When embedded Linux is used in safety-critical applications, two different approaches can be taken: in the first, classic approach, the safety functions (safety island) are strictly separated from the remaining functions. This approach is often implemented with two completely separate processors. In the safety domain, different (real-time) operating systems or solutions such as QNX or VxWorks are used.

In the second, more flexible approach, the safety functions are executed on a Linux system. This system, however, is monitored by a supervisor so that it cannot influence or even disrupt the safety function in an uncontrolled way.

Safety engineering for embedded Linux-based systems

For both of the above approaches, our safety engineers and embedded Linux experts support you in selecting a suitable architecture and the associated risk analysis. Here you benefit from experience gained in several projects subject to IEC 62304 or IEC 61508 in which embedded Linux is used.

The safety engineers then also accompany the entire implementation project and the subsequent lifecycle maintenance, to ensure that not only the implementation but also the testing and safety documentation are carried out in a standards-compliant way.

Embedded Linux and safety – the advantages of working with emlix

Based on our experience across various domains, gathered over the last 25 years, we offer you support in system design that takes into account the properties of „functional safety“ and „cybersecurity“. An integrated approach is the basis for an effective overall design and a balanced consideration of mutually supportive or even conflicting requirements. Considering everything from the overall system down to the software solution helps to find efficient solutions at the appropriate levels of system abstraction.

■  Integrated safety and security concepts: today the two domains are often artificially separated (in terms of personnel), even though they have strong dependencies on one another.
■  Safety engineers and Linux/kernel experts work closely together during design and implementation. emlix has many years of experience in both areas.
■  Depending on the model of collaboration, we support you in creating the relevant safety documents
■  Solution-based design and implementation based on assessed building blocks (EN 61508, ISO 26262): building on our OS solution for functionally safe and cyber-secure systems based on Linux, we develop suitable product-specific solutions for and with our customers in the regulated environment.

Homogeneous runtime environment for critical and non-critical applications

For safety requirements up to SIL2 or ASIL B, in addition to the classic approach, there is a considerably leaner and more flexible approach in which Linux (as well as other systems) runs on a hypervisor. The decisive element, however, is the supervisor software, which also runs on the hypervisor. It ensures that the Linux kernel cannot make any unauthorised memory accesses that disrupt the safety function without this being detected immediately.

An important point here: the Linux system is not safe, and it does not need to be. It is merely monitored. This has immense advantages

■  The Linux system bears no safety burden whatsoever. It does not have to be considered in accordance with a safety standard. 
■  With only a few minor restrictions, any Linux system can be used.
■  The Linux system can be subject to standard lifecycle maintenance.
■  You obtain a homogeneous runtime environment for safety-relevant and non-safety-relevant applications
■  Developer competencies and capacities only need to be maintained for one operating system.
■  Rust, C and C++ applications can be executed directly on Linux. Other languages and compilers can be used, provided they produce Linux-compatible ELF binaries. 
■  By integrating safety-relevant and non-safety-relevant applications on one SoC, it is possible to connect both with low-latency communication and to make use of the performance reserves of a Linux system.
■  The complexity of lifecycle maintenance is considerably reduced by the homogeneous operating system platform.
■  The gap that previously existed between safety and open source solutions is thus closed.

Our portfolio of services

■  Feasibility and preliminary studies, including prototype development
■  Concept development with regard to functional safety and cybersecurity
■  Support with safety analyses
■  Requirements identification, development, analysis and selection
■  Architecture development (system and software)
■  Software component design, development, selection and configuration
■  Qualification of existing OSS software
■  Planning, organisation and documentation

What is the supervisor

The supervisor was developed on behalf of Elektrobit Automotive GmbH over several years. In March 2025, it received an initial, positive and very far-reaching assessment from TÜV Nord. This applies both under IEC 61508 (SIL2) and ISO 26262 (ASIL B, SEooC). In May 2026, the initial assessment was confirmed by a follow-up assessment.

This solution is available with immediate effect for project integrations, for example in the fields of robotics/physical AI, medical technology, industrial automation and power engineering.

 

 

More information or questions

Do you have questions about safety engineering or the safety supervisor?
Feel free to call us or send us an email. In an initial conversation we will assess together with you which approach is most efficient for you.

Your contact

You can reach our experts from the emlix Solutions team at
Tel. +49 551 304460
solutions@~@emlix.com