[trustable-software] Safety certification of Jailhouse hypervisor

[Paul Sherwood]

Hi all,
at ELCE there has been a lot of interest in Jailhouse, a bare metal 
hypervisor project originated by Siemens for industrial applications, 
which is described in its readme [1] as follows:

"Jailhouse is a partitioning Hypervisor based on Linux. It is able to 
run bare-metal applications or (adapted) operating systems besides 
Linux. For this purpose it configures CPU and device virtualization 
features of the hardware platform in a way that none of these domains, 
called "cells" here, can interfere with each other in an unacceptable 
way."

One of the exciting things in the context of our discussions here is 
that Siemens is considering working with Linutronix to achieve SIL 
certification for jailhouse, and to do at least some of this work in the 
open. I'm hoping to get some of those involved to consider and maybe 
apply some of the ideas we've been wrestling with here, particularly 
using YAML-based tooling (eg OpenControl, Mustard) for all metadata.

In any case I think Jailhouse is an interesting project, since it 
focuses only on the isolation of domains to the maximum extent that the 
hardware will allow. It doesn't get involved in any of the more complex 
functions provided by full-fat hypervisors like Xen. I think this 
minimal approach is a good way to keep (for example) Android separated 
away from (for example) the CAN bus.

br
Paul

[1] https://github.com/siemens/jailhouse
[2] https://en.wikipedia.org/wiki/Safety_integrity_level