We receive several enquiries a year from organisations that have experience developing embedded systems using a general-purpose OS (typically Linux™) and now need to demonstrate compliance with international safety standards (such as IEC 61508 for an industrial-control product or ISO 26262 for an automotive product).
Two main options are available for organisations that wish to employ such pre-existing software components in safety-related or safety-critical designs that are to be developed in compliance with these standards.
The first option is to test, adapt (where necessary) and document the software in order to demonstrate compliance with the standard (e.g. see ISO 26262-8: 2018, Clause 12). For a very large code base such as Linux this is simply not a practical option.
The second option is to develop an appropriate monitoring system for the Linux component: this is supported in the ISO 26262 standard by means of ‘ASIL decomposition’. We perform such monitoring using a TT Wrapper.
In this short example, we present an overview of the ways in which a TT Wrapper can be used to create ‘ASIL B Linux™’.
[This page was last updated: 2021-01-22]
Adding a TT Wrapper to Linux™
A TT Wrapper typically involves: [i] minimal changes to the Linux code or hardware; [ii] adding a low-cost MCU to the system that runs a TT software architecture and is used to monitor the behaviour of the Linux processor while the system is operating.
TT Wrappers are simple, cost-effective – and allow us (for example) to achieve ‘ASIL B Linux‘ for use in automotive designs.
Please note that TT Wrappers have many other applications (for example, in medical designs that involve ‘Software Of Unknown Provenance‘ – SOUP, and / or unqualified hardware).