What Could Your GNU/Linux Safety Certification Route Look Like? - Some Answers from Three Years of SIL2LinuxMP

In 2015 OSADL started the SIL2LinuxMP project to specify a generic and re-usable processes to achieve certification of GNU/Linux based systems. Such systems have been certified in the past, but not that many and all of the ones we know of, were one-of certifications not generic. The SIL2LinuxMP project strives to define, implement and verify, by subjecting a realistically complex use-case to certification, that a generic set of procedures, measures and methods could be developed to allow certification of GNU/Linux based systems to mid integrity levels of IEC 61508 Ed 2. In this seminar we will present the big-picture of how we are approaching certification, main findings - some quite surprising to us - and some of the still open issues. The goal of the seminar is to present the overall work-flow in a compressed form as guidance to approaching certification of a GNU/Linux based system. While all work will be in the specific context of GNU/Linux we believe that a majority of the procedures and methods are generically applicable to many FLOSS elements. Session outline: * IEC 61508 Ed 2 'assessment of non-compliant development' overview * Overview of the reference Use-Case - Coliminder * Extensions to IEC 61508 part 1 - Selection * Compliance route overview in the context of the overall work-flow * Extensions to IEC 61508 part 3 - Method introduction and tailoring * Specific methods - Acceptance and Test Criteria - modularization of safety management - Statistic modeling of the Linux kernel - Software LOPA - system level semi-independent IPLs - Hazard driven decomposition, design and development * Major findings * Open issues * Status of SIL2LinuxMP - a bit of a speculative road-map