Skip to main content
Category

Blog

Certifying Linux: State of the Art and Lessons Learned after Eight Years

By Blog, Seminar Series

In 2018, in the course of the SIL2LinuxMP project, we summarized the knowledge gained around research questions and suggested potential solutions using Linux in safety-related systems in the paper “Certifying Linux: Lessons Learned in Three Years of SIL2LinuxMP.” Since then, the activities using Linux in safety-related systems has continued to attract more experts and more commercial attention. However, it is still a challenging activity to pursue. In this video, we explain, reflect and comment the areas of work and activities that have been followed the next five years throughout the industry and how they relate, complement initial ideas that were collected in the SIL2LinuxMP project.

As part of the ELISA Seminar series, Lukas Bulwahn, Safety Software Key Expert at Elektrobit, gave a presentation titled, “Certifying Linux: State of the Art and Lessons Learned after 8 Years.

 

The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Working Group Spotlight: Aerospace

By Blog, Working Group

To kickoff 2024, ELISA hosted an annual Working Group Update where all of the leads shared a quick overview, milestones achieved and plans for the new year. The update meetings, which was hosted online for a few hours over two days, was open to the public. If you missed the meeting, the videos can be found on-demand on a new Working Group playlist on the ELISA Youtube Channel.

Each week, we’ll feature a new Working Group video and details for how to get involved in meetings and join the discussions. Today, we shine a spotlight on the Aerospace Working Group, led by Steven H. VanderLeest, Chair of the ELISA Aerospace Working Group and Chief Technologist at Boeing. Watch the video below or check out the PPT here.

 

Engage with the Aerospace Working Group: 

Attend a meeting: 

Join the Mailing List:

Participate in GitHub:

ELISA is open to everyone. Anyone can develop and contribute code, get elected to the Technical Steering Committee, or help steer the project forward in any number of ways.

Learn more about the ELISA Project by:

Using Linux in Safety Scenarios

By Blog, Working Group

Written by Igor Stoppa, Senior Software Architect at NVIDIA and ELISA Project contributor

The ELISA Project’s Open-Source Engineering Process (OSEP) Working Group examines how software engineering processes can be used to facilitate the certification of safety-critical systems incorporating Linux and other FOSS. They aim to consider the roles that a Linux-based OS might have in such systems, and identify how FOSS developers, system integrators and product creators can specify these, and provide evidence to support associated safety arguments.

These documents below, which were contributed to the ELISA PROJECT OSEP WG are intended to help functional safety professionals, linux kernel developers, assessors and oems find a common ground:

1. Checklist of FuSa woes associated to Linux in a safety context
2. Contextualizing safety requirements in the scope of a Linux system
3. Analyzing interference within a Linux System based on arm

Although they are not written in the formal language typical of Functional Safety, they cover important technical aspects that might not be obvious to those who are not familiar with Linux.

They can also help with introducing FuSa concepts to Linux engineers and can be a supporting tool to anyone trying to reach safety goals on a system based on Linux.

Ideally, they can help both assessors and OEMs who are either transitioning or considering the transition to a Linux based system, in evaluating the offerings and FuSa solutions that they have available.

Check out the contributions and learn more about the OSEP WG here.

Working Group Spotlight: Safety Architecture

By Blog, Working Group

To kickoff 2024, ELISA hosted an annual Working Group Update where all of the leads shared a quick overview, milestones achieved and plans for the new year. The update meetings, which was hosted online for a few hours over two days, was open to the public. If you missed the meeting, the videos can be found on-demand on a new Working Group playlist on the ELISA Youtube Channel.

Each week, we’ll feature a new Working Group video and details for how to get involved in meetings and join the discussions. Today, we shine a spotlight on the Safety Architecture Working Group, led by Gabriele Paoloni, Chair of the ELISA Project Governing Board and Open Source Community Technical Leader at Red Hat. Watch the video below or check out the PPT here.

 

 

Engage with the Safety Architecture Working Group: 

Attend a meeting: 

Join the Mailing List:

Participate in GitHub:

ELISA is open to everyone. Anyone can develop and contribute code, get elected to the Technical Steering Committee, or help steer the project forward in any number of ways.

Learn more about the ELISA Project by:

Safety-Critical Software Summit Schedule Now Live

By Announcement, Blog, Safety-Critical Software Summit

Last week, the Linux Foundation announced the full schedule for Open Source Summit North America, the premier event for open source code and community contributors. The leading gathering for the global open source community offers 200+ sessions presented through 16 microconferences, exploring the most crucial and innovative topics driving open source advancements today.

Embedded Open Source Summit is also being held April 16-18 in Seattle, Washington, alongside Open Source Summit North America. The Safety-Critical Software Summit, sponsored by the ELISA Project, will be under the EOSS umbrella and aims to gather safety experts and open source developers to enable and advance the use of open source in safety-critical applications.

The Safety-Critical Software Summit will take place on Thursday, April 18. Check out the schedule below, which is in PST:

Check out the complete schedule here. Register here by February 24 for an early bird discount. Those who register for Open Source Summit can add on registration for Embedded Open Source Summit for free.

Learn more about the ELISA Project by:

Working Group Spotlight: Open Source Engineering Process

By Blog, Working Group

To kickoff 2024, ELISA hosted an annual Working Group Update where all of the leads shared a quick overview, milestones achieved and plans for the new year. The update meetings, which was hosted online for a few hours over two days, was open to the public. If you missed the meeting, the videos can be found on-demand on a new Working Group playlist on the ELISA Youtube Channel.

Each week, we’ll feature a new Working Group video and details for how to get involved in meetings and join the discussions. Today, we’ll feature the Open Source Engineering Process Working Group update by Paul Albertella, Consultant at Codethink. Watch the video below or check out the PPT here.

 

;

 

Engage with the Open Source Engineering Process Working Group: 

Attend a meeting: 

Join the Mailing List:

Participate in GitHub:

ELISA is open to everyone. Anyone can develop and contribute code, get elected to the Technical Steering Committee, or help steer the project forward in any number of ways.

Learn more about the ELISA Project by:

Working Group Spotlight: Tools

By Blog, Working Group

To kickoff 2024, ELISA hosted an annual Working Group Update where all of the leads share a quick overview, milestones achieved and plans for the new year. The update meetings, which was hosted online for a few hours over two days, was open to the public. If you missed the meeting, the videos can be found on-demand on a new Working Group playlist on the ELISA Youtube Channel.

Each week, we’ll feature a new Working Group video and details for how to get involved in meetings and join the discussions. Today, we’ll feature the Tools Working Group update by Matt Kelly, Software Team Lead at The Boeing Company. Watch the video below or check out the PPT here

 

Engage with the Tools Working Group:

Attend a meeting:

  • 2nd Tuesday of the month @ 9:30 AM EST / 2:30 PM UTC
  • 4th Thursday of the month @ 11:00 AM EST / 4:00 PM UTC

Join the Mailing List:

Participate in GitHub:

  •  Tools WG: https://github.com/elisa-tech/wg-tools
  • BASIL: https://github.com/elisa-tech/BASIL
  • ks-nav: https://github.com/elisa-tech/ks-nav

ELISA is open to everyone. Anyone can develop and contribute code, get elected to the Technical Steering Committee, or help steer the project forward in any number of ways.

Learn more about the ELISA Project by:

ELISA Project: Working Groups, Deliverables & More!

By Blog, Working Group

Linux is used in all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes. Launched in February 2019, the Enabling Linux In Safety Application (ELISA) Project works with Linux kernel and safety communities to agree on what should be considered when Linux is used in safety-critical systems. The project has several dedicated working groups that focus on providing resources for system integrators to apply and use to analyze qualitatively and quantitatively on their systems.

The Working Groups have two main focuses – the horizontal Working Groups include Safety Architecture, Linux Features, Tool Investigation, Open Source Engineering Process, and Systems as well as vertical use case based Working Groups in Aerospace, Automotive, and Medical Devices domains.These Working Groups collaborate to produce an exemplary reference system. Linux Features, Architecture and Code Improvements should be integrated into the reference system directly. Tools and Engineering Process should serve the reproducible product creation. Medical, Automotive, Aerospace and additional future WG use cases should be able to strip down the reference system to their use case demands.The Project’s Technical Steering Committee (TSC) oversees the Working Group activities and coordinates cross Working Group collaboration to drive the technical direction of the Project. You can interact with the TSC by subscribing to its public forum and attend its biweekly meeting that’s open to the public by default.

To kickoff 2024, ELISA hosted an annual Working Group Update where all of the leads share a quick overview, milestones achieved and plans for the new year. The update meetings, which was hosted online for a few hours over two days, was open to the public. If you missed the meeting, the videos can be found on-demand on a new Working Group playlist on the ELISA Youtube Channel.

Each week, we’ll feature a new Working Group video and details for how to get involved in meetings and join the discussions. Today, we’ll kick off the blog series with a 10-minute project overview by Philipp Ahmann, Chair of the ELISA Project Technical Steering Committee and Technical Business Development Manager at Robert Bosch GmbH.

ELISA is open to everyone. Anyone can develop and contribute code, get elected to the Technical Steering Committee, or help steer the project forward in any number of ways.

Learn more about the ELISA Project by:

 

How to Navigate the Complexity of Open Source License Compliance

By Blog, Linux Foundation Reserch

Written by Anna Hermansen, Researcher and Ecosystem Manager for Linux Foundation Research

In the ever-evolving landscape of software development, the integration of open source software (OSS) has become ubiquitous, fostering innovation, efficiency, and collaboration. However, this adoption comes with its own challenges, particularly when it comes to complying with open source licenses. A recent report by the Linux Foundation’s Ibrahim Haddad, titled Open Source License Compliance: Challenges Ahead, sheds light on the intricacies involved in navigating this complex terrain. Below are a few key insights from this report: 

  1. The cornerstone of open source license compliance lies in adhering to copyright notices and fulfilling license obligations when incorporating OSS into products or services. This is no small feat, considering the diverse range of licenses, varying terms and conditions, and the rapid pace of software development.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-1
  2.  Compliance with OSS licenses is a multifaceted process that begins with identifying all OSS integrated into a product or service. This necessitates a meticulous plan to fulfill the myriad of license obligations associated with each component. The complexity intensifies as organizations grapple with the diverse licensing landscape and the dynamic nature of software development.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-2
  3. To effectively manage OSS license compliance, organizations need robust tools. An advanced Software Composition Analysis (SCA) tool proves indispensable in this regard. These tools boast comprehensive features, aiding organizations in accurately identifying incorporated OSS, understanding licensing requirements, and ensuring adherence to obligations.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-4
  4. Promoting a culture of openness and accountability is key. Beyond tools, organizations can instill a culture of openness, accountability, and collaboration by providing users with visibility into their compliance processes. This transparency not only fosters a sense of responsibility but also enables the organization to address compliance issues or inquiries efficiently.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-5
  5. Organizations can be proactive by integrating compliance into the development process itself. By doing so, organizations reduce the risk of non-compliance while cultivating a healthy internal open source governance culture. This proactive stance ensures that compliance is not an afterthought but an integral part of the software development lifecycle.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-6
  6. Managing OSS license compliance at scale requires leveraging appropriate tools and garnering internal support. This strategic combination helps in mitigating compliance risks and ensures that adherence to license obligations becomes an integral aspect of the development workflow.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-7
  7. The efficacy of SCA tools hinges on their accuracy, consistency, and integration. These tools must navigate complexities, identify all OSS components, and stay updated with the ever-evolving OSS licensing landscape. Achieving this balance is critical for organizations relying on SCA tools to facilitate compliance. To maximize their effectiveness, these tools must seamlessly integrate with the software development lifecycle, which requires automating the scanning of code for open source components and licensing requirements. The integration ensures that compliance is an inherent part of the development process.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-8
  8. Another important tool for compliance is the Software Bill of Materials (SBOM). The adoption of SBOMs is increasing as a means of providing transparency into a software product or service. SBOMs offer insight into component usage, open source licenses, and potential vulnerabilities in the open source components in use, and when standardized in a common format – such as the Linux Foundation’s SPDX project – reduce the workload of collating this information. Despite these advantages, challenges arise when origin and license information of the AI system’s source code is absent, hindering downstream users from generating accurate SBOMs. This gap raises a critical concern, as the inability to trace security vulnerabilities poses a significant red flag in maintaining comprehensive cybersecurity measures.
  9. Auditability is a central challenge for organizations aiming to maintain transparent and comprehensive audit trails of all OSS and license compliance-related activities. The ability to demonstrate adherence to license obligations becomes paramount, especially in the face ofOpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-9
  10. The rise of artificial intelligence (AI)-generated code introduces new challenges to the compliance landscape. Organizations can initially address these challenges by implementing policy options and providing guidance to developers. As AI becomes more prevalent, refining compliance strategies for AI-generated code will be imperative.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-11
  11. As the prevalence of OSS continues to grow, establishing a robust and automated compliance process becomes critical. This not only safeguards organizations from legal repercussions but also shields them from reputational risks associated with non-compliance.

    OpenSourceLicenseComplianceReport_Infographic_Mentorship Infographic-12

Software developers and business leaders stand to gain invaluable insights from the report, Open Source License Compliance: Challenges Ahead. It offers a comprehensive roadmap, emphasizing the complexities of compliance and the need for advanced Software Composition Analysis (SCA) tools, SBOMs, and integrating compliance into the development process. Following this roadmap reduces non-compliance risks and helps foster a culture of transparency and collaboration.

Moreover, the report tackles emerging challenges, including those posed by artificial intelligence-generated code, and advocates for robust, automated compliance processes. By delving into the intricacies of OSS license compliance, this report equips professionals with the knowledge to harness the benefits of open source innovation confidently while safeguarding against legal and reputational risks. It serves as an indispensable guide, ensuring that both developers and business leaders are well-prepared to navigate the complex terrain of open source software integration.

Photo by Tumisu

ELISA Milestones & What’s next

By Blog, Working Group

As Linux continues to be a key component in safety-related applications, Enabling Linux in Safety Applications (ELISA) is an open source project that aims to create a shared set of tools and processes to help companies build and certify Linux-based safetycritical applications and systems. Launched in February 2019, ELISA works with Linux kernel and safety communities to agree on what users should consider when using Linux in safety-critical systems.

In 2023, ELISA increased the technical resources created for the Linux community, including a Seminar Series of no-cost, on-demand videos that provide overviews of a special focus and project workshops for community members who are interested in advancing the milestones and goals of the project. The ELISA Seminar series hosted sessions that many organizations hosted, including Red Hat about an open source tool, tentatively named Basil, for tracing requirements, code, and tests; AMD about Xen safety certification; the Linux Foundation with AlektoMetis about automating adherence to safety profiles after fixing vulnerabilities; and the Boeing Company about DO-178C Level D certified Linux and NASA.

Two in-person workshops in Berlin and Munich brought together industry thought leaders and open source community members to discuss all safety-related issues, challenges, and next steps for the project. The project has several dedicated Working Groups (WGs) that provide resources for system integrators to apply and use to qualitatively and quantitatively analyze their systems:

  • Aerospace WG is busy surveying aerospace’s state of the art on using Linux and the associated certification approach and equivalent Design Assurance Level and identifying the challenges to adopting Linux in aerospace and candidate use cases using Linux.
  • Architecture WG is adopting the ks-nav tool set to implement and expand the STPA approach within the kernel.
  • Linux Features WG analyzed the potential and challenges of real-time safety-critical systems and presented their work at the Embedded Open Source Summit.
  • Medical Devices WG set out to discover the Linux kernel subsystems that OpenAPS used, shared key findings, and upstreamed the workload tracing guide.
  • Open Source Engineering Process WG documented how to apply a safety analysis process based on STPA suitable for Linux and other OSS use.
  • Systems WG shared the work on creating a reproducible example system consisting of Linux, Xen, and Zephyr on real hardware at the Linux Plumbers Conference.
  • Tools WG has enabled Continuous Integration.

To kick off the new year, ELISA Working Group leads will be giving an annual update next week. The updates will include the following topics:

  • A recap of milestones in 2023
  • Current focus and activities
  • What’s coming up in 2024 and areas and opportunities for collaboration
  • Onboarding resources and how to get involved

This is a great opportunity to get up to speed with what each of the Working Group is working on and how you can participate and contribute this year. For more details and to register to attend please click here: https://elisa.tech/event/working-group-annual-updates/.