Software defined functionality is on the rise in various industries. Very often this is accompanied by mandatory prescriptions on functional safety and security. GNU/Linux would be an ideal fit as an embedded operating system. And it comes with a large multiplicity of customizable features, established reliability, and stability across various use cases. But what about safety and how to build safe and secure solutions based on embedded Linux that meet the requirements of accepted standards (i.e., 61508, 26262)?
The presentation describes a solution that enables the industry to make use of the benefits of open source software. It is based on a "supervisor" software layer that detects and prevents undesirable behaviors of the Linux kernel. This supervision over the Linux kernel is enabled by a hypervisor that leverages functionalities provided by the hardware platform. The approach decouples the lifecycle of the open-source Linux kernel, from that of other software elements, including the "supervisor" software layer, the hypervisor, userland libraries, and the application software itself, all of which must comply with applicable safety standards.
But safety does not come without security. And safe solutions need an adequate security concept. This mandates i.e., a modular lifecycle-management, a secure boot chain, or continuous integrity checks. CVE security monitoring as well as the supplementary Maintenance Monitoring accompany the embedded Linux solution.