Dates and Events:
|
OSADL Articles:
2023-11-12 12:00
Open Source License Obligations Checklists even better nowImport the checklists to other tools, create context diffs and merged lists
2022-07-11 12:00
Call for participation in phase #4 of Open Source OPC UA open62541 support projectLetter of Intent fulfills wish list from recent survey
2022-01-13 12:00
Phase #3 of OSADL project on OPC UA PubSub over TSN successfully completedAnother important milestone on the way to interoperable Open Source real-time Ethernet has been reached
2021-02-09 12:00
Open Source OPC UA PubSub over TSN project phase #3 launchedLetter of Intent with call for participation is now available |
Linux as a real-time Hypervisor for the automotive industry
Andreas Platschek and Nicholas Mc Guire, OpenTech EDV Research GmbH
There are various reasons why utilizing Linux as a real-time hypervisor in safety critical systems might be a good idea.
The boom of virtualization in various fields of computer science started already more than 40 years [1] ago, while it has just recently been introduced into safety and
mission critical systems (ARINC 653/AUTOSAR). Under the alias IMA (Integrated Modular Avionics), the avionics industry has introduced virtualization techniques into modern fight jets and airliners, in order to fully utilize the computing power provided by modern COTS CPUs (A380/B777 [2]), to reduce weight and power consumption and encourage the reuse of software modules. Of course these savings in hardware as well as the reuse of already certified software has a big impact on the financial side of developing a safety critical software system. So far this approach of replacing federated by integrated systems has not been carried out of avionics into other fields, but we are convinced that the advantages would be very interesting in almost all of them.
A second aspect justifying this project is the fact that Linux has already been used in several different safety critical systems [3,4]. The obvious next step is to employ it as an hypervisor, in order to run several independent safety critical applications on one hardware node with appropriate isolation.
This paper presents a first step into employing Linux as a real-time Hypervisor for safety critical systems. The approach taken is to use a virtualization mechanism already available in Linux, analyze its real-time capabilities and put existing, diverse FLOSS implementations [5,6] of OSEK OS on top of the Linux Hypervisor. Furthermore, this paper determines the SIL level according to IEC 61508 that can be achieved by the proposed system. Although it cannot be expected that the resulting system is suitable for high safety critical systems, it can be expected that it can be used to run systems with lower criticality without decreasing the safety as compared to current solutions.
While the above arguments for a FLOSS implementation may seem like replacing well tested proprietary solutions by less or untested FLOSS solutions - the essential point lies in the upcoming demands for security in safety related systems. With safety related systems allowing for remote maintenance, error reporting and software update, security is becoming a major issue (IEC 61508 Ed 2 CD 2008), and that is a field where GNU/Linux not only has reached a high level of maturity (i.e. RH Distributions at EAL4 [7]) but where the necessary know-how is well entrenched in the community. Finally, with ever growing complexity of safety related systems, the ability of small dedicated teams to manage the full scope of safety at the system level are becoming less and less realistic - an open approach with community participation in the review is a potentially effective and far reaching mitigation.
[3] SICAS ECC - die Platform für Siemens-ESTW für den Nahverkehr, Peter Sieverding, Detlef John, Signal und Draht 05 2008
[4] FS20: Firecontrol System, D 100 P, Mainline Kenrel 2.6, SLIND, http://www.sbt.siemens.com/
[5] Trampoline: http://trampoline.rts-software.org/
[6] FreeOSEK: http://opensek.sourceforge.net/