Open Source and ASIL D Certification – possible?
This week the GENIVI hypervisor working group kicked off with a very detailed workshop at the GENIVI All Member Meeting in Munich. There was a great interest by automotive OEM, Tier 1, service- and software-companies.
Hypervisors play a major role in safe and secure embedded systems and the number of use cases that can be supported is large, complex and helpful for automotive projects. Consolidation of software stacks from IVI and cluster on one hardware is just one of them, but need other use cases to be supported, such as fast boot or addressing safety and security requirements. Fast boot is very specific for automotive, where e.g. a controller area network (CAN) stack has to be up below 200 msec, so that tell tales of the cluster can be addressed or park distance control activated. Here a combination with a real-time operating system like PikeOS makes sense, that can boot below 100 msec, start the critical bus networks and then boots in another partition e.g. Linux or POSIX with longer booting times up to 15 seconds. Please see also a hypervisor market overview that SYSGO presented at the meeting here (PDF).
Talking about Linux, for sure having a software stack available that offers so many features and is easy to put in place for demonstrators is very useful in automotive. Supported by the community it is an ideal solution for the outbound communication profiles in the car, as so many developers are constantly creating patches to make the stack more secure. But it is also a “beast” in a sense that it contains more than 15 million lines of code and uses mainly GPL licenses that can create quite some headaches in development or production handling.
This is even more critical when the first systems need to get certified to ASIL D for e.g. autonomous driving in Level 4 or 5. There will be software components that need to be pre-certified and homologated by the authorities. Each line of code means cost of certification. The more lines of code the higher the certification cost. This is where a micro kernel with a hypervisor makes sense, where critical applications or operating systems can run in separate (named as un-safe or un-secure) partitions.
OSADL or AGL claim working on a SIL2LinuxMP project that aims at the certification of the base components of an embedded GNU/Linux RTOS. There seems to be some progress, but is this realistic to be achievable by 2020 when all the developments of autonomous cars in L4 or 5 are fully taking off?
More information at www.sysgo.com/automotive