During the Open Source Summit Europe 2022, AlektoMetis CTO and Founder, Nicole Pappler, Functional Safety Manager for the Zephyr Project, sat with Mike Vizard, Host, Techstrong TV to explain the significance of the Zephyr RTOS in application environments where safety is critical.
Trusting the operating system is key in a safety-critical application. To target the growing demand to have a platform agnostic and permissible licensed operating system for embedded safety-critical systems, the Zephyr Project is working on providing a release that is compliant with the most generic safety standard, the IEC 61508. In this interview, she shares why the safety topic is important, what are the challenges and how Zephyr Project is helping to accomplish safety compliances while building devices that are safety critical.
Mike’s questions spanned from what is open source to how Zephyr RTOS is involved in functional safety applications. What are the factors that make open source appealing? The attributes such as vendor neutrality, a lock-in mechanism, an open community to interact with, getting feature requests to the project, not being dependent on standard OS vendors and many more make it frontline. Isn’t that great to develop an open source software with a community like this? Does your company already work on an open-source project?
Mike further asks about the costs and processes involved in the certification. Does working together on an open-source project reduce the overall cost of the project? Does the Zephyr Project also involve the government and the product manufacturers? How rigorous is the safety certification process? Products can be marketed as best in class but they should also pass the test of reliability according to Nicole. Our goal is to mainly indicate how to provide a reliable and robust system.
To Mike’s question on what are the main things that people try to underestimate when it comes to safety, Nicole answers that “In a technical perspective, we need to have a safe product, let’s buy a bunch of safe components and plug them together and have a safe product. It’s more than that. It’s about the architecture of the complete system.”
On a more product application level, what would be the advice for developers that are using Zephyr OS on small devices that are coming under the category of functional safety?
Nicole explains that from Zephyr’s perspective, they provide information on how an application or hardware needs to work with the safety compliance of the OS. The safety document provided by Zephyr Project outlines the steps of the Zephyr Security Subcommittee towards a defined security process that helps developers build more secure software while addressing security compliance requirements.
The individual parts of the processes are:
Secure Development defines the system architecture and development process that ensures adherence to relevant coding principles and quality assurance procedures.
Secure Design defines security procedures and implements measures to enforce them. A security architecture of the system and relevant sub-modules is created, threats are identified, and countermeasures are designed. Their correct implementation and the validity of the threat models are checked by code reviews. Finally, a process shall be defined for reporting, classifying, and mitigating security issues.
Security Certification defines the certifiable part of the Zephyr RTOS. This includes an evaluation target, its assets, and how these assets are protected. Certification claims shall be determined and backed with appropriate evidence.
Towards the conclusion of the interview, you can find a very interesting section if you are looking forward to working with the Zephyr Project team, where you can learn more about how to volunteer or join this project to learn more about the safety topics, contribute or ask questions.
The Zephyr Project team is happy to cooperate with interested companies to discuss use cases and collaborations and explain the current status of the safety topics if that is relevant to your use cases.
Watch the video to learn more:
If you have any questions or comments, please reach out to the Zephyr community on the Zephyr Discord Channel.