Date
1 - 3 of 3
[AGENDA] RE: Invitation: ELISA Safety-Architecture Weekly Meeting @ Weekly from 5am to 6am on Tuesday (PST) (gabriele.paoloni@intel.com)
|
Paoloni, Gabriele <gabriele.paoloni@...>
Hi Andreas
toggle quoted message
Show quoted text
-----Original Message-----Mmmm I dont' think slide11 has ever been updated since it was presented in the ELISA workshop in Brussels. However the idea for tomorrow is to present a more detailed diagram; maybe based on this we can have a deeper analysis and refine it further also including your feedbacks My idea for tomorrow is to get initial high level feedbacks and suggestion. Then as/if we decide to continue with such use case we will need to have a dedicated taskforce including appropriate experts In the call it was stated that usually such use case is supported by having the safety monitor (CRC checker) implemented in a dedicated ASIL rated HW; hence it is obvious that any failure mode of the telltale renderer is detected by the monitor itself. By following this typical approach however Linux is not assigned with any safety requirements as all of these will be placed on the external safety monitor. Here I am putting the monitor side by side with the telltale rendering app to have Linux assigned with safety reqs The principle here is that the rendering app is not assigned with safety reqs; Instead the safety monitor is. If tomorrow we realize that this is a too complex scenario to start with we can possibly fall back to a simple safety app as you suggested (during the call we also mentioned a simple app relying on EDAC to detect HW failures) Many thanks for your feedbacks Gab --------------------------------------------------------------------- INTEL CORPORATION ITALIA S.p.A. con unico socio Sede: Milanofiori Palazzo E 4 CAP 20094 Assago (MI) Capitale Sociale Euro 104.000,00 interamente versato Partita I.V.A. e Codice Fiscale 04236760155 Repertorio Economico Amministrativo n. 997124 Registro delle Imprese di Milano nr. 183983/5281/33 Soggetta ad attivita' di direzione e coordinamento di INTEL CORPORATION, USA This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Andreas Färber <afaerber@...>
Hi Gab and Christopher,
Am 01.03.20 um 18:56 schrieb Paoloni, Gabriele: For ww10 I propose the following agenda:I see slide 11 has been updated since last week and now no longer appears to label the two top boxes as sitting on top of glibc. However the right-hand text still talks about reading back the framebuffer and calculating a CRC, which I had pointed out would seem to involve the whole drm (Display Rendering Manager) subsystem of the kernel, given that you speak of the Display Engine composing the framebuffer further above, seemingly ruling out a trivial/static simple-framebuffer or efifb handled by the bootloader. My concern therefore still is that the attendees of our WG calls may not all have sufficiently deep levels of drm API knowledge to reason about safety in that particularly complex example. Just the GEM allocation and buffering layer is complex enough in itself for non-experts to have troubles debugging it. Instead, what was stated on the call was that the CRC operation would be done in specialized external hardware. However, that's not what your slide says - it lists it as an action of the Monitor application as if it were an open syscall followed by read syscalls plus in-memory calculation (in addition to the watchdog open/ioctl operations). If you want to do it without special hardware, maybe we could just speak about toggling a gpio pin for an LED notification instead, as a much simpler kernel subsystem? (gpio, ignoring pinctrl for configuration) Regards, Andreas [max 10 min]: Reference HW Architecture Definition – next steps -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer HRB 36809 (AG Nürnberg) |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Paoloni, Gabriele <gabriele.paoloni@...>
Hi all
For ww10 I propose the following agenda:
[ 0 to 10m]: OPENS [max 10 min]: Quick Recap on the latest chenges to the Safety Arch WG Strategy - slides 7 of https://drive.google.com/open?id=1Ps5paK2IUNcoFsgM1sCiBuYCO8__I9JL [max 10 min]: Reference HW Architecture Definition – next steps [rest of the time]: Telltale system diagram (from Stefano Dellosa - Intel)
Minutes of the previous meeting have been placed in the usual location: https://drive.google.com/open?id=1h6b7gjLAR5LbXuSfaPzHyHEr3XYUOWkLdvJdmDX_BDQ
Thanks Gab
-----Original Appointment----- From: myu@... <myu@...>
Sent: Friday, February 14, 2020 8:11 PM To: myu@...; antonio.priore@...; artem_mygaiev@...; dposner@...; mbeltran@...; Gurvitz, Eli (Mobileye); Iacaruso, Maurizio; hartkopp@...; Paoloni, Gabriele; jochen.kall@...; tglx@...; Copperman, Elana (Mobileye); slotosch@...; afaerber@...; lukas.bulwahn@...; yasushi.ando@...; Kate Stewart; Paccapeli, Roberto; doris_wild@...; safety-architecture@...; christopher.temple@...; aymeric.rateau@... Subject: Invitation: ELISA Safety-Architecture Weekly Meeting @ Weekly from 5am to 6am on Tuesday (PST) (gabriele.paoloni@...) When: martedì 3 marzo 2020 07:00-08:00 America/Chicago. Where:
--------------------------------------------------------------------- This e-mail and any attachments may contain confidential material for |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|