Red Hat's RHEL-Based In-Vehicle OS Attains Milestone Safety Certification (networkworld.com) 36
In 2022, Red Hat announced plans to extend RHEL to the automotive industry through Red Hat In-Vehicle Operating System (providing automakers with an open and functionally-safe platform). And this week Red Hat announced it achieved ISO 26262 ASIL-B certification from exida for the Linux math library (libm.so glibc) — a fundamental component of that Red Hat In-Vehicle Operating System.
From Red Hat's announcement: This milestone underscores Red Hat's pioneering role in obtaining continuous and comprehensive Safety Element out of Context certification for Linux in automotive... This certification demonstrates that the engineering of the math library components individually and as a whole meet or exceed stringent functional safety standards, ensuring substantial reliability and performance for the automotive industry. The certification of the math library is a significant milestone that strengthens the confidence in Linux as a viable platform of choice for safety related automotive applications of the future...
By working with the broader open source community, Red Hat can make use of the rigorous testing and analysis performed by Linux maintainers, collaborating across upstream communities to deliver open standards-based solutions. This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance. Red Hat In-Vehicle Operating System is poised to offer a safety certified Linux-based operating system capable of concurrently supporting multiple safety and non-safety related applications in a single instance. These applications include advanced driver-assistance systems (ADAS), digital cockpit, infotainment, body control, telematics, artificial intelligence (AI) models and more. Red Hat is also working with key industry leaders to deliver pre-tested, pre-integrated software solutions, accelerating the route to market for SDV concepts.
"Red Hat is fully committed to attaining continuous and comprehensive safety certification of Linux natively for automotive applications," according to the announcement, "and has the industry's largest pool of Linux maintainers and contributors committed to this initiative..."
Or, as Network World puts it, "The phrase 'open source for the open road' is now being used to describe the inevitable fit between the character of Linux and the need for highly customizable code in all sorts of automotive equipment."
From Red Hat's announcement: This milestone underscores Red Hat's pioneering role in obtaining continuous and comprehensive Safety Element out of Context certification for Linux in automotive... This certification demonstrates that the engineering of the math library components individually and as a whole meet or exceed stringent functional safety standards, ensuring substantial reliability and performance for the automotive industry. The certification of the math library is a significant milestone that strengthens the confidence in Linux as a viable platform of choice for safety related automotive applications of the future...
By working with the broader open source community, Red Hat can make use of the rigorous testing and analysis performed by Linux maintainers, collaborating across upstream communities to deliver open standards-based solutions. This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance. Red Hat In-Vehicle Operating System is poised to offer a safety certified Linux-based operating system capable of concurrently supporting multiple safety and non-safety related applications in a single instance. These applications include advanced driver-assistance systems (ADAS), digital cockpit, infotainment, body control, telematics, artificial intelligence (AI) models and more. Red Hat is also working with key industry leaders to deliver pre-tested, pre-integrated software solutions, accelerating the route to market for SDV concepts.
"Red Hat is fully committed to attaining continuous and comprehensive safety certification of Linux natively for automotive applications," according to the announcement, "and has the industry's largest pool of Linux maintainers and contributors committed to this initiative..."
Or, as Network World puts it, "The phrase 'open source for the open road' is now being used to describe the inevitable fit between the character of Linux and the need for highly customizable code in all sorts of automotive equipment."
Re: (Score:2)
ftfy.
Re: (Score:2)
(just helping to continue the thought)
Re: Linux is. (Score:2)
Re: (Score:2)
What is used today? (Score:2)
So what is used today in cars for the "infotainment" system?
Re: (Score:2)
Anything. The infotainment system is not considered a safety system and does not need to be certified.
This is for control systems. Those are usually real-time operating systems [wikipedia.org].
Re:What is used today? (Score:5, Informative)
Anything. The infotainment system is not considered a safety system and does not need to be certified.
This is for control systems. Those are usually real-time operating systems [wikipedia.org].
You are thinking of the past, not the future. The past is a world where we had ROTS running the instrument cluster and the safety critical applications, and the infotainment system was a completely separate piece of hardware and software doing non-important stuff. The future is ... well now, the kind of situation where critical vehicle information is shared with non-critical functionality. The modern car is converging to a single hardware platform with everything certified. Hardware certification is basically a done deal. Sure your safety applications such as your ABS and stability control will be segregated, but there's still an underlying hypervisor running on the hardware which will need to be certified, there's still communication between these modularised OSes which needs to be certified.
This is the reason for the push on software on the infotainment system to be ASIL-B certified. Even in my car right now through the same OS which runs Spotify I can disable traction control or lane assist or turn off autopilot. If you call me your number flashes from an incoming bluetooth call across the instrument cluster on the dashboard (instrument clusters were historically ASIL-B certified). These systems are now integrated, the lines between them blurred which is why everyone is falling over themselves to obtain certifications they previously didn't need for the non-safety side of car software.
Re: (Score:3)
Terrifying. I get that this is happening, and understand that is why they are working on the certifications... but all I can picture is a "Blue Screen of DEATH" as my brakes and steering stop working until I reboot...
Re: (Score:2)
Which is why certification is a thing. The principles behind ASIL certification are not that dissimilar to that used in any other high risk or hazardous industry. I've seen operator stations at chemical plants show BSODs before. I've seen engineering stations show BSODs before. You know what happened in either case?
Nothing.
The principles of redundancy and compartmentalisation of functionality are there to ensure that when the shit hits the fan your brakes and steering will continue to work just fine. That's
Re: (Score:2)
Also, if you wanted real time, surely you'd ditch systemd if you were interested in real time performance? No? or Microkernel as previous poster says?
Re: (Score:1)
My vehicle (2013 Ford Escape) uses some kind of a Microsoft Windows OS.
There's even a little "Powered by Microsoft" plate in the center the dashboard above the controls for the sound system and air conditioning etc.
Re: (Score:2)
That's a separate computer that is not involved in any of the safety systems of the car, so it could be running Windows 95 if they wanted to.
Enter RedHat's value proposition here: now you can just have the one computer which is certified for safety systems, as well as sandboxes all that other bullshit away from the safety systems, without having to engineer and certify the operating system yourself. You just have to certify your code running on top of it.
Re: What is used today? (Score:2)
Glad to hear it (Score:2)
because that means I can hack it and install whatever I want.
and wait for the law to declare that hacking my car is illegal.
I'll easily be dead by that time... not because I'm that old...
because it will take forever to get that thru the courts.
Re:Glad to hear it (Score:5, Insightful)
because that means my next car will run Linux.
because that means I can hack it and install whatever I want.
Only if you're an RHEL subscriber - and maybe not even then.
I fully expect Red Hat will do everything it can - dodgy or not - to keep you away from the source code, regardless of what you think the GPL entitles you to do.
Re: (Score:2)
I'm going on the assumption that some Linux Freedom Fighter who knows way more than me will open that door... and I'll just follow him thru it. I've always been amazed to hear how when some new hardware is released that
There will be legal issues looming... but it seems that the law is, ahem, rather slow to c
Re: Glad to hear it (Score:2)
Re: (Score:2)
>"I fully expect Red Hat will do everything it can - dodgy or not - to keep you away from the source code, regardless of what you think the GPL entitles you to do."
While at the same time making claims like this in the article:
"This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance."
Systemd (Score:4, Funny)
Hope it doesn’t run that version of systemd that deletes your home directory.
ASIL-B is a too low cert (Score:2)
ASIL-B is OK for turn lights and infotainment, but not for ABS breaks and airbags
Re: (Score:3)
The RedHat website doesn't seem to link to a safety manual - I'm not sure what safety requirements might be applied (or assumed) about libm...
Just saying "ASIL-B" isn't enough, you have to say "ASIL-B for this..."
Perhaps they are just claiming freedom from interference, or making claims about lack of unintended functionality. The devil truly is in the details.
Re: (Score:3)
No one is running your ABS or airbag code on Linux. That will be running on an RTOS. The car is far more complex than you think and what RedHat are trying to do is make sure they can run the systems which integrate your dash, instrument cluster, and all the things you do on your car.
Ya, but ... (Score:2)
Just wait until some technician runs "systemd-tmpfiles --purge" and your car deletes [slashdot.org] your home! :-)
Re: (Score:2)
As funny as that may sound, your car won't be running the latest unstable build of Debian (to which this "bug" is tracked), and your car technician isn't stupid enough to blindly run commands without understand what they do.
No really, it is already currently possible for a tech to kill your ECU with an ODB-II reader. If your technician ever says "Not knowing much about the the ODB-II architecture, other than that it's being used to communicate with ECUs, running a custom command to transmit value 0x03 to ad
Context ... (Score:3)
First, software safety certification is very different from hardware certification. For hardware, one can reason about random and systematic fault probabilities and rates and simulate the conditional probabilities for error propagation or at least analytically model the propagation probabilities and rates. So, one can do a FMEDA for hardware but it's much harder for software. For that reason, much of software certification is based on the software engineering process, and in my opinion, the precision in quantifying the process and the correlation between the process and the end product are both hazy.
Second, certification for both hardware and software is predominantly self-attested. It's sort of like auditing financial records. The auditor can only ask to see things that you voluntarily provide and for the most part just believe what you provide. If an FMEDA is shown, the auditor can ask questions, but there's no way for that auditor to detect fraud or made-up numbers. And the auditor is paid by you, so you can sort of guess where the motivations lie.
Third, there are some big companies that do a lot of certification and have done so for a long time, including for traditional vehicles. Exida is not one of these companies. It's a tiny company with about $18 million per year in revenue, compared to billions for the big companies.
Re: (Score:2)
Second, certification for both hardware and software is predominantly self-attested.
Err no, not for safety systems. The process almost always involves an independent certification body such as TÜV and is actually very involving. Yes a component of this is process and company practice based, but a certification body is nearly always directly involved with the hardware and software certification directly as well.
And the auditor is paid by you, so you can sort of guess where the motivations lie.
I have been on the auditing side of safety audits many times, not for cars, but for industry (common parent standard). My motivations lie in making sure my report is detailed an
Re: (Score:2)
Second, certification for both hardware and software is predominantly self-attested.
Err no, not for safety systems. The process almost always involves an independent certification body such as TÜV and is actually very involving. Yes a component of this is process and company practice based, but a certification body is nearly always directly involved with the hardware and software certification directly as well.
Yes, all auto safety certifications are based on data that is provided by the company being certified. This is always the case. There are several reasons for this. First, the design is proprietary, and no company simply says to a certifier, look at whatever you want. Second, the design is so complex that no certifier could even begin to know what to ask. Third, the modeling and analysis for safety takes far more time than whatever hours are devoted to the actual audit, so only the company is in a posit
Re: (Score:2)
The reason car companies go to TuV is because they have a name and a history. Exida doesn't.
Exida literally has hundreds of companies as customers including several fortune 500 companies and the world's single largest supplier of process instruments globally. Your ignorance, and the fact you ignored specific vs diverse markets has been noted.
Redhat is poison (Score:1)
When IBM bought redhat and terminated licenses, removed CentOS, and made FOSS take a 180 to say "WTF did you just do?" they doomed themselves.
Traitor once. Traitor always.
Nobody will do business with you. Everyone who knows you knows you are a traitor.
Die on the vine.
Re: (Score:2)
Many corporations use RHEL. I'd stick my neck out and say most do. I know mine does. The people making the decisions on which vendor to partner with don't care about the concept of software wanting to be free. They trust IBM to support them when there is trouble.
No one ever got fired for buying from IBM.
This is about the MATH library, folks (Score:2)
I mean, I don't want to dismiss the value of correctly calculating arctangents, I like trigonometric functions as well as the next bloke. But this certification has nothing at all to do with any operating system functions like real-time scheduling, device I/O, file systems, net
RHEL is the best Desktop OS (Score:1)