Safetronic 2024: Preview
A Linux based OS solution for safety related applications up to ASIL-B/ SIL-2

Software-defined vehicles (SDV) are on the rise mostly driven by the needs that come with electrification, automation, and connectivity. Major needs are the separation of life cycles in between hardware, operating systems solutions, middleware, and application layer software as well as compute power.

High-performance computers (HPC) are the central elements of E/E-architectures that enable SDVs. And those HPCs need an adequate operating system solution. GNU/Linux would be an ideal fit for HPCs. It provides customizable features and functionalities, reliability, and stability across various automotive use cases.

Using Linux comes with many advantages. There is a large pool of developers, it is continuously maintained and has rapid evolution cycles, it supports a variety of HW, and the source code is transparent. Further advantages for utilization of a specialized Linux distribution in automotive are following:

A matter of strategy

Until now, there has been no operating system solution available that is based on Linux and complies with the mandatory functional safety prescriptions required in the automotive domain. The main reason and motivation for the work described in this presentation is to address the core question: "What is the enabler that allows OEMs, TIER1s, and integrators to utilize an automotive-grade Linux that complies with requirements given by applicable standards on functional safety, such as IEC EN61508 or ISO26262?"

The presentation describes the implementation of a strategy leading to a Linux operating system solution compliant with the mentioned functional safety standards and norms. This approach would bring the benefit of bridging the gap between the advantages of open-source software and the functional safety demands of the automotive industry providing a qualified, reliable, and extensively maintained solution. The research shows:

• core problems in engineering once aiming on a Linux for safety applications,
• selected challenges with the one or the other strategy, that can theoretically be followed,
• methods applied, that are worth being mentioned,
• a refinement on the main strategy used to get to a Linux for Safety Applications and
• selected design-alternatives.

The chosen solution is based on a "supervisor" software layer that detects and prevents undesirable behaviors of the Linux kernel. This supervision over the Linux kernel is enabled by a hypervisor that leverages functionalities provided by the hardware platform.

This approach decouples the lifecycle of the open-source Linux kernel, which remains unaffected, from that of other software elements, including the "supervisor" software layer, the hypervisor, userland libraries, and the application software itself, all of which must comply with applicable safety standards. It is worth noting that this solution is also efficient in terms of processing resource utilization.

The key takeaway for the audience is:

• An efficient Operating system solution based on Linux can be built, that is compliant to the safety requirements of ASIL B/ SIL 2, a category of a risk classification system according to the safety standard (ISO 26262/ IEC EN 61508).
• The supervision can be based on core concepts available to a Hypervisor.
• With this solution, lifecycles can be decoupled in between Linux kernel and the supervisor.