Difference between revisions of "Safety Certification Challenges"

From Xen
m
 
(2 intermediate revisions by 2 users not shown)
Line 4: Line 4:
  
 
* '''Code style requirements, a subset of MISRA'''
 
* '''Code style requirements, a subset of MISRA'''
::* Next step: find public documents that describe the code style requirements and publish them to xen-devel.
+
::* Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
 
* '''Create a subset of functions that need to go through certification'''
 
* '''Create a subset of functions that need to go through certification'''
::* Next step: create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.  
+
::* Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.  
 
::* Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
 
::* Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
 
* '''Understand how to address dom0:'''  
 
* '''Understand how to address dom0:'''  
::* We need a plan for a non-Linux dom0. It looks like FreeRTOS could be a good option.  
+
::* We need a plan for a non-Linux dom0.  
::* Next step: Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
+
::: It looks like '''FreeRTOS''' dom0 could be a good option.  
 +
:::* Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
 +
::: An alternative may be a '''dom0-less''' option
 +
::: Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
 +
::: There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
 +
:::* Next step (Praveen Kumar): volunteered to investigate
 
* '''Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.'''
 
* '''Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.'''
 
::* Next step: find a company or a certification body that would guide us through the process.
 
::* Next step: find a company or a certification body that would guide us through the process.
 +
  
 
Related conversations/minutes
 
Related conversations/minutes
Line 19: Line 25:
 
[[Category:OpenEmbedded]]
 
[[Category:OpenEmbedded]]
 
[[Category:Embedded]]
 
[[Category:Embedded]]
[[Category:Embedded and Automotive PV Drivers]]
+
[[Category:Embedded and Automotive]]
 
[[Category:Safety Certification]]
 
[[Category:Safety Certification]]

Latest revision as of 17:02, 14 May 2019

This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall. See [1] for Minutes.

We have identified the following requirements, all of them need an owner:

  • Code style requirements, a subset of MISRA
  • Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
  • Create a subset of functions that need to go through certification
  • Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.
  • Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
  • Understand how to address dom0:
  • We need a plan for a non-Linux dom0.
It looks like FreeRTOS dom0 could be a good option.
  • Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
An alternative may be a dom0-less option
Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
  • Next step (Praveen Kumar): volunteered to investigate
  • Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.
  • Next step: find a company or a certification body that would guide us through the process.


Related conversations/minutes