SlideShare ist ein Scribd-Unternehmen logo

TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: Towards an open source, industry acceptable high assurance OS - SFO17-218

Linaro
Linaro

Robin Randhawa presented on the potential for open source software in automotive functional safety domains. He discussed desirable attributes for a separation runtime including being open source, having a small trusted computing base, and supporting partitioning and virtualization. However, he noted additional non-technical requirements are needed like having ISO compliant development processes and a clearly accountable entity. Randhawa evaluated options like L4Re, seL4, and Xen and proposed forming a Linaro Automotive SIG to progress open source separation runtimes and help chart an strategy for open source in automotive.

Technologie
1 von 18
Downloaden Sie, um offline zu lesen
Automotive BoF Can Linux and Functional Safety Mix ? (Take 2) Robin Randhawa ARM
ENGINEERS AND DEVICES WORKING TOGETHER Recap: My objectives ● Investigate the potential for open source software in safety critical domains ● Test assumptions with key Automotive OEMs ● Select a suitable set of open source projects – if any ● Evaluate these projects at ARM ● Promote the use of suitable projects, if any, within ARM ● Work with Linaro to try and align ARM Automotive partners around these projects
ENGINEERS AND DEVICES WORKING TOGETHER Recap: Viewpoints shared at the last Auto BoF • What exactly is functional safety (FuSa) ? • What are the compute trends seen in automotives over the past decades ? • What are the primary compute partitions in a modern automotive ? • What are the sensitivities around FuSa in those partitions ? • Which partition is worth pursuing for Open Source System Software ? • Why open source at all ? • Where exactly is Linux used today in a modern automotive ? • How do proprietary OS vendors manage to run Linux and get high safety certs ? • What level of certification should we aim for and why ? • What is the right system software layer to focus on ? • What are the set of attributes this software should have ?
ENGINEERS AND DEVICES WORKING TOGETHER Desired attributes in a separation run-time* ● Open source implementation ● Small trusted computing base (in terms of LoC) ● Safety oriented architecture ● Built in security model ● Supports POSIX apps ● Supports deterministic thread scheduling ● Supports multi-core thread scheduling ● Partitioning capability using hardware assisted virtualization ● Virt machines should support multi-core guest operation ● Virt machines should support guest pass-through device access with IOMMU interop ● Inter Virt machine comms supported ● Virt machine CPU affinity expression supported * Built from discussions with and examining offerings by Tier 1 OEMs and proprietary OS vendors
ENGINEERS AND DEVICES WORKING TOGETHER What have I been doing post Budapest ? ● Added Tier-1 OEM suppliers to my list of folk to speak to ○ Which now became Tier 1 {OEMs + OEM suppliers + OS Vendors} ● Tested viewpoints with them ○ Basis for this BoF ● Began appreciating the value of consolidation ○ All Tier-1 OEM suppliers I spoke to are working hard towards consolidating compute ○ That consolidation aspiration is making them wake-up to the value/potential of open source software at the separation run-time level ○ But there are push-backs (more on this later) ● Along the way: Evaluated a bunch of interesting open source implementations ○ Minix3 ○ seL4 ○ L4Re ● The evaluations are an ongoing exercise - happy to share views – buy me beer
ENGINEERS AND DEVICES WORKING TOGETHER Important learnings from Tier-1 OEM suppliers ● Turns out the list of desirable attributes was missing a few critical ones ● In addition to these technical attributes discussed previously: ○ Open source implementation ○ Small trusted computing base (in terms of LoC) ○ Safety oriented architecture ○ Built in security model ○ POSIX compliant C lib ○ Supports deterministic thread scheduling ○ Supports multi-core thread scheduling ○ Partitioning capability using hardware assisted virtualization ○ Virt machines should support multi-core guest operation ○ Virt machines should support guest pass-through device access ○ Inter Virt machine comms supported ○ Virt machine CPU affinity expression supported ● You also need these really hard to meet non-technical ones: ○ Evidence of ISO compliant development processes ○ Accountability for the implementation ○ Blessing of a Tier-1 OEM/OEM Supplier ○ Certification friendly interfaces
ENGINEERS AND DEVICES WORKING TOGETHER Evidence of ISO compliant development processes ● Er, Yes
ENGINEERS AND DEVICES WORKING TOGETHER Accountability for the implementation ? ● You might have the coolest open-source separation run-time with a super complete feature-matrix ● No Tier-1 OEM will use it unless there is a clearly identified entity that is responsible for the safety sign-off for that run-time ● This is probably the number 1 reason why Tier-1 OEMs shy away from open source software for higher safety integrity levels ○ “When comes the time, who do I point the finger at ?” Put more appropriately: ○ “Who provides me with a sign-off on the safety certification and liability ?” ● This is also why the “Big 3” proprietary vendors thrive in this space ○ QNX ○ Integrity ○ PikeOS
ENGINEERS AND DEVICES WORKING TOGETHER Blessing of a Tier-1 OEM/OEM supplier !?! ● This is sad but there is an undeniable insecurity driven Tier-1 OEM deadlock ○ Even if you have a safety certified run-time offering, open or proprietary*, with a clearly accountable entity behind it, no Tier-1 OEM will use it, unless some other Tier-1 OEM uses it first ● The Automotive industry works on complex webs of relationships built on brittle foundations of trust over decades ● You can’t suddenly appear with new~shiny and have everyone use it ● Someone needs to take the plunge first and then a cascade may happen ● This is probably the number 1 reason why the high assurance run-time space is so fragmented with many small shops pandering their wares (mostly) aimlessly *Apart from the Big 3, of course
ENGINEERS AND DEVICES WORKING TOGETHER Certification friendly interfaces ? ● You will have lesser pain if your separation run-time is AUTOSAR compliant ● Specifically adaptive AUTOSAR ○ The spec is still baking for Adaptive AUTOSAR but jumping in early will be worthwhile ● Adaptive AUTOSAR is an OS interface for modern automotive use cases, such as: ○ Autonomous driving ○ Vehicle – to – Vehicle (V2V) comms ○ Multimedia ○ OTA updates
ENGINEERS AND DEVICES WORKING TOGETHER Is this even possible ? ● Desirable attributes in a separation run-time ○ Open source implementation ○ Small trusted computing base (in terms of LoC) ○ Safety oriented architecture ○ Built in security model ○ POSIX compliant C lib ○ Supports deterministic thread scheduling ○ Supports multi-core thread scheduling ○ Partitioning capability using hardware assisted virtualization ○ Virt machines should support multi-core guest operation ○ Virt machines should support guest pass-through device access ○ Inter Virt machine comms supported ○ Virt machine CPU affinity expression supported ○ Proof that ISO compliant development was done ○ Accountability for the implementation ○ Blessing of a Tier-1 OEM/OEM Supplier ○ Certification friendly interfaces
ENGINEERS AND DEVICES WORKING TOGETHER Maybe. Enter The Cathedral and the Bazaar (or Unicorn) ● Based on everything discussed so far, I think the ideal project would be: ○ An open source offering (of course) ○ Provably mature by way of commercial use (don’t start from scratch) ○ Has a split development model: flexible open instance + rigid closed instance ○ Flexible open instance: developed as usual in the open with community participation ○ Rigid closed instance: developed by an owning entity (possibly commercial) ○ Rigid instance aligns with the open instance at a cadence dictated by necessity and certification cost ○ The owning entity has experience with assessment and certification ○ Has ideally already been down this route before ○ Has ideally gotten the blessing of a Tier-1 OEM by way of product deployment ● An open source community helps enrich the open instance at a suitable pace by open collaboration. Everyone benefits from this instance. ● The owning entity maintains the rigid instance and takes on the certification qualification overheads. Tier-1 OEMs who want assurances engage with the owning entity (they get to point the finger). ● Everyone is happy and drives into the sunset.
ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: L4Re ● L4Re – the L4 Run-time Environment ○ A GPLv2 “microvisor” implementation by KernKonzept ● Appears to tick all the technical boxes ○ Written specifically for mixed criticality compositions (Apps with differing safety, security and real-time requirements) ○ Typical micro-kernel design (minimal trusted compute base – only does address spaces, threads and IPC in the kernel – everything else in user space (device drivers, apps, policy) ○ Provides native programming model for high criticality threads (POSIX compliant micro-apps) running directly under the microkernel ○ Provides a trusted hypervisor for rich/legacy OS’ ○ Provides a paravirtualized Linux implementation (L4Linux) – like UML but for running Linux as an L4Re process ○ Built in security architecture ○ Built in anti resource starvation architecture ● Appears to tick most of the non-technical boxes too ● Come see the L4Re session ○ “Preventing Linux in your car from killing you: The L4Re Open Source Microvisor System” ○ SFO17-416: Thursday 1100 @ Session Room 2 Cypress Room B
ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: seL4 ● Project claim: “The world’s first OS kernel with end to end proof of implementation correctness and security enforcement” ● GPLv2 implementation by Data61 ● Uses formal methods for machine checked proof of kernel implementation correctness ● Proof that the C implementation is free from classic C problems ○ Buffer and stack overflows ○ Null pointer exceptions ○ Use-after free ● Proof that there are no compiler introduced bugs ○ Uses formal models of the ISA for a given processor architecture revision ● Ticks a lot of technical boxes (virtualization, multi-core etc) ● Does not tick a lot of non-technical boxes but could be a solid longer-term open source option ● Come see the seL4 session ○ “Using math to prevent Linux in your car from killing you: The open source seL4 kernel” ○ SFO17-417: Thursday 1600 @ Session Room 2 Cypress Room B
ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: Xen ● The Xen question: Why don’t we consider using Xen ? ● Rephrase: What would it take to make Xen a high assurance separation run- time ? ○ Create a snapshot of the mainline ○ Get a Xen expert to prune Xen down to an assessment friendly LoC (~30K LoC) ○ Retrospectively create a specification of what remains ○ Maintain the pruned snapshot in lock step with this specification ○ Engage with an experienced assessor to iteratively fill in the missing bits ● This will likely not be Xen anymore in the strictest sense but it’s definitely a possibility ● You still need an accountable owner etc
ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: Jailhouse ● A lightweight (sub 10k LoC) partitioning hypervisor contributed by Siemens ● Appears to have the right features for mixed criticality compositions ● Focus is truly on partitioning and not on virtualization ● So no scheduler, no IO emulator etc ● More evaluation needed ● Problems: ○ Linux kernel linkage: Linux used for bootstrap and control of partitions ○ Perhaps the linkage with Linux could be abstracted away ? ○ Still needs accountability etc
ENGINEERS AND DEVICES WORKING TOGETHER Next steps: A Linaro Automotive SIG ● A Special Interest Group incubated by and run under the aegis of the Linaro TSC ● Aiming to get expert viewpoints to help chart strategy on the Automotive theme ● My personal views on areas that this group should focus on: ○ Assess the open auto “middlewares” (AGL, Genivi, OSADL) for ARM architecture optimisation potential, then scope out work and execute ○ Select and progress (ideally more than one) open source separation run-time ○ Work with an accountable entity to take a run-time through to certification with member participation (so focus on the engineering and leverage a known accountable entity for certification) ○ Build a mixed criticality composition and demonstrate on partner hardware (perhaps AGL in a Linux VM running on top of a separation run-time) ○ Actively reach out to Tier-1 OEMs at an engineering level to socialise offerings ● More news at the next Connect
ENGINEERS AND DEVICES WORKING TOGETHER End

Empfohlen

BUD17-TR01: Philosophy of Open Source
BUD17-TR01: Philosophy of Open SourceBUD17-TR01: Philosophy of Open Source
BUD17-TR01: Philosophy of Open Source
Linaro
 
Philosophy of Open Source - SFO17-TR01
Philosophy of Open Source - SFO17-TR01Philosophy of Open Source - SFO17-TR01
Philosophy of Open Source - SFO17-TR01
Linaro
 
Upstreaming 101 - SFO17-TR02
Upstreaming 101 - SFO17-TR02Upstreaming 101 - SFO17-TR02
Upstreaming 101 - SFO17-TR02
Linaro
 
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and ApproachesBUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
Linaro
 
MOVED: RDK/WPE Port on DB410C - SFO17-206
MOVED: RDK/WPE Port on DB410C - SFO17-206MOVED: RDK/WPE Port on DB410C - SFO17-206
MOVED: RDK/WPE Port on DB410C - SFO17-206
Linaro
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
Linaro
 
BKK16-105 HALs for LITE
BKK16-105 HALs for LITEBKK16-105 HALs for LITE
BKK16-105 HALs for LITE
Linaro
 
George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1
Linaro
 

Empfohlen

BUD17-TR01: Philosophy of Open Source
BUD17-TR01: Philosophy of Open SourceBUD17-TR01: Philosophy of Open Source
BUD17-TR01: Philosophy of Open Source
Linaro
 
Philosophy of Open Source - SFO17-TR01
Philosophy of Open Source - SFO17-TR01Philosophy of Open Source - SFO17-TR01
Philosophy of Open Source - SFO17-TR01
Linaro
 
Upstreaming 101 - SFO17-TR02
Upstreaming 101 - SFO17-TR02Upstreaming 101 - SFO17-TR02
Upstreaming 101 - SFO17-TR02
Linaro
 
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and ApproachesBUD17-104: Scripting Languages in IoT: Challenges and Approaches
BUD17-104: Scripting Languages in IoT: Challenges and Approaches
Linaro
 
MOVED: RDK/WPE Port on DB410C - SFO17-206
MOVED: RDK/WPE Port on DB410C - SFO17-206MOVED: RDK/WPE Port on DB410C - SFO17-206
MOVED: RDK/WPE Port on DB410C - SFO17-206
Linaro
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
Linaro
 
BKK16-105 HALs for LITE
BKK16-105 HALs for LITEBKK16-105 HALs for LITE
BKK16-105 HALs for LITE
Linaro
 
George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1
Linaro
 
Deploy STM32 family on Zephyr - SFO17-102
Deploy STM32 family on Zephyr - SFO17-102Deploy STM32 family on Zephyr - SFO17-102
Deploy STM32 family on Zephyr - SFO17-102
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
LAS16-400K2: TianoCore – Open Source UEFI Community Update
LAS16-400K2: TianoCore – Open Source UEFI Community UpdateLAS16-400K2: TianoCore – Open Source UEFI Community Update
LAS16-400K2: TianoCore – Open Source UEFI Community Update
Linaro
 
Development Boards for Tizen IoT
Development Boards for Tizen IoTDevelopment Boards for Tizen IoT
Development Boards for Tizen IoT
Samsung Open Source Group
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
Introduction to Linux-wpan and Potential Collaboration
Introduction to Linux-wpan and Potential CollaborationIntroduction to Linux-wpan and Potential Collaboration
Introduction to Linux-wpan and Potential Collaboration
Samsung Open Source Group
 
Internet of Smaller Things
Internet of Smaller ThingsInternet of Smaller Things
Internet of Smaller Things
Samsung Open Source Group
 
BUD17-510: Power management in Linux together with secure firmware
BUD17-510: Power management in Linux together with secure firmwareBUD17-510: Power management in Linux together with secure firmware
BUD17-510: Power management in Linux together with secure firmware
Linaro
 
LAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoTLAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoT
Linaro
 
LAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96Boards
Linaro
 
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
Linaro
 
BUD17-TR02: Upstreaming 101
BUD17-TR02: Upstreaming 101 BUD17-TR02: Upstreaming 101
BUD17-TR02: Upstreaming 101
Linaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
Linaro
 
Dragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshowDragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshow
96Boards
 
BUD17-310: Introducing LLDB for linux on Arm and AArch64
BUD17-310: Introducing LLDB for linux on Arm and AArch64 BUD17-310: Introducing LLDB for linux on Arm and AArch64
BUD17-310: Introducing LLDB for linux on Arm and AArch64
Linaro
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Anne Nicolas
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linaro
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Linaro
 
BKK16-310 The HiKey AOSP collaborative experience
BKK16-310 The HiKey AOSP collaborative experience BKK16-310 The HiKey AOSP collaborative experience
BKK16-310 The HiKey AOSP collaborative experience
Linaro
 
JerryScript on RIOT
JerryScript on RIOTJerryScript on RIOT
JerryScript on RIOT
Samsung Open Source Group
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
Linaro
 
Voxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsVoxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning Marshmallows
Ron Munitz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Deploy STM32 family on Zephyr - SFO17-102
Deploy STM32 family on Zephyr - SFO17-102Deploy STM32 family on Zephyr - SFO17-102
Deploy STM32 family on Zephyr - SFO17-102
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
LAS16-400K2: TianoCore – Open Source UEFI Community Update
LAS16-400K2: TianoCore – Open Source UEFI Community UpdateLAS16-400K2: TianoCore – Open Source UEFI Community Update
LAS16-400K2: TianoCore – Open Source UEFI Community Update
Linaro
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
BUD17-510: Power management in Linux together with secure firmware
BUD17-510: Power management in Linux together with secure firmwareBUD17-510: Power management in Linux together with secure firmware
BUD17-510: Power management in Linux together with secure firmware
Linaro
 
LAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoTLAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoT
Linaro
 
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
Linaro
 
BUD17-TR02: Upstreaming 101
BUD17-TR02: Upstreaming 101 BUD17-TR02: Upstreaming 101
BUD17-TR02: Upstreaming 101
Linaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
Linaro
 
BUD17-310: Introducing LLDB for linux on Arm and AArch64
BUD17-310: Introducing LLDB for linux on Arm and AArch64 BUD17-310: Introducing LLDB for linux on Arm and AArch64
BUD17-310: Introducing LLDB for linux on Arm and AArch64
Linaro
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linaro
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Linaro
 

Was ist angesagt? (20)

Deploy STM32 family on Zephyr - SFO17-102
Deploy STM32 family on Zephyr - SFO17-102Deploy STM32 family on Zephyr - SFO17-102
Deploy STM32 family on Zephyr - SFO17-102
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
LAS16-400K2: TianoCore – Open Source UEFI Community Update
LAS16-400K2: TianoCore – Open Source UEFI Community UpdateLAS16-400K2: TianoCore – Open Source UEFI Community Update
LAS16-400K2: TianoCore – Open Source UEFI Community Update
 
Development Boards for Tizen IoT
Development Boards for Tizen IoTDevelopment Boards for Tizen IoT
Development Boards for Tizen IoT
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
Introduction to Linux-wpan and Potential Collaboration
Introduction to Linux-wpan and Potential CollaborationIntroduction to Linux-wpan and Potential Collaboration
Introduction to Linux-wpan and Potential Collaboration
 
Internet of Smaller Things
Internet of Smaller ThingsInternet of Smaller Things
Internet of Smaller Things
 
BUD17-510: Power management in Linux together with secure firmware
BUD17-510: Power management in Linux together with secure firmwareBUD17-510: Power management in Linux together with secure firmware
BUD17-510: Power management in Linux together with secure firmware
 
LAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoTLAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoT
 
LAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96Boards
 
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
 
BUD17-TR02: Upstreaming 101
BUD17-TR02: Upstreaming 101 BUD17-TR02: Upstreaming 101
BUD17-TR02: Upstreaming 101
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
 
Dragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshowDragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshow
 
BUD17-310: Introducing LLDB for linux on Arm and AArch64
BUD17-310: Introducing LLDB for linux on Arm and AArch64 BUD17-310: Introducing LLDB for linux on Arm and AArch64
BUD17-310: Introducing LLDB for linux on Arm and AArch64
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
 
BKK16-310 The HiKey AOSP collaborative experience
BKK16-310 The HiKey AOSP collaborative experience BKK16-310 The HiKey AOSP collaborative experience
BKK16-310 The HiKey AOSP collaborative experience
 
JerryScript on RIOT
JerryScript on RIOTJerryScript on RIOT
JerryScript on RIOT
 

Ähnlich wie TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: Towards an open source, industry acceptable high assurance OS - SFO17-218

TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
Linaro
 
Davide Ricci - Continuos compliance @ Linaro.pdf
Davide Ricci - Continuos compliance @ Linaro.pdfDavide Ricci - Continuos compliance @ Linaro.pdf
Davide Ricci - Continuos compliance @ Linaro.pdf
South Tyrol Free Software Conference
 
Deploying ML models in the enterprise
Deploying ML models in the enterpriseDeploying ML models in the enterprise
Deploying ML models in the enterprise
doppenhe
 
Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...
Design World
 
LAS16-TR02: Upstreaming 101
LAS16-TR02: Upstreaming 101LAS16-TR02: Upstreaming 101
LAS16-TR02: Upstreaming 101
Linaro
 

Ähnlich wie TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: Towards an open source, industry acceptable high assurance OS - SFO17-218 (20)

TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
Voxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsVoxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning Marshmallows
 
On making standards organizations & open source communities work hand in hand
On making standards organizations & open source communities work hand in handOn making standards organizations & open source communities work hand in hand
On making standards organizations & open source communities work hand in hand
 
Davide Ricci - Continuos compliance @ Linaro.pdf
Davide Ricci - Continuos compliance @ Linaro.pdfDavide Ricci - Continuos compliance @ Linaro.pdf
Davide Ricci - Continuos compliance @ Linaro.pdf
 
Onnx and onnx runtime
Onnx and onnx runtimeOnnx and onnx runtime
Onnx and onnx runtime
 
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEOSFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
OpenChain Mini-Summit 2023 - State of Tooling in Open Source AutomationOpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
OpenChain Mini-Summit 2023 - State of Tooling in Open Source Automation
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
 
Deploying ML models in the enterprise
Deploying ML models in the enterpriseDeploying ML models in the enterprise
Deploying ML models in the enterprise
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
 
Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...Overcoming software development challenges by using an integrated software fr...
Overcoming software development challenges by using an integrated software fr...
 
“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation“State of the Tooling” in Open Source Automation
“State of the Tooling” in Open Source Automation
 
Start your open source project
Start your open source projectStart your open source project
Start your open source project
 
The Evolving Role of Build Engineering in Managing Open Source
The Evolving Role of Build Engineering in Managing Open SourceThe Evolving Role of Build Engineering in Managing Open Source
The Evolving Role of Build Engineering in Managing Open Source
 
Openoffice and Linux
Openoffice and LinuxOpenoffice and Linux
Openoffice and Linux
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 
Making the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network CommunicationMaking the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network Communication
 
LAS16-TR02: Upstreaming 101
LAS16-TR02: Upstreaming 101LAS16-TR02: Upstreaming 101
LAS16-TR02: Upstreaming 101
 

Mehr von Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
Linaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 

Mehr von Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: Towards an open source, industry acceptable high assurance OS - SFO17-218

  • 1. Automotive BoF Can Linux and Functional Safety Mix ? (Take 2) Robin Randhawa ARM
  • 2. ENGINEERS AND DEVICES WORKING TOGETHER Recap: My objectives ● Investigate the potential for open source software in safety critical domains ● Test assumptions with key Automotive OEMs ● Select a suitable set of open source projects – if any ● Evaluate these projects at ARM ● Promote the use of suitable projects, if any, within ARM ● Work with Linaro to try and align ARM Automotive partners around these projects
  • 3. ENGINEERS AND DEVICES WORKING TOGETHER Recap: Viewpoints shared at the last Auto BoF • What exactly is functional safety (FuSa) ? • What are the compute trends seen in automotives over the past decades ? • What are the primary compute partitions in a modern automotive ? • What are the sensitivities around FuSa in those partitions ? • Which partition is worth pursuing for Open Source System Software ? • Why open source at all ? • Where exactly is Linux used today in a modern automotive ? • How do proprietary OS vendors manage to run Linux and get high safety certs ? • What level of certification should we aim for and why ? • What is the right system software layer to focus on ? • What are the set of attributes this software should have ?
  • 4. ENGINEERS AND DEVICES WORKING TOGETHER Desired attributes in a separation run-time* ● Open source implementation ● Small trusted computing base (in terms of LoC) ● Safety oriented architecture ● Built in security model ● Supports POSIX apps ● Supports deterministic thread scheduling ● Supports multi-core thread scheduling ● Partitioning capability using hardware assisted virtualization ● Virt machines should support multi-core guest operation ● Virt machines should support guest pass-through device access with IOMMU interop ● Inter Virt machine comms supported ● Virt machine CPU affinity expression supported * Built from discussions with and examining offerings by Tier 1 OEMs and proprietary OS vendors
  • 5. ENGINEERS AND DEVICES WORKING TOGETHER What have I been doing post Budapest ? ● Added Tier-1 OEM suppliers to my list of folk to speak to ○ Which now became Tier 1 {OEMs + OEM suppliers + OS Vendors} ● Tested viewpoints with them ○ Basis for this BoF ● Began appreciating the value of consolidation ○ All Tier-1 OEM suppliers I spoke to are working hard towards consolidating compute ○ That consolidation aspiration is making them wake-up to the value/potential of open source software at the separation run-time level ○ But there are push-backs (more on this later) ● Along the way: Evaluated a bunch of interesting open source implementations ○ Minix3 ○ seL4 ○ L4Re ● The evaluations are an ongoing exercise - happy to share views – buy me beer
  • 6. ENGINEERS AND DEVICES WORKING TOGETHER Important learnings from Tier-1 OEM suppliers ● Turns out the list of desirable attributes was missing a few critical ones ● In addition to these technical attributes discussed previously: ○ Open source implementation ○ Small trusted computing base (in terms of LoC) ○ Safety oriented architecture ○ Built in security model ○ POSIX compliant C lib ○ Supports deterministic thread scheduling ○ Supports multi-core thread scheduling ○ Partitioning capability using hardware assisted virtualization ○ Virt machines should support multi-core guest operation ○ Virt machines should support guest pass-through device access ○ Inter Virt machine comms supported ○ Virt machine CPU affinity expression supported ● You also need these really hard to meet non-technical ones: ○ Evidence of ISO compliant development processes ○ Accountability for the implementation ○ Blessing of a Tier-1 OEM/OEM Supplier ○ Certification friendly interfaces
  • 7. ENGINEERS AND DEVICES WORKING TOGETHER Evidence of ISO compliant development processes ● Er, Yes
  • 8. ENGINEERS AND DEVICES WORKING TOGETHER Accountability for the implementation ? ● You might have the coolest open-source separation run-time with a super complete feature-matrix ● No Tier-1 OEM will use it unless there is a clearly identified entity that is responsible for the safety sign-off for that run-time ● This is probably the number 1 reason why Tier-1 OEMs shy away from open source software for higher safety integrity levels ○ “When comes the time, who do I point the finger at ?” Put more appropriately: ○ “Who provides me with a sign-off on the safety certification and liability ?” ● This is also why the “Big 3” proprietary vendors thrive in this space ○ QNX ○ Integrity ○ PikeOS
  • 9. ENGINEERS AND DEVICES WORKING TOGETHER Blessing of a Tier-1 OEM/OEM supplier !?! ● This is sad but there is an undeniable insecurity driven Tier-1 OEM deadlock ○ Even if you have a safety certified run-time offering, open or proprietary*, with a clearly accountable entity behind it, no Tier-1 OEM will use it, unless some other Tier-1 OEM uses it first ● The Automotive industry works on complex webs of relationships built on brittle foundations of trust over decades ● You can’t suddenly appear with new~shiny and have everyone use it ● Someone needs to take the plunge first and then a cascade may happen ● This is probably the number 1 reason why the high assurance run-time space is so fragmented with many small shops pandering their wares (mostly) aimlessly *Apart from the Big 3, of course
  • 10. ENGINEERS AND DEVICES WORKING TOGETHER Certification friendly interfaces ? ● You will have lesser pain if your separation run-time is AUTOSAR compliant ● Specifically adaptive AUTOSAR ○ The spec is still baking for Adaptive AUTOSAR but jumping in early will be worthwhile ● Adaptive AUTOSAR is an OS interface for modern automotive use cases, such as: ○ Autonomous driving ○ Vehicle – to – Vehicle (V2V) comms ○ Multimedia ○ OTA updates
  • 11. ENGINEERS AND DEVICES WORKING TOGETHER Is this even possible ? ● Desirable attributes in a separation run-time ○ Open source implementation ○ Small trusted computing base (in terms of LoC) ○ Safety oriented architecture ○ Built in security model ○ POSIX compliant C lib ○ Supports deterministic thread scheduling ○ Supports multi-core thread scheduling ○ Partitioning capability using hardware assisted virtualization ○ Virt machines should support multi-core guest operation ○ Virt machines should support guest pass-through device access ○ Inter Virt machine comms supported ○ Virt machine CPU affinity expression supported ○ Proof that ISO compliant development was done ○ Accountability for the implementation ○ Blessing of a Tier-1 OEM/OEM Supplier ○ Certification friendly interfaces
  • 12. ENGINEERS AND DEVICES WORKING TOGETHER Maybe. Enter The Cathedral and the Bazaar (or Unicorn) ● Based on everything discussed so far, I think the ideal project would be: ○ An open source offering (of course) ○ Provably mature by way of commercial use (don’t start from scratch) ○ Has a split development model: flexible open instance + rigid closed instance ○ Flexible open instance: developed as usual in the open with community participation ○ Rigid closed instance: developed by an owning entity (possibly commercial) ○ Rigid instance aligns with the open instance at a cadence dictated by necessity and certification cost ○ The owning entity has experience with assessment and certification ○ Has ideally already been down this route before ○ Has ideally gotten the blessing of a Tier-1 OEM by way of product deployment ● An open source community helps enrich the open instance at a suitable pace by open collaboration. Everyone benefits from this instance. ● The owning entity maintains the rigid instance and takes on the certification qualification overheads. Tier-1 OEMs who want assurances engage with the owning entity (they get to point the finger). ● Everyone is happy and drives into the sunset.
  • 13. ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: L4Re ● L4Re – the L4 Run-time Environment ○ A GPLv2 “microvisor” implementation by KernKonzept ● Appears to tick all the technical boxes ○ Written specifically for mixed criticality compositions (Apps with differing safety, security and real-time requirements) ○ Typical micro-kernel design (minimal trusted compute base – only does address spaces, threads and IPC in the kernel – everything else in user space (device drivers, apps, policy) ○ Provides native programming model for high criticality threads (POSIX compliant micro-apps) running directly under the microkernel ○ Provides a trusted hypervisor for rich/legacy OS’ ○ Provides a paravirtualized Linux implementation (L4Linux) – like UML but for running Linux as an L4Re process ○ Built in security architecture ○ Built in anti resource starvation architecture ● Appears to tick most of the non-technical boxes too ● Come see the L4Re session ○ “Preventing Linux in your car from killing you: The L4Re Open Source Microvisor System” ○ SFO17-416: Thursday 1100 @ Session Room 2 Cypress Room B
  • 14. ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: seL4 ● Project claim: “The world’s first OS kernel with end to end proof of implementation correctness and security enforcement” ● GPLv2 implementation by Data61 ● Uses formal methods for machine checked proof of kernel implementation correctness ● Proof that the C implementation is free from classic C problems ○ Buffer and stack overflows ○ Null pointer exceptions ○ Use-after free ● Proof that there are no compiler introduced bugs ○ Uses formal models of the ISA for a given processor architecture revision ● Ticks a lot of technical boxes (virtualization, multi-core etc) ● Does not tick a lot of non-technical boxes but could be a solid longer-term open source option ● Come see the seL4 session ○ “Using math to prevent Linux in your car from killing you: The open source seL4 kernel” ○ SFO17-417: Thursday 1600 @ Session Room 2 Cypress Room B
  • 15. ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: Xen ● The Xen question: Why don’t we consider using Xen ? ● Rephrase: What would it take to make Xen a high assurance separation run- time ? ○ Create a snapshot of the mainline ○ Get a Xen expert to prune Xen down to an assessment friendly LoC (~30K LoC) ○ Retrospectively create a specification of what remains ○ Maintain the pruned snapshot in lock step with this specification ○ Engage with an experienced assessor to iteratively fill in the missing bits ● This will likely not be Xen anymore in the strictest sense but it’s definitely a possibility ● You still need an accountable owner etc
  • 16. ENGINEERS AND DEVICES WORKING TOGETHER Interesting options: Jailhouse ● A lightweight (sub 10k LoC) partitioning hypervisor contributed by Siemens ● Appears to have the right features for mixed criticality compositions ● Focus is truly on partitioning and not on virtualization ● So no scheduler, no IO emulator etc ● More evaluation needed ● Problems: ○ Linux kernel linkage: Linux used for bootstrap and control of partitions ○ Perhaps the linkage with Linux could be abstracted away ? ○ Still needs accountability etc
  • 17. ENGINEERS AND DEVICES WORKING TOGETHER Next steps: A Linaro Automotive SIG ● A Special Interest Group incubated by and run under the aegis of the Linaro TSC ● Aiming to get expert viewpoints to help chart strategy on the Automotive theme ● My personal views on areas that this group should focus on: ○ Assess the open auto “middlewares” (AGL, Genivi, OSADL) for ARM architecture optimisation potential, then scope out work and execute ○ Select and progress (ideally more than one) open source separation run-time ○ Work with an accountable entity to take a run-time through to certification with member participation (so focus on the engineering and leverage a known accountable entity for certification) ○ Build a mixed criticality composition and demonstrate on partner hardware (perhaps AGL in a Linux VM running on top of a separation run-time) ○ Actively reach out to Tier-1 OEMs at an engineering level to socialise offerings ● More news at the next Connect