Safety Certification Challenges

From Xen
Jump to: navigation, search

This page captures the efforts to certify Xen on ARM for ISO 26262 ASIL B. Discussions happen during the regular Xen on ARM Community Calls organized on xen-devel by Stefano Stabellini and Julien Grall. See [1] for Minutes.

We have identified the following requirements, all of them need an owner:

  • Code style requirements, a subset of MISRA
  • Next step (Lars): find public documents that describe the code style requirements and publish them to xen-devel.
  • Create a subset of functions that need to go through certification
  • Next step (Stefano): create a small Kconfig for Xen as a reference, using Renesas Rcar as starting point.
  • Start a discussion on which features we need to have. For instance real time schedulers might be required in some configurations but not all.
  • Understand how to address dom0:
  • We need a plan for a non-Linux dom0.
It looks like FreeRTOS dom0 could be a good option.
  • Next step (Artem): Find out more information about FreeRTOS on Xen. Reach out to people that worked on it (Dornerworks? Galois?).
An alternative may be a dom0-less option
Until now, we discussed this topic under the name of "create multiple guests from device tree". There are no patches (as far as I know), but it was submitted as the Xen on ARM project for Outreachy this year.
There are patches for a different project to setup shared memory regions from the xl config file (no need for grant table or xenbus support).
  • Next step (Praveen Kumar): volunteered to investigate
  • Create artifacts, such as docs, fault analysis, prove fault tolerance, safety management docs, document development processes.
  • Next step: find a company or a certification body that would guide us through the process.


Related conversations/minutes