Industry Conference

Nov 18

ELISA Project at Linux Plumbers Conference: Tokyo, Japan 2025

By elisaproject Blog, Industry Conference

The Linux Plumbers Conference, the premier event for developers working deep in the Linux plumbing layer is coming to Tokyo on December 11–13. This year offers a hybrid format with sessions hosted onsite at Toranomon Hills Forum and remote participation available.

The ELISA Project will be there as part of the Safe Systems with Linux Microconference, where community members are collaborating with kernel developers to improve how Linux supports systems with safety-critical requirements. The MC will explore real progress in linking code, requirements, and tests to reduce technical debt, improve traceability, and support dependable kernel development. Early pilots in subsystems like TRACING have already uncovered and resolved previously unknown issues a strong signal that this approach can benefit more of the kernel.

If you are attending LPC, remember to join the discussions at Safe Systems Linux Microconference.

Session Highlights:

Aspects of Dependable Linux Systems – Kate Stewart (Linux Foundation), Philipp Ahmann (Etas GmbH (BOSCH)) – 12 Dec 2025, 10:00

In regulated industries, Linux is widely used due to its strong software capabilities in areas such as dependability, reliability, and robustness. These industries follow best practices in terms of processes for requirements, design, verification, and change management. These processes are defined in standards that are typically not accessible to the open source kernel community.

However, since these standards represent best practices, they can be incorporated into structured development environments like the Linux kernel even without the knowledge of such standards. The kernel development process is trusted in critical infrastructure systems as it already covers many process elements directly or indirectly.

The purpose of this session is to initiate a discussion on what is currently available and what may be missing in order to enhance the dependability and robustness of Linux kernel-based systems. How can the artifacts be connected? Where are the appropriate places to maintain them? And who is the best responsible for each element of the development lifecycle?

NVIDIA Approach for Achieving ASIL B Qualified Linux: minimizing expectations from upstream kernel processes -Igor Stoppa (nvidia) -12 Dec 2025, 10:10am

Unlike the typical path chosen for attempting to use Linux in safety applications, the approach developed by NVIDIA strives to avoid placing any burden on upstream maintainers and developers. Upstream maintainers should not have to become safety experts, nor the linux kernel should become encumbered by verbose descriptions of what the code does, for it to achieve safety. We want to start a discussion about how we achieve this, and how it can coexist with upstream processes.

Applying Program Verification to Linux Kernel Code: Challenges, Practices, and Automation – Keisuke Nishimura – 12 Dec 2025, 10:35

To maintain software safety, defining specifications and ensuring that implementations meet them are both important. The former has become popular in the Linux kernel in various ways [1,2], while the latter still depends on developers’ manual effort. Recent advances in techniques and tools, however, have made it feasible to systematically apply program verification to Linux kernel code.

In this talk, we share our experience and practices from ongoing work on verifying task-scheduler code of the Linux kernel. We illustrate the challenges we encountered and how verification can be effectively applied in practice, through case studies (e.g., [3,4]) where proving the correctness of certain kernel features resulted in uncovering real bugs (e.g., [5,6]). Furthermore, we present our work to automate this process as much as possible, making verification more practical and scalable. Our goal is to explore how verification can be made a practical part of the Linux kernel development process.

[1] https://lore.kernel.org/all/20250614134858.790460-1-sashal@kernel.org/ “Kernel API Specification Framework”
[2] https://lore.kernel.org/all/20250910170000.6475-1-gpaoloni@redhat.com/ “Add testable code specifications”
[3] Julia Lawall, Keisuke Nishimura, and Jean-Pierre Lozi. 2024. Should We Balance? Towards Formal Verification of the Linux Kernel Scheduler. SAS 2024.
[4] Julia Lawall, Keisuke Nishimura, and Jean-Pierre Lozi. 2025. Understanding Linux Kernel Code through Formal Verification: A Case Study of the Task-Scheduler Function select_idle_core. OLIVIERFEST ’25.
[5] https://lore.kernel.org/all/20231030172945.1505532-1-keisuke.nishimura@inria.fr/ “sched/fair: Fix the decision for load balance”
[6] https://lore.kernel.org/all/20231214175551.629945-1-keisuke.nishimura@inria.fr/ “sched/fair: take into account scheduling domain in select_idle_smt()”

Defining and maintaining requirements in the Linux Kernel – Chuck Wolber, Gabriele Paoloni (Red Hat), Kate Stewart (Linux Foundation) – 12 Dec 2025, 11:00

Last year in Vienna we held a session about “Improving kernel design documentation and involving experts”.
Following such session the ELISA Architecture working group drafted an initial template for the SW Requirements definition, started documenting the expected behaviour for different functions in the TRACING subsystem and made upstream contribution accordingly and finally also started reviewing and adopting a framework for formally specifying kernel APIs (developed and proposed by Sasha Levin [1]).
This session aims to present the latest updates and to involve the experts to define the best next steps for having a path to introduce and maintain requirements in the Kernel (and link them to tests and other verification measures)

[1] https://lore.kernel.org/all/20250711114248.2288591-1-sashal@kernel.org/

KUnit Testing Insufficiencies – Matthew Whitehead (The Boeing Company) – 12 Dec 2025, 12:00

High-integrity applications require rigorous testing to ensure both reliability and compliance with industry standards. Current testing frameworks for the Linux kernel, such as KUnit, face challenges in scalability and integration, particularly in environments with strict certification requirements.

KUnit tests, which are currently the most widely accepted and used solution for testing Linux kernel source code, have a number of drawbacks in the way they are built and executed. The KUnit framework lacks feature parity with other modern unit test frameworks, making it difficult to achieve comprehensive and robust low-level test coverage. Furthermore, the way KUnit tests are built and executed creates a lack of scalability, which is necessary to create and maintain the many thousands of tests that will be required to verify functionality in a robust, complete, and automatable way.

KUnit tests are integrated into the Linux binary. This requires building the kernel and running it to execute the tests. Additionally, the high volume of tests needed for adequate coverage would increase the size of the kernel beyond what is manageable. This makes it necessary to divide the tests so that multiple kernels with different sets of tests are built. This, in turn, necessitates additional analysis to prove that the changes made in each of these individual kernel builds do not negatively impact the fidelity of the tests for the targeted features. Considering the lengthy build and execution times, along with the need to build and analyze multiple kernels, it is evident that scaling up to the creation and maintenance of thousands of tests poses significant challenges.

In addition to the scalability issues, KUnit lacks essential features needed for testing highly reliable systems. It does not provide a consistent, maintainable, and automatable way to isolate small sections of code. This is crucial for low-level testing and coverage. For example, consider a function A that has dependencies on three other functions, B, C, and D. When testing function A, the results of functions B, C, and D may influence the execution path in function A. However, it is not desirable to actually test the implementation of functions B, C, and D. In most common unit test environments, it is straightforward to create either a fake or mock implementation of those functions in the test file, or to link to an object file that contains a fake or mock of those functions. In KUnit, achieving “mocking” (or at least a similar effect) requires creating a patch that modifies the kernel. The simplest approach is to use conditional compilation macros that are controlled through kernel configuration to generate mock versions of the tested function’s dependencies. Every time a mock or fake is used, it must be manually created and maintained through patches. When this effort is multiplied by thousands of tests, the maintenance burden becomes evident.

Topics for discussion:

Addition of unit test capabilities (extending KUnit or otherwise) that allow the compilation and testing of small, isolated sections of the Linux kernel source out of tree.
Ability to test Linux kernel source in tests that run in user space (requires the aforementioned compilation out of tree with external tools).
Integration of mocking of test dependencies (preferably automatically).

Exploring possibilities for integrating StrictDoc with ELISA’s requirements template approach for the Linux kernel – Tobias Deiminger (Linutronix GmbH) – 12 Dec 2025, 12:25

The ELISA project currently works on bringing the Linux kernel closer to safety compliance by proposing enhancements to the kernel documentation. This includes a model expressed as requirement templates inlined to source code. At the same time, comparable efforts with a similar goal are also ongoing in the wider open-source ecosystem. For example, the Zephyr OS is using the FLOSS StrictDoc model and tool to capture and process requirements. Another example is Linutronix who reached IEC 62443 4-2 security certification by using StrictDoc to trace requirements, design and tests for their Debian based IGLOS Secure Beacon embedded system.

This talk picks up the work of ELISA and compares it to a typical StrictDoc setup with the intention to show that both efforts could be joined. While ELISA focuses on the model and assumes tools will emerge from the community, StrictDoc both defines a similar model and provides mature tooling to validate and render requirements, design and tests. We’ll see that the majority of the needs set by ELISA are already fulfilled by StrictDoc. Notably, ELISA’s SPDX-REQ-* tags can be represented and parsed with StrictDoc’s “Parsing SDoc nodes from source code comments” feature. The remaining gap is drift detection, i.e. to store the hash sum over project ID, source file, requirement text and proximal code with the intention to signal a human to check if requirement and code still align when some of the criteria changes. StrictDoc knows meta data, content and proximal code by function name, class name and line ranges, but has no hash generation built in yet. However, StrictDoc is advanced in defining language constructs as part of the model (functions, classes, test cases). It is also advanced in applicability, where for example OEM requirements and OSS project requirements can be linked together in one compatible model and in consequence can be processed and validated by the same tool in a single run. Various input/output format converters exist and customization of validation is next on the roadmap.

The talk concludes with the proposal that StrictDoc could close its gaps by implementing hash generation, optimizing ELISA requirement template parsing and by setting up conformity tests to maintain compatibility. ELISA could in turn list StrictDoc as one of their reference tools, and kernel developers will be invited to try it in their workflow.

BASIL: Open Source Traceability for Safety-Critical Systems” – Luigi Pellecchia – 12 Dec 2025, 12:40

Ensuring traceability and compliance remains a major challenge in the development of safety-critical systems. BASIL — The FuSa Spice — is an open-source tool from the ELISA Project that helps engineers manage traceability across documentation, requirements, implementation, testing, and safety evidence. Designed to integrate seamlessly with existing tools and test infrastructures, BASIL offers a practical and extensible solution to support functional safety assessments and audits.
This talk introduces BASIL’s architecture and key features, illustrates its application in real-world safety workflows, and highlights opportunities for community collaboration. Attendees will discover how BASIL brings openness, automation, and transparency to traceability management in safety-critical software projects.

Tooling and Sharing Traceability Discussion – Luigi Pellecchia, Matthew Whitehead (The Boeing Company), Tobias Deiminger (Linutronix GmbH) – 12 Dec 2025, 12:55

Open Discussion based on previous agenda items

Wrap up and next steps – Kate Stewart (Linux Foundation), Philipp Ahmann (Etas GmbH (BOSCH)) – 12 Dec 2025, 13:20

Learn more about the sessions here.

To register check here.

Nov 13

Robotics and Space Grade Linux at ROSCon 2025 Singapore

By rroche Blog, Industry Conference, Space Grade Linux

The Space Grade Linux (SGL) team participated in ROSCon 2025, held in Singapore from October 27-29, to engage directly with the global robotics community and strengthen collaboration across open-source robotics and space technology. The event brought together more than 1,000 attendees from research institutions, industry, and open source projects, representing one of the most diverse and active developer ecosystems in robotics today.

ROSCon serves as the primary annual conference for the Robot Operating System (ROS) ecosystem. ROS is an open-source middleware framework that powers a wide range of robotics platforms, from industrial manipulators and autonomous vehicles to aerial and space systems. It is hosted by the Open Source Robotics Alliance (OSRA), an independent non-profit organization that supports the growth, governance, and long-term sustainability of the ROS ecosystem. ROSCon provides a space for developers, researchers, and organizations to collaborate, share experiences, and learn about the latest advances in robotics software.

The Space Grade Linux (SGL) initiative, launched in December 2024, is hosted under the Enabling Linux in Safety Applications (ELISA) project, an open collaboration within the Linux Foundation. ELISA’s mission is to help industries build Linux-based systems for use in safety-critical domains such as automotive, medical, industrial, aerospace, and now space. By providing a forum for companies and research groups to define safety frameworks, develop tooling, and share best practices, ELISA enables projects like Space Grade Linux to leverage the strengths of open-source development while meeting the rigorous requirements of mission-critical environments. Through this collaboration, the SGL community benefits from ELISA’s established processes for safety analysis, continuous integration testing, and compliance documentation, creating a strong foundation for future space-ready Linux systems.

Space Grade Linux brings together experts from aerospace, robotics, and embedded Linux to create an open, safety-focused operating system platform for space applications. The project aims to make Linux reliable and predictable in environments where failure is not an option, while remaining fully open and collaborative. The initiative serves as a bridge between the robotics and space communities, where shared principles such as real-time performance, autonomy, and open collaboration are essential.

This year’s conference featured the first live hardware demonstration of a Microchip-based implementation of Space Grade Linux running Space ROS, presented by Rob Woolley (Wind River). The demo highlighted how the same open technologies that enable robust automotive and industrial systems are now being adapted for the extreme reliability and determinism required in space applications.

Ramón Roche, SGL group lead, delivered a Lightning Talk inviting developers working in space and robotics to join the SGL community’s monthly meetings. He emphasized the importance of collaboration across domains, encouraging experts from aerospace, automotive, and embedded Linux to work together toward a unified ecosystem for open and certifiable space software.

In his technical session, Rob Woolley gave an in-depth presentation on OpenEmbedded and its role as the build foundation for both Automotive Grade Linux and Space Grade Linux. His talk outlined the ongoing integration work between Space ROS and SGL, and discussed plans to establish Space Grade Linux as a standalone foundation project under the Linux Foundation umbrella.

The event provided valuable opportunities for in-person discussions between developers, researchers, and maintainers working at the intersection of ROS, Linux, and aerospace systems. The SGL team will continue collaborating with the ROS and Space ROS communities to advance open standards, reliability, and interoperability in mission-critical robotics.

Resources

Oct 22

ELISA project at the OSS Europe 2025 - Blog 4

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 4

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The ELISA Project participated in Open Source Summit Europe 2025 (August 25–27, Amsterdam), the premier gathering for open source developers, technologists, and community leaders. With over 2,000 attendees representing 900+ organizations, the event showcased the strength, diversity, and innovation of the ecosystem.

For ELISA (Enabling Linux in Safety Applications), the summit was an invaluable opportunity to engage with developers, architects, and functional safety experts working at the intersection of Linux and safety-critical systems. ELISA was featured prominently in the Safety-Critical Software Summit, where sessions explored topics such as kernel safety, automotive innovation, and compliance and trust in regulated environments.

Sessions covered a wide range of important topics, including kernel safety (identifying weaknesses, fault propagation, and Linux as a safety element out of context), automotive innovation (safe platforms, prototyping frameworks, and software-defined vehicles), and compliance and trust (continuous compliance, traceability, and statistical methods in safety analysis). These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.

This week we highlight two talks from the Safety Critical Summit session:

Shifting Safety Techniques To a Statistical World – Imanol Allende & Nicholas Mc Guire

As safety-critical systems grow ever more complex, the traditional deterministic mindset that has long guided safety engineering is reaching its limits. In their Open Source Summit Europe 2025 talk, “Shifting Safety Techniques to a Statistical World,” Imanol Allende (Codethink) and Nicholas Mc Guire (OpenTech) challenge conventional assumptions about how we design and assure safety in modern systems.

Today’s high-performance, interconnected platforms from autonomous vehicles to adaptive software systems exhibit inherent non-determinism. Their behavior cannot always be broken down and analyzed piece by piece, as Descartes’ reductionist approach once suggested. Instead, these systems display emergent properties that arise from complex interactions, requiring a more holistic lens.

Imanol and Nicholas argue that the next evolution in safety engineering lies in statistical system analysis. Approaches such as Probabilistic Worst Case Execution Time (pWCET) and Statistical Path Coverage offer promising ways to quantify and manage uncertainty in highly dynamic environments. These methods shift assurance from absolute determinism toward probabilistic confidence, reflecting the true behavior of modern computing platforms.

The talk outlines both the limitations of traditional safety techniques and the opportunities of statistical methods, emphasizing what will be needed methodologically, technically, and culturally for such approaches to gain acceptance within the functional safety domain.

In conclusion, this session invites the safety community to embrace uncertainty not as a flaw, but as a measurable feature of complex systems and to evolve its tools and thinking accordingly.

Engineering Trust: Formulating Continuous Compliance for Open Source – Paul Albertella & Kaspar Matas, Codethink

In this session, “Engineering Trust: Formulating Continuous Compliance for Open Source,” Paul Albertella and Kaspar Matas (Codethink) argue that software requirements, as commonly practiced, are broken. High-level requirements often collapse into feature wish lists; low-level requirements drift into after-the-fact narratives. Formal process models tend to treat the dynamism of FOSS as a defect—yet that very fluidity is a core strength and the result is that project intent and expectations get lost in the noise.

Enter the Eclipse Trustable Software Framework (TSF): a lightweight, continuous compliance framework built by and for open source. TSF lets projects organize and evidence their own objectives not only those imposed by standards while remaining workflow-agnostic and requiring only git. By managing objectives, reasoning, and artifacts alongside code, TSF closes the gap between paper processes and real engineering practice.

TSF’s distinctive outcome is an automated, transparent, traceable body of evidence quantified by a confidence score. That score helps teams decide where to focus next and gives consumers a concrete way to evaluate their trust in the software. Evidence can reference code, tests, results, and validators; hashes and links keep the graph consistent as projects evolve and CI runs.

The talk walks through TSF’s model and usage, then shows how its statements, evidence, and objectives can be mapped to functional safety standards (e.g., IEC 61508 or ISO 26262) to support certification and ongoing assessment. The message is pragmatic: keep the agility of open source, but capture intent and proof continuously so compliance becomes a living activity, not a one-off paperwork sprint.

MISRA C and C++ in OSS: Yes, We Can! – Roberto Bagnara, BUGSENG / University of Parma

In his presentation, “MISRA C and C++ in OSS: Yes, We Can!”, Roberto Bagnara (BUGSENG / University of Parma) challenged a long-standing assumption: that safety- and security-critical software written in C or C++ is fundamentally incompatible with open source development.

C and C++ have powered decades of system software efficient, portable, and close to the hardware but their origins in the 1970s also carry forward deep weaknesses. Undefined and unspecified behaviors, lack of runtime checks, and a “trust the programmer” philosophy make them risky foundations for modern critical systems. When open source software becomes part of automotive, aerospace, or industrial platforms, these risks demand a structured mitigation and that’s where MISRA C and MISRA C++ come in.

MISRA defines safe subsets of C and C++, guiding developers away from dangerous constructs and toward predictable, reviewable code. These rules are not about finding bugs, but about preventing entire classes of failures by design. Mandatory rules prevent undefined behavior; advisory rules promote clarity and verifiability. Importantly, deviations are allowed if they are justified, documented, and demonstrably safe.

Roberto highlighted real-world experience applying MISRA to major open source projects such as Xen, Zephyr, and Trusted Firmware, where compliance was achieved through a combination of training, tailoring, and tooling the “three T’s.” His team’s static analysis tool ECLAIR integrates MISRA checking into continuous integration, helping projects track compliance as they evolve.

The results are encouraging: projects once reporting millions of rule violations now maintain near-complete compliance, with violations justified or eliminated and regressions automatically detected.

The key insight: safety and openness are not mutually exclusive. With collaboration, tailored guidelines, and the right tools, even complex open source ecosystems can move toward MISRA-aligned development building a foundation of trustable, verifiable software for the systems that matter most.

What’s Next?

Together, these perspectives point to a pragmatic future: combine statistical assurance, continuous evidence, and disciplined coding subsets to make safety an ongoing, collaborative property of open source.

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Oct 09

ELISA project recap blog from the Open Source Summit - Part 3

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 3

By elisaproject Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

Insights Into the Safe Open Source Vehicle Core Project for SDV – Philipp Ahmann, Etas GmbH (BOSCH)

The Safe Open Source Vehicle Core (S-Core) project, presented by Philipp Ahmann of ETAS (Bosch), is a collaborative, code-first effort to build a safety-certifiable middleware stack for software-defined vehicles (SDVs). Targeting the layers above the operating system, S-Core complements ELISA’s work and aims for ISO 26262, ASPICE, and ISO 21434 compliance. It supports POSIX-based systems like Automotive Grade Linux and Zephyr, is developed in C++ and Rust, and offers a VS Code-based dev environment with containerized builds.

Using a docs-as-code workflow with Sphinx, PlantUML, and Bazel, S-Core tightly links documentation, code, and testing through automated CI. Modules such as IPC, logging, and data persistence are under active development, with contributions from 70+ developers across 10+ companies.

Following a V-model safety process, S-Core builds in traceability, audits, and ASIL-B-level rigor, while distributors will handle final certification and integration. With a 0.5 release planned for late 2025 and 1.0 in 2026, the project is establishing a shared, open, and certifiable foundation for the next generation of safety-critical automotive software.

AutoSD: A Linux Development and Prototyping Framework for the Automotive Community – Alessandro Carminati & Gabriele Paoloni, Red Hat

AutoSD presented by Alessandro Carminati and Gabriele Paoloni (Red Hat) is an upstream, community-driven Linux distribution for automotive, backed by the CentOS Automotive SIG and serving as a public preview of Red Hat’s in-vehicle OS. Built on CentOS Stream, AutoSD adds automotive essentials: a real-time tuned Linux kernel, OSTree for transactional, rollback-safe updates, and containerized mixed-criticality so safety functions can run alongside infotainment without interference. A docs-as-code + CI approach keeps code, tests, and documentation aligned; images are declaratively built (YAML) via the Automotive Image Builder/OSBuild toolchain, and shipped as a binary distro for fast, reproducible onboarding.

A major focus is hardware enablement without the usual pain. If a SoC/board is already supported, you can boot prebuilt images and prototypes immediately. If drivers are upstream, contributors can add and maintain support in AutoSD under an upstream-first policy. For newly supported silicon, teams can evaluate quickly using a vendor BSP (“Frankenbuild”) but are encouraged to move to out-of-tree modules built against AutoSD’s stable kernel ABI for a maintainable, near-production path while upstreaming progresses.

Safety is treated as architecture, not afterthought: namespaces/cgroups isolate workloads, containers enforce domain boundaries, the kernel is real-time tuned, and intensive stress/fuzz testing (e.g., syzkaller + KASan) underpins freedom-from-interference claims. In Red Hat’s commercial in-vehicle OS, the same model maps to ASIL-B safety partitions (with a hardware watchdog and hardware-specific certification), while AutoSD remains the open, rapid-prototyping lane. Tightly aligned with communities like ELISA and Eclipse SDV, AutoSD offers a reference framework the industry can actually build on: contribute patches, enable new SoCs, propose features, and help shape a secure, updatable, and certifiable Linux base for software-defined vehicles.

What’s Next?

If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Sep 24

Key Takeaways from the Safety Critical Track at Open Source Summit Europe 2025 – 1

By elisaproject Blog, Critical Software Summit, Industry Conference, Linux Foundation, Safety-Critical Software Summit

This week we highlight two talks from the Safety Critical Summit session:

Looking at Linux as a SEooC – Kate Stewart, The Linux Foundation; Nicole Pappler, AlektoMetis & Chuck Wolber, The Boeing Company

Linux is increasingly deployed in safety-critical systems as a Safety Element out of Context (SEooC), yet its scale and rapid evolution, thousands of contributors and near-continuous upstream change pose unique assurance challenges. This talk explains what SEooC means in practice, why it should be understood as a “safety element with assumed context,” and the implications for integrators: a SEooC is not plug-and-play. System developers remain responsible for confirming compatibility, reviewing the safety manual and assumptions of use, ensuring traceability to their own requirements, configuring the element correctly, and validating it within their specific hazard and timing constraints. We frame the work through design assurance hazard identification, design mitigation via requirements-based engineering, and implementation assurance highlighting current gaps between kernel behavior and requirements-derived tests.

The session outlines community efforts to close those gaps: defining low-level Linux kernel requirements with maintainer sign-off; advancing coverage (statement, decision, MC/DC) using LLVM-based kernel coverage and object-code mapping; and packaging evidence with an SPDX functional-safety profile. Speakers also address non-determinism (focusing on deterministic outcomes, minimal configurations) and introduce knaf for call-tree analysis from specific entry points.

Overall, these efforts show how scaling requirements, testing, and coverage within open collaboration can yield reusable evidence, strengthen kernel reliability, and align with a substantial portion of DO-178C DAL A objectives across industries.

Identifying Safety Weaknesses and Fault Propagation in the Linux Kernel – Igor Stoppa, NVIDIA

With growing interest in using Linux in safety-critical domains such as automotive, traditional functional safety practices need to be applied to an open source environment. One such practice is fault injection, where failures are deliberately introduced to study how the system reacts.

This talk by Igor Stoppa, NVIDIA, introduced a tool and methodology for injecting controlled faults into Linux kernel data structures. The goal is to uncover subtle forms of degradation that may not trigger a crash but can compromise safety goals, such as delayed system responses. By running repeatable experiments, the approach makes it possible to check whether safety mechanisms detect and report problems consistently and within required timing constraints.

The work highlights both the challenges of applying safety analysis to a large, fast-moving project like the Linux kernel and the opportunities to integrate such testing into the regular release process. Over time, this could provide valuable data on fault propagation, improve kernel reliability, and strengthen Linux’s role in safety-critical applications.

What’s Next?

The Safety-Critical Software track at Open Source Summit Europe 2025 highlighted the important progress being made toward making Linux a reliable choice in regulated and safety-sensitive domains. From exploring Linux as a Safety Element out of Context to fault injection techniques that expose hidden weaknesses, these discussions show how the community is tackling complex challenges with rigor and collaboration.

To learn more, be sure to check our upcoming blogs where we will cover more sessions from the track. If you are interested in shaping this work, we invite you to join ELISA working groups and contribute to advancing safety practices in open source together.

Sep 17

Recap Blog: ELISA Project at Open Source Summit Europe 2025

By sremmert Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

The ELISA Project was proud to participate in Open Source Summit Europe 2025, held August 25-27 in Amsterdam, Netherlands. As the premier gathering for open source developers, technologists, and community leaders, this year’s event once again showcased the strength, diversity, and innovation of the open source ecosystem.

For ELISA (Enabling Linux in Safety Applications), it was an incredible opportunity to connect with developers, architects, functional safety experts, and contributors working at the intersection of Linux and safety-critical systems.

ELISA Project community photo taken at the Open Source Summit Europe 2025

ELISA Booth Highlights

As a Bronze Sponsor, ELISA hosted Booth #29, where attendees learned about safety-critical software and Linux.

Visitors stopped by to:

Learn more about ELISA’s mission and latest progress.
Explore tools, processes, and working group initiatives.
Connect with project members, contributors, and users.

The booth was buzzing throughout the summit, and it was inspiring to see interest from developers across automotive, industrial, medical, and other safety-focused domains.

ELISA in the Safety-Critical Software Summit

ELISA was also featured in the Safety-Critical Software Summit, a focused track within Open Source Summit Europe dedicated to exploring how open source and safety standards intersect. Watch the sessions here.

Sessions covered a wide range of important topics, including:

Kernel safety – identifying weaknesses, fault propagation, and ways Linux can evolve as a safety element out of context (SEooC).
Automotive innovation – exploring safe software platforms, prototyping frameworks, and open source initiatives for software-defined vehicles.
Compliance and trust – practical approaches to continuous compliance, traceability, and the use of statistical methods in safety analysis.

These talks reflected the growing maturity of the ecosystem and highlighted the shared challenges the community is tackling from technical methodologies to regulatory alignment.

Key Takeaways

There is strong and growing interest in applying Linux to safety-critical domains, from automotive to medical and industrial applications.
Progress in tools, methodologies, and compliance frameworks is enabling broader adoption of open source in regulated environments.
Collaboration between industry, academia, and the open source community is essential to tackling safety challenges at scale.
The ELISA community continues to expand, fueled by conversations and new contributors who engaged with us in Amsterdam.

Join the ELISA Community

We want to thank everyone who visited us at Booth #29, attended our sessions, and engaged with the ELISA Project at Open Source Summit Europe 2025.

Your questions, feedback, and contributions help shape the future of open source in Linux in safety-critical applications.

If you didn’t get a chance to connect in Amsterdam, it’s not too late!

Learn more about ELISA’s mission and working groups.
Get involved in the community.
Stay tuned for upcoming events and opportunities to collaborate.

👋 Thank You, Amsterdam!

From booth conversations to technical discussions, ELISA’s presence at Open Source Summit Europe 2025 was a success thanks to the open source community. We look forward to building on this momentum and continuing the conversation about safety-critical open source systems.

Until next time – see you at the next event!

Aug 06

Documenting the Design of the Linux Kernel - Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

Talk Highlights: Documenting the Design of the Linux Kernel – Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundation; Gabriele Paoloni, Red Hat

By sremmert Ambassadors, Blog, Critical Software Summit, Industry Conference, Safety-Critical Software Summit

Open Source Summit North America, which happened on June 23-25 in Denver, Colorado, had a total of 1,535 in-person attendees (47% hold technical positions) that represented 732 organizations. This year’s event featured vibrant conversations in the Safety-Critical Software track, sponsored by ELISA Project member Honda.

Safety-critical systems — whether in automotive, industrial, medical, or aerospace — are increasingly adopting open source technologies. The sessions in this dedicated track tackled real-world challenges and shared solutions around functional safety, tool qualification, compliance, and certifiability of open source software.

Highlights included:

Panel discussions on bridging the gap between open source innovation and safety assurance
Technical deep dives into applying safety analysis methods to Linux-based systems
Case studies from the ELISA Project working groups showcasing progress in automotive, medical, and industrial domains

This week we are highlighting the talk “Documenting the Design of the Linux Kernel – Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat” from the Open Source Summit, North America 2025.

Documenting the Design of the Linux Kernel – Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

As Linux adoption grows in safety-critical industries like aerospace and automotive, structured design documentation and traceability become increasingly important. This talk presented the ELISA Project’s efforts to reverse-engineer and document low-level developer intent within the Linux kernel using a new, machine-readable requirements template.

Building on earlier discussions at Linux Plumbers 2024 and the December ELISA Workshop at NASA Goddard, the session outlined a proposed framework for capturing “testable expectations” in line with kernel development norms. The goal is to support pass/fail test development, improve test precision using code coverage, and eventually link low-level requirements to higher-level system design.

The speakers showcased early examples from the kernel’s tracing subsystem, discussed the balance between testability and maintainability, and explained how the effort helps address kernel technical debt and reduce certification barriers. The proposal also seeks to avoid burdening maintainers by decoupling documentation from core development.

Key topics included:

A breakdown of the proposed requirement template structure and fields
Examples of real-world kernel functions instrumented with low-level requirements
Integration plans with KernelCI for test coverage and traceability
Challenges encountered, such as avoiding pseudo-code duplication and handling evolving code
Community feedback from upstream maintainers and next steps toward broader adoption

To learn more and get involved in the Safety Architecture Working Group, check here.

What’s Next?

We’re excited to continue the conversations sparked at OSSummit through our public working groups, monthly meetings and upcoming events. Join the ELISA Project at Open Source Summit Europe, happening on August 25-27 in Amsterdam, at the Safety-Critical Software Summit. Check out the schedule or visit the ELISA Project ambassadors and leaders at the booth #29. Learn more here.

Learn more about the conference or register for it at the main Open Source Summit Europe page.

For more ELISA Project updates, subscribe to the LinkedIn page, Youtube Channel or join the community on our new Discord channel!

Jul 09

ELISA project at the Open source summit, Europe 2025

ELISA Project at Open Source Summit Europe 2025

By sremmert Blog, Industry Conference, Safety-Critical Software Summit

Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is the gathering place for open-source code and community contributors.

Why Attend

Connect with the people shaping open source
Learn from maintainers, architects, and industry leaders
Discover new technologies and real-world solutions
Collaborate on ideas that move projects forward
Grow your skills, your network, and your career

ELISA Project at OSS Europe

We are excited to announce that the ELISA (Enabling Linux in Safety Applications) Project will be participating in the upcoming Open Source Summit Europe, taking place August 25-27, 2025 in Amsterdam, Netherlands.

As a proud Bronze Sponsor of this year’s event, ELISA will also be part of the Safety-Critical Software Summit, one of the focused tracks within Open Source Summit Europe

This is a key opportunity to connect with developers, system architects, functional safety experts, and open source contributors working at the intersection of Linux and safety-critical systems.

What to Expect from ELISA Project at Open Source Summit Europe?

Yes, we have a booth and we would love to see you there!
Stop by Booth #29 to:

Learn more about ELISA’s mission and progress
See how Linux can support safety-critical systems across industries
Explore tools, processes, and working group initiatives
Check out live demos
Meet with project members, contributors and users
Pick up your favourite ELISA branded giveaways

And if you have been following ELISA for a while, you may have noticed we have refreshed our logo!
Come by the booth to grab special edition stickers and updated designs featuring the new logo. Quantities are limited, so be sure to stop by early!

Whether you are in automotive, industrial, medical, or another safety-focused domain, this is a great opportunity to ask questions and see how ELISA might support your work.

ELISA Talks and Sessions

The ELISA Project will also be featured in the Safety Critical Software track sessions. You can find the full schedule information here.

This track explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.

Join the ELISA Community

If you are interested in functional safety or contributing to the project, we would love to have you involved. Learn more.

👋 See You in Amsterdam

The ELISA Project is proud to be part of Open Source Summit Europe 2025 and the growing conversation around safety-critical open source systems. From booth activities to in-depth technical talks, this is a great opportunity to learn, connect, and collaborate.

Don’t forget to stop by Booth #29, attend our talks at the Safety-Critical Software Summit, and meet the people behind the project.

We look forward to seeing you in Amsterdam!

May 14

Automated Testing Summit (ATS) 2025

By elisaproject Blog, Industry Conference

In March, the ELISA Project welcomed KernelCI, a community-based open source distributed test automation system focused on building a collaborative ecosystem around upstream kernel development, to our ecosystem. The primary goal of KernelCI is to use an open testing philosophy to ensure the quality, stability and long-term maintenance of the Linux kernel. The Project is currently working on improved LTS kernel testing and validation; consolidation of existing testing initiatives; quality-of-life improvements to the current service; expanded compute resources; and increased pool of hardware to be tested. Learn more about why they joined the project here.

KernelCI will be hosting the Automated Testing Summit (ATS) 2025 on Thursday, June 26 from 9 am – 5 pm in Denver, Colorado, as part of Open Source Summit North America. The Automated Testing Summit is a technical conference focused on the key challenges, tools, and infrastructure involved in testing and quality assurance for the Linux ecosystem — with an emphasis on upstream kernel development, embedded systems, cloud environments and CI integration.

Modern software stacks grow increasingly complex and heterogeneous. Ensuring their stability requires scalable, reproducible, and automated testing solutions that can operate across diverse hardware platforms, kernel versions, and integration layers. ATS brings together engineers working on KernelCI, test frameworks, lab automation, CI/CD pipelines, fuzzing, performance analysis, and more.

The event is a platform for in-depth technical talks, demos, and collaboration sessions that tackle real-world problems in automated testing. Topics range from designing interoperable systems for sharing test results, to debugging kernel regressions across distributed hardware labs.

ATS is currently accepting speaking proposals. Submit a proposal here by Sunday, May 18.

How to Register: Pre-registration is required.

To register to attend in-person at Automated Testing Summit 2025, add it to your Open Source Summit North America registration.

To register to attend virtually, please register here.

Feb 13

ELISA Project and Linux Foundation Community Shine at FOSDEM 2025

By elisaproject Ambassadors, Blog, Critical Software Summit, Industry Conference

Written by Ramon Roche, Dronecode Foundation General Manager and member of Space Grade Linux

Members and collaborators from the ELISA Project and the broader Linux Foundation community were excited to participate in FOSDEM 2025, joining thousands of open source enthusiasts in Brussels for a weekend dedicated to advancing open technology. For those who haven’t yet experienced FOSDEM, it’s difficult to put into words the vibrant, inclusive atmosphere of this registration-free event—it’s something you genuinely have to see and feel for yourself. Imagine developers buzzing between the historic buildings of the Université libre de Bruxelles, eagerly attending talks, sharing ideas, and forging connections over their shared passion for innovation. FOSDEM is more than just a conference; it’s a celebration of open-source collaboration and a testament to the power of community-driven technology.

“FOSDEM is more than just a conference—it’s a cornerstone of the open source world. From discovering new projects in various fields like open source scorecards and NGO-focused CRMs to engaging in critical discussions around the EU’s Cyber Resilience Act, FOSDEM offers unmatched opportunities for learning and collaboration. The hallway track, packed sessions, and the growing interest in AI and open hardware all underscore its role as a vital hub for innovation and community building. It’s where the open source ecosystem thrives, connects, and evolves.”

— Philipp Ahmann, Sr. OSS Community Manager at ETAS GmbH

Exhibits from Sponsors

One of the highlights of FOSDEM 2025 was the lively exhibit area, where attendees flocked to engage with some of the most influential projects and foundations in the open-source ecosystem. The halls were abuzz with energy, making it nearly impossible to walk through without getting swept up in the excitement! Zephyr RTOS had a standout presence among the many exhibits, drawing attention with its innovative real-time operating system solutions. Members of the ELISA community were also actively involved throughout the exhibits, connecting with attendees and sharing insights on safety-critical systems and open-source collaboration.

The FOSDEM community’s love for swag was on full display, with attendees proudly sporting T-shirts, stickers, and other goodies collected from various booths. A major crowd favorite was the Linux Foundation Europe booth, which attracted a steady stream of visitors with its impressive lineup of CNCF project merchandise and exclusive discounts on Linux Foundation training and certifications available only to FOSDEM attendees. The vibrant atmosphere and enthusiasm around the exhibits perfectly captured the spirit of innovation and community that defines FOSDEM.

Kate Stewart’s Zephyr Open Source Project Best Practices Over Time Presentation

Another highlight of FOSDEM 2025 was Kate Stewart’s talk titled Zephyr: Open Source Project Best Practices Over Time, where she shared insights into how Zephyr RTOS has evolved into a robust and widely adopted platform, now surpassing 100,000 commits in its main repository. Drawing on lessons from the Linux Kernel Community, she emphasized the importance of embedding best practices early on to ensure long-term sustainability and scalability. A key focus of her leadership has been security, which was integrated from the start rather than treated as an afterthought. With Zephyr advancing toward formal safety certification, Stewart’s vision continues to drive the project forward, solidifying its position as a trusted solution for embedded systems and safety-critical applications. Her meticulous attention to governance, security, and collaboration has been instrumental in taking Zephyr to new heights.

Software Bill of Materials (SBOM) devroom

The SBOM devroom at FOSDEM 2025 was a focal point for discussions on the growing importance of Software Bill of Materials (SBOM) in ensuring transparency and security across the open-source ecosystem. A standout session was Luigi Pellecchia’s talk on BASIL, an innovative open-source tool designed to simplify the creation and maintenance of traceability matrices for safety-critical applications. Pellecchia demonstrated how BASIL leverages the Software Package Data Exchange (SPDX) standard to integrate quality-related work items into SBOMs, enhancing consistency and reliability across complex toolchains. His presentation highlighted the critical role of SBOMs in fostering trust and compliance, making it clear that tools like BASIL are essential for modern software development workflows. The devroom’s sessions collectively underscored the value of SBOMs in building secure and sustainable software supply chains.

Embedded, Mobile, and Automotive devroom

The Embedded, Mobile, and Automotive devroom at FOSDEM 2025 was a hub of innovation, bringing together a vibrant community of developers and enthusiasts to explore the latest in open-source technologies. The program was packed with engaging talks, covering everything from CubeSat communication systems and general-purpose humanoid robotics with dora-rs to dual A/B update solutions for embedded Linux. Standout sessions included Thibault Poncelet’s deep dive into automotive communication systems with Reverse Engineering CAN Communication and Building ECUs Using Elixir and the BEAM, and Florian Limberger’s exploration of Bluetooth Low Energy applications in Developing BLE Host Applications with Zephyr. Attendees also got a closer look at the integration of MicroPython in embedded systems and enjoyed a lively update on the Zephyr RTOS during its dedicated roasting party. With a full house for nearly every session, the devroom highlighted the rapid advancements in embedded technologies and the critical role of open-source collaboration in shaping the future of the industry.

“FOSDEM is one of the most important open-source gatherings in the world, and this year was no exception,” said Walt Miner, AGL Community Manager at the Linux Foundation, devroom co-chair. “I came to host the Embedded, Mobile, and Automotive devroom, as well as the Automotive BoF, but it’s also the best place to connect with a wide variety of experts across countless projects. What makes FOSDEM so special is its diversity—it’s not tied to a single project or technology, and every year brings new devrooms and discoveries. This year, I was excited to learn more about OpenPilot and meet some of the people using it.”

Miner continued, “In the Embedded, Mobile, and Automotive devroom, Zephyr was a recurring theme, with so many great talks that we could easily justify a dedicated Zephyr devroom next year. The devroom was a huge success—our 210-seat room was packed for every session, and we had three times more talk submissions than we could accommodate. It’s inspiring to see such enthusiasm and expertise in the community, and I’m already looking forward to next year!”

“Expect the unexpected. At FOSDEM, you have the opportunity to see new topics and trends.”

– Jan-Simon Moeller

Featured Talks you should check out:

BASIL an open source tool that supports requirements traceability with design sBOM

Presenter: Luigi Pellecchia
Link to Presentation

Zephyr: Open Source Project Best Practices Over Time

Presenter: Kate Stewart
Link to Presentation