Re: [SystemSafety] Critical systems Linux

Paul Sherwood

Hi again...
The question is:-
As Linux is monolithic, already written (with minimal requirements/design
docs) and not to any coding standard
How would the world go about making a Certifiable Linux?
Is it possible?
Sadly most of the followon discussion seems to have stayed only on [1] which rather reduces its impact IMO.

I cross-posted in the hope that knowledge from the safety community could be usefully shared with other communities who are (for better or worse) considering and in some cases already using Linux in safety-critical systems. For example Linux Foundation is actively soliciting contributors expressly for an initiative to establish how best to support safety scenarios, as discussed at ELCE [2] with contributors from OSADL (e.g. [3]) and others.

Perhaps I'm being stupid but it's still unclear to me, after the discussion about existing certificates, whether the 'pre-certification' approach is justifiable at all, for **any** software, not just Linux.

As I understand it, for any particular project/system/service we need to define safety requirements, and safety architecture. From that we need to establish constraints and required properties and behaviours of chosen architecture components (including OS components). On that basis it seems to me that we must always prepare a specific argument for an actual system, and cannot safely claim that any generic pre-certification fits our use-case?

Please could someone from reply-all and spell it out, preferably without referring to standards and without triggering a lot of controversy?



Join to automatically receive all group messages.