framework through pilot projects.

The project welcomes collaboration with academia, public sector organizations, OSS communities, foundations, and industry leaders across various sectors. By working together, we can create a quality standard that provides means to demonstrate the technical and process capabilities of OSS projects, enabling their adoption within a company-specific development framework for safety-critical and cyber-resilient systems, thereby paving the way for innovation while upholding the highest levels of safety and security.

SUPPORTING QUOTES:

While e.g. the European Commission and Japanese government are right starting to champion open source for software-defined vehicles (SDVs), a clear path to integrating OSS with existing automotive standards is crucial for realizing its full potential. ETAS  is committed to bridging this gap, ensuring that open source initiatives drive innovation without compromising safety, reliability, or established industry practices. We believe this approach is essential for fostering true digital sovereignty and competitiveness within the automotive sector. – Philipp Ahmann, Sr. OSS Community Manager at ETAS GmbH

As indicated above, there is an increasing usage of OSS in regulated and standards-driven sectors. Setting up a convergence between the OSS quality and security processes with regulations and standards definitions becomes a must and this activity needs to take place on both sides of the equation to find an agreement. The project initiative described here would be the OSS part, matching the regulatory part also started in the different sectors, like the new revision of the ISO-26262 with the introduction of the ISO/PAS 8926 for the Automotive sector, and the EUROCAE WG-117 SG-2 related to “COTS, Open Source and Service History” for the Avionics sector. – Olivier Charrier, Principal Technologist – Functional Safety at Wind River Systems

With open source as the basis for every commercial product offering, Red Hat is invested in the quality and security of related open source software. This investment is substantiated by all Red Hat customers’ success stories, including but not limited to, deployments of Red Hat products into mission critical systems (such as finance, defense, telco and space industries). For this reason Red Hat fully supports this project and is looking forward to having an innovative and suitable approach to rate open source software quality; thus aiming to accelerate and simplify OSS evaluation for use in mission-critical systems or regulated industries. – Gabriele Paoloni, Sr PE | Open Source Community Technical Leader at Red Hat

Mar 26

F Prime and Linux

By Blog, Space Grade Linux, Working Group

In the last ELISA Project Workshop, hosted at the NASA Goddard Space Flight Center in Greenbelt, Maryland, from December 10 to 12, 2024, speaker Michael Starch, Flight Software Engineer at NASA, gave a presentation, “F Prime and Linux.”

 

Watch the video below or check out the presentation here.

 

The ELISA Workshop, which had than 30 in-person and 40 virtual attendees, brought together experts from various organizations, including ELISA Project member companies such as Red Hat, and Bosch, as well as representatives from NASA, Wind River, TelePIX, the Linux Foundation and more. This diverse group of professionals engaged in discussions and presentations on advancing Linux systems for space-grade applications.

Check out the ELISA Workshop @ NASA Youtube playlist to watch other videos or access the materials on the ELISA Project’s directory. Or, learn more about the next ELISA Workshop, happening in Lund, Sweden on May 7-9. Register here.

Additional Resources:

Mar 19

Containerization in Space Podman for Mission Critical Operations and Resilience (Video)

By Blog, Space Grade Linux, Workshop

In the last ELISA Project Workshop, hosted at the NASA Goddard Space Flight Center in Greenbelt, Maryland, from December 10 to 12, 2024, speaker Dan Walsh, Senior Distinguished Engineer, and Douglas Schilling Landgraf, Senior Software Engineer, at Red Hat, gave a presentation, “Containerization in Space Podman for Mission Critical Operations and Resilience.”

 

Watch the video below or check out the presentation here.

 

The ELISA Workshop, which had than 30 in-person and 40 virtual attendees, brought together experts from various organizations, including ELISA Project member companies such as Red Hat, and Bosch, as well as representatives from NASA, Wind River, TelePIX, the Linux Foundation and more. This diverse group of professionals engaged in discussions and presentations on advancing Linux systems for space-grade applications.

Check out the ELISA Workshop @ NASA Youtube playlist to watch other videos or access the materials on the ELISA Project’s directory.

Additional Resources: