Safety Certification Challenges

From Xen

This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall. See [1] for Minutes.

We have identified the following requirements, all of them need an owner:

  • Code style requirements, a subset of MISRA
  • Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
  • Create a subset of functions that need to go through certification
  • Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.
  • Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
  • Understand how to address dom0:
  • We need a plan for a non-Linux dom0.
It looks like FreeRTOS dom0 could be a good option.
  • Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
An alternative may be a dom0-less option
Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
  • Next step (Praveen Kumar): volunteered to investigate
  • Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.
  • Next step: find a company or a certification body that would guide us through the process.


Related conversations/minutes