Difference between revisions of "Safety Certification Challenges"

From Xen
(Created page with "This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano S...")
 
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall.
+
This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall. See [https://lists.xenproject.org/archives/html/xen-devel/2018-04/threads.html#00325] for Minutes.
  
 
We have identified the following requirements, all of them need an owner:
 
We have identified the following requirements, all of them need an owner:
  
* Code style requirements, a subset of MISRA
+
* '''Code style requirements, a subset of MISRA'''
Next step: find public documents that describe the code style requirements and publish them to xen-devel
+
::* Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
 +
* '''Create a subset of functions that need to go through certification'''
 +
::* Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.
 +
::* Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
 +
* '''Understand how to address dom0:'''
 +
::* We need a plan for a non-Linux dom0.
 +
::: It looks like '''FreeRTOS''' dom0 could be a good option.
 +
:::* Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
 +
::: An alternative may be a '''dom0-less''' option
 +
::: Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
 +
::: There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
 +
:::* Next step (Praveen Kumar): volunteered to investigate
 +
* '''Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.'''
 +
::* Next step: find a company or a certification body that would guide us through the process.
  
* Create a subset of functions that need to go through certifications
 
Next step: create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point. Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
 
  
* Understand how to address dom0: we need a plan for a non-Linux dom0. It looks like FreeRTOS could be a good option.
+
Related conversations/minutes
Next step: Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
+
* [https://markmail.org/message/ejbsfpcpstwkf4qa Re: Xen and safety certification, Minutes of the meeting on Apr 4th]
  
* Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes
+
[[Category:OpenEmbedded]]
Next step: find a company or a certification body that would guide us through the process
+
[[Category:Embedded]]
 +
[[Category:Embedded and Automotive]]
 +
[[Category:Safety Certification]]

Latest revision as of 17:02, 14 May 2019

This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall. See [1] for Minutes.

We have identified the following requirements, all of them need an owner:

  • Code style requirements, a subset of MISRA
  • Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
  • Create a subset of functions that need to go through certification
  • Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.
  • Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
  • Understand how to address dom0:
  • We need a plan for a non-Linux dom0.
It looks like FreeRTOS dom0 could be a good option.
  • Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
An alternative may be a dom0-less option
Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
  • Next step (Praveen Kumar): volunteered to investigate
  • Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.
  • Next step: find a company or a certification body that would guide us through the process.


Related conversations/minutes