Intel® Safety Critical Project for Linux* OS

"The Intel® Safety Critical Project for Linux* OS works to address the key gaps facing developers of future safety-critical systems, such as scalability to large multi-core systems, safe updates with the latest security fixes, and reusability. The project will provide a maintained source baseline for key Linux* operating system components, along with recommended tools and processes for delivering updates, and highly reusable safety documentation. This will help the community accelerate development of safety-critical systems."

- Imad Sousou

01

What is the Intel® Safety Critical Project for Linux* OS?

Building on the work pioneered in the SIL2LinuxMP project, Intel is announcing the formation of the Intel® Safety Critical Project for Linux* OS.


This safety critical Linux project is an open source project that will combine the best of the Linux ecosystem under the innovative development practices of the Clear Linux* OS for Intel Architecture®. The project contains in-depth hardware knowledge and the accompanying library of safety evidence and analysis providing the core building blocks required to assemble and maintain qualification-ready, functionally safe, systems.


The goal of the project is to accelerate development, and reduce generation-to-generation safety requalification effort while taking advantage of the latest safety and security fixes. With manufacturers of autonomous and safety critical systems moving towards consolidated multicore solutions, they are able to realize the cost savings of workload consolidation.

SCL Bare Metal and SCL Scenario
02

Get Started

Fundamentally this safety critical Linux project is not about changing Linux. On the contrary, the goal is to provide evidence supporting that Linux as it exists can be used in a safety critical context, and to make Linux itself better along the way.


That evidence will rely heavily on testing to standards - for example, the Single UNIX Specification, Version 4 and POSIX IEEE Standard 1003.1-2008, 2016 Edition.


If you're ready to join us in moving the industry forward with this important new project, here’s how to get involved and how to contribute to this project:


Functional and conformance testing will center on the open-source writing and contributing functional and spec conformance tests to LTP helps everyone.

Software-defined Everything

Imad Sousou

Corporate vice president and general manager of the Open Source Technology Center at Intel Corporation

03

A Letter to the Industry

Over the last several months, I have talked with many people in the industry and at Intel about a huge need we are seeing. When autonomous robots begin to work alongside people in factories, safety is critical. When cars begin to drive on our streets or drones fly without a human, safety becomes paramount. Today manufacturers are talking about building use-specific operating systems from the ground up that meet a targeted safety need. That kind of solution is expensive and not sustainable. Instead, I believe we need a Linux* OS distribution that can be used in safety-compliant solutions.


At Intel, we have started to tackle this important challenge and are excited about the possibilities. We are developing an open source project to help address this need: the Intel® Safety Critical Project for Linux* OS. This project will help manufacturers of autonomous and safety critical systems move from a system built using sometimes thousands of microcontrollers and other electronic control units, to one that takes advantage of the power, performance, and safety of a multicore solution.

FAQ

What is Intel developing for the Intel® Safety Critical Project for Linux* OS? Why now?
There is an incredible need for a software solution capable of powering complex systems with high performance computational demands and safety critical assumptions of use. To specifically address this, Intel has started work on a safety critical Linux project. The goal is to have this become the base operating system for complex Linux based systems that need to make a safety claim. If successful, it will help manufacturers of autonomous and safety critical systems move from using multiple discrete microcontrollers and electronic control units to a single multicore solution that takes advantage of its power, performance, and safety. Such workload consolidation can enable significant BOM savings along with reduced R&D costs.
This is a tremendous undertaking and there is a lot of work that must be done to make this a reality. We cannot do it alone. We are looking to developers and the industry for their help to deliver this open source system.
Why Intel?
Previous efforts have been hampered by lack of access to safety-qualifiable hardware, and the non-public safety documentation required to qualify a systematic use-case. Only a hardware vendor can provide all of the evidence and argumentation required.
Which markets are you targeting for this safety critical Linux project?
The initial targets for Intel's safety critical Linux project are autonomous and automotive systems that have safety critical assumptions of use. This can include systems in industrial drones, factory robots or full- or semi-autonomous vehicle software defined cockpits.
What specifically is Intel working on with this project?
While Intel is starting this effort, involvement from developers and the industry is imperative. The project will provide a safety critical Linux operating system, as well as work products and argumentation needed for certification. The Intel Safety Critical Project for Linux OS will be based on Clear Linux* OS for Intel® Architecture and will be designed to provide:
  • A binary distribution model
  • Packages aggregated into "functional bundles", allowing for efficient scaling
  • Software updates built into the core of the operating system distribution architecture to allow fast distribution for delivering critical fixes like security updates
  • Unique OS versioning that ensures reproducibility and traceability to the file level to support functional safety compatibility
  • Highly automated and agile workflow and release process

Our safety critical Linux project also builds upon the ACRN project, a flexible, lightweight reference hypervisor, built with real-time and safety-criticality in mind, optimized to streamline embedded development through an open source platform. This enables not only the ability to support native, bare metal solutions with the Intel Safety Critical Project for Linux OS but, also virtualized multi-OS solutions with a safety critical Linux service OS as a guest. This flexibility allows for a high degree of scalability and workload consolidation that optimizes the performance capability of a multicore processor without compromising safety.

Can you tell me more about the safety specifications work?
Our safety critical Linux project can help make it easier to create safe solutions by applying traceable rigor to the open source component selection process that includes extended analysis and targeted testing. In addition, when needed, the distribution will include components developed using a traditional, compliant development methodology for industry-specific international standards.
You mentioned documentation and tools. Where can I find those today?
Intel will continue to post updated code, tools, and documentation on this site as it progresses through its development process. If you are interested in learning more about Intel’s safety critical Linux project or how you can participate, please contact safety-critical@lists.clearlinux.org.
Will this project be Public and Open-Source?
Yes, the source tree, and the bulk of the evidence library, will be developed and hosted in the open. Only evidence tied to proprietary Intel hardware information will not be public. Common open-source licenses will be used wherever feasible.
How can I submit new code?
We are working through the acceptance criteria for submitting new code now. We will likely include a request that you also provide minimal documentation for supporting the safety claim. Please stay tuned for the specifics.
How often will the code be updated?
Once Intel’s safety critical Linux project is fully operational, new releases will be provided at the cadence of the Clear Linux project, which is currently twice per day.
Is there a mailing list I can sign up for to get updates?
Yes! You can email safety-critical@lists.clearlinux.org. Visit https://lists.clearlinux.org/ for more information.

Get in touch to learn more