An nameless reader quotes a report from Ars Technica: There is a new Linux distro on the scene in the present day, and it is a bit specialised. Its growth was led by the automotive electronics provider Elektrobit, and it is the primary open supply OS that complies with the automotive trade’s useful security necessities. […] With Elektrobit’s EB corbos Linux for Security Functions (that positive is a protracted identify), there’s an open supply Linux distro that lastly matches the invoice, having simply been given the thumbs up by the German group TUV Nord. (It additionally complies with the IEC 61508 commonplace for security purposes.) “The great thing about our idea is that you do not even must safety-qualify Linux itself,” mentioned Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. As an alternative, an exterior security monitor runs in a hypervisor, intercepting and validating kernel actions.
“Once you have a look at how security is often being carried out, have a look at communication — you do not safety-certify the communication specs or Ethernet stack, however you do a checker library on high, and you’ve got a {hardware} anchor for checking down beneath, and also you insure it finish to finish however take every part in between out of the certification path. And we’ve now created an idea that permits us to do precisely that for an working system,” Neukirchner informed me. “So in the long run, since we take Linux out of the certification path and make it usable in a safety-related context, we haven’t any issues in retaining on top of things with the developer neighborhood,” he defined. “As a result of should you begin it off and say, ‘Effectively, we’ll do Linux as a one-shot for security,’ you are going to have the following 5 patches and also you’re off [schedule] once more, particularly with the safety regulation that is now getting towards impact now, beginning in July with the UNECE R155 that requires steady cybersecurity administration vulnerability scanning for all software program that leads to the car.”
“Ultimately, we see roughly 4,000 kernel safety patches inside eight years for Linux. And that is the type of problem that you simply’re being put as much as if you wish to take part in that pace of innovation of an open supply neighborhood as wealthy as that of Linux and now wish to mix this with safety-related purposes,” Neukirchner mentioned. Elektrobit developed EB corbos Linux for Security Functions along with Canonical, and collectively they’ll share the upkeep of retaining it compliant with security necessities over time.