KernelCI started 10 years ago as a small project to test the kernel on Arm devices. The project grew over the years and today a new architecture is in place. In this video, Don Zickus, Distinguished Engineer at Red Hat and Gustavo Padovan, Kernel Lead at Collabora will present you the new KernelCI. The KernelCI community put a lot of effort recently to design and implement its new testing architecture with a focus on facilitating the kernel community and industry engagement as much as possible.
Our new KernelCI Architecture (1) allows different services (such as patchwork, b4, etc), multiple CI services, and users to send request to test patches; (2) supports all sorts of testing platforms and hardware labs, not just embedded hardware; (3) focus on quality of test run, rather than quantity; (4) brings common database for all CI systems with automatic post-processing of regressions.
Speakers: Gustavo Padovan, Kernel Lead at Collabora and Don Zickus, Distinguished Engineer at Red Hat
Don and Gustavol offer the ELISA community an overview of KernelCI and look for potential areas of collaboration between both projects. Watch the video:
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.
If you missed this ELISA Seminar, Don and Gustavo will be presenting about KernelCI at the Linux Plumbers Conference in Vienna, Austria on September 18-20. Learn more about their session in the Linux Kernel Testing Microconference.
The Embedded Open Source Summit (EOSS) serves as a pivotal event for the open source embedded projects and developer communities. This umbrella event brings together various micro conferences, including the Embedded Linux Conference, Zephyr Developer Summit, and Safety-Critical Software Summit, offering a comprehensive platform for collaboration, discussions, and education.
Among these, the Safety-Critical Software Summit stood out with significant attendance. Held under the EOSS, the summit drew more than 860 participants, with 79% holding technical positions. This high level of engagement underscores the importance of safety-critical software in the embedded systems landscape and the ultimate goal of advancing secure and reliable solutions through open source collaboration.
As part of the Safety-Critical Software Summit, Luigi Pellecchia, Senior Software Quality Engineer & Gabriele Paoloni, Sr SW Principal Engineer from Red Hat presented about “BASIL: The FuSa Spice,” which is an open source tool that facilitates software quality management by supporting traceability and completeness in analysis, including management of requirements and test cases. Developed by Red Hat and introduced to the ELISA Project community in June 2023, it was released as open source on GitHub in October 2023. If you missed this session, you can join them in Vienna on Monday September 16th at 12:15. Luigi and Gabriele will be on sire at OSSummit Europe with an updated version. tune into the updates coming this month for OSSummit Europe. Learn more: https://sched.co/1ejIi
For quite a few years, ISO 26262 has supported a component/element-based approach to ISO 26262, SEooC or Safety Element out of Context. This has simplified the argumentation and integration for specific elements into a larger system. However, as we see more and more complex systems being introduced, such as highly automated cars, we foresee that the importance of the SEooC concept will grow. The how-to will be developed at the same time. This topic will be further explored by speaker Håkan Sivencrona, Senior Technical Leader @ SVA Safe Vehicle Automation, Volvo Cars.
The presentation will introduce the SEooC concept, the usage and possible extensions and supporting argumentation for use of for example SW components in a CI/CD framework. And a lot more.
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.
One of the major disadvantages of git’s blame command is that the minimum unit of change it tracks is the line of text. As past of the ELISA Seminar series, Daniel German, Professor of Computer Science at University of Victoria helps address this issue. They’ve developed Cregit, a set of tools the permits that traceability of each token of the source code of a git repository.
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.
Embedded Open Source Summit (EOSS) is an umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration, discussions and education. The event is composed of different micro conferences including Embedded Linux Conference, Zephyr Developer Summit, and Safety-Critical Software Summit.
The Safety-Critical Software Summit took place under the Embedded Open Source Summit, where more than 860 individuals attended in-person at the event with 79% holding technical positions.
This presentation uses practical examples to teach developers how to think about software in a safety critical context. It identifies the limitations of safety engineering and give developers a conceptual foundation for working within those constraints. At the heart of these limitations is the introduction of the “Cinderblock Problem.” Chuck uses this problem as a proposed shorthand for expressing the limitations of safety engineering in the context of software design and development.
This is an abstract of a blog “Safety Frontier: A Retrospective on ELISA” originally published on Codethink by Paul Albertella. ELISA (Enabling Linux In Safety Applications) is an open source project that brings together functional safety practitioners, software engineers, and open source software contributors. The project aims to tackle the substantial challenge of integrating Linux into safety-critical systems, which include applications such as those found in vehicles, medical devices, and even aircraft, traditionally relying on bespoke software developed with rigorous controls.
As technologies in these areas evolve, there’s a growing inclination to utilize general-purpose and open source software. ELISA confronts the complexities of Linux, which consists of nearly 30 million lines of code, to establish methodologies that ensure its safe application. This involves creating safety arguments and conducting detailed safety cases backed by robust engineering and quality management processes.
Paul reflects on the collaborative journey of ELISA, emphasizing its community-driven approach. He discusses the difficulty in using a general-purpose OS like Linux in safety-critical environments, where each application requires specific adaptations and rigorous testing. The blog also touches on the ongoing initiatives within ELISA to outline essential Linux components for safe usage and to identify its limitations and risks.
The most recent ELISA workshop in Lund, Sweden, serves as a testament to the project’s vibrant collaboration and shared expertise, addressing the continuous challenges of integrating advanced software systems safely. Albertella’s narrative captures the essence of ELISA’s mission to not just adapt Linux for safe use but to foster a safety culture that benefits from and contributes to the open source community.
This abstract captures the essence of the themes explored in the original blog, making it an essential read for those involved in software engineering, safety standards, or open source projects interested in the intersection of open source software and functional safety. For more detailed information, you can read the original content on the Codethink blog.
Embedded Open Source Summit (EOSS) is an umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration, discussions and education. The event is composed of different micro conferences including Embedded Linux Conference, Zephyr Developer Summit, and Safety-Critical Software Summit.
The Safety-Critical Software Summit took place under the Embedded Open Source Summit, where more than 860 individuals attended in-person at the event with 79% holding technical positions.
At the Safety Summit, Philipp Ahmann, ETAS presented on the ELISA Project, which focuses on enabling open source software in safety-critical applications. The growing need for safety integrity standards in open source projects offers both challenges and opportunities to enhance software quality, particularly in testing, documentation, robustness, and dependability. ELISA aims to be a central hub for safety-critical workloads, collaborating with projects such as Xen, Zephyr, Yocto, and SPDX.
Philipp’s session began with an overview of ELISA’s goals and activities. The focus then shifted to an open discussion on elements, processes, and tools that can enhance trust in open source software for safety, paving the way towards potential certification. The session emphasized the importance of community involvement and collaboration to address the challenges and opportunities in making open source software safety-certifiable.
Key points of the presentation included the focus on various open source projects and their relationship to functional safety. For instance, the Zephyr project integrates safety from the design phase, with premium members having access to comprehensive safety documentation and testing materials. In contrast, Xen prioritizes security and industrial-grade operations, offering rigorous quality processes and strong traceability from initial commit to testing pipelines. Philipp emphasized the importance of community involvement, noting that premium members, like AMD, drive the safety certification efforts for Xen.
The ELISA project distinguishes itself by not directly delivering a “safe Linux,” but by supporting integrators and system creators in making Linux-based systems safety-certifiable. Key members include Red Hat, SUSE, Canonical, Wind River, and Elektrobit, among others. ELISA focuses on creating reproducible systems with CI pipelines that cover documentation, testing, and error detection, enabling users to hook into various stages of the process.
Philipp also discussed the complexity of certifying Linux-based systems due to their inherent flexibility and configurability. He highlighted the challenges of aligning Linux with traditional safety-critical operating systems, which are typically small, fixed, and non-configurable. The presentation also covered the broader scope of ELISA’s work, which includes interactions with various standards bodies and the development of reference systems to demonstrate safety applications.
The ELISA project promotes best practices and aims to ensure that its work is accepted by the open source community. This includes contributions to the Linux kernel and related projects, as well as interactions with other initiatives like CIP and SOAFEE. He also mentioned ongoing efforts to develop use cases and practical applications, such as electric vehicle charging stations and medical devices, to better understand and address the safety needs of different industries.
In conclusion, the ELISA Project is committed to enabling the use of open source software in safety-critical applications through collaboration, comprehensive documentation, robust testing, and continuous improvement. The project seeks to engage the broader community in its efforts, recognizing that the collective expertise and contributions of its members are essential to achieving its goals. The presentation underscored the importance of open communication, shared best practices, and a commitment to safety in driving the project forward.
Embedded Open Source Summit (EOSS) is an umbrella event for open source embedded projects and developer communities to come together under one roof for important collaboration, discussions and education. The event is composed of different micro conferences including Embedded Linux Conference, Zephyr Developer Summit, and Safety-Critical Software Summit.
The Safety-Critical Software Summit took place under the Embedded Open Source Summit, where more than 860 individuals attended in-person at the event with 79% holding technical positions.
At the Safety Critical Software Summit, Stefano Stabellini, AMD provided a comprehensive update on the Xen Project’s advancements toward achieving safety certification. The Xen Project is an open source, static partitioning hypervisor designed for embedded and automotive applications. It ensures strict isolation between domains, making it a prime candidate for the highest levels of safety certification, such as ISO 26262 for automotive and IEC 61508 for industrial applications.
Stefano detailed the collaborative efforts between AMD and the Xen Community, initiated in 2023, to make Xen safety-certifiable across AMD x86 and ARM architectures. Over nine months, the team has integrated 80% of the relevant MISRA C rules into Xen’s coding standards and resolved numerous MISRA C violations. The introduction of MISRA C checkers into the upstream Xen CI loop has been a critical step in maintaining code quality by preventing new violations from entering the codebase.
The talk emphasized the Xen Project’s rigorous approach to safety certification, highlighting the adoption of a flexible and adaptable MISRA C compliance strategy. This approach included deviating certain MISRA rules that were too restrictive or not entirely applicable to Xen’s mature codebase, while still leveraging MISRA’s robust guidelines to improve code safety and quality.
Stefano also discussed the development of software safety requirements, a key component of the certification process. These requirements are structured hierarchically into market requirements, product requirements, and detailed software safety requirements, each linking to specific tests and traceable through tools like OpenPASS Trace.
The presentation emphasized the importance of integrating MISRA C scanning into the continuous integration (CI) process to detect and address violations early. Additionally, it highlighted the need for using modern tools and methodologies for writing and managing safety requirements, aligning them with open-source community practices.
Stefano concluded by outlining the next steps, including the ongoing upstreaming of safety requirements and further development of the testing infrastructure.
Written by Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation, and Philipp Ahmann, Senior OSS Community Manager at ETAS and Chair of the ELISA Project Technical Steering Committee
Overview
In Lund, Sweden, Volvo recently hosted the ELISA workshop, aligning with their strong commitment to improving safety. The event was a perfect match for the ELISA community, attracting a full capacity of 30 in-person attendees and engaging over 15 virtual participants. The workshop not only provided valuable discussions and brainstorming sessions but also offered attendees a taste of Swedish hospitality with delightful breaks and lunches – facilitating a lively “hallway track”. The lively conversations sometimes made it challenging to stick to the schedule, but the energetic atmosphere fostered productive exchanges of ideas.
Insightful sessions extract
Presentation: Constant Flow of Increasing Challenges for a Safety Manager
With Håkan Sivenkrona we had an inspiring presentation from our hosting company Volvo, which also will lead into a follow up seminar dedicated to Safety Elements out of Context (SEooC). In today’s dynamic environment, standards are constantly evolving. It is crucial for both proprietary and open systems to adapt to this shifting landscape and embrace continuous safety compliance. As a community, we must come together to explore ways to consistently deliver a Safety Case in the future. Safety systems need to be ready for the usage of open source developed software and open source software need to be enabled to fulfill the demands of various directives, security and safety standards. Public expectations and established best practices will further drive safety innovation.
Presentation: SPDX safety profile and implications on code and traceability
During this session, we discussed the important factors that need to be considered and integrated into the Safety Cases moving forward. We also explored the efforts of the System Package Data Exchange project in capturing metadata to enhance this process. In addition to the Linux kernel and user space software, it is crucial to understand the origin of datasets, model training, and services for effective safety analysis in the future. By automating the generation of this information, we can ensure better traceability of requirements when there are changes in the inputs to the Safety Cases.
Presentation: safety mechanisms to be considered to meet ASIL levels in Automotive
Naresh Ravuri from Magna, provided an excellent overview of the work that they’ve been doing to tackle the top level safety goals from OEM perspective. They emphasized the importance of identifying a critical path even when all requirements are derived. The decomposition of the use case plays a crucial role in ensuring that if one part fails to perform a task, another part can take over. It is essential to have a deep understanding of the Linux system to avoid incorrect system decomposition. Additionally, considering the data-driven path is vital for conducting a thorough analysis. Lastly, it is important not to overlook the impact of the build (compiler) and runtime environments (libraries) on the overall system.
Presentation: ELISA in the world of Software Defined Vehicles
Almost the whole Automotive Industry is currently looking into software defined vehicles with high performance computers (HPCs). During the ELISA workshop the participants discussed this from a practical point of view and what it means to “let it crash”. Coming from Cloud Native it was presented how to plan for potential system failures and how to recover from that. The architectural assumptions are important and how a system is tailored and methods for splitting critical resources from less critical system parts. The presentation was brought to the community by EMQ who are serving multiple automotive customers with MQTT solutions.
Discussion: core parts of the kernel – initial focus on the “TINY” configuration
During the workshop, the approach of starting with the “TINY” config and gradually adding or removing components was discussed. By clearly defining the core set of the linux kernel, it becomes easier to prioritize important aspects which are crucial for the safety argumentation of the kernel. While initially it was considered to avoid hardware and architecture specific code, this may not be feasible. By extending the “TINY” configuration with other components, not only does it enhance the system, but it also demonstrates a methodology for improving the overall functionality of the kernel.
The follow up of the initial discussion on “TINY” will be split across various working groups inside ELISA. The Linux Features working group is already exploring suitable reference hardware like an ARM 64 bit QEMU. The Architecture Working Group will start the analysis based on their input. The build and booting of the reference hardware integrated into a CI is subject to the Systems WG.
Discussion: state of available tooling
The tooling for analyzing the Linux kernel is constantly improving. While there are already several tools integrated into the kernel, we are also exploring the inclusion of additional analysis tools that have shown their usefulness. If you’re interested in understanding call graphs, you can check out the ks-nav tool work available at: https://github.com/elisa-tech/ks-nav
Why ks-nav is important can be extracted also from the slides and get some workshop feeling by clicking on the embedded YouTube links: State of ks-nav.pdf
Summary of workshop and main takeaways
The good mixture of participants continue to bring new ideas into the discussion when meeting in person. In particular the pointing to use of the TINY Linux configuration for the core was brought in by a first time Linaro representative. It is always important to widen the spectrum.
While there is still a long way to go until we have proven processes for enabling Linux in Safety Applications, there are starting to emerge some excellent ideas and as we refine them, we should be able to formalize them. It’s very easy for folks to make destructive statements, but we’re seeing that the open dialog can be turned into a more positive outlook, as illustrated by the engineering approach for safe systems with linux, where discussion landed on defining a design element and building up from there.
It is important to remember that a closed source OS may be as vulnerable as Linux in working with an open source ecosystem. However in Linux we have an open system and can actually see how it operates. Maybe in other closed OS and in company development the same issues show up, but nobody knows about it, as there is no expert and possibility to analyze.
The automotive industry is increasingly interested in utilizing Linux for high-performance computers in vehicles. The complexity of the software-defined vehicle, centralized compute units, and complex system architectures pose challenges for traditional product development using closed-source proprietary real-time operating systems (RTOS). Linux, on the other hand, is capable of meeting these demands, which is why its adoption in the automotive industry is expected to continue to grow, but they still need the path of safety argumentation and certification.
Interesting enough even with slightly different motivation also Aerospace observes wider usage of high performance computers and at same time a wider usage of Linux demanding safety certification. Maybe the next workshop will be hosted in the wider (aero-)space ecosystem to serve the other vertical branch in ELISA more. So, stay tuned for when and where our next Workshop will be.
Still, a lot of work is needed to have a safety argumentation for Linux, but we are making progress.
Thanks to hosts
We would like to express our gratitude to Volvo Cars, especially Robert F, for organizing the venue and hosting us. We also appreciate the walking tour of Lund, the delicious meals, and the fascinating tour of MAX IV (https://www.maxiv.lu.se/). During the tour, the MAX IV team showcased their research using beamlines and accelerators. We learned that Linux is widely used as the IT infrastructure throughout the research site, although it is not considered safety-critical. These examples further demonstrate the trust and widespread adoption of Linux.
As hallway and networking is important when meeting face to face, Volvo arranged a great dinner for the participants where a lot of topics from MAX IV, as well as “the digital safety belt” and the directions of the ISO26262 were discussed and which role Linux plays in all of this. Like Volvo has released their patent on the safety belt for the sake of saving people’s life over making money with a patent many years back, let us hope that the same will happen to software in vehicles and make open source software like Linux the next “digital safety belt”.
Contribute
If any of these topic areas is of interest to you, please feel free to sign up for the mailing lists at https://lists.elisa.tech; show up at one of the working group meetings; and contribute to the discussion.
Stress-ng has a proven track record for stress testing Linux systems and forcing out system bugs. As past of the ELISA Seminar series, Colin King, Principal Engineer at Intel, gave a presentation titled, “Improved System Stressing with stress-ng.” His talk describes new stress-ng features and the future roadmap for stress-ng.
<!– wp:paragraph –>
The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.
