First open source Linux distribution meets automotive safety requirements

Recently, a new Linux distribution has come into people's view. This distribution is not a general one, but a specialized product for a specific field - the automotive industry. The leading force behind it is automotive electronics supplier Elektrobit, who has successfully created the first open source operating system that meets the functional safety requirements of the automotive industry.

With the rapid development of the automotive industry, a significant change is taking place - the era of software-defined cars has arrived. Over the past few decades, the control of cars has gradually been taken over by electronic systems, but this control is often decentralized. Whenever a car adds new features such as traction control, anti-lock brakes, or screen instruments, an additional "small black box" needs to be added to the wiring harness.

Today, a modern vehicle may have more than 200 discrete controllers installed inside it, communicating with each other via a CAN bus network. The idea of ​​a software-defined vehicle (SDV) proposes a completely new approach. In this approach, the vehicle uses a small number of domain controllers (known as "high-performance computing" platforms in the automotive industry), each responsible for a different group of functions.

Typically, a vehicle will have four domain controllers. One is responsible for vehicle dynamics and handling, such as control of the powertrain, ABS, traction, and stability control systems. Another is focused on driver assistance systems, managing radar, camera, and ultrasonic sensors, processing data, and controlling partial or fully automated driving systems. A third is dedicated to the infotainment system, and a fourth might control the car's convenience features, such as climate control or lighting. There may also be a central controller that oversees the entire system.

This architecture will become increasingly common as automakers develop new platforms, and Audi, BMW, McLaren and Porsche are among the automakers that have models on the road or will soon have them.

Obviously, some areas have higher safety requirements than others. For example, a crash in an infotainment system might be inconvenient but would not usually be a safety issue. However, if a vehicle dynamics controller crashed, the consequences would be far more serious.

That’s why SDVs need to use safety-critical operating systems that are ISO 26262 ASIL certified where necessary. One open source Linux distribution that finally meets the requirements is Elektrobit’s EB corbos Linux for Safety Applications (it’s a long name indeed), which recently received approval from the German organization TÜV Nord. It also complies with the IEC 61508 standard for safety applications.

“The beauty of our concept is that you don’t even need to do security certification for Linux itself,” said Moritz Neukirchner, senior director for SDV at Elektrobit. Instead, an external security monitor runs within the hypervisor, intercepting and verifying kernel operations.

“When we look at how security is typically done, we look at communications – instead of certifying the communications specification or the Ethernet stack for security, you create a library of checkers on top and have a hardware anchor for checking underneath. That way you ensure end-to-end security but exclude everything in between from the certification path. We have now created a concept that allows us to do that for the operating system,” Neukirchner explained.

“So, ultimately, because we took Linux out of the certification path and made it available for use in safety-related contexts, we had no problem keeping up with the pace of the developer community,” he further explained. “Because if you start out by saying, ‘Okay, we’re going to use Linux once and for all for safety’, you’re going to have constant security patching issues and you’re going to be off schedule again, especially with the safety regulations now in effect, starting in July, UNECE R155 requires continuous cybersecurity management vulnerability scanning of all software in the vehicle.”

"Ultimately, we saw about 4,000 Linux kernel security patches in eight years. This is the challenge you face if you want to participate in the speed of innovation in the open source community. Just like Linux, now you want to combine it with security-related applications," Neukirchner said.

Elektrobit and Canonical have collaborated to develop EB corbos Linux for safety applications and will share the maintenance work to ensure that it always meets safety requirements. This milestone achievement not only brings safer and more reliable software solutions to the automotive industry, but also opens up new possibilities for the open source community in the automotive field.