<div class='slidealt'>Experience kvm <a title='virtualization for embedded heterogeneous arm core platforms' href='/en/products'>virtualization extensions</a></div> <div class='slidealt'>Benefit from custom <a title='kvm on arm services full virtualization' href='/en/services'>virtualization services</a></div> <div class='slidealt'>KVM on ARMv7 and ARMv8 <a title='kvm-on-arm open source smu extensions' href='/en/solutions/guides/vfio-on-arm/'>IOMMU full virtualization</a></div> <div class='slidealt'>Virtualization research projects <a title='ARM multicore kvm open source' href='/en/research'>in cloud and embedded systems</a></div> <div class='slidealt'>Virtualization solutions for heterogeneous <a title='ARMv7-ARMv8 virtualization open source solutions' href='/en/solutions'>ARM multicore systems</a></div>

Virtual Open Systems Product Certificate

ISO 26262:2011 Certification

VOSySmonitor, an ISO 26262 - ASIL C certified Arm TrustZone based virtualization layer

In mixed-criticality domains, the term functional safety has become a topic of high importance. Indeed, functional safety generally means that malfunctions of the operating system, which contains mission-critical tasks, that lead to any kind of threat or even accident have to be avoided or mitigated. Therefore, it is fundamental in the field of functional safety to identify and understand potential risks and failure causes of a system. If ideally all potential failure causes are known and the consequences understood it is possible to define countermeasures. Thus, failures are detected before a hazardous event occurs and the safe state is initiated with the needed of functional safety reaction.

VOSySmonitor, an ISO 26262 - ASIL C certified Arm TrustZone based virtualization layer

In this context, many functional safety standards have been established to define the main requirements to fulfill during the development of critical systems in order to ensure a high level of reliability in the critical systems. The main functional safety standard is the IEC/EN 61508 that defines the basis for functional safety developments for E/E/EP (electronics, electronic or programmable electronic) applications. In addition, the IEC/EN 61508 is expanded by additional industry sector specific standards, such as the ISO 26262 Road vehicles Functional Safety which has been specially defined for the automotive domain.

Indeed, the automotive industry is rapidly evolving towards the connected autonomous vehicle which will considerably increase the hardware/software complexity, while functional safety will be a topic of high importance since critical features will be controlled by electronics components (e.g., autonomous driving, etc.). Thus, the ISO 26262 defines a functional safety lifecycle for each automotive product development phase, ranging from the hazard analysis and risk assessment to design, implementation, integration, verification, validation and production release.

VOSySmonitor - ISO 26262 ASIL C certification

VOSySmonitor, an ISO 26262 - ASIL C certified Arm TrustZone based virtualization layer

Virtual Open Systems sells VOSySmonitor, an hypervisor based on ARM TrustZone that enables the consolidation of mixed-critical Operating Systems (e.g., Linux-KVM along with a RTOS) on a single ARM-based platform with special attention to safety and security. This software technology is certified as a Safety Element out of Context (SEooC) in compliance with the ASIL-C requirements of the ISO 26262 standard and it ensures freedom from interferences for the safety critical partition.

In this context, Virtual Open Systems applies a strict V-Cycle compliant with the ISO 26262 standard for the development of VOSySmonitor in order to identify the potential hazards and safety requirements as well as to specify, implement and test the corresponding countermeasures that aim to prevent/mitigate failures. All of these steps are documented in the VOSySmonitor safety package that aims our customers to speed-up the integration and the certification process of a final product where VOSySmonitor is included.

As an use case example, VOSySmonitor is a perfect solution to support a modern generation of car virtual cockpit where the In-Vehicle Infotainment (IVI) system and the Instrument Digital Cluster are consolidated and interact each other upon a single hardware platform; in fact, traditional gauges and lamps are replaced by digital screens offering opportunities for new functions and interactivity. Vehicle information, entertainment, navigation, camera/video and device connectivity are being combined into displays. However, such heterogeneous information have different level of criticality and the consolidation of these mixed-critical applications represent a real challenge that must respect stringent requirements of the ISO 26262 functional safety standard.

VOSYSmonitor ASIL-C certification, ISO 26262 – Road vehicles – Functional Safety

VOSySmonitor in automotive - V-Cycle ISO 26262 Road vehicles Functional Safety

In cases where VOSySmonitor is used in other domains than the automotive, the applying certification process is facilitated as the product is already certified for ISO 26262. For instance, for a medical use-case requiring an IEC 60601 certification or for a railway use-case requiring an EN 50128 certification, and as well for other industrial use cases, a gap analysis can be performed by a certification company, thus avoiding a certification process from scratch.

Virtual Open Systems Contact

For any inquiry related to VOSySmonitor product and its safety package you can contact us.