Will 2022 Be the Year that Embedded Will Embrace the Open Source Model?

January 04, 2022

Blog

For a few years now, using the open source model in safety-critical applications has felt like the next frontier. There’s no doubt about the diverse, innovative technologies and products that have sprung from open source software. So, it’s not surprising that the open source model has caught the attention of companies that deploy mission- and safety- critical applications, such as in the aerospace and defense, Low Earth Orbit (LEO) satellites, industrial, and autonomous vehicle industries, and made them wonder: Can we get some of that?

It’s my personal experience as the leader of an engineering team that is working on certifying code for deployment on big mission-critical programs that today’s vendors of proprietary RTOS/embedded OSs are receiving more calls from customers demanding a move toward an open source model — albeit a modified one — that builds their trust and confidence that the security and safety of both software and hardware can be ensured. After all, the stakes in cases such as platforms that are involved in preserving human life and/or operating machinery closely alongside humans are high.

Needless to say, these present a different, more critical challenge of embracing open source than a streaming service, video games consoles, or mobile messaging application developed on the open source operating system.

I’m acutely aware that some folks in the industry might say this is already happening. To that I’d say that for embedded platforms that look like servers, this is true … to an extent.

The challenge remains how best to adopt and update technologies like open source hypervisors, sandboxed containers, and OSs for deployed systems that simply must work all the time in a predictable, safe, and secure way. These systems usually feature some set of resource constraints (memory, power, processing, etc.).

So, what are some of the solutions and approaches for embedded vendors to build and maintain customers’ confidence in open source used in safety-critical applications? And what does the open source trend mean for systems engineering in 2022?

The initial phase has been, in effect, a hybrid step. “Mixed Criticality Systems” (those that combine workloads of two or more levels of criticality, such as non-safety critical and safety-critical) have focused on maximizing the use of open source code (Linux, as an example) and restricting the use of proprietary RTOS applications to those that have to be taken through system certification.

Even here, there remains a significant focus on the open source code, with organizations increasingly adding static application security testing alongside quality testing in order to ensure reliable and secure operation of their embedded platforms. Both FreeRTOS (part of Amazon) and Azure RTOS ThreadX (Microsoft) have found ecosystem partners that can provide certification services for these operating systems for specific standards such as IEC61508 and ISO26262.

Like the successful business model forged by successful vendors such as RedHat, I expect that high-achieving embedded OS vendors will create revenue streams from complementary, value-added services associated with both bleeding edge and legacy variants of open source operating systems.

What we observe and what we hear back from customers is that the capabilities of open source hypervisors are yet to meet the requirements of those mission critical systems. In some cases, they are “helper” OSs running in conjunction with the hypervisor, presenting a fundamental attack surface for cyber attacks, as well as being a single point of system failure.

The challenges of supply chain disruption and government mandates associated with this, increased system complexity and, frankly, the spotlight on connected systems once they are compromised, means that the commercials associated with transitioning compelling technology into the open domain will be made available. This will require cooperation across the industry in establishing testing, controls and standards — not to take away the flexibility that open source is known for, but to balance its functionality with guaranteeing safety in the most sensitive applications.

In conclusion, the question is no longer “if” open source hypervisors will appear at the heart of mission critical systems. Open source will become more widely trusted and used for systems engineering in the next twelve months and beyond, so long as a software company can implement a business model analogous to what RedHat has done to drive Linux adoption across enterprises.