AGENDA RE: Updated invitation: ELISA Safety-Architecture Weekly Meeting @ Weekly from 6am to 7am on Tuesday (PDT) (firstname.lastname@example.org)
Paoloni, Gabriele <gabriele.paoloni@...>
Tomorrow unfortunately I have a conflict so I need to shrink the meeting down to the second half hour. So it will be 14.30-15 CET
I would propose the following agenda:
From: myu@... <myu@...>
Sent: Friday, March 6, 2020 11:21 PM
To: myu@...; artem_mygaiev@...; hartkopp@...; Paoloni, Gabriele; doris_wild@...; Kate Stewart; jochen.kall@...; tglx@...; Gurvitz, Eli (Mobileye); Copperman, Elana (Mobileye); slotosch@...; Paccapeli, Roberto; Iacaruso, Maurizio; Ghosh, Joyabrata; Dellosa, Stefano; afaerber@...; lukas.bulwahn@...; antonio.priore@...; christopher.temple@...; safety-architecture@...; yasushi.ando@...; dposner@...; aymeric.rateau@...; mbeltran@...; Jean-Francois CULAT
Subject: Updated invitation: ELISA Safety-Architecture Weekly Meeting @ Weekly from 6am to 7am on Tuesday (PDT) (gabriele.paoloni@...)
When: martedì 10 marzo 2020 08:00-09:00 America/Chicago.
This e-mail and any attachments may contain confidential material for
toggle quoted message Show quoted text
I am sorry, that I could not join the meeting today. Unfortunately, at least until April, I will always have parallel meetings. I read through the minutes and the telltale slides, not sure, if there is more material, so I am writing "into the blue".
In December, there was a thread started about Jailhouse in the devel mailing list, which was fast transferred into a "all hate hypervisor" thread and then moved forward to a "we will never have safe hardware" thread, which let the thread end without the webinar on Jailhouse (or did I just missed it?). I am coming back to this, as I wonder if we can learn from the Jailhouse (light weight hypervisor) approach and maybe should consider two Linux running in parallel monitoring each other. This may limit the external dependencies to something like an external watchdog, which is needed. The one Linux monitors the other and vise versa. The watchdog makes sure, that we have a proper response in time and a display content checker makes sure, that the proper things are (at least) send to the display.
Assuming above would work (where I am convinced, that someone will point out that I am wrong), I wonder if someone took into account, that there are certain demands on a CAN gateway. You may need an external controller on the system anyway to manage the requirements of an automotive product. A CAN gateway micro controller has nothing to do with safety in first place, but if you can execute some additional code on an external micro controller, this may be useful as an assumption for making the use case realization easier.
Additionally, in my understanding we were talking a lot about "automotive", but implicitly thinking about "car". I love the telltale use case and judge it a good use case. But what if our "customers" will not be car manufacturer, but could also be motor bike companies (le.g. Suzuki and BMW have this branch). This may even reduce our argumentation on safety a bit and get a fresh view in the discussion.
- What about two Linux instances running in parallel, monitoring each other?
- What about a micro controller or external watchdog monitoring, that Linux is still running?
- Can we assume, that an Automotive telltale ECU will always need a micro controller as CAN gateway?
- Does "automotive" has to be "car" or could it be "motor bike" as well?
Am Mo., 9. März 2020 um 17:52 Uhr schrieb Paoloni, Gabriele <gabriele.paoloni@...>:
|1 - 2 of 2|