[trustable-software] Safety certification of Jailhouse hypervisor
Paul Sherwood
paul.sherwood at codethink.co.uk
Thu Oct 13 05:27:10 UTC 2016
Hi all,
at ELCE there has been a lot of interest in Jailhouse, a bare metal
hypervisor project originated by Siemens for industrial applications,
which is described in its readme [1] as follows:
"Jailhouse is a partitioning Hypervisor based on Linux. It is able to
run bare-metal applications or (adapted) operating systems besides
Linux. For this purpose it configures CPU and device virtualization
features of the hardware platform in a way that none of these domains,
called "cells" here, can interfere with each other in an unacceptable
way."
One of the exciting things in the context of our discussions here is
that Siemens is considering working with Linutronix to achieve SIL
certification for jailhouse, and to do at least some of this work in the
open. I'm hoping to get some of those involved to consider and maybe
apply some of the ideas we've been wrestling with here, particularly
using YAML-based tooling (eg OpenControl, Mustard) for all metadata.
In any case I think Jailhouse is an interesting project, since it
focuses only on the isolation of domains to the maximum extent that the
hardware will allow. It doesn't get involved in any of the more complex
functions provided by full-fat hypervisors like Xen. I think this
minimal approach is a good way to keep (for example) Android separated
away from (for example) the CAN bus.
br
Paul
[1] https://github.com/siemens/jailhouse
[2] https://en.wikipedia.org/wiki/Safety_integrity_level
More information about the trustable-software
mailing list