There’s a new Linux distro on the scene today, and it’s a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it’s the first open source OS that complies with the automotive industry’s functional safety requirements.
One of the more interesting paradigm shifts underway in the automotive industry is the move to software-defined vehicles. Cars have increasingly been controlled by electronic systems during the past few decades, but it’s been piecemeal. Each added new function, like traction control, antilock braking, or a screen instead of physical gauges, required its own little black box added to the wiring loom.
There can now be more than 200 discrete controllers in a modern vehicle, all talking to each other through a CAN bus network. The idea behind the software-defined vehicle is to take a clean-sheet approach. Instead, you’ll find a small number of domain controllers—what the automotive industry is choosing to call “high performance compute” platforms—each responsible for a different set of activities.
Typically, there will be four domain controllers. One will handle vehicle dynamics and handling—control of the powertrain, ABS, traction and stability control systems, and so on. Another will be responsible for driver-assistance systems, managing the radar, camera, and ultrasonic sensors, processing their data, and controlling partially or fully automated driving systems. A third is dedicated to the infotainment, and a fourth might control the car’s convenience features like the climate or lighting. There also may be a fifth central controller overseeing everything.
You should expect to see this approach more often as automakers develop new platforms, and there are already examples from Audi, BMW, McLaren, and Porsche on the road or arriving shortly.
Obviously, some domains are more safety-critical than others. It can be inconvenient if the infotainment system crashes while you’re driving, but it won’t be a safety issue. But if the vehicle dynamics controller crashes, it’s obviously a lot more serious.
That’s why SDVs need to use safety-critical operating systems carrying the ISO 26262 ASIL certification where necessary. With Elektrobit’s EB corbos Linux for Safety Applications (that sure is a long name), there’s an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TÜV Nord. (It also complies with the IEC 61508 standard for safety applications.)
“The beauty of our concept is that you don’t even need to safety-qualify Linux itself,” said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.
“When you look at how safety is typically being done, look at communication—you don’t safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system,” Neukirchner told me.
“So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don’t have any problems in keeping up to speed with the developer community,” he explained. “Because if you start it off and say, ‘Well, we’re going to do Linux as a one-shot for safety,’ you’re going to have the next five patches and you’re off [schedule] again, especially with the security regulation that’s now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle.”
“In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you’re being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications,” Neukirchner said.
Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.