Blog

Zephyr Project RTOS – First Functional Safety Certification Submission for an Open Source Real Time Operating System

By February 14, 2019 No Comments

Written by Amber Hibberd, PhD. Functional Safety Engineering Manager at Intel and a member of the Zephyr Project 

A free, open source RTOS… that aims to be safety-certified!

The continued growth of connected devices has exposed a clear gap in the IoT market: the need for a free, permissively licensed, open source real time operating system that has achieved functional safety certifications from the International Electrotechnical Commission (IEC) and the International Organization for Standardization (ISO).

The Zephyr Project aims to meet this need and plans to be the first in this category to submit its core OS, encompassing the kernel and OS services of the long term support (LTS) release for certification. These certificates are important as they indicate a product has undergone careful review and testing and is deemed trustworthy in safety-related systems.

WHAT IS FUNCTIONAL SAFETY?

According to the IEC, “Functional safety relies on active systems, for example the detection of smoke by sensors and the ensuing intelligent activation of a fire suppression system.”* Additionally, “Functional safety is intrinsically end-to-end in scope in that it has to treat the function of a component or subsystem as part of the function of the entire automatic protection function of any system.”**

Another aspect is the degree of safety provided. The IEC defines safety integrity levels (SIL), and ISO specifies automotive safety integrity levels (ASIL). Essentially, these measure the probability of dangerous failure. The IEC 61508 standard defines four levels, with SIL 4 the most dependable and most stringent. Zephyr RTOS will target SIL 3 for hardware systems that include Zephyr software. This addresses the vast majority of device use cases designed for functional safety. Specific to automotive, we will submit for ISO 26262 ASIL D to qualify for use in many autonomous automotive systems.

WHAT IS ZEPHYR DOING?

Zephyr certification scope is for the core OS, encompassing the kernel and OS services, across select architectures. Zephyr has a number of RTOS elements that remain out of scope for the first submission, like platform drivers, board support packages, platform specific power management implementation, file system and sensor driver implementations.

The Zephyr Project has begun working through the challenge of developing a functional safety certified RTOS in an open source environment. We’re working with a certification authority to ensure we have the foundation in place for submission. A key aspect of open source is to invite community contributions. We are modifying our development processes to retain community involvement while also ensuring tight process control and development tool analysis needed for high integrity code. Open source can, in some cases, be safer due to the transparent nature of the development and the number of eyes on the code coming from diverse community perspectives.

Zephyr RTOS functional safety assessment is happening in 2 phases: the concept review and functional safety management phase, and the detailed test phase. Phase 1 covers, for example, Zephyr software safety requirements and architecture specifications, as well as verification and validation plans. Phase 2 covers testing at all levels of the software (e.g., software module, software integration), fault injection testing, and coding guideline compliance. In the end, certification will establish software fault avoidance and control measures to the target integrity level.

WHAT CAN DEVELOPERS EXPECT?

Our LTS release will be available to developers mid-year. This is a great way to begin testing and prototyping on the cert submitted code. Once we complete the certification, product designers can use the final Zephyr OS kernel that is safety compliant to create their system of hardware and application software. This will shorten the path when building a product requiring functionally safe environments.

We look forward to supporting industrial, automotive, smart city and other product developers as they integrate the Zephyr RTOS into their safety-driven solutions. Contact us through the Zephyr website for more information on our free, safety-certified RTOS. We would love for you to use our code in your products!

To learn more or ask questions, sign up for the Zephyr Project Slack Channel: https://zephyrproject.slack.com/. Or, if you’re attending Embedded World on February 26-28, visit the Zephyr Project booth ( Hall 4: Stand 4-170) to ask questions and to see live demos.