Skip to main content
search
Category

Workshop

Aug 21
Love0

ELISA Workshop – A Summary of Berlin

By Blog, Workshop

Written by Philipp Ahmann, Chair of the ELISA Project TSC and Technical Business Development Manager at Robert Bosch GmbH 

In June, the ELISA Project’s core contributors and affiliates came together for three days at the Bosch IoT Campus in Berlin, Germany. We discussed recent achievements, project branding and perception, upcoming goals and next steps.

From left to right: (MBition), Gabriele Paoloni (Red Hat), (Red Hat), Olivier Charrier (Windriver), Dongni Fan (MBition), Leonard Moritz Hübner (NXP), Alex Fomichev (MBition), Christof Petig (Aptiv), Philipp Ahmann (Bosch), Kai Hudalla (Bosch Digital), Johannes Kristan (Bosch Digital), Christopher Temple (ARM), Kate Stewart (Linux Foundation) & Sven Erik Jeroschewski (Bosch Digital)

Quick recap on the three days

The workshop kicked off with a discussion about ELISA’s big picture document. The document serves as an entry point for new contributors to find their path through the ELISA deliverables and approach. It will be a living document which gets updated and enhanced when major achievements are reached. It is structured into 3 major parts and complements the project charter and mission.

  • The project objective
  • The ELISA approach (ongoing work to meet the project objective)
  • Using and putting ELISA results into practice

The second session focused on the creation of a pragmatic guide to best practices for open source contributors to facilitate safety analysis in the future. In this session, Kate Stewart, Vice President of Dependable Embedded Systems and and ELISA Ambassador, shared an overview of existing tools which help to make the kernel development work more discoverable, creating certain traceability, and to make analysis “more provable.” The session addressed a few next steps which the project has to look into: 

  • Capturing current Kernel requirements
  • Using Linux features
  • Testing Frameworks

Some parts of the topics were directly addressed as part of the second day agenda. In the first session, the safety analysis approach uses a combination of risk analysis, fault injection, and a high degree of automation. Part of it is also the System Theoretic Process Analysis (STPA). This was already successfully applied within Codethink and taken forward within the Open Source Engineering Process (OSEP) Working Group. The motivation to go in this direction was also made visible and which initial work has been started.

In the following session certain limits of a traditional STPA when applied to the Linux Kernel were pointed out by Red Hat. Additional tool support may be needed which was one reason to create the ks-nav tool. The objective of this tool is to analyze the Linux kernel for safety by presenting diagrams of call trees. In this way an understanding of the interactions and dependencies among different parts of the kernel can be gained for safety analysis. To speed up the development and make the tool more visible, the ks-nav tool resides now in an own repository within the ELISA github organization.

After that, the workshop participants had a longer discussion, whether manpage derived requirements and manpage driven testing can improve the argument towards usage of Linux in safety-critical applications. 

  • It describes a large part of the software components of Linux usage in products
  • It is the established format to describe and learn the software functionality provided by Linux.
  • It is used by a large audience.

The workshop participants agreed that there is still a lot of work to map the current kernel implementation to the existing manpages and to close the gaps between both. This will be a great contribution to the whole kernel community. Overall the ELISA project plans to take major actions in the field of Kernel documentation improvements.

In the afternoon session “targets for upstreaming to Linux kernel for the remainder of the year” the topic of upstreaming documentation within the user and admin guide of the Kernel was put into practice. The current activities of the Linux Features for Safety Critical Systems (LFSCS) WG were presented to the workshop participants. Shuah Khan (Linux Foundation Fellow) together with Elana Copperman (Mobileye, LFSCS WG lead) illustrated the different configuration parameters of the PREEMPT_RT patches which are now almost completely upstreamed. However, it turned out that the documentation of the parameter and configuration towards desired usage have large room for improvements. As many safety-critical products rely on certain real time capabilities, ELISA judges this topic as high priority and very important.

RT Linux in Safety Critical Systems: the potential and the challenges – Elana Copperman & Shuah Khan

The 3rd day concentrated heavily on internal ELISA activities, project health and growth. There was a session revisiting the project messaging along with a session about review of change management workflow, and a proposed approach document to go to the working groups/TSC for approval. In another session the participants brainstormed ideas for community growth and engagement, adjacent community outreach and mutual alignment.

Although the sessions focused on internal work, especially the contributions by affiliated workshop participants representing e.g. Eclipse Software-Defined-Vehicle, ETAS, MBition and NXP added new perspectives, led to good takeaways and made the workshop a success.

Major Workshop Takeaways

During the various sessions and at the end of each day takeaways from the participants were collected and discussed. An extract of major takeaways are listed below:

  • Rework and structure Kernel documentation is an important element of ELISA
    • Strong risk of diverging, in case you write documentation by another person than the maintainer of the code.
  • Start identifying critical subsystems of the Linux kernel to enhance user documentation similar to “workload” and “realtime” documentation.
  • Identification of the “core” part of the kernel that is present in all set of config images
    • Looking at user APIs for the “core” parts, may be a useful focus for doing detailed analysis that others can use, and build from
    • Any analysis has to be tagged to specific release, as changes are happening through time.
    • Getting the API and subsystem analysis of key pieces upstream, combined with recommendations on testing to demonstrate the user space APIs are consistent. (Maintainer need to agree)
  • ELISA is not providing a safe Linux, but there are interesting tools supporting Safety with using Linux
  • If you push a patch to the Linux kernel you have to follow rules (e.g. checkpatch). Maybe there can be kernel tools to improve the safety part of Linux, e.g. that the proposed change/config is in line with the safety guidelines
  • The kernel alone does not make the operating system, you need other components to create a particular system.
  • Open Sourcing the Red Hat requirement tool would be a great benefit for the wider open source safety community
    • Use the requirements tool to export SPDX safety linkage SBOMs for the Linux Kernel
  • Reach out to Eclipse SDV and AGL with SOAFEE to talk about an example system as part of Systems WG
    • SDPX and System SBOM may be of interest for Eclipse Foundation (SDV)
  • OEM may be a must have to work on a real use case in certain domains (especially automotive).
  • The puzzle pieces on the table may not yet be complete and people may use puzzle pieces differently
    • Workshops are a good place to learn how the different pieces fit together, SBOM, OSEP, ARCH…

Getting involved

The ELISA Project is open to anyone to participate. While membership is not required for participation, we always love to welcome additional  members to join us in the mission of  enabling Linux in safety applications and to collaborate with other members who are committed to this effort.

If you are interested to learn more about ELISA or want to participate in one of the working groups or recently started activities, just send  an email to the technical forum mailing list. Or you can get advice on where to contribute best by joining the Technical Steering Committee (TSC) meeting which is held every other Wednesday at 13:00 UTC.

Last but not least the next in person workshop is only a few months away. ELISA members currently plan to meet again most likely in Munich, Germany, October 16- 18. Please join the mailing list and/or subscribe to @ProjectElisa or our LinkedIn page or our Youtube Channel to learn more about the next workshop.

Jun 05
Love0

Diving into the Kernel: Introducing ks-nav Tool Set 

By Blog, Working Group, Workshop

Written by Red Hat’s Gabriele Paoloni, Alessandro Carminati & Maurizio Papini

One of the main challenges in using the Linux Kernel for safety-critical systems is conducting safety analyses in the absence of architectural documentation. As outlined in this article, within the ELISA (Enabling Linux in Safety Applications) Project, we are adopting the STPA approach at the system level. Accordingly, the Safety Architecture Working Group has been actively working on implementing and expanding this approach within the Kernel.

To conduct an STPA-inspired analysis, it is necessary to define “controller” entities, along with their corresponding control actions and feedback mechanisms. The Linux Kernel has already been divided into entities, which are maintained by different individuals based on the MAINTAINERS file.

Therefore, the Safety Architecture Working Group has made the decision to experiment with STPA analysis within the Kernel by treating the various subsystems or drivers (as defined in the MAINTAINERS file) as individual controllers. Within this context, the challenge has been to identify the control actions and feedback mechanisms between the drivers and subsystems.

The ks-nav tool set, comprising two complementary tools, is specifically designed to support the identification of such control actions. 

To facilitate this, ks-nav offers subsystem call trees, which visually represent the interactions and dependencies among subsystems, starting from a given symbol. This feature allows users to identify potential interfaces between subsystems or drivers that support relevant control actions within the specific context of the symbol under analysis.

Another key  feature of ks-nav is the identification of function call trees, which list functions potentially encountered starting from a given one . Such a feature could be useful to understand the subsystem or driver behavior following the invocation of a given function. 

In summary, within the context of a specific symbol, ks-nav is capable of initially highlighting potential candidates for control actions between subsystems and drivers. Additionally, it allows users to “zoom in” on each subsystem as necessary to support expert judgment in semantically specifying the control actions.

To accommodate diverse analysis needs, the tool set supports multiple output formats, including dot, raster images (PNG or JPG), and vector images (SVG), facilitating effective visualization.

Flexibility is emphasized with compatibility across different database management systems (DBMS) like PostgreSQL, MySQL, MariaDB, or SQLite. This enables seamless integration with users’ preferred DBMS or existing infrastructure.

Moreover, ks-nav is able to identify indirect calls, including the x86 retpoline technique, within the kernel code, and deals with compiler code optimization.

By offering function call trees, subsystem call trees, versatile output formats, DBMS compatibility, and indirect call detection, the ks-nav tool set provides a comprehensive and efficient solution for ELISA activities in Linux kernel analysis. It provides users with the necessary tools to explore the kernel’s structure, and make informed decisions.

This initial commit of the ks-nav tool set also ensures fair test coverage, guaranteeing reliability and effectiveness in supporting ELISA activities. It marks a milestone, demonstrating the team’s commitment to continuous improvement and future advancements to refine the tool set and meet evolving needs in ELISA activities conducted by the working group.

All are welcome to try out the tools, send pull requests for improvements and bug fixes on the ELISA GitHub here.

There will also be a dedicated session on how to apply this tool at the upcoming ELISA Berlin Workshop June 20-22. Learn more about the Workshop or register for it here.

Aug 11
Love0

Boeing joins the ELISA Project as a Premier Member to Strengthen its Commitment to Safety-Critical Applications

By Announcement, News, Working Group, Workshop

Boeing to lead New Aerospace Working Group

SAN FRANCISCO – August 11, 2022 –  Today, the ELISA (Enabling Linux in Safety Applications) Project announced that Boeing has joined as a Premier member, marking its commitment to Linux and its effective use in safety critical applications. Hosted by the Linux Foundation, ELISA is an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems.

“Boeing is modernizing software to accelerate innovation and provide greater value to our customers,” said Jinnah Hosein, Vice President of Software Engineering at the Boeing Company. “The demand for safe and secure software requires rapid iteration, integration, and validation. Standardizing around open source products enhanced for safety-critical avionics applications is a key aspect of our adoption of state-of-the-art techniques and processes.”

As a leading global aerospace company, Boeing develops, manufactures and services commercial airplanes, defense products, and space systems for customers in more than 150 countries. It’s already using Linux in current avionics systems, including commercial systems certified to DO-178C Design Assurance Level D. Joining the ELISA Project will help pursue the vision for generational change in software development at Boeing. Additionally, Boeing will work with the ELISA Technical Steering Committee (TSC) to launch a new Aerospace Working Group that will work in parallel with the other working groups like automotive, medical devices, and others.

“We want to improve industry-standard tools related to certification and assurance artifacts in order to standardize improvements and contribute new features back to the open source community. We hope to leverage open source tooling (such as a cloud-based DevSecOps software factory) and industry standards to build world class software and provide an environment that attracts industry leaders to drive cultural change at Boeing,” said Hosein.

Linux is used in all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes. Launched in February 2019, ELISA works with Linux kernel and safety communities to agree on what should be considered when Linux is used in safety-critical systems. The project has several dedicated working groups that focus on providing resources for system integrators to apply and use to analyze qualitatively and quantitatively on their systems.

“Linux has a history of being a reliable and stable development platform that advances innovation for a wide range of industries,” said Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation. “With Boeing’s membership, ELISA will start a new focus in the aerospace industry, which is already using Linux in selected applications. We look forward to working with Boeing and others in the aerospace sector, to build up best practices for working with Linux in this space.”

Other ELISA Project members include ADIT, AISIN AW CO., Arm, Automotive Grade Linux, Automotive Intelligence and Control of China, Banma, BMW Car IT GmbH, Codethink, Elektrobit, Horizon Robotics, Huawei Technologies, Intel, Lotus Cars, Toyota, Kuka, Linuxtronix. Mentor, NVIDIA, SUSE, Suzuki, Wind River, OTH Regensburg, Toyota and ZTE.

Upcoming ELISA Events

The ELISA Project has several upcoming events for the community to learn more or to get involved including:

  • ELISA Summit – Hosted virtually for participants around the world on September 7-8, this event will feature overview of the project, the mission and goals for each working group and an opportunity for attendees to ask questions and network with ELISA leaders. The schedule is now live and includes speakers from Aptiv Services Deutschland GmbH, Boeing, CodeThink, The Linux Foundation, Mobileye, Red Hat and Robert Bosch GmbH. Check out the schedule here: https://events.linuxfoundation.org/elisa-summit/program/schedule/. Registration is free and open to the public. https://elisa.tech/event/elisa-summit-virtual/
  • ELISA Forum – Hosted in-person in Dublin, Ireland, on September 12, this event takes place the day before Open Source Summit Europe begins. It will feature an update on all of the working groups, an interactive System-Theoretic Process Analysis (STPA) use case and an Ask Me Anything session.  Pre-registration is required. To register for ELISA Forum, add it to your Open Source Summit Europe registration.
  • Open Source Summit Europe – Hosted in-person in Dublin and virtually on September 13-16, ELISA will have two dedicated presentations about enabling safety in safety-critical applications and safety and open source software. Learn more.

For more information about ELISA, visit https://elisa.tech/.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Aug 10
Love0

Join us at ELISA Project September Events

By Blog, Industry Conference, News, Working Group, Workshop

Launched in February 2019, the ELISA (Enabling Linux in Safety Applications) Project works with Linux kernel and safety communities to agree on what should be considered when Linux is used in safety-critical systems. The project has several dedicated working groups that focus on providing resources for system integrators to apply and use to analyze qualitatively and quantitatively on their systems.

If you’re new to the project and would like to learn more about the community, ELISA has several upcoming events in September that you can attend to meet ambassadors or project members, receive updates about technical milestones and goals of each of the working groups and ask questions or get involved. Focused Working Groups include Automotive, Linux Features for Safety-Critical Systems, Medical Devices, Open Source Engineer Processes, Safety Architecture, Systems and Tool Investigation and Code Improvement and they are always looking for more participants.

September events:

  • ELISA Summit – Hosted virtually for participants around the world on September 7-8, this event will feature overview of the project, the mission and goals for each working group and an opportunity for attendees to ask questions and network with ELISA leaders. View the schedule here. Registration is free and open to the public. https://elisa.tech/event/elisa-summit-virtual/
  • ELISA Forum – Hosted in-person in Dublin, Ireland, on September 12, this event takes place the day before Open Source Summit Europe begins. It will feature an update on all of the working groups, an interactive System-Theoretic Process Analysis (STPA) use case and an Ask Me Anything session.  Pre-registration is required. To register for ELISA Forum, add it to your Open Source Summit Europe registration.
  • Open Source Summit Europe – Hosted in-person in Dublin, Ireland, and virtually on September 13-16, ELISA will have two dedicated presentations about enabling safety in safety-critical applications and safety and open source software. Learn more.
  • ELISA Workshop – Hosted in-person in Manchester, England, at Codethink offices. This workshop offers an opportunity for active ELISA contributors and members to have interactive discussions on predetermined topics and have side-by-side working sessions. Learn more.

Aug 03
Love0

Hazard Analysis Application to Complex Software (Video)

By Blog, Workshop

The Spring ELISA Workshop, which took place on April 5-7 virtually, had more than 130 global registrants that learned more about the various working groups, hot topics related to enabling linux in safety applications and networked with ambassadors. If you missed the workshop, you can check out the materials here or subscribe to the new ELISA Youtube Channel and add these sessions to your watch list.

In April, Raffaele Giannessi, Industrial PhD, and Fabrizio Tronci, Functional Safety Manager and Alessandro Biasci, Project Manager at Huawei, presented a session titled, “Hazard Analysis Application to Complex Software.” In this talk, they showcase the methodology to apply STPA to software non-physical system and application of case study on dynamic memory allocation.

Watch the video below.

If you are interested in learning more about the ELISA Project, please join us at one of the September events:

  • ELISA Summit, a virtual conference happening on September 7-8 . ELISA ambassadors and leaders will offer an introductory overview of the project, more in-depth technical content, emerging trends, and hot topics related to open source software in safety-critical applications. Register to attend at no cost here: https://events.linuxfoundation.org/elisa-summit/register/.
  • ELISA Forum, in-person in Dublin, Ireland on September 12. This is a co-located event with Open Source Summit Europe. ELISA Ambassadors and leaders will offer an overview of the project, the activities of the various working groups (WGs) and how the WGs interact and work together to tackle the challenges in advancing open source in safety-critical systems and bridge the gap between functional safety and Linux kernel development velocity. There will also be in-depth updates for the System-Theoretic Process Analysis (STPA) methodology to a sample use case and a Q&A session. Pre-registration is required. To register for ELISA Forum, add it to your Open Source Summit Europe registration.
Jul 20
Love0

Integrity of the Safety Application Address Space (video)

By Blog, Workshop

The Spring ELISA Workshop, which took place on April 5-7 virtually, had more than 130 global registrants that learned more about the various working groups, hot topics related to enabling linux in safety applications and networked with ambassadors. If you missed the workshop, you can check out the materials here or subscribe to the new ELISA Youtube Channel and add these sessions to your watch list.

Red Hat’s Christoffer Hall-Federiksen, Senior Software Engineer, and Gabriele Paoloni, Senior Principal Software Engineer and Chair of the ELISA Project Governing Board, presented a session titled, “Integrity of the Safety Application Address Space.”

In this video, you’ll get an overview  of the address space descriptors and critical Linux Kernel code involved along different scenarios (process creation, memory allocation, context switch, etc.), safety goals and an interactive discussion on the next steps. 

Watch the video below.

Jul 13
Love0

Introduction to ELISA (Video)

By Blog, Working Group, Workshop

The Spring ELISA Workshop, which took place on April 5-7 virtually, had more than 130 global registrants that learned more about the various working groups, hot topics related to enabling linux in safety applications and networked with ambassadors. If you missed the workshop, you can check out the materials here or subscribe to the ELISA Youtube Channel and add these sessions to your watch list.

At the workshop, Shuah Khan, Chair of the ELISA Technical Steering Committee (TSC) and Kernel Maintainer and Linux Fellow at the Linux Foundation, joined Kate Stewart, ELISA TSC member and co-chair of the Medical Devices Working Group, to kick off the workshop with an introduction to the ELISA Project.

You can view the video below, which is intended for new community members interested in the project and those who aren’t regular participants in the working groups.

We invite you to join a working group to learn more! Click here to check out the working groups and subscribe to their mailing lists and calendars to join meetings.

Jun 15
Love0

Mixed-Criticality Processing on Linux (Video)

By Blog, Workshop

The Spring ELISA Workshop, which took place on April 5-7 virtually, had more than 130 global registrants that learned more about the various working groups, hot topics related to enabling linux in safety applications and networked with ambassadors. If you missed the workshop, you can check out the materials here or subscribe to the new ELISA Youtube Channel and add these sessions to your watch list.

Christopher Temple, Lead Safety & Reliability Systems Architect at Arm Germany GmbH, and Paul Albertella, ELISA Project TSC member, Chair for Open Source Engineering Process Working Group and Consultant at Codethink, presented a session, “Mixed-Criticality Processing on Linux.”

Check out the video that features the presentation and community discussion about how to create a common understanding of mixed-criticality processing on Linux and the related problems, collect and discuss alternatives for addressing the problems. 

In the video, you’ll see there is good engagement from existing ELISA participants and new ones, and the group ended with a clearer understanding of the challenges faced when safety functions co-exist on a system with non-safety functions, and with other safety functions. There was a broad consensus about how ELISA might provide useful guidance for how to tackle some of these, by describing design patterns for systems that include Linux, rather than focussing on what Linux needs in order to be ‘safe’.

Jun 01
Love0

Safety Monitors Inside the Kernel (Video)

By Blog, Workshop

The Spring ELISA Workshop, which took place on April 5-7 virtually, had more than 130 global registrants that learned more about the various working groups, hot topics related to enabling linux in safety applications and networked with ambassadors. If you missed the workshop, you can check out the materials here or subscribe to the new ELISA Youtube Channel and add these sessions to your watch list.

Gabriele Paoloni, ELISA Project Governing Board Chair and Senior Principal Software Engineer at Red Hat, and Daniel Bristot, Senior Principal SW Engineer at Red Hat, gave a presentation at the Spring ELISA Workshop titled, “Safety Monitors Inside the Kernel.”

The recently proposed “Runtime Verification Monitor” framework, which can be found here, has the capability of monitoring the Kernel Drivers / Subsystems to behave as expected and to protect them against interference from within the Kernel itself. The video will explain how the RVM framework works with a specific focus on the Watchdog Monitor that has been proposed in the patchset and how it can support a functional safety claim. Watch it here:

May 18
Love0

Software Supply Chain Integrity Transparency & Trustworthiness and Related Community Efforts (Video)

By Blog, Workshop

The Spring ELISA Workshop, which took place on April 5-7 virtually, had more than 130 global registrants that learned more about the various working groups, hot topics related to enabling linux in safety applications and networked with ambassadors. If you missed the workshop, you can check out the materials here or subscribe to the new ELISA Youtube Channel and add these sessions to your watch list.

For the first-time ever, the ELISA Project featured a keynote presentation. Robert (Bob) Martin, Senior Principal Engineer at the MITRE Corporation, presented a keynote titled, “Software Supply Chain Integrity Transparency & Trustworthiness and Related Community Efforts.” Check out the presentation materials here or watch the video:

Trust, transparency, and integrity of software supply chains is at the center of many of the global security and safety challenges confronting communities around the world, including government agencies and the industries that support them or provide our critical infrastructure. The pandemic, utility ransomware attacks, the attack on SolarWinds, and the Ever Given have brought supply chain security, resilience, integrity, transparency, and trustworthiness into sharpened focus to a broader audience, and the many inadequacies have surfaced regarding timely access to reliable suppliers, software, and stocks of fuel, personal protective equipment, micro-electronics, medical devices, and food supplies, to name a few.

At the same time, the computerization of everything gave rise to pervasive cyber threats for more and more of the capabilities and infrastructure we and our organizations rely upon to function – including those stemming from vulnerabilities inherent in repurposed software of often dubious provenance and unknown pedigree. Further complicating this landscape is the increasingly globalized nature of the technology in these systems and lack of transparency. Adversaries large and small seek to inject themselves into every conceivable stage of software technology development, supply, and support, for disruptive, monetary and intelligence goals of their own.

This video will discuss the capabilities emerging across industry and government to assess and address the challenges to providing trustworthy software supplies with assurance of integrity and transparency to their composition, source, and veracity – the building blocks of software supply chains we can gain justifiable confidence in at scale and speed.

Close Menu