Difference between revisions of "Safety Certification Challenges"
|Line 25:||Line 25:|
[[Category:Embedded and Automotive
[[Category:Embedded and Automotive]]
Latest revision as of 17:02, 14 May 2019
This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall. See  for Minutes.
We have identified the following requirements, all of them need an owner:
- Code style requirements, a subset of MISRA
- Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
- Create a subset of functions that need to go through certification
- Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.
- Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
- Understand how to address dom0:
- We need a plan for a non-Linux dom0.
- It looks like FreeRTOS dom0 could be a good option.
- Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
- An alternative may be a dom0-less option
- Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
- There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
- Next step (Praveen Kumar): volunteered to investigate
- Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.
- Next step: find a company or a certification body that would guide us through the process.