-
Notifications
You must be signed in to change notification settings - Fork 8
Minutes 21 Mar 2024
Host: Paul Albertella
Participants: Igor Stoppa, Luigi Pellechia, Mikel Azkarate, Sebastian Hetze, Raffaele Giannessi
- Topics to propose for Elisa Workshop (Lund, 4/5 June)
- "Using Linux in a Safe System" PR
- Defining 'core' parts or functions of Linux?
- Process and criteria for adopting contributed content
Lund Workshop
-
Igor would like to present something on the topics we have been discussing
- This may be less focussed on Linux itself - more on how to make system design decisions around it
-
Core is the parts of the kernel that you can’t do without
- If you can’t solve all of the problems with the kernel, is there a way to work around them or avoid them?
- The parts of the kernel that are core, are those that you cannot avoid using (or trusting)
-
We always have a limited budget of time / resources - if I can spread these over a smaller set of components then I can potentially have greater confidence in them
- If I can design a system such that Linux does not have a pivotal role in safety, then I can spend less time showing why I believe that it is safe
-
Action Paul to propose this as topic for the workshop - with the documents as background reading for participants
-
Fits with the desire for WG coordination e.g.
- OSEP defines the approach
- Architecture WG identifies the kernel’s core components
- Features WG express these in more depth
Starting point is always the use case / application
- Not always productive to have discussions in the abstract
- Because everyone has preconceptions that mean we may talk at cross-purposes
- However, picking a concrete use case can alienate some of the participants if they don't care about it
- Igor: Pick a use case that everyone dislikes equally!
Sebastian: Document from the rail industry describing requirements on (datacenter) safety-related systems that do already run on Linux:
- https://digitale-schiene-deutschland.de/Downloads/Research%20Report%20-%20SIL4%20Data%20Center.pdf
- Sebastian working with the originators of the paper and can get more information if needed
- Igor: Would be interesting to understand their requirements and how they may align with what we are discussing
Igor: Could we try to structure review of contributions and workgroup discussions to help resolving comment threads?
- If we bring the WG to a point of consensus, then that may be a way to move forward
- If there is no argument / opposition then that is at least acceptance that we can move forward!
Igor: Likely to find (with Linux) that you may find a direct conflict between safety and security in the design choices that you have to make
Sebastian: Agree that it is better to be suspicious / untrusting of Linux as a starting point
- It may be possible to argue that we trust some aspect, given a set of constraints and a specified application, but starting from a position of doubt is essential
- Increasing demand for the use of Linux in safety use cases reflects the need for (especially performance) features that are best served by Linux. We therefore need to understand how to architect systems such that we can take advantage of these features, without compromising the overall safety of those systems