Skip to main content


Trusted Execution Inside Secure Enclaves – LFX Mentorship Report

By Blog, Mentorship

Işıl Öz, 2022 ELISA Project Mentee and Assistant Professor at Izmir Institute of Technology

Hardware Trusted Execution Environment

Since remote computation has evolved as the cloud infrastructures offer high-performance and low-cost solutions, security has become a concern due to remote computer’s mainte- nance by untrusted parties. As the security mechanisms aim to maintain protection from attackers and enable execution confidentiality and integrity, they help to achieve safety requirements as well by making sure that both program code and data are not corrupted. Therefore, memory protection solutions support safety by ensuring trusted execution, and they target domains requiring both secure and safe execution [4, 15]. Homomorphic en- cryption, which directly works on the encrypted data, enables the handling of user data by third parties safer. However, its computational requirements lead to impractical perfor- mance issues.

Trusted execution environments (TEEs) maintain secure computation in an isolated area of a processor with hardware-assisted technologies. They offer both performance and security improvements by exposing a smaller trusted compute base (TCB) in the environment. Confidential Computing Consortium (CCC) defines TEE as an environment that provides a level of assurance of data integrity, data confidentiality, and code integrity [19]. Data integrity is preventing unauthorized entities from data modification while in use inside TEE. Data confidentiality means that unauthorized entities cannot view data while in use inside TEE. Code integrity is preventing unauthorized entities from code modification while it is being executed inside TEE. Depending on the implementation, TEE additionally may provide the following features:

  • Code confidentiality: TEE protects code while in use from being viewed by unautho- rized entities. For instance, an algorithm having intellectual property issues should not be exposed to third parties.
  • Authenticated launch: TEE enables the launching of a process when only it is verified to be secure.
  • Programmability: TEE consists of any arbitrary code or code that is loaded by a secure source.
  • Recoverability: TEE provides a recovery mechanism that resets the status from a corrupted state to a known safe state.
  • Attestability: TEE measures its origin and current state and maintains evidence that the code has integrity and has not been modified. Different hardware vendors offer TEE implementations in their processor architectures:
  • Intel Software Guard eXtensions (SGX): With SGX, which exists in Intel Xeon pro- cessors, applications run in a secure memory space without access by the untrusted operating system (enclave) and store the data it uses in this memory area.
  • ARM TrustZone: TrustZone is in Arm Cortex-A processors and provides a secure environment for memory, software, bus transactions, and interrupts. The applications running on TrustZone can perform trusted operations with API functions.
  • AMD Memory Encryption Technology: While AMD Secure Memory Encryption (SME) is a hardware-based secure memory encryption technology found in AMD EPYC processors, Secure Encrypted Virtualization (SEV) is the implementation of SME technology used in virtualized systems. We focus on SGX technology and open-source library operating systems that enable its functionality.

Intel Software Guard Extensions (SGX)

Intel’s Software Guard Extensions (SGX) provide hardware-based isolation for secure com- putations by supporting safe execution [18]. SGX reserves isolated memory regions called Processor Reserved Memory (PRM) or enclaves for code and data. The CPU protects the memory regions from all non-enclave memory accesses, including the kernel, hypervisor System Management Mode (SMM) accesses, and DMA accesses from peripherals. Non- addressable memory pages (Enclave Page Cache (EPC) pages) inside enclaves are reserved from the physical RAM and encrypted. Execution flow can only enter an enclave by special CPU instructions, similar to the mechanism for switching from user mode to kernel mode. Enclave execution always happens in protected mode, at ring 3.

Figure 1 presents an example execution flow for the applications utilizing protected memory regions. The initial code and data in an enclave are loaded by untrusted system software. During the loading stage, the system software asks the CPU to copy data from unprotected memory into the enclave and assigns the pages to the enclave. After all the enclave’s pages are loaded, the system software asks the CPU to mark the enclave as initialized, at which point the application can run the code inside the enclave with support for high-level language features. Other parties can perform a software attestation process to verify the identity of the enclave that it is communicating with an enclave and is running in a secure environment.

Open-source LibOS Projects

The library operating system (LibOS) technology enables us to take an application with little or no modifications and protect it in an SGX enclave [7]. While commercial and open-source LibOS options are available, we mention open-source projects and focus on a specific project, Mystikos, our mentorship is built on. The following open-source LibOS projects support Intel SGX:

Gramine [6]: Lightweight libOS, designed to run a single application inside enclaves with minimal host requirements.

Occlum [13]: Memory-safe, multi-process library OS (LibOS) for Intel SGX.

Intel SGX and Linux kernel library [16]: Designed to run existing unmodified Linux binaries inside of Intel SGX enclaves.

Mystikos [12]: Tools and runtime for launching unmodified container images in TEEs.


Mystikos [12] is a runtime and a set of tools for running Linux applications in a hardware- trusted execution environment (TEE). It currently supports Intel SGX. Mystikos aims for the following features: 1) Enable protection of application code and data while in memory through the use of hardware TEEs, 2) Allow users and application developers control over the makeup of the trusted computing base (TCB), 3) Simplify retargeting to other TEE architectures through a plugin architecture.

As shown in Figure 2, Mystikos includes the following components:

  • C-runtime based on musl libc: Handles passing the runtime functions from unsecure part to the secure part of the application.
  • LibOS-like kernel: Implements system calls for secure execution.
  • Kernel-target interface (TCALL): Communicates with the target implementations (SGX target based on Open Enclave SDK or Linux target for only verification on non-SGX platforms).
  • Command-line interface: Offers an interface for the programs targeting execution inside the enclave (myst exec-sgx or myst exec-linux).
  • Some related utilities: Tools for building an application for secure execution (myst-appbuilder), creating an archive for target program (myst mkcpio or myst mkext2), packaging an application (myst package-sgx). Figure 2: Mystikos architecture [12]. Figure 3 presents the application workflow when developing application in Mystikos, which consists of four steps:

Figure 3 presents the application workflow when developing application in Mystikos, which consists of four steps:

  1. Develop application: Develop the application using programming models of our choice.
  2. Create appdir: Create and populate an appdir directory that contains compiled application and essential dependencies.

3. Run in Mystikos: First create a root file system (rootfs) from appdir by using myst mkcpio or myst mkext2. Then run the application by using myst exec-sgx or myst exec-linux.

4. Package application: Sign and package the application.

Activities During the Mentorship

At the beginning of the mentorship period, I investigated the open-source libOS projects enabling and implementing SGX features (mentioned in Section 3). With a theoretical background in operating systems and processor architecture, I tried to understand the ex- isting implementations. In the meantime, I learned about some practical issues by following the LFX courses about Linux kernel and open-source project development (like GitHub is- sues and pull requests) to get hands-on experience. Specifically, I enrolled two LFX training courses: A Beginner’s Guide to Open-Source Software Development (LFD102) [3] and A Beginner’s Guide to Linux Kernel Development (LFD103) [2].

After deciding to work on Mystikos project, which is closely related security and safety issues, I started by examining open issues in Mystikos Github repository.

The first issue I have looked at was the following: Memory leak in myst syscall execve ([11]): It was about a potential bug in the function myst syscall execveat inside the file /kernel/syscall.c. The reason seemed to have an unfreed memory allocation in the function myst exec inside /kernel/exec.c file. After discussion with the maintainers re- garding the issue, I created a pull request and submitted it as a fix (Figure 4). However, the maintainers realized that the issue has been already fixed in the previous commits, so my commit has not been merged.

After being introduced in Mystikos and getting familiar with the code, I contacted to the maintainers. Vikas Amar Tikoo replied and offered me to work on improving debug-gability by either writing gdb extensions, improvements to strace mechanism in Mystikos, interactive shell support, or integration with native debugging tools like valgrind. Then he created an issue on github that I can work on: Interactive bash support issues ([9]). The aim is to run bash shell in Mystikos. However, Mystikos complains about it. I could replicate the case in my local machine (Figure 5). The problem seems that the ioctl requests/commands [10] have not been supported by Mystikos. I submitted a pull request with TIOCGPGRP and TIOCSPGRP ioclt system calls (Figure 6). I have been working on the issue and communicating with the maintainers about the implementation details.

Additionally, during my mentorship period, I attended the following online activities:

  • SGX Community Day Virtual Event, July 26-27, 2022 [1]: Inspirational talks from academics, startups, and big corporations about SGX implementations.
  • ELISA summit, September 7-8, 2022 [5]: Introductory overview, emerging trends, and current topics in utilizing open-source software for safety-critical applications.
  • SOAFEE Virtual Symposium, November 16-17, 2022 [17]: Presentations by open- source and independent software vendors organized by the Scalable Open Architecture For Embedded Edge (SOAFEE) Special Interest Group.

Moreover, as a researcher working in the field of computer architecture, the mentorship helped me to improve myself in the hardware security area. I have submitted a national research project titled as Security-Performance Tradeoff Analysis for Embedded Systems with GPUs, where we target to analyze both the security and performance of the embedded applications running inside enclaves. We aim to utilize the open-source LibOS projects and port the program executions partially into the enclaves. Mainly, we target to extend the mentorship work for safety-critical embedded CPU-GPU systems. Additionally, my mentorship encouraged my students to work on open-source projects and be included in mentorship programs.

Thanks to the LFX mentorship program supported by ELISA, I found an opportunity to be introduced to the open-source software community and gained a practical hands-on experience in open-source software development. The mentorship was helpful in terms of both enhancing my hands-on skills and learning the open-source project development pro- cess. While I have a strong background in theoretical operating systems and computer architecture area, especially my operating systems software skills have substantially im- proved. Moreover, the regular meetings with my experienced mentor and communication with the open-source project maintainers were very helpful for both technical and social skill development.

After getting experience on the Mystikos project, I am working on the issue and will continue working on it after my mentorship period. With this experience, I am planning to contribute to other open-source LibOS projects by combining my research interests and practical experience. After being introduced to the open-source community, I believe that I will be able to find more opportunities in the related domains requiring both security and safety. Since I learned that secure execution environments/containers maintain secure and

Safe execution inside enclaves, we can utilize them for different applications in safety-critical systems.


  1. 3rd sgx community day virtual event. Tech-Innovation/Data-Center/Third-SGX-Community-Day/post/1393177. Ac- cessed: 2022-11-16.
  2. A beginner’s guide to linux kernel development (lfd102). a-beginners-guide-to-linux-kernel-development-lfd103. Accessed: 2022- 11-16.
  3.  A beginner’s guide to open source software development (lfd102). a-beginners-guide-to-open-source-software-development-lfc102. Accessed: 2022-11-16.
  4. Eclipse software defined vehicle working group. Ac- cessed: 2022-11-23.
  5. Elisa summit. Accessed: 2022-11-16.
  1. Gramine – a library os for unmodified applications. Accessed: 2022-11-16.
  2. Intel software guard extensions. en/developer/tools/software-guard-extensions/get-started.html. Accessed: 2022-11-16.
  3. Intel software guard extensions (intel sgx) web-based training. https: // intel-sgx-web-based-training.html. Accessed: 2022-11-16.
  4. Interactive bash support issues. 1423. Accessed: 2022-11-16.
  5. ioctl(2) — linux manual page. 2.html. Accessed: 2022-11-16.
  6. Memory leak in myst syscall execve. issues/946. Accessed: 2022-11-16.
  7. Mystikos. Accessed: 2022-11-16.
  8. Occlum – a library os empowering everyone to run every application in secure enclaves. Accessed: 2022-11-16.
  9. Pull request – ioctl system calls. 1439. Accessed: 2022-11-24.
  10. Scalable open architecture for embedded edge (soafee) project. Accessed: 2022-11-23.
  11. Sgx-lkl library os for running linux applications inside of intel sgx enclaves. https: // Accessed: 2022-11-16.
  12. Soafee virtual symposium. Accessed: 2022-11-16.
  13. Victor Costan and Srinivas Devadas. Intel sgx explained. Cryptology ePrint Archive, 2016.
  14. A Publication of The Confidential Computing Consortium. Confidential computing: Hardware-based trusted execution for applications and data. Technical report, January 2021.

Why We Need Open Source Mentorship Programs

By Blog, Mentorship

Written by Jason Perlow, Editorial Director at the Linux Foundation

Mentorship programs in open source are critical for the growth and development of the open source community, and the LFX Mentorship program is no exception. The program’s participants find it so valuable that a whopping 99% of the graduates felt the program to be beneficial, and 47% said it helped them get a job.

In a recent study conducted by Linux Foundation Research, Mentorship in Open Source, with a report authored by Linux Foundation Editorial Director Jason Perlow, over 100 mentees from the LFX Mentorship graduating classes of 2020 and 2021 were surveyed and interviewed about their experiences during participation and postgraduation. This includes several mentorships with the ELISA Project.

The study explores the intrinsic, economic, and career value of mentorship programs in open source, highlighting the importance of such programs for both mentees and mentors.

Benefits of mentorship programs

One of the key benefits of mentorship programs is the intrinsic value they provide. Mentors can share their knowledge and experience with mentees, helping them develop the skills and knowledge they need to succeed in the open source community. Mentees, on the other hand, can learn from experienced professionals, gaining valuable insights and advice that they can use to advance their careers.

In addition to the intrinsic value of mentorship programs, there are also significant economic benefits. Open source projects rely on the contributions of a wide range of individuals, from developers to designers and testers. By providing mentorship opportunities, organizations can help attract and retain talented individuals, which can help ensure the project’s long-term success. This is particularly important for open source projects that rely on community contributions, as these projects need to attract and retain a steady stream of contributors to be successful.

Here are a few more examples of why mentorship programs are important for the both the participants and the open source communities: 

  • Hands-on experience: Open source mentorship programs allow individuals to work on real-world projects, which can help them gain practical skills and experience.
  • Networking opportunities: Participants in open source mentorship programs can interact and collaborate with experienced developers and other professionals in the field. This can lead to valuable networking opportunities and potential job leads.
  • Flexibility: Participating in mentorship programs can be flexible, allowing individuals to work on projects at their own pace and in their own time. This allows for a better work-life balance and allows individuals to continue working on other projects or responsibilities. An example of flexibility is having training sessions recorded so that participants can access them at more convenient times.
  • Learning from experts: Having access to open source project maintainers with deep experience in coding is one of the key benefits of mentorship programs. Participants can learn from their mentors and benefit from their knowledge and experience.
  • Building a portfolio: Participating in mentorship programs provides the opportunity to build a portfolio of work, which can demonstrate to potential employers the skills and experience that an individual has gained.
  • Building a community: Running mentorship programs helps to build a community of developers and professionals who can provide support, guidance, and mentorship to others. This can be a valuable resource for career advancement.

Challenges faced by mentorship programs

One of the challenges mentorship programs face is the lack of funding and support. Many mentorship programs are run by volunteers, who may not have the resources or support to mentor mentees effectively. This can make it difficult for mentees to get the support and guidance they need, leading to frustration and disengagement.

Another challenge faced by mentorship programs is the lack of structure and support. Many mentorship programs are informal, with mentors and mentees often left to figure out how to work together best. This can make it difficult for mentees to get the support and guidance they need, leading to frustration and disengagement.

The LFX Mentorship program, sponsored by the Linux Foundation, aims to address these challenges by providing mentees with the support and guidance they need to be successful in the open source community. The program provides mentees access to a wide range of resources and support, including training and development opportunities, mentoring and coaching, and networking opportunities. The program also provides mentors with the support and guidance they need to be effective mentors, including training and development opportunities, mentoring and coaching, and networking opportunities.

Insights from the report

Here are a few highlights of valuable insights gained from the mentorship study:

  • Improving Diversity: Mentorship creates opportunities for a healthy succession of open source project contributions and leadership.
  • Career Advancement Opportunities: 69% of mentees have seen their career advance because of mentorship, with 47% saying that the program helped them get a job.
  • Increased Income: 67% of employed mentees report increased income after program participation.
  • Improved Contributions: 85% of mentees are or are willing to contribute to the project they were involved in after mentorship.

Who should read the report?

One of the report’s primary audiences is developers interested in open source mentorship. The report provides detailed information on the types of mentorship programs available and the skills and experience typically required for mentors and mentees. Developers interested in becoming a mentor or mentees in open source can use the report to understand the process better and what is involved.

Another important audience for the report is managers and leaders within open source communities. The report provides valuable insights into the challenges and opportunities of mentorship in open source and can help managers and leaders identify areas where they can improve their mentorship programs. Additionally, the report guides how to design and implement mentorship programs that are effective and sustainable.


The Linux Foundation’s report on mentorship in open source is an important resource for many individuals and organizations involved in open source software development. In partnership with CNCF, ELISA Project, Hyperledger, Open Mainframe Project and OpenSSF, the report provides valuable insights into the current state of mentorship in open source and best practices for mentorship programs. Developers, managers, community leaders, educators and trainers, and researchers can all benefit from reading the report and using the information it contains to improve their own mentorship programs and contribute to the overall success of the open source community.

My ELISA Mentorship

By Blog, ELISA Summit, Mentorship

Shefali Sharma, a senior student at the Meerut Institute of Engineering and Technology in India, was a mentee of the ELISA Project starting in March 2022. Her mentors were Shuah Khan, Linux Fellow and Kernel Maintainer at the Linux Foundation and Chair of the ELISA Technical Steering Committee at that time, and Milan Lakhani, Co-Chair of the ELISA Medical Devices Working Group and Software Engineer at Codethink. During her mentorship, Shefali learned a lot about the Linux kernel, Core C programming, and various tools and techniques for analyzing the kernel like strace, ftrace, cscope, perf. 

Shefali will be sharing her key learnings on Thursday, January 19 at 12:33-12:43 am ET at the LFX Mentorship Showcase, a virtual event that gives Linux Foundation mentees an opportunity to present their experience with their mentorship. This virtual event, which takes place on January 18-19, is free to attend and open to anyone who would like to learn more about the experiences of LF Mentorship Program mentees, find out more about some of the programs our projects are working on, recruit new talent, and support new developer contributions. Register for the free event here.

If you can’t make the LFX Mentorship Showcase, you can check out her findings in this video from the ELISA Summit (September 2022) about kernel tracing.

You can also learn more in Shefali’s Medium blog here.

Linux in Aerospace: A Personal Journey

By Blog, Working Group

Written by Steven H. VanderLeest, Software Engineering Technical Lead at The Boeing Company and Chair of the ELISA Aerospace Working Group


From the early days of Linux, I was a fan of this innovative, open-source Operating System (OS). I appreciated it as a hobbyist, helping me run Linux at home. I appreciated it as an educator, helping my computer engineering students walk with Linux through OS concepts. However, as a professional working in the safety-critical domain of aerospace, I wondered: could Linux fly?

My Pre-flight Taxi with Linux

My journey with Linux had its roots in the 1980s before Linus Torvalds introduced his new OS to the world in 1991. During my undergraduate degree in the 1980s, my engineering program had some labs equipped with the relatively recent IBM Personal Computer (PC). The machines were amazing, but my ability to command their power was somewhat limited by the OS, which was the Microsoft Disk Operating System (MS-DOS). When I reached my third year, I gained access to a Sun Workstation running SunOS, a variant of Unix. I quickly learned to appreciate the rich menagerie of shell commands, the power of combining them with redirection such as pipes, and the aesthetics of the fledgling X-Windows GUI.

I first heard about Linux in graduate school in the early 1990s at the University of Illinois at Urbana-Champaign. My doctoral thesis was on Input/Output (I/O) performance, especially on multiprocessor systems. My research analyzed and quantified I/O performance on OSs such as SunOS, SGI IRIX, DEC OSF/1, HP-UX, and Linux. One key finding of my research was that I/O performance could be impacted by the interference caused by unrelated transactions contending for shared resources within a multi-processor system. The magnitude of the impact was heavily dependent not only on the computing hardware architecture but also on the architecture of the OS. Interference could even occur on a uni-processor where independent processes had I/O tasks clustered in time.

As an educator, I applied Linux in my teaching. After finishing my Ph.D., I returned to my alma mater, Calvin College (now University), to take a position as a professor of engineering, teaching computer engineering topics. Linux provided a rich learning environment where my students could look under the hood while learning about operating systems. The transparency of open-source code made an ideal environment for learning and innovation. I also wanted to share my love for working at the interface between computer hardware and software. Studying the Linux kernel provided key insights into how the OS manages the hardware on behalf of applications. The overall system’s performance will improve if the OS is reasonably tuned to take advantage of the hardware architecture.

As a hobbyist, I used Linux at home. I set it up on any extra desktop or laptop I could get my hands on. The whole family got involved when I set up MythTV, an open-source streaming media system, and installed it on a spare Linux desktop system along with an expansion card to capture and record live television. We were asynchronously watching programs and never missing an episode well before any of our friends or neighbors followed suit with ReplayTV or TiVo.

As an engineering professional, I found opportunities to bolster my work with Linux. The challenge was that my employers often required MS Windows as the standard a bureaucratic IT department imposed. Nevertheless, I discovered ways to use Linux by dual-booting or a LiveCD approach and eventually run Linux in a virtual machine using hypervisors like VirtualBox. Like its Unix forebears, Linux was much more stable and reliable than Windows. Even if an application program went astray, I got a segmentation fault warning at most, and the other processes continued. Windows was prone to the Blue Screen of Death, bringing the system to a halt much too often. While it might be distressing to lose your work when this happened, losing a few minutes of labor (or hours if you didn’t save often) was a minor albeit annoying inconvenience. I couldn’t expect higher reliability since that wasn’t a use case for office desktop systems. I quickly realized that Windows doesn’t apply to safety-critical systems.

I also would not expect an operating system designed for an office desktop/laptop to work for embedded systems where the available main memory and secondary storage are limited. Embedded computing platforms are all around us but hidden inside our vehicles, more sophisticated consumer electronics, and smart devices. Windows might not work in these use cases, but Linux could! I started using Linux on embedded development boards when chip manufacturers such as Freescale (later NXP), Intel, Texas Instruments, and others began providing a Linux Board Support Package. The chip makers found this approach was the most effective way to get developers up and running quickly on their new hardware.

Taking Flight with Linux

Within safety-critical domains such as aerospace, Linux provides the foundation for multiple software development environments that run on desktops and laptops. As we move toward distributed development, Linux is a ubiquitous cloud guest OS.

For embedded, safety-critical applications, Linux is less common than a Real-Time Operating System (RTOS). However, a group of Linux developers has been slowly improving real-time performance since the 1990s. Attention coalesced into the PREEMPT-RT patch since 2004, with key parts of the patch making their way to the mainline kernel code. Today, almost all PREEMPT-RT functionality is mainlined but must be enabled through kernel configuration parameters. As for the safety-critical need, in the early 2010s, several research groups examined Linux as a foundation for an Integrated Modular Avionics (IMA) system. I led one of these efforts as the Principal Investigator for a Small Business Innovation Research (SBIR) contract with the US Defense Advanced Research Projects Agency (DARPA). We developed a proof-of-concept safety-critical system that combined the Xen hypervisor with Linux as a guest OS, to provide ARINC 653 partitioning, a key standard related to IMA.

Over the past decade, multiple private endeavors have applied Linux in aeronautical and astronautical computing systems, even platforms with modest safety criticality, though only a few of these efforts have been publicized. Demonstrating that software is reliable enough for flight is ambitious. I work for Boeing, one of the aerospace companies tackling that challenge. The next section provides an overview of the four key characteristics necessary to put aircraft using Linux into the air.

Developing Software for Aerospace is Challenging

For use in avionics (an electronic computing platform used on an aircraft), the software must be fast, deterministic, embedded, and assured.


For use in avionics, Linux must be fast. The Linux developer community is already heavily focused on speed, constantly innovating kernel performance improvements.

The aerospace industry can largely leverage the Linux community effort toward high performance. There may be a few specialized devices where drivers must be further optimized. However, those devices will almost always follow the existing design patterns and take advantage of community innovations, such as io_uring. Another example of an area that might need more attention is boot time. For aerospace, certain fault-tolerance techniques require a fast boot-up (or in-air re-boot) time. In these cases, the system must be operational in only a few seconds or even less.


For use in avionics, Linux must be deterministic. Remember the action thriller series 24? Jack Bauer (played by Kiefer Sutherland) would introduce the series with a voice-over claiming “events occur in real-time”. The audience understood that we were watching as if it were airing live. This commonly understood definition of real-time is not quite the same idea as a real-time computing system. For an RTOS, real-time means that the response to critical events will occur within a deterministic amount of time, even in the worst case. Most computing systems- hardware and software- are tuned to optimize the average response time. Most users and actions enjoy a rapid response, but sometimes at the expense of a slow response for certain users or certain actions. A deterministic system is not necessarily fast — it simply means that we can bound, with confidence, the maximum for critical response times. We want a guaranteed maximum response time in a real-time system, even in the worst case. If we were grading responses like students, we don’t care if the best score was an A+ or the average score was a C. We care that the worst score is still a passing grade in real-time systems. Let’s say the system must always respond within 50 milliseconds, or something bad happens. Over a series of tests, perhaps you find that the fastest response is 12 milliseconds, the average is 27 milliseconds, and the worst is 42 milliseconds. For determinism, we only care that the worst response is still under the requirement (in this example, it appears to be meeting our needs).

The aerospace industry can leverage the Linux community’s effort toward determinism. The PREEMPT_RT patches developed over the last 20 years have largely been mainlined, but must still be configured to enable them. Deterministic boot time has received less attention than deterministic response time, but both are important for aerospace applications.


For use in avionics, Linux must be embedded. Embedded use cases are constrained with limited size, weight, and power. The most widely deployed embedded instance of Linux is probably the Android OS, used on the largest number of smartphones around the globe today. The vast majority of the billions of embedded devices that make our digital world run smoothly are not this visible — they are under the hood in your car, behind the panel of your home thermostat, and in many other behind-the-scenes locations.

Many industries, including the aerospace industry, continue to turn to Linux for embedded systems. Chip manufacturers continue to support Linux, often the first OS for which they provide starter software development kits. Developers from across the open-source community continue to develop drivers for new devices.


Regulatory agencies often oversee safety-critical systems to ensure the software is correct to a high confidence level. Because public safety is at stake, the agencies generally have the authority to enforce standards before a product can be released. For use in avionics, Linux must be assured. For avionics software in civilian aircraft, the authority to approve flight certification is specific to a geographic region. For example, in the United States, it is the Federal Aviation Administration (FAA); in most of Europe, it is the European Union Aviation Safety Agency (EASA).

The details of safety standards vary across industries such as nuclear, automotive, medical, aeronautical, rail, and others. However, the same basic concepts are found in all of them, such as expert peer review or formal means of verification and validation to show the software is suited to purpose. Most have two aspects: ensuring the software is reliable (it does the things we want) and safe (it does not do things we do not want).

A key standard for avionics software is DO-178C, which describes software development life cycle processes and objectives that must be met. DO-178C defines five software levels. The lowest is level E, where a software bug has no impact on the safety of the crew or passengers. An example might be the passenger entertainment system. The highest is level A, where a software bug could have catastrophic results. An example might be the flight control software that responds to pilot commands.

The aerospace industry can leverage much less from the Linux community regarding assurance than the other criteria stated earlier. On the one hand, Linux has been extensively field-tested, so it has a strong product history. Due to the crowd-sourcing nature of open source, Linux likely has more expert peer reviews than any other existing software. Assurance of Linux also benefits from the reasonably large number of tests available within several test frameworks. On the other hand, Linux was not designed expressly for aerospace, nor even for safety-critical use cases in general. The design has been much more iterative and ad-hoc, making it more challenging to demonstrate the correct design to software safety regulatory authorities.


Linux is already being used in flight-certified systems at level D. Aerospace companies like Boeing are now poised to use Linux more broadly and at higher levels of assurance, with groups like ELISA leading the effort. ELISA is the Enabling Linux In Safety Applications project under the Linux Foundation. Its mission is to make it easier for companies to build and certify Linux-based safety-critical applications. ELISA recently formed a new working group focused on Aerospace, which will tackle some of the challenges outlined above. We are just getting this group started and welcome new members!

I have crawled, walked, and run with Linux. Now it is time to fly!

For more information

This article previously ran on

What it takes to employ Linux in safety applications : An interview with Shuah Khan

By Blog, Industry Conference, Mentorship

During the Open Source Summit Europe 2022, Shuah Khan, Linux Kernel Fellow at the Linux Foundation and previously the Chair of the ELISA Project Technical Steering Committee, met with Mike Vizard, Chief Content Officer, Techstrong TV, to discuss what it takes to employ Linux in safety applications and why the open source community is still looking to train top-notch maintainers.

This interview narrates the fundamental details that you need to know if you are new to ELISA Project and planning to contribute or get involved in the LF Project or any open source projects under Linux Foundation. The theme of the questions spanned from the need of safety programs and how Linux is involved in safety critical applications to how gender diversity and STEM education plays a role in the open source community and contribution.

ELISA Project as you know is simply defined as Enabling Linux In Safety Applications. Shuah Khan explains how ELISA is involved in many uses like automotive, medical etc and how the community is bringing together the safety experts to maintain safety critical platforms. She also explains with an example on how the project works in an automotive use case. When it comes to safety certification, she explains how ELISA Project is helping with the resources for the community that are planning to certify their safety critical platforms running in Linux. The role of safety experts and the kernel experts are like bread and butter. While safety experts look at the safety angle of the product or platform, kernel experts bridge the gap between safety and kernel.

There are sometimes concerns in people’s minds that in the future the regulators might be asking tough questions about safety when they develop medical, automotive applications. There are also lots of costs involved for these certifications. Considering the economical situation now, how the ELISA project can help the community is worthwhile.

For those who are currently studying or looking to get involved in the ELISA Project to learn more about Kernel and safety certification process, starting from this part (06:00) of the interview is a must watch.

This part explains about the talent ELISA Project is looking for, how LFX mentorship program helps the newcomers to integrate into the open source community, to help the code in and make them an expert in their preferred field.

In many cases, some are often uninformed about the possibilities of learning or don’t know where to start with the open source contribution. What we want to convey is our project has structural programs, resources to work and kernel webinars to learn. At the end of the program, there is also a virtual mentee showcase where the mentees explain about what they have done during the program to the member company representatives which is a potential opportunity for further steps like job or research programs.

The interview also discusses the outreach programs to attract talents from various parts of the world and the STEM initiatives.

We invite you to watch this video to learn more and if it helped you to learn something new, then share it with your communities:

Learn more about the ELISA Project here

Cyber Monday

By Blog, LF Training & Certification, Linux Foundation

With the new year approaching, what better time is there to plan for the future? 

Many technology professionals are looking for ways to level up in their career in 2023. In the spirit of planning for big moves and meeting opportunities well-prepared, the Linux Foundation is once again offering CyberMonday promotions – 30-65% off – on our most popular courses, certifications, bootcamps and bundles. 

Courses, Certifications and Bundles

Linux Foundation Training & Certification courses and certs are among the most well-recognized and respected in the technology industry. 

Right now you can save 50% off any course or certification in our catalog, including our popular CloudNative certs – CKA, CKNA, CKS and KCNA. (While you’re browsing our course catalog, be sure to check out our brand new offering – the Linux Foundation Cloud Certified Technician (LFCT) that was launched just this week!)

Even better, you can save even more – 65% off – when you combine certifications and courses, or purchase multiple certification exams with bundles and power bundles. 

Once purchased you’ll have access to your course and will be able to schedule your exam for up to a year. Our certifications come with verifiable digital badges that are good for up to three years once the exams are passed. 

Bootcamps and In-Person Training

Looking for a deeper-dive into the subject matter? Linux Foundation bootcamps offer incredible value with course materials, online mentorship and instructor feedback, and a learning community to help you master DevOps, Cloud Native Development and Cloud Engineering skills. At 65% off, you won’t find a better deal on a quality bootcamp to help you learn these subjects anywhere.

And, if you’re missing the in-person training experience – good news! The Linux Foundation also offers virtual, instructor-led training. 

Introducing Skillcreds

Finally, this week the Linux Foundation Training & Certification team has launched an entirely new credential series focused on practical, tool-specific technologies. Skillcreds for Vim, Git, Helm, YAML and Bash are available at 30% off now through 12/5/22.

This is your chance to get incredible savings on world-class training and certifications that can boost your earning potential and help you grow in your career. Talk to your employer about whether or not your company will help pay for your training. But act quickly – these incredible savings come only once a year and are good only through December 5, 2022.

ELISA Summit: Trusted Execution Inside Secure Enclaves (Video)

By Blog, ELISA Summit

An estimated 185 people registered for the ELISA Summit, which took place virtually on September 7-8 to gather Linux community members and attendees from around the world. The event, which featured 15 sessions and 20 speakers, was open to anyone involved or interested in defining, using, or learning about common elements, processes, and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Members of the ELISA Project community presented best practices and overviews on emerging trends and hot topics to using open source software in safety-critical applications and detailed working group updates.

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Işıl Öz, Assistant Professor, Izmir Institute of Technology and Elana Copperman, System Architect, Mobileye. They gives an overview on the topic Trusted Execution Inside Secure Enclaves“.

Trusted Execution Environments (TEE), which are hardware-implemented encryption technologies, ensure that applications work in an encrypted and secure way by protecting them from the operating system or other programs. While the sensitive data and code are stored inside private regions of enclave memory, unauthorized entities cannot modify them.

In this talk, the speakers will share basics about enclave memories and their usage scenarios. They will talk about open-source projects on Intel SGX technology and our experience in our ELISA mentorship program. In addition to that, the topics also include the safety issues with security aspects and mention about the impact of secure enclave implementations for safety-critical systems.

Watch the video below or check out the presentation materials here.

For more details about the ELISA Project, visit the main website here.

ELISA Summit: Analysis of eBPF for Safety Use Case (Video)

By Blog, ELISA Summit, Mentorship

An estimated 185 people registered for the ELISA Summit, which took place virtually on September 7-8 to gather Linux community members and attendees from around the world. The event, which featured 15 sessions and 20 speakers, was open to anyone involved or interested in defining, using, or learning about common elements, processes, and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Members of the ELISA Project community presented best practices and overviews on emerging trends and hot topics to using open source software in safety-critical applications and detailed working group updates.

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Elana Copperman, Mobileye & Jules Irenge, Linux Foundation Mentee. They will be sharing their insights on the topic “eBPF for safety use cases”

Jules shares his experience of working as part of the LXF/ELISA Mentorship Program. The program is focused on ebpf and xdp.

On one hand, eBPF is a kernel mechanism that provides a sandboxed runtime environment in the Linux kernel without changing kernel source code or loading kernel modules.

eBPF programs can be attached to various kernel subsystems, including networking, tracing and Linux security modules (LSM).

On the other, eXpress Data Path (xdp) is a technology that enables high performance data communication, bypassing most of the operating system networking stack using eBPF.

Elana shares an analysis of eBPF for safety, focusing on xdp, and demonstrate how these can be used for safety.

In the process she showcase eBPF /xdp tools that do and count how many packets have been accepted, rejected or redirected and how this can be used for tracing.

The goal of this presentation is to guide system administrators and programmers to consider using this technology to improve on software safety.

To learn more, watch the video below.

For more details about the ELISA Project, visit the main website here.

ELISA Seminar: PREEMPT_RT – How not to break it (Video)

By Blog, Seminar Series

In March, the ELISA Project launched the Monthly Seminar Series, which focuses on hot topics related to ELISA and its mission. Presenters are members, contributors and thought leaders from the ELISA Project and surrounding communities. You can find all of the seminar videos here.

In October, Sebastian Siewior from Linutronix presented a seminar titled,  PREEMPT_RT – how not to break it.

The PREEMPT_RT patch set has only a handful patches left until it can be enabled on the X86 Architecture at the time of writing. The work has not finished once the patches are fully merged. A new issue is how to not break parts of PREEMPT_RT in future development by making assumption which are not compatible or lead to large latencies. Another problem is how to address limitations on PREEMPT_RT like the big softirq/ bottom halves lock which can lead to high latencies.

A short background of the RTL Collaborative Project: The Real Time Linux collaborative project was established to help coordinate the efforts around mainlining Preempt RT and ensuring that the maintainers have the ability to continue development work, long-term support and future research of RT. In coordination with the broader community, the workgroup aims to encourage broader adoption of RT, improve testing automation and documentation and better prioritize the development roadmap.

Would like to know more on how it’s all started? You can find more details here:

Watch the full video here:

Materials from the seminar can be found here.

Learn more about ELISA Project.

ELISA Summit : Using memory access error detection (Video)

By Blog, ELISA Summit

An estimated 185 people registered for the ELISA Summit, which took place virtually on September 7-8 to gather Linux community members and attendees from around the world. The event, which featured 15 sessions and 20 speakers, was open to anyone involved or interested in defining, using, or learning about common elements, processes, and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Members of the ELISA Project community presented best practices and overviews on emerging trends and hot topics to using open source software in safety-critical applications and detailed working group updates.

We’ll be featuring event videos in blogs each week. Today, we focus on a session presented by Priyanka Verma, Senior Software Quality Engineer, Red Hat GmbH and Dennis Brendel, Senior Software Quality Engineer, Red Hat on the topic “Using memory access error detection for safety argumentation”

Kernel Electric-Fence (KFENCE) and Kernel Address Sanitizer (KASAN) are memory safety error detectors with support in the Linux kernel. This presentation explores how well KASAN and KFENCE detect different types of memory access errors with various configuration settings to assess the suitability of these memory access sanitizers to develop safety argumentation.

Watch the video below or check out the presentation materials here.

For more details about the ELISA Project, visit the main website here.