Seminar Series

May 27

Recap – ELISA Seminar – Functional safety with Xen, Zephyr and Linux for avionics, automotive and industrial

By elisaproject Ambassadors, Blog, Seminar Series, Technical Update, Working Group

On May 13, 2026, the ELISA Project hosted a seminar exploring how open source technologies including Xen, Zephyr RTOS, and Linux are advancing toward deployment in safety-critical systems across avionics, automotive, and industrial domains.

The session featured Ayan Kumar Halder (AMD) and Matthew Weber (Boeing), who shared ongoing collaborative work around functional safety, mixed-criticality systems, and open source safety certification efforts.

The discussion focused on how Xen, Zephyr, and Linux can be composed into a unified architecture for safety-critical environments. The speakers outlined how Xen can act as a Type-1 hypervisor, isolating workloads with different safety requirements while supporting deterministic execution, static partitioning, and freedom from interference between virtual machines.

A major theme throughout the session was the growing collaboration between the Xen community and the ELISA Project to build an open functional safety ecosystem. The work spans multiple safety standards including ISO 26262, IEC 61508, and DO-178C, with the goal of creating reusable safety certification artifacts and methodologies that can benefit multiple industries.

The seminar highlighted several ongoing technical efforts within the Xen functional safety initiative, including:

MISRA C compliance improvements and automated CI checking
MPU support for ARM Cortex-R systems
Static partitioning and deterministic scheduling
Requirements traceability and architecture specifications
Domain-based testing, fault injection, fuzzing, and unit testing
White-box testing approaches using Ceedling and coverage analysis
Open source traceability workflows using Open Fast Trace

The speakers also discussed the importance of defining assumptions of use (AoU) between system components such as firmware, hypervisors, operating systems, and applications. This systems-level perspective is critical for enabling Linux and Xen to operate within certified safety environments.

Matthew Weber shared additional insights from the aerospace domain, explaining how avionics standards such as DO-178C and ARINC 653 complement ongoing automotive safety efforts. The session explored how higher levels of testing rigor, deterministic partitioning, and lifecycle traceability can help support mixed-criticality aerospace systems using open source technologies.

Another key discussion point was sustainability. Functional safety is not a one-time activity but an ongoing engineering process that must evolve alongside code changes, new features, and emerging defects. The speakers emphasized the importance of open collaboration, transparent development processes, and community participation to keep safety-related artifacts and testing continuously maintained.

The session concluded with an invitation for the broader community to get involved through mailing lists, workshops, Git repositories, and upcoming events including the Xen Summit and ELISA workshops.

As open source continues expanding into regulated and safety-critical industries, collaborations like these are helping create the technical foundations, tooling, and community processes needed to support the next generation of safety-focused systems.

Watch for upcoming ELISA seminars and community workshops to continue the conversation around functional safety, mixed-criticality systems, and open source collaboration.

Upcoming ELISA Seminars:

Nov 06

ELISA seminar recap : Introduction to Requirements Engineering – Pete Brink, UL Solutions

By elisaproject Blog, Seminar Series

Pete Brink from UL Solutions led an ELISA seminar on the basics of requirements engineering. He explained why teams write requirements, how to know when you are “done,” and how safety-critical work raises the bar. Requirements describe what a system must do and how well it must do it, not how to implement it. They can be functional (including safety and security behavior) or non-functional (performance, resource, thermal, mechanical, usability, and similar constraints). Pete stressed an iterative process: elicit from stakeholders, analyze and validate, write the spec, verify requirement quality, and then do architecture, design, coding, and testing. Testing spans unit, component, integration, and acceptance to prove the requirements were fulfilled. He noted that language is imprecise, so clarity, atomicity, unique IDs, status, allocation, and traceability are essential. Text can be supported with diagrams and models (semi-formal); full formal notation is used rarely. Tooling in practice often includes markdown in GitHub; community tools like StrictDoc and others are emerging, but traceability remains hard.

Pete showed weak vs. improved requirements, fixing ambiguity like “regular intervals” and splitting “and/should” into separate, testable statements with precise timing and tolerances. He introduced EARS (Easy Approach to Requirements Syntax) to give simple, consistent sentence patterns, including ubiquitous, event-driven, state-driven, and optional-feature forms (useful for things like debug vs. release or hardware variants). Detail should match criticality: too little raises risk; too much raises cost. Open source adds challenges because code often exists first; teams may derive requirements from observed behavior or refactor to align with clearer, testable specs. In Q&A, attendees discussed automotive vs. aerospace use of formal methods, handling hardware variants and build types, and authoring options like LaTeX and Sphinx.

The core message: write clear, atomic, testable requirements, keep them implementation-free, manage them with discipline, and iterate whenever design and testing reveal issues.

ELISA Project Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend.

Watch the previous Seminar series here.

May 28

Criteria and Process for Evaluating Open-Source Documentation

By elisaproject Ambassadors, Blog, Seminar Series

As the open source and safety (and security) communities collaborate more closely, there’s an opportunity to build trust by showcasing how open source development aligns with key safety principles. As part of the ELISA Seminar series, Pete Brink, Principal Consultant at UL Solutions and ELISA Project ambassador, recently presented the process designed to adapt to a variety of projects and contexts, including evaluation criteria.

This video aims to introduce a flexible, practical framework for evaluating documentation that supports trustworthiness in development practices. The goal is to empower teams to highlight their commitment to quality and safety in a way that works for them. Watch here:

The ELISA Seminar Series focuses on hot topics related to ELISA’s mission to define and maintain a common set of elements, processes and tools that can be incorporated into Linux-based, safety-critical systems amenable to safety certification. Speakers are members, contributors and thought leaders from the ELISA Project and surrounding communities. Each seminar comprises a 45-minute presentation and a 15-minute Q&A, and it’s free to attend. You can watch all videos on the ELISA Project Youtube Channel ELISA Seminar Series Playlist here.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Sep 11

Meet the New KernelCI

By elisaproject Blog, Seminar Series

KernelCI started 10 years ago as a small project to test the kernel on Arm devices. The project grew over the years and today a new architecture is in place. In this video, Don Zickus, Distinguished Engineer at Red Hat and Gustavo Padovan, Kernel Lead at Collabora will present you the new KernelCI. The KernelCI community put a lot of effort recently to design and implement its new testing architecture with a focus on facilitating the kernel community and industry engagement as much as possible.

Our new KernelCI Architecture (1) allows different services (such as patchwork, b4, etc), multiple CI services, and users to send request to test patches; (2) supports all sorts of testing platforms and hardware labs, not just embedded hardware; (3) focus on quality of test run, rather than quantity; (4) brings common database for all CI systems with automatic post-processing of regressions.

Speakers: Gustavo Padovan, Kernel Lead at Collabora and Don Zickus, Distinguished Engineer at Red Hat

Don and Gustavol offer the ELISA community an overview of KernelCI and look for potential areas of collaboration between both projects. Watch the video:

If you missed this ELISA Seminar, Don and Gustavo will be presenting about KernelCI at the Linux Plumbers Conference in Vienna, Austria on September 18-20. Learn more about their session in the Linux Kernel Testing Microconference.

Aug 26

The SEooC concept driven into extreme

By elisaproject Blog, Seminar Series

For quite a few years, ISO 26262 has supported a component/element-based approach to ISO 26262, SEooC or Safety Element out of Context. This has simplified the argumentation and integration for specific elements into a larger system. However, as we see more and more complex systems being introduced, such as highly automated cars, we foresee that the importance of the SEooC concept will grow. The how-to will be developed at the same time. This topic will be further explored by speaker Håkan Sivencrona, Senior Technical Leader @ SVA Safe Vehicle Automation, Volvo Cars.

The presentation will introduce the SEooC concept, the usage and possible extensions and supporting argumentation for use of for example SW components in a CI/CD framework. And a lot more.

Aug 21

Cregit: token-level history of Linux

By elisaproject Blog, Seminar Series

One of the major disadvantages of git’s blame command is that the minimum unit of change it tracks is the line of text. As past of the ELISA Seminar series, Daniel German, Professor of Computer Science at University of Victoria helps address this issue. They’ve developed Cregit, a set of tools the permits that traceability of each token of the source code of a git repository.

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Jul 01

Improved system stressing with stress-ng

By elisaproject Blog, Seminar Series

Stress-ng has a proven track record for stress testing Linux systems and forcing out system bugs. As past of the ELISA Seminar series, Colin King, Principal Engineer at Intel, gave a presentation titled, “Improved System Stressing with stress-ng.” His talk describes new stress-ng features and the future roadmap for stress-ng.

<!– wp:paragraph –>

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

May 28

Making Linux Fly: Towards Certified Linux Kernel

By elisaproject Blog, Seminar Series

Although the Linux operating system has been used widely in many industries, adoption in aerospace has been slow due to the rigorous assurance evidence required as part of flight certification. The guidance for commercial flight software in most of the world is RTCA DO-178C, which identifies five progressively more rigorous levels of assurance. Providing the software life cycle data outlined by DO-178C is a daunting task for software as large and complex as Linux. In this project we focus on three objectives from DO-178C related to code coverage — the fraction of the source code that is exercised by testing. The three types of code coverage in DO-178C are statement coverage, decision coverage, and Modified Condition/Decision Coverage (MC/DC). The last of these, MC/DC, is only required for Software Level A, the highest level of assurance.

For operating system kernels like Linux, measuring code coverage is challenging because of the unique execution environment compared to user space. Measuring MC/DC is even harder given the intricacy of the metric and limitations of tools. We share our experience in measuring Linux kernel’s code coverage, with an emphasis on MC/DC. We describe how we have enabled measuring Linux kernel’s MC/DC for the first time, by enhancing both the toolchain and the kernel itself. We also discuss the generalizability of our approach across different kernel versions and opportunities for improving coverage with kernel testing suites like KUnit and kselftest.

As part of the ELISA Seminar series, Wentao Zhang, PhD student at University of Illinois Urbana-Champaign; and Steven H. VanderLeest, Technical Fellow at The Boeing Company; gave a presentation titled, “Making Linux Fly: Towards Certified Linux Kernel.”

<!– /wp: paragraph –>

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

May 15

Ferrocene: Qualifying the Rust compiler out in the open

By elisaproject Blog, Seminar Series

Ferrocene is a fully open source toolchain to enable the use of the Rust programming language in safety-critical environments. It is a proper downstream of the main Rust compiler – rustc. This includes all documentation.

The mission of Ferrocene is to bring open source practices to safety-critical industries and improve the Rust open source ecosystem through safety-critical practices.

Ferrocene is also fully qualified using only open source tooling.

But what does that mean in practice? In this talk, I’ll walk you through our findings when qualifying the Ferrocene compiler toolchain using fully open source tools. A particular eye will be on the conditions that enabled the Ferrocene project to build a feedback loop with the Rust project and how they may inform your approach towards other FOSS projects.

As part of the ELISA Seminar series, Florian Gilcher, Managing Director at Ferrous Systems, gave a presentation titled, “Ferrocene: Qualifying the Rust compiler out in the open.”

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.

Mar 21

Certifying Linux: State of the Art and Lessons Learned after Eight Years

By elisaproject Blog, Seminar Series

In 2018, in the course of the SIL2LinuxMP project, we summarized the knowledge gained around research questions and suggested potential solutions using Linux in safety-related systems in the paper “Certifying Linux: Lessons Learned in Three Years of SIL2LinuxMP.” Since then, the activities using Linux in safety-related systems has continued to attract more experts and more commercial attention. However, it is still a challenging activity to pursue. In this video, we explain, reflect and comment the areas of work and activities that have been followed the next five years throughout the industry and how they relate, complement initial ideas that were collected in the SIL2LinuxMP project.

As part of the ELISA Seminar series, Lukas Bulwahn, Safety Software Key Expert at Elektrobit, gave a presentation titled, “Certifying Linux: State of the Art and Lessons Learned after 8 Years.“

For more ELISA Project updates, subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel.