[SystemSafety] State of the art for "safe Linux"
Paul Sherwood
paul.sherwood at codethink.co.uk
Sat Aug 10 10:43:49 CEST 2024
Hi David,
Thank you for your email - pls see my comments inline...
On 2024-08-09 19:53, David Crocker wrote:
> I don't think you've said anything about the application that you are
> considering using Linux for.
True. Our customers are mainly interested in the use of Linux in
transportation systems, driven by humans or automated.
> So IMO the first question to ask is: is Linux an appropriate OS for the
> application?
True, and we have answered that in the affirmative, not least because of
the problems our customers encounter when choosing the alternatives.
> If it's a complex and primarily not-real-time application
I would say our targets usually involve many applications, some with
demanding 'real-time' expectations although in most cases I would argue
that the real goal is reliable, performant throughput.
> and you need to interface to a lot of peripherals via USB or other
> standard commercial interfaces for which there are Linux device drivers
> available
Yes, that's the kind of thing. Certainly these are connected devices, so
there is a need to mitigate against security threats on an ongoing
basis.
> and the alternative would most likely be MS Windows, then the answer
> may be yes.
I would be surprised to see anyone considering use of MS Windows in a
safety-relevant system. Has Microsoft achieved (or even attempted) any
certification for that?
> If not, then is Linux appropriate, or might it be overkill?
I would say Linux is probably overkill for a single-core microprocessor,
but worth considering in many cases where workload(s) will be
distributed across multiple cores.
> A company that I spend time working with needs to develop a new user
> interface device based on a touch screen. The choice is between:
>
> - a SoC device with 64Mb dynamic RAM running a custom version of Linux
> and using Qt as the GUI framework; and
> - a much simpler MCU with about 600kB SRAM running FreeRTOS and LVGL as
> the GUI framework.
>
> This app isn't safety-critical; but if it was then I would definitely
> recommend the second option, to simplify the certification process and
> to avoid having to maintain the Linux port.
Yes, that makes sense.
br
Paul
More information about the systemsafety
mailing list