 So now shall check but working okay, okay, so thanks again and Welcome to the torque elisa Insights and abling Linux in safety applications So it's already in the know where the acronym stands for my name is flip. I'm working for Bosch and I'm also TSC member of the Elisa project. I'm leading the automotive and systems work group there and He'll be guided through the project in the next half an hour to see the inside of the different work groups how they interact and Which use cases we address first of all Yeah, as we talk about Linux and safety critical systems. It's important to understand The safety of a system sufficiently and basically it's not only safety whenever you do a product you should have decent good understanding of the system and when you understand the system you also need this context of the system and Which role the Linux actually plays in and you will soon figure out that Linux? I mean you all know that Linux is quite a bunch of lines of codes and a lot of elements subsystems in there So you need to see if you want to go into safety or maybe go for security You need to look into which components are actually relevant. What are the pain points where you need to get in which features can support? argumentation and Yeah, then if you look into safety standard, there's also more there's Documentation processes requirements traceability through the whole stack and also this is something where you need to identify Where gaps come in if you compare Linux to a traditional Safety critical as you know that they normally come with hard real-time capabilities. We know that pre-mdr Tr patches are in the kernel these days, but well some people say hardware real-time you only achieve when you do it bare metal and What the commercial as also typically bring us that they have a proven safety compliant development process If these systems are now let out to the world of complex multi-core multi-level cache processors They don't look that good anymore in many fields Especially if you just do a direct benchmark compared to Linux because there's an enormous development ecosystem We know how security is handled that of course there are vulnerabilities, but there's a lot of people fixing it Yes at the multi-core support and the Real large amount unmatched hardware support which you have right you find so many devices You can just put Linux on try it with your favorites a commercial artist and ask them if it's already has a board support Mostly wait quite some time and what I really favor also that Linux brings a lot of expertise insecurity in Development whatever if you have a network driver with so many maintainers and so many good networks Relationships so that you can just ask people for it and this gets much smaller if you come to the commercial side so for this Elida has now started to take the mission and look for certain elements processes tools which can be used in Linux based safety critical systems and Yeah, bring them and make them amenable to safety certification, right? So let's let the end where we want to go to and Yeah, the scope basically reflect this as well So it's a lot of software development tools processes also documentation is very important I guess it's something which pops up in many other talks as well And by this we hope that a lot of others are enabled from The perspective of goals right we they look quite similar to the mission but it's really the enablement of companies and integrators to build up systems and to See that the work what we are doing will also be accepted from the open source community Especially if you want to change processes or at testing things so put a little higher burden on some things Which may be needed for safety, but also get the safety community awareness what all has been established in open source and What Linux can do or not can do and their regulation standardization they go in a similar direction then Right and for this we look how we can have a reference system, which then can also be put to safety and integrity standards so that you can have a good fit on this so Yeah, I Guess that a path forward is needing to close also all the gaps we have and to understand which risks are in Linux based systems and how we can tackle them and We need to understand the Linux create safety criticality system elements in here so It has to be that that we cannot do certain things We will not be able from Elisa to engineer your system to be safe Because this would mean we would know your use case. We know your environment and everything around it so we simply cannot do this and cannot prepare an out-of-the-box safe Linux and If we provide tools, it's also in responsibility of you to use and to understand the methodology and the processes behind it and I guess it's also quite Normal for a lot of other things which you're doing if you don't understand what you do there's a high risk that something fails and this is very very critical and essential for safety that you get the full understanding and There have been attempts in the past and this question comes up quite often Will you create an out-of-tree module then which is just having all the elements and it's safe? But you know how many fixes get in patches get in into a kernel and while you then still need Updates in there Continuously so therefore it doesn't make sense to certify just a certain version long I heard once a story I don't know if it's an urban legend or not that there was the attempt to Certify it to the forekernel and they made a long long way forward Even if they were not the standard as such available and at the time where they came to point that yeah We have safe kernel 2.6 came out and all their business cost case was gone so yeah, so there's a lot of Responsibility at your hand as well, but what we can do we can tackle this together because the demands are very similar and for this we gained a good momentum from a lot of partners, so we have at least our members from Various different Business areas from groups who have recently also Boeing from aerospace joining which is a nice thing we have automotive which is strong and Also a good support from the Linux community Right, we have some associate members also with university partners and industry partners Which are not listed here like you L Ozil and the civil infrastructure platform project which basically sent the message we support you in whatever you do Yeah from a technical strategy The Elisa basically tries to get delivers mainly focus on the Linux kernel For now, we know there's much more if you read the technical white paper, which is available on the web page You will find the glibc for example is mentioned as a crucial element And we need to go up the path But in the end whatever you write needs to path the kernel and get down into the system So for this we currently look into these elements and see what system integrators can use and of the still rules And this way the different working groups settle together The use cases automotive and medical they drive the whole activities. They provide insights ideas demands and then we have elements where safety architecture looks a lot into the kernel parts and We have an engineering process which actually more than just the processes around it's also product tooling methodologies when you analyze things The system theoretic process analysis comes in there. It's a new hazard and risk analysis technology and Yeah, Linux features for example is also Something where it's really on elements very specific features Which will help you in an argumentation for safety in the kernel without saying if you have this feature. It's safe But it's just tells you more about the do's and don'ts and this then gets into a Systems where a group that in there which basically tries to Couple a reference system out of it Right. Yeah, the white paper is there It summarized and give some more insights of what I've just prevented and All this work which is in there is going through a TSC Are I guess it's typical idea for taking steering comedy what I want to mention that it's really open as such we meet every second Wednesday and You can simply join you can bring in ideas and what we also have that you don't need to be a member to become a TSC member So we have really Community members which just made it as TSC members and we make also sure that the things get together So some recent activities Worst to align that we come to more common set that you If you go to one GitHub repo of the one work group that it looks similar to another GitHub repo that we have Similar documentation available and follow certain style that we use the same rules a lot of things which are just processes Which are important anyway for safety and here we plan workshop the round this we have one in Manchester in person next week and Also the approval of new work groups is important Talking about work groups. I have seen the small icons in there We have Safety architecture work group which really looks into Linux subsystems and see which components are supporting Safety where safety related functionality non-safety related functionality for example looking into Watchdog how does a watchdog support things how is memory management done or other elements in here? And also they took the automotive use case of telltales, which basically warning signs in cars At the first approach to look into what is really affected in the kernel, right from the Linux features This is really the feature part similar if you think about security You know that you kind of see groups namespaces all these kind of things which are typical elements Which you have in security and the Linux features sub Group or working group also check that how can you do things what is important for memory management fault handling? Is there something what you should do in kernel configuration or what you should avoid and? Be giving bits and pieces and I think that's very crucial for the whole thing because it gets you closer to Something which you can experience earlier rather than waiting years for certification or waiting years for something else to be visible because sometimes or often safety just takes some time and This should help also others to directly experience something right For the workgroup itself for the Linux features It's also that they look for a good support They really open to get more insights and I don't know is there anyone here who brings a lot of safety experience from the past or Linux kernel experience, and then it's nice to just say well here I know this maybe from security or from another perspective I've used this in the company to just get in safety elements, and it's really the also request to just look into this and see how we can get elements right and Yeah, I think we had this also in the first page a little bit There's certain example which features can be used and we want to demonstrate this by a reference that we can see okay Here's something to check out and look at could be memory protection of old handling other parts and right this Linux features was a split of a former Development process workgroup, and we have a second Step or second path in there, which is the open source engineering process as such within this There's an idea to identify processes techniques to apply safety engineering principles and We see here strong interaction is also done with other workgroups So a lot of SDP a analysis which we use to analyze Module systems subsystems coming here. They supporting this a lot and bring also the tools along was it and the approach is that They select a certain Linux topic or feature and this is to become in the cooperation with other workgroups you Then conduct safety studies for this selected topic to answer question like what are the risks in there? How the risk our address how we can reduce the risk what could go wrong and so on and but this really be formal Techniques help to visualize these elements and then they also try to see that we have a real good process around it that All workgroups act in a similar way, which you can then also use in your company to proceed and Then also from tooling perspective because not only the Linux part It's also the tools which are used to create your Linux system, right? There's also something this goes along there and Yeah, use a similar methodology both in both ways to analyze your things and to improve where do you need to test? Wasn't also work is published then in the GitHub repo Right a smaller group, which calls themselves the fun group in the end. They said it's this It's one of the smallest in Elisa, but they set up code checker they set up to scaler and They look really in improving getting kernel patches also back So it's general help for any project to do these bug fixes and it helps the overall Quality of the kernel what they also have they bring experience because we have a lot of people who never submitted to a patch or work With kernel maintenance and for this they also whenever there's someone who would like to learn how things are Then they come into get game and say here's a way around it That's how you do up and they also work on a lot of documentation cleanup because documentation is also important All right, this is on the like I would say surrounding pause and I will jump over to the use cases The first use case is the medical devices working group which uses open APS This is an open source insulin pump if it on the next slide just so something about the project It's very interesting to see that this was born as open source. So basically some of the hardware elements became Had an open interface had open hardware interfaces and by this you could steer this insulin pump wire wire Signals if you have a dongle With your raspberry pi. So what they did they set up a respirator They brought some scripting which checks values put some measures in there that you not simply take like Reading multiple values from your glucose level in the blood and then decide what you do and it's for diabetes type 1 Affected person and by this you get a much better quality of life Like you don't have to wake up at night to do an insulin dose or so because you have a raspberry pi monitoring it and the really interesting part about it is that it's Yeah, it's done by open source Development by engineers by software engineers and it was not directly from a company or such and it was not It's developed with safety in mind right increasing the quality of the people and make your life more safe Because still the raspberry pi does the most an embedded job to the to the analytics Then what you can do on your own But it's not like you took any IEC standard or so in this and here the medical device work group It really looks at from a approach. They see how do we bring in what is the s from the STP? STPA and all this what does it mean for certain safety standards? Like how do we handle Linux as software of unknown provenance and check what could go wrong and Actively discussed with the community. So I see this is really a value. I Believe the automotive world is much larger than the medical and you also don't have the selling point in there So it's more the way forward But really this analysis makes it different and settles down the base what the peer will experience already know that they trust a Linux device Even if it's not certified and they say I trust this raspberry pi with a scripting on top to monitor my Glucose level and go forward. So this is what I really like You can go to the open APS web page and just so if you search and Google for open APS you find the things around and We handle this actually from the first workshop and it was really nice and because it's open It's there's no NDA. There's a Community willing to engage with you and explain things starting and all this and so on and by this There's a good way forward Maybe a little bit in contrast to what you sometimes experience and automotive Hello, yeah, okay. Hi, I think that example is an important example and it's part of it I want to focus more on what you mentioned already about bridging the gap here. Okay. We're coming from two different ends safety standards stringent requirements development processes which are Not at all aligned with how Linux is developed and on the other hand coming from the bottom up with what we know the power The features what Linux can do and where we can bring Linux and bridging that gap Okay, I'm just emphasizing that point here and it's also an invitation and Philip will get to that again at the end but I'm Planting some seeds in people's mind people who can contribute or willing to help to bridge that gap to bring together elements from both sides and to come up with practical realistic Solutions, that's what this is all about Okay Think it's still on I don't know which Mike I will go Okay, great. Good. It's lowered then I jumped into the automotive So I'm actually the lead of the automotive work group. I started during the beginning We were checking which use case will tackle and there was the a jail guys which brought in the Telltale use case or telltale typically if I say nobody knows what it is, but Simply speaking it's dashboard warning signs So it's the gear indicator the oil check engine the oil pressure or oil temperature things which come in and Why it's an interesting use cases that you see already There's a lot of spread of Linux in automotive overall maybe more for infotainment also in the cluster part But there's still the demand for safety operating system for monitoring and creating these telltale parts So it would be nice to just get over it. Well, it's not the only driver It's It's something that I can easily explain to you, right? So it's if I say you have a car you have a dashboard You're like and we're talking about this and it has a certain safety functionality because if it something goes wrong with your break And you're not informed well bad luck and Also, the nice thing is that we don't need to set up something with complex sensors actuators and so on so it's easy to More easy to understand, but it's still represent the basic challenges for more complex use cases and When what comes else and benefits is that we have limited subsystems and components compared to a complex Autonomous driving use case for example We have the very relaxed timing constraints, which means We don't need to look in the first shot into the RT Linux patches and see how they are involved in there. We can rely on something like 200 milliseconds up until half a second of response time and Yeah, and it's good to visualize and explain to others still it provides a pass forward because the Architecture if you think about someone requesting like the brake request to send a telltale It could also be your park distance control, which just Sends a signal and then you would rather having a display by having a speaker and you're almost in the same use case so from the architectural diagram and that's why you can already cover similar use cases and Then also with a rear view cameras around your parking control They have again the sensor data which you need process and then you in display You have a easy way of having a safe state safe state means like this functionality stop right and you can just be in a Safe state and this could be turning off the display for example if you turn off the display You will know something is wrong here And if you have a surround view for your camera and they just turn off the display Then you would not look at the surround view anymore But you directly look to the outside and we have a good stay for this and then this brings us into a pass forward for autonomous driving and What we figured out that the architecture how we currently look at it's really Yeah, it's a pure Linux by intention. We left things out like containers or Virtualization we just throw them beside because we said maybe in later architecture will look like this in real life But it just adds additional layers for analysts analysis for our use case And we want to see what elements are going into the Linux part but as an enhancement of this we come with the systems were a group which was Dealing with an architecture which we see in multiple areas, so it's like If you go for industrial where you have also an archers next to a Linux system If you go for medical device where you control certain data but have HMI's aerospace also has some Linux elements in there and So we said we need to come closer because when we reach a point or say what we did is a good start Let's try it out. Then someone said hey here comes reality our architecture looks much different So we are no longer there and therefore we try to get a reproducible reference system we also rise to reach out to other communities which have safety relevance in there and Interact then with projects which doing a job there And practice this mean that we started with hypervisor and our tools and RT Linux this was done by by the Xenpro or by Stefanus double in from Xen project and This we have done as a showcase for the open source summit North America But this was mainly manual Industrating a lot of capabilities which Xen has and we use this as a base to bring this forward into a proper use case and Getting this architecture fully automated so that you really would just check out something and Build your whole system with it, but also at the documentation because you may not use that fire as an artist or you may not use then as your relevant Hypervisor you want to replace maybe your AGL distro was an a purchase distro What we are doing in Bosch or take another Linux cell if you're leaving the automotive area Right, so then you would like to see these kind of things and we try to get into an opera interoperatability state that you can just plug things out and in but still Get things together and maybe create even a full automatic fully As a compliant s-bomb right if you do the software bill of material generation out of your whole system stack Which is also not that easy these days you would put all things together and say I've built an element here I've built something there and now I still need glue logic to get all my Binarys and images to the target to get all the compliance reports and so on and Actually out of this activity in the systems work group. There is currently a spin-off group We started the discussion in the systems work group figure out. It's not the best forum to discuss there and there is now Special interest group for functional safety within the spdx project, so they started a few weeks back They meet on Fridays There's the mailing list for this and this was one activity which just came out of your Lisa and we thought a better forum there and Have nice participants from other industries as well and bring it better directly into spdx right then I Said we have a strong interaction We have currently are reworked with the extent project and the Zafire project in the systems work group. We try to extend this Especially for the Zafire part because we were mainly using it but not really having strong community support with people in there but not from a technical more from the safety perspective and We also see that we promote and explain our use cases more in their community and ask them to support us We're already in interaction with the automotive grade Linux for the automotive work group But also they have an interest in bringing their different demos which have a split architecture for a cluster and For infotainment to one setup where you then have two Linux cells and an RTOS next to it Which is there for safety functionality for now. We see that the architectures which are sewn are Repeating with what's also an SDV project the software defined vehicle in eclipse have the Sophie architecture also has a lot of these elements and Well, I had a discussion like beginning of the week explaining this and I found quite nice Well, yeah, this architecture on diagram reminds me what I've drawn six years ago And I guess yes, it's still something relevant and it's still all over there And especially at devices get connected and there's so much more and if much more things to consider the architectures Just start looking like this and here I want to conclude on the systems work group part with the Quote one from George Bernard Shaw, which I really like If you have one apple and you exchange one apple with another one both of you have still one apple But if you exchange one idea with another one and both exchange an idea then each of you have two ideas And this is really where the work goes about about this collaboration And you say you bring a piece of work Which you would like to get into this project or you have ideas then just comment communicate And I guess similar what the work how the aerospace guys from Boeing came in they said there is already something Houston avionics is not that well known and while they were just promoting us last week during our virtual summit There was directly a large Chat going on was like well, we're doing something for space We are here to we will open a tool and there was really a good feedback on just saying giving a little push and Then the people come and this is now under our TSC review, so it's we need to see that we find at least sufficient people who want to support It seems to be the easy part and then you will experience the standard things like mailing list GitHub repo and starting the work and There basically this group as the initial proposal was should address every single which flies like drones personal delivery drones are space Rockets, whatever you can find of standard personal flights flight flights avionics that all these Elements should be addressed there so I Would like to really appreciate if there are people coming and I really like that the room is Quite full. There's just a few seats left on this So I hope we will also be able to enter in discussion and get the one or the other question We have a lot of knowledge base already so There is a made different mailing list for all the work groups you can just subscribe on this If you need an entry point for this, I'll show another QR code so you can just Get to the main website of your Lisa and then you can go for join or select your in the member working groups part Select your favorite work group start joining their subscribe Figure out the meeting schedules on this so that you really come to a pass where you're not sitting here And just listen what we can be able to Interact and bring your questions your thoughts your ideas your elements your Tools into this discussion and see where it can fit into the elitoscope. You want to add words Good. Yeah, so here's the QR code for scanning and If you don't want to wait until The whole thing kicks off or run until the next mail comes up There is a nice BUF session and I guess I don't need all of you because it's in the auditorium where we had the keynotes so it starts today at 6 and Will be held by Kate Stewart SVP who is in the Linux foundation sees basically handing a lot of these activities with their fire SPD eggs Elisa of course, I for sure miss something. She's blown this embedded track and sure Khan She's currently our TSC chair. She's Colonel maintainer and also fellow of the Linux foundation So they they have this you may find one or the other slide again on this Just for picking the people up in the BUF But it's a good time to continue the discussion which maybe start here and I guess by this We have the half an hour filled for the talk time and have a like five to ten minutes more for Questions as you like Thank you. Okay. I started over there. Oh, yeah one with the red Yeah, the so the question is is there some addition when the aerospace joins to they bring the new use cases in whereas the benefits of different use cases If you just take the safety perspective, of course, they're different standards come in and you may find Standards which are more strict some are more relaxed So it gives you a migration path that you start with something smaller and have already the understanding What I heard from aerospace for example, they say we have this use case but they cannot go through the authorities and explain why the automotive use case may be similar and having the same problems and Then bring this into aerospace or another business. So there it comes in. It's a good set to compare to find repeating elements and Gain attraction so that also the other work group see like for the architecture the tools. How do I which is needed in these use cases and Yeah, that's one thing where different use cases make sense and actually we see a lot of discussion if even the warning sites For automotive are enough or if we should take a little more challenging use case and peril Just to be more on this autonomous driving large motion, which is currently going on Yeah, there was another question two rows behind you. So I Would say it's not seeing by how so you're asking like How are I need to repeat again? Oh, okay. Yeah, you seen if we challenge the snow certification process by Going into the use case. Actually, it's no I wouldn't say it's it's not like this We have the use cases because they are needed to certain safety standards to have this whole story to get all this generated I guess we have a lot of things to do and Convincing authorities and showing how open source because the open source is so much different from what you would normally expect from Safety standard which starts from you write down your requirements. You write your architecture If a model-based design, then you generate your code, then you start the testing part So you're going the waterfall of the V model I'll try with the Linux kernel part It's quite a different way. Also, you need to show that the people bring the competencies and so on so we Look into one element We look into this how we can bridge this gap and see how can you argue and how can you give an argumentation? Then we know that it was improvement needed for the kernel part. So we're improving there with certain tools and Then what I also like from the automotive side, I'm treating you something that I'm going away from any kind of standard I just say if I'm Making my use case such good that nobody comes and say well, you know, you missed this and this is not safe But I can say we could use and make use of this whole thing. I'm not sure if we ever achieve this In our group, why if I need the support by integrator or a commercial product provider because they're much closer to real Architecture real hardware will use case, but if you just say this is the concept and you find no flaw in this why it's not safe then it's a little independent from the overall authorities or so and We have You can grab the mic grab get with the architecture work group lead. So I think can you switch on the No, no, yeah, that's good So no, yes. So the idea is not not to challenge the standard. It's not to adhere To the standard in a no in an orthodox way So it's more trying to find Alternative solution and every working group work on its own scope So for instance the automatic working group will try to figure out like possible solution more at system level In the architecture working group we may go down inside the kernel in a specific context in the Linux feature for safety Working group, you know, they you know, we evaluate different specific techniques. So it's more Investigating possible tailoring's let's put it this way. Yeah, that could be effective Just add on what Gabriel said it's more about collaboration communication evolution. We can call it even certainly not challenging Okay, this is something which will happen with time But it can only happen with what we've been calling bridging the gap more communication and collaboration and Comment understanding. Okay, and that's really what we're trying to promote There's another question in the back Okay, make a trap It's a trap question Just the last five words safety which Yeah, right. So the question is this the trap question is as we were talking about tools, but not much about tool qualification what the past and there how we go forward on this and There are actually already Tools in this context. So there is a nice talk from Paul other teller Which we had you can find it on YouTube from one of the last summits They did the rough the approach and the tool qualification on elements and you will also find other tool qualification like for for cute It's not from Elisa, but there is this cute rendering engine and this was Qualified so the quality safety qualified as a tool qualification. So in this way there are certain first step in this But you need to see when you go into tool Qualification you really need to take the tools which are modifying your source code like Your document reader is not the one which you need to qualify, right? And it's mainly in the rate the tricky question Maybe the compiler part for example, how do you get the safety compiler in where how do you bring this in because it's standard Can you GCC will not be compliant on this and also take some time? Yeah, the time frame the time frame on how long this will take for tools this depends I mean you can do certain hours you can do to cool qualification and It depends on the which tools you mean and Right, so which time it would fit to hit A's will be yeah, it's it's a little bit of trap question then really Anyway, I will answer with a trap question trap answer then a little bit we would have been we are much faster when you start to contribute to our work and if we see the open culture which we bring also from the industry because if we don't need to Create tools if we don't need to do the architectural concept but simply use what's out there from all the different industries and Where industry part would just open their safety Architecture their safety documents and their tools they're using Then we're very fast Good. I guess we have one more minute. So if there is a last question from anyone Well one last question for true The question is if there is a list of what needs to be done to get safe Linux There are actually Companies which work in the direction. They have good roadmaps. I guess on their safe Linux strategy we are preparing also a roadmap on how we proceed in a in Elisa and We get this question more often and we were so much into our working group that we currently bring them together Toward the roadmaps because these are milestones which we need to see and there's not a defect Just check the list where you can say if I've done this this isn't this we're not in the state yet and not preparing it so it's because we want to enable others and You need to bring a strong safety process a strong safety experience also in your company to move to Linux and Most likely not saying I've never done something with safety So I take the Champions League and just start with Linux in it It's most likely much better if you have already system where Linux is involved where you have safety from another domain And that you get more and more responsibility Into your Linux system that's the way how I would say and then you have a lot of these things in the house But you don't know how it fits to open source and that's where the work groups come into picture They really bring you things from what can you do for testing? What can you do a certain elements? What can you how can you tailor or find alternatives to the demands which the standard demand and increase the safety of the system and Fulfill whatever the standard has Give a last try. I think it's still on that. Yeah Hello. Yes, so I also want to add that we so Elisa It will it does not and it will not deliver safely in this distribution because Indeed first of all because of legal liability and you know, we will not you know We cannot make a safety claim, you know a safety game can only be done in a specific context So we deliver tools ingredients documentation That can be used by a third-party Integrator, right then Indeed the roadmap will you know make it more clear, you know, what are these tools these ingredients this documentation, but You know, we will not deliver a safe Linux This is to be good because many people come, you know and say, okay one when will Elisa they will when when will we have like a safe Linux from Elisa That's not gonna happen And it's also very hard if you would come like a safety element Argumentation you would need to go for a safety element out of context if you're talking about ISO to 6262 language and It's always assumed context. It's much more a pro interact interacting with others, right? That's it We're over almost two minutes. So sorry taking longer