Bridging the Gap Between Open-Source Software and Automotive Safety Standards

Carmakers and suppliers continue to deal with challenges involving the time, resources, and costs required to build complex, next-generation software-defined vehicles (SDVs). One major obstacle to progress is the software operating system upon which all other vehicle functionality is built.

On that front, there’s been chatter for many years about how open-source software (OSS) could transform automotive as it has transformed other industries, saving them many trillions of dollars and dramatically increasing productivity and efficiencies.

OSS—specifically operating systems (OS)—represent an opportunity for carmakers to collaborate, leveraging the vast ecosystem of Linux with its developers, tooling landscape, and existing software. Direct collaboration on source code can enable quicker iteration cycles and more efficient problem-solving, which are crucial for carmakers to keep up with the competition.

However, because of the stringent operational safety needs of vehicles, open-source operating systems, to date, have only been able to be used in very limited applications in automotive, primarily infotainment systems.

In the past, the automotive industry was generally slow to embrace collaboration, as the traditional process has been based on change requests, requirements specifications, and deep supply chains. When a problem was detected or a new idea was to be introduced, it needed to propagate through many stages and gates—even for minimal source code changes. If the industry wants quick iteration cycles, collaborating on source-code level is the only way.

Why Software-Defined-Vehicle Efforts Have Failed to Date

Engineering teams have previously tried and failed to develop a safety-centric Linux-based OS for automotive by trying to insert safety functionality INTO Linux, which is costly and difficult. With each update or cybersecurity patch, Linux would need to be recertified for safety—an unreasonable task given that Linux sees approximately 500 kernel security patches per year

Most approaches have been centered around arguing why Linux is safe, despite it not fulfilling existing safety standards. As a result, we’ve seen and continue to see initiatives to rewrite safety standards to allow for such argumentation. This isn’t the direction the industry should go.

Weakening established and proven safety standards isn’t necessary to use Linux in a safety context. A new and novel approach to problem solving has resulted in an open-source OS solution that’s truly “safe” for automotive. It delivers safety functionality to the vehicle while protecting the Linux OS kernel itself.

New Approach Takes Linux Out of the Certification Path

The new OSS solution uniquely takes Linux out of the certification path. Instead, it enables safety-related applications to be executed on an industry-accepted OS solution. Engineers applied existing safety concepts known and proven in use for communication integrity and temporal integrity and applied them to the operating system.

The interactions of applications and Linux are monitored, controlled, and enforced from a hypervisor layer to ensure the integrity of safety-related applications. Safety properties are ensured for spatial integrity, temporal integrity, startup integrity, and shared memory communication.

This solution, called EB corbos Linux for Safety Applications, is the first and only open-source solution on the market with a positive assessment of technical feasibility for the safety element out of context (SEooC) based on ISO 26262 ASIL B. This assessment was made by TÜV NORD, a globally recognized Technical Inspection Association responsible for the inspection, validation, and certification of the safety of products and services.

The positive assessment of the SEooC removes the requirement to revalidate the safety for the entire in-vehicle system every time something changes about the safety element. Furthermore, the safety element is compliant with IEC 61508 SIL 2, also making it a feasible option for safety-critical use cases outside of the automotive industry.

With Linux taken out of the certification path, the new OSS solution can readily incorporate security patches and new features from the lively open-source community into safety-related systems—without extensive recertification. This is the key to efficient and cost-effective development and maintenance. In fact, the new solution comes with up to 15 years of maintenance to ensure security over the life of a vehicle—another unique industry benchmark.

Removing Linux from the certification process represents a major leap forward for automotive use. Linux is evolving rapidly due to the active community, and the automotive industry wants to participate in, and benefit from, this rapid development. If applying any changes requires a complete recertification of the system—as it does with a “typical” system—any updates, bug fixes, new functionality, etc., would be extremely costly and would invariably be associated with significant delays. Such a situation simply isn’t acceptable in automotive, especially for critical security fixes.

Furthermore, some software that’s executed in the context of the Linux kernel, e.g., device drivers, would end up being included in the certification scope. Therefore, the inclusion of drivers for specialized hardware, as is frequently the case in automotive, would become difficult.

SDV Open-Source Benefits Compared to Proprietary Operating Systems

In addition to the cost benefits inherent in a free-to-use OSS, the SEooC confirmation removes the requirement to revalidate the safety case for the entire in-vehicle system every time something is changed. Over the lifecycle of the vehicle, it’s estimated that this new technology can save up to 50% in development costs, compared to other approaches.

The overall key benefits of an open-source operating system include:

• Cost-effectiveness: Since the source code is free, OEMs can achieve substantial cost savings, especially when compared to proprietary software alternatives. In addition, because the source code can generally be freely modified and redistributed, OEMs have the flexibility to customize the software to meet their specific needs without incurring additional expenses.
• Faster development, better quality: Linux benefits from a large and active community of developers and users who collaborate to improve the software. This collaborative development model fosters innovation, creativity, and rapid iteration. Community members can contribute bug fixes, new features, documentation, and other improvements, which may lead to faster development cycles and higher-quality software. The collective intelligence and expertise of the community could result in software that’s more robust, secure, and reliable than proprietary alternatives.
• Transparency and security: Open-source software typically provides greater transparency compared to proprietary software because the source code is openly available for inspection. This transparency enhances security by allowing users to identify and fix security vulnerabilities, rather than relying solely on the software vendor. Common Vulnerabilities and Exposures (CVEs) are reported immediately when found, as the developer community is highly motivated to do so. In addition, the peer-review process inherent in open-source development helps to identify and address security issues more quickly and effectively. As a result, open-source software has a reputation for being more secure and trustworthy than closed-source alternatives.
• Familiarity of developers and tooling ecosystem: Linux, like other widely used open-source projects, brings the advantage of a larger developer community around the globe. Virtually all computer science students graduating college can start coding right away. They’re already familiar with all of the development tools, which are typically also developed open-source and evolve as quickly as Linux itself.

Rather than having to port existing Linux applications to other operating systems, automotive organizations can readily integrate those into the new open-source OS. Therefore, instead of having to get application experts as well as proprietary operating-system experts, including the synchronization across those technical teams, development organizations can tap into the “better” available Linux experts.

Linux for Safety in Automotive Action

Carmakers are now evaluating this first-of-its-kind technology for their projects, attracted to its ability to accelerate the development of advanced capabilities for vehicles. Many are frankly excited about the ability to benefit from OSS while meeting automotive industry requirements with a qualified, reliable and well-maintained solution. Potential use-cases include cockpit design and ADAS, among others. This new OSS approach provides a strong foundation to accelerate application development in an open, yet safe, environment.