Minutes 31 Jul 2025

Host: Paul Albertella

Participants: Florian Wuehr, Pete Brink, Igor Stoppa, Daniel Krippner

Agenda

Planned documents for publication

Igor working on a tool to help with fault induction / propagation as part of talk for OSS
Results dependent on the application and the use case under consideration
Tool allows you to select what to ‘tamper with’, informed by your knowledge of the application and your expectations about it
Not about a solution: a tool to help explore the problem and validate any solution

Pete: Is this the right solution for this type of application? Instead of adding the ability to break things shouldn’t we try to fix the problem e.g. by changing the architecture?

Igor: This is mostly about understanding the data structures, etc in the kernel, i.e. exploiting knowledge to illustrate how they it can break, rather than adding ways to simulate failures

This is better than the random approach - targeting specific, known aspects of the kernel

System safety architectures involving Linux

Some models that assign more or less responsibility for safety to Linux (in some cases none), with other components involved (e.g. RTOS, watchdog)
Describe their perceived advantages and disadvantages, build up a ‘catalogue’ of their limitations / vulnerabilities
Focusing on architectures, but talking about specific strategies or technologies that they rely on

Igor: Will cover some of this in his talk - but not specifically focusing on system architectures

Discord

https://discord.com/channels/1389686660610134247

Informal channel of communication for discussion

Consensus is that an OSEP channel wouldn’t hurt - not sure yet whether we will use it

Frequency & topics

More advanced notice if the meeting is going to be cancelled
Could we switch to more asynchronous working with less frequent actual meetings?
Accept that we probably won;t meet every week, but try to progress things between meetings and see what works

Topics

Pete:

More discussion around TSF
‘Quality’ - what does this mean in the context of safety, and what might a baseline of this for FOSS look like?
- Some overlap with the Lighthouse SIG, but OSEP could provide inputs to this

Igor:

How do things break
Why we shouldn’t trust things

Daniel

Can we make Trustable more relevant (in this context)?

Minutes 31 Jul 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!