AVSystem, Golioth, Pat-Eta Electronics, RISC-V International and RISE Research Institutes of Sweden joins Zephyr’s global open source RTOS ecosystem

SAN FRANCISCO, June 3, 2021 The Zephyr™ Project,an open source project at the Linux Foundation that builds a safe, secure and flexible real-time operating system (RTOS) for resource-constrained devices, continues to gain momentum with its 5th anniversary this year. To celebrate the milestone, the Zephyr Project is hosting its inaugural Zephyr Developer Summit on June 8-10. The virtual event, which is free to attend, features several Zephyr leaders presenting real-world use cases, best practices, tutorials and more.

Happy 5th Anniversary

Launched in 2016 by the Linux Foundation, the Zephyr Project has continued to grow its technical community each year. Today, almost 1,000 contributors have helped the project surpass 50,000 commits building advanced support for multiple architectures such as ARC, Arm, Intel, Nios, RISC-V, SPARC and Tensilica and more than 250 boards.

The first-ever Zephyr Developer Summit will offer community members a chance to learn more about the fastest growing RTOS in an informal educational environment.

“We are kicking off our first Developer Summit with an impressive line-up of Zephyr thought leaders and ambassadors for the growing Zephyr community of contributors and users.” said Joel Stapleton, Chair of the Zephyr Project Governing Board and Principal Engineer Manager at Nordic Semiconductor. “The strength of engagement the project has with its members and IoT solution providers reflects the importance of open source efforts to build secure and safe embedded technologies for increasingly connected applications in industrial, smart home, wearables and energy; and for computing platforms integrating microcontrollers with ever-increasing capabilities and functions.”

Sample summit sessions include power management, USB support, motor control; user presentations that showcase Zephyr with Renode and TensorFlow Lite and  RISC-V and contributor spotlights for securing MCUBoot, using OPC UA, energy-efficient device testing and developing hardware. Proposals were reviewed by the Programming Committee, which includes Anas Nashif, Intel; Carles Cufi, Nordic Semiconductor; Jonathan Beri, Golioth; Keith Short, Google; Maureen Helm, NXP; and Olof Johansson, Facebook. To see the complete schedule, click here. The registration deadline is June 4, click here to register.

The U.S. Executive Order on Cybersecurity

Less than a month ago, the United States White House released an Executive Order on Improving the Nation’s Cybersecurity that addressed the malicious cyber attacks that have become more frequent in the last few years. In a blog, the Linux Foundation responded how Zephyr RTOS, along with several other projects, has already built some of the support needed for a more secure future. Zephyr is able to generate Software Bill of Materials (SBOMs) automatically during the build and this capability will be available in the upcoming 2.6 release. It is one of the few open source projects that is a CVE Numbering Authority(CNA) and has an active Project Security Incident Response Team(PSIRT) that manages responsible disclosure of vulnerabilities to product makers. 

Product creators using zephyr can sign up for free to be notified of vulnerabilities.  

“SBOMs can communicate details about a software package’s contents, being able to understand exactly which source files are included in a resource constrained software image is key to understanding if it may be vulnerable to an exploit,” said Kate Stewart, Vice President of Dependable Embedded Systems at the Linux Foundation. “SBOMs created by manual processes can often be incomplete, incorrect or out-of-date as a software package advances. By being able to generate the SBOM during the build, and take it to the source file level, not just the component level, better diagnosis and detection of vulnerable states is possible and addresses some of the best practices  mentioned in the EO. Zephyr is being used today in thousands of wearables and other products with constrained environments. By automatically creating SBOMs during builds, the development process becomes easier, more efficient and improves maintainability in field.”

Zephyr’s Growing Ecosystem

Today, the Zephyr Project also welcomes AVSystem, Golioth, Pat-Eta Electronics, RISC-V and RISE Research Institutes of Sweden to its global RTOS ecosystem. These new members join Adafruit, Antmicro, BayLibre, Eclipse Foundation, Facebook, Fiware, Foundries.io, Google, Intel, Laird Connectivity, Linaro, Memfault, Nordic Semiconductor, NXP, Oticon, Parasoft, SiFive, Synopsys and teenage engineering, among others.

“We see amazing opportunities for IoT deployments involving resource-constrained devices operating in cellular LPWA networks,” said Marcin Nagy, Product Director for IoT, AVSystem. “We are sure that combining the Zephyr RTOS with our expertise in the Lightweight M2M standard will contribute to the acceleration of secure and standards-based IoT launches.”

“We can speak at length about the technical merits of Zephyr – the kernel design, native networking, scalable board support model and so on – but the largest differentiator is the community,” says Jonathan Beri, CEO of Golioth. “From chipset vendors to ecosystem players, it feels like we’re rising the tide for everyone to make the most secure & reliable open source RTOS in the market and we couldn’t be more excited to contribute to the project and community.”

“We are happy to be part of the Zephyr Project and hope to bring it more into the academic environment, especially within STEM (Science Technology, Engineering and Mathematics),” said Sanyaade Adekoya, Developer, Programmer and Lecturer at Pat-Eta Electronics. “It has been challenging to bring RTOSes within the academic research sector and getting them in the hands of undergraduate learners. Our research extends the use of Zephyr RTOS in IoT, Edge Computing, Robotics, Smart and Wearable devices. The Zephyr Project will be a driving platform for our students that will make it easier for them to create ideas, projects, innovations and more. We look forward to showcasing our students’ Zephyr-related projects. ”

“RISC-V and Zephyr were both designed to drive innovation in the hardware space with open source technologies that are accessible to everyone,” said Mark Himelstein, CTO of RISC-V. “Many of our members are already taking advantage of the flexibility of RISC-V and Zephyr to design end-to-end open source solutions for resource-constrained devices. We look forward to collaborating with the Zephyr Project to offer even more opportunities for the open source community to innovate.”

“Zephyr RTOS enables us to rapidly prototype Thread wireless networks and is an excellent research platform for our work in IoT security,” said Samuel Lindemer, Research Engineer at RISE Research Institutes of Sweden. “The interactive shell and configuration menu make it intuitive for new users, and the open-source community support is unparalleled.”

To learn more about Zephyr RTOS, visit the Zephyr website and blog.

About the Zephyr™ Project

The Zephyr Project is a small, scalable real-time operating system for use on resource-constrained systems supporting multiple architectures. To learn more, please visit www.zephyrproject.org.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

Our communities take security seriously and have been instrumental in creating the tools and standards that every organization needs to comply with the recent US Executive Order

Overview

The US White House recently released its Executive Order (EO) on Improving the Nation’s Cybersecurity (along with a press call) to counter “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”

In this post, we’ll show what the Linux Foundation’s communities have already built that support this EO and note some other ways to assist in the future. But first, let’s put things in context.

The Linux Foundation’s Open Source Security Initiatives In Context

We deeply care about security, including supply chain (SC) security. The Linux Foundation is home to some of the most important and widely-used OSS, including the Linux kernel and Kubernetes. The LF’s previous Core Infrastructure Initiative (CII) and its current Open Source Security Foundation (OpenSSF) have been working to secure OSS, both in general and in widely-used components. The OpenSSF, in particular, is a broad industry coalition “collaborating to secure the open source ecosystem.”

The Software Package Data Exchange (SPDX) project has been working for the last ten years to enable software transparency and the exchange of software bill of materials (SBOM) data necessary for security analysis. SPDX is in the final stages of review to be an ISO standard, is supported by global companies with massive supply chains, and has a large open and closed source tooling support ecosystem. SPDX already meets the requirements of the executive order for SBOMs.

Finally, several LF foundations have focused on the security of various verticals. For example,  LF Public Health and LF Energy have worked on security in their respective sectors. Our cloud computing industry collaborating within CNCF has also produced a guide for supporting software supply chain best practices for cloud systems and applications.

Given that context, let’s look at some of the EO statements (in the order they are written) and how our communities have invested years in open collaboration to address these challenges.

Best Practices

The EO 4(b) and 4(c) says that

The “Secretary of Commerce [acting through NIST] shall solicit input from the Federal Government, private sector, academia, and other appropriate actors to identify existing or develop new standards, tools, and best practices for complying with the standards, procedures, or criteria [including] criteria that can be used to evaluate software security, include criteria to evaluate the security practices of the developers and suppliers themselves, and identify innovative tools or methods to demonstrate conformance with secure practices [and guidelines] for enhancing software supply chain security.” Later in EO 4(e)(ix) it discusses “attesting to conformity with secure software development practices.”

The OpenSSF’s CII Best Practices badge project specifically identifies best practices for OSS, focusing on security and including criteria to evaluate the security practices of developers and suppliers (it has over 3,800 participating projects). LF is also working with SLSA (currently in development) as potential additional guidance focused on addressing supply chain issues further.

Best practices are only useful if developers understand them, yet most software developers have never received education or training in developing secure software. The LF has developed and released its Secure Software Development Fundamentals set of courses available on edX to anyone at no cost. The OpenSSF Best Practices Working Group (WG) actively works to identify and promulgate best practices. We also provide a number of specific standards, tools, and best practices, as discussed below.

Encryption and Data Confidentiality

The EO 3(d) requires agencies to adopt “encryption for data at rest and in transit.” Encryption in transit is implemented on the web using the TLS (“https://”) protocol, and Let’s Encrypt is the world’s largest certificate authority for TLS certificates.

In addition, the LF Confidential Computing Consortium is dedicated to defining and accelerating the adoption of confidential computing. Confidential computing protects data in use (not just at rest and in transit) by performing computation in a hardware-based Trusted Execution Environment. These secure and isolated environments prevent unauthorized access or modification of applications and data while in use.

Supply Chain Integrity

The EO 4(e)(iii) states a requirement for

 “employing automated tools, or comparable processes, to maintain trusted source code supply chains, thereby ensuring the integrity of the code.” 

The LF has many projects that support SC integrity, in particular:

  • in-toto is a framework specifically designed to secure the integrity of software supply chains.
  • The Update Framework (TUF) helps developers maintain the security of software update systems, and is used in production by various tech companies and open source organizations.  
  • Uptane is a variant of TUF; it’s an open and secure software update system design which protects software delivered over-the-air to the computerized units of automobiles.
  • sigstore is a project to provide a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing (of artifacts such as release files and container images) backed by transparency log technologies (which provide a tamper-resistant public log). 
  • OpenChain (ISO 5230) is the International Standard for open source license compliance. Application of OpenChain requires identification of OSS components. While OpenChain by itself focuses more on licenses, that identification is easily reused to analyze other aspects of those components once they’re identified (for example, to look for known vulnerabilities).

Software Bill of Materials (SBOMs) support supply chain integrity; our SBOM work is so extensive that we’ll discuss that separately.

Software Bill of Materials (SBOMs)

Many cyber risks come from using components with known vulnerabilities. Known vulnerabilities are especially concerning in key infrastructure industries, such as the national fuel pipelines,  telecommunications networks, utilities, and energy grids. The exploitation of those vulnerabilities could lead to interruption of supply lines and service, and in some cases, loss of life due to a cyberattack.

One-time reviews don’t help since these vulnerabilities are typically found after the component has been developed and incorporated. Instead, what is needed is visibility into the components of the software environments that run these key infrastructure systems, similar to how food ingredients are made visible.

A Software Bill of Materials (SBOM) is a nested inventory or a list of ingredients that make up the software components used in creating a device or system. This is especially critical as it relates to a national digital infrastructure used within government agencies and in key industries that present national security risks if penetrated. Use of SBOMs would improve understanding of the operational and cyber risks of those software components from their originating supply chain.

The EO has extensive text about requiring a software bill of materials (SBOM) and tasks that depend on SBOMs:

  • EO 4(e) requires providing a purchaser an SBOM “for each product directly or by publishing it on a public website” and “ensuring and attesting… the integrity and provenance of open source software used within any portion of a product.” 
  • It also requires tasks that typically require SBOMs, e.g., “employing automated tools, or comparable processes, that check for known and potential vulnerabilities and remediate them, which shall operate regularly….” and “maintaining accurate and up-to-date data, provenance (i.e., origin) of software code or components, and controls on internal and third-party software components, tools, and services present in software development processes, and performing audits and enforcement of these controls on a recurring basis.” 
  • EO 4(f) requires publishing “minimum elements for an SBOM,” and EO 10(j) formally defines an SBOM as a “formal record containing the details and supply chain relationships of various components used in building software…  The SBOM enumerates [assembled] components in a product… analogous to a list of ingredients on food packaging.”

The LF has been developing and refining SPDX for over ten years; SPDX is used worldwide and is in the process of being approved as ISO/IEC Draft International Standard (DIS) 5962.  SPDX is a file format that identifies the software components within a larger piece of computer software and metadata such as the licenses of those components. SPDX 2.2 already supports the current guidance from the National Telecommunications and Information Administration (NTIA) for minimum SBOM elements. Some ecosystems have ecosystem-specific conventions for SBOM information, but SPDX can provide information across all arbitrary ecosystems.

SPDX is real and in use today, with increased adoption expected in the future. For example:

  • An NTIA “plugfest” demonstrated ten different producers generating SPDX. SPDX supports acquiring data from different sources (e.g., source code analysis, executables from producers, and analysis from third parties). 
  • A corpus of some LF projects with SPDX source SBOMs is available. 
  • Various LF projects are working to generate binary SBOMs as part of their builds, including yocto and Zephyr
  • To assist with further SPDX adoption, the LF is paying to write SPDX plugins for major package managers.

Vulnerability Disclosure

No matter what, some vulnerabilities will be found later and need to be fixed. EO 4(e)(viii) requires “participating in a vulnerability disclosure program that includes a reporting and disclosure process.” That way, vulnerabilities that are found can be reported to the organizations that can fix them. 

The CII Best Practices badge passing criteria requires that OSS projects specifically identify how to report vulnerabilities to them. More broadly, the OpenSSF Vulnerability Disclosures Working Group is working to help “mature and advocate well-managed vulnerability reporting and communication” for OSS. Most widely-used Linux distributions have a robust security response team, but the Alpine Linux distribution (widely used in container-based systems) did not. The Linux Foundation and Google funded various improvements to Alpine Linux, including a security response team.

We hope that the US will update its Vulnerabilities Equities Process (VEP) to work more cooperatively with commercial organizations, including OSS projects, to share more vulnerability information. Every vulnerability that the US fails to disclose is a vulnerability that can be found and exploited by attackers. We would welcome such discussions.

Critical Software

It’s especially important to focus on critical software — but what is critical software? EO 4(g) requires the executive branch to define “critical software,” and 4(h) requires the executive branch to “identify and make available to agencies a list of categories of software and software products… meeting the definition of critical software.”

Linux Foundation and the Laboratory for Innovation Science at Harvard (LISH) developed the report Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software, which analyzed the use of OSS to help identify critical software. The LF and LISH are in the process of updating that report. The CII identified many important projects and assisted them, including OpenSSL (after Heartbleed), OpenSSH,  GnuPG, Frama-C, and the OWASP Zed Attack Proxy (ZAP). The OpenSSF Securing Critical Projects Working Group has been working to better identify critical OSS projects and to focus resources on critical OSS projects that need help. There is already a first-cut list of such projects, along with efforts to fund such aid.

Internet of Things (IoT)

Unfortunately, internet-of-things (IoT) devices often have notoriously bad security. It’s often been said that “the S in IoT stands for security.” 

EO 4(s) initiates a pilot program to “educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices [based on existing consumer product labeling programs], and shall consider ways to incentivize manufacturers and developers to participate in these programs.” EO 4(t) states that such “IoT cybersecurity criteria” shall “reflect increasingly comprehensive levels of testing and assessment.”

The Linux Foundation develops and is home to many of the key components of IoT systems. These include:

  • The Linux kernel, used by many IoT devices. 
  • The yocto project, which creates custom Linux-based systems for IoT and embedded systems. Yocto supports full reproducible builds. 
  • EdgeX Foundry, which is a flexible OSS framework that facilitates interoperability between devices and applications at the IoT edge, and has been downloaded millions of times. 
  • The Zephyr project, which provides a real-time operating system (RTOS) used by many for resource-constrained IoT devices and is able to generate SBOM’s automatically during build. Zephyr is one of the few open source projects that is a CVE Numbering Authority.
  • The seL4 microkernel, which is the most assured operating system kernel in the world; it’s notable for its comprehensive formal verification.

Security Labeling

EO 4(u) focuses on identifying:

“secure software development practices or criteria for a consumer software labeling program [that reflects] a baseline level of secure practices, and if practicable, shall reflect increasingly comprehensive levels of testing and assessment that a product may have undergone [and] identify, modify, or develop a recommended label or, if practicable, a tiered software security rating system.”

The OpenSSF’s CII Best Practices badge project (noted earlier) specifically identifies best practices for OSS development, and is already tiered (passing, silver, and gold). Over 3,800 projects currently participate.

There are also a number of projects that relate to measuring security and/or broader quality:

Conclusion

The Linux Foundation (LF) has long been working to help improve the security of open source software (OSS), which powers systems worldwide. We couldn’t do this without the many contributions of time, money, and other resources from numerous companies and individuals; we gratefully thank them all.  We are always delighted to work with anyone to improve the development and deployment of open source software, which is important to us all.

David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation

Linux Foundation Blog Post Abstract Graphic

Every month there seems to be a new software vulnerability showing up on social media, which causes open source program offices and security teams to start querying their inventories to see how FOSS components they use may impact their organizations. 

Frequently this information is not available in a consistent format within an organization for automatic querying and may result in a significant amount of email and manual effort. By exchanging software metadata in a standardized software bill of materials (SBOM) format between organizations, automation within an organization becomes simpler, accelerating the discovery process and uncovering risk so that mitigations can be considered quickly. 

In the last year, we’ve also seen standards like OpenChain (ISO/IEC 5320:2020) gain adoption in the supply chain. Customers have started asking for a bill of materials from their suppliers as part of negotiation and contract discussions to conform to the standard. OpenChain has a focus on ensuring that there is sufficient information for license compliance, and as a result, expects metadata for the distributed components as well. A software bill of materials can be used to support the systematic review and approval of each component’s license terms to clarify the obligations and restrictions as it applies to the distribution of the supplied software and reduces risk. 

Kate Stewart, VP, Dependable Embedded Systems, The Linux Foundation, will host a complimentary mentorship webinar entitled Generating Software Bill Of Materials on Thursday, March 25 at 7:30 am PST. This session will work through the minimum elements included in a software bill of materials and detail the reasoning behind why those elements are included. To register, please click here

There are many ways this software metadata can be shared. The common SBOM document format options (SPDX, SWID, and CycloneDX) will be reviewed so that the participants can better understand what is available for those just starting. 

This mentorship session will work through some simple examples and then guide where to find the next level of details and further references. 

At the end of this session, participants will be on a secure footing and a path towards the automated generation of SBOMs as part of their build and release processes in the future. 

Zephyr also Welcomes Laird Connectivity and teenage engineering to its Open Source RTOS Ecosystem

SAN FRANCISCO, June 25, 2020 The Zephyr™ Project, an open source project at the Linux Foundation that builds a safe, secure and flexible real-time operating system (RTOS) for the Internet of Things (IoT) in space-constrained devices, announces continued momentum by marking critical milestones for security and product-ready maturity.

Earlier this year, the NCC Group, a global expert in cyber security and risk mitigation, notified the Zephyr Project of a number of security issues found as part of their independent research into the security posture of Zephyr. The research, which was driven by growing interest from their clients, found Zephyr to be a mature, and a highly active and growing project with increasing market share. The May 2020 report outlines the issues discovered in detail and acknowledges the proactive work of the Zephyr Project Security Committee to fix these issues and follow-up on recommendations of the report.  Priority fixes have been backported into Zephyr’s Long Term Support (LTS) and a maintenance release published. Learn more about Zephyr’s security assessment and response in this blog.

“The Zephyr Project brings together a community of experts to participate on all aspects of the solution, from the standards to adopt, policies and processes to follow, and methodologies for build, test, maintenance, distribution and incident response,” said Joel Stapleton, Zephyr Project Governing Board Chair and Technical Product Manager at Nordic Semiconductor. “Our aim is to make a solution that developers can trust for the lifecycle of their products. This third party research and our security team’s swift and proactive response to the vulnerabilities is the strength of open source and a testament to this community.”

The Zephyr community of more than 700 contributors recently launched the Zephyr 2.3.0 release. The 2.3.0 release includes integration with the Trusted Firmware M open source Trusted Execution Environment framework, which implements Arm’s Platform Security Architecture specification. Zephyr has long included support for Arm’s TrustZone hardware, including being able to target the secure side of the firmware, but by adding integration with the standard Trusted Firmware M project, it now also offers the option to combine TF-M and Zephyr to create a PSA-certified solution. Learn more about Zephyr 2.3.0 in this blog.

Product Makers Need Security

The Zephyr RTOS is unique as it is vendor-neutral, with a scope from multi-architecture board support packages, to cloud connectivity for IoT products. Several high-profile products have leveraged Zephyr including Intellinium Safety Shoes, ProGlove and HereO Core Box.

In fact, during this pandemic, Zephyr community members are doing their best to help find solutions to various challenges. For example, Adafruit has volunteered to make Personal Protection Equipment (PPE) and other medical devices. The Phytec Distance Tracker, which features Nordic Semiconductor technology, Bluetooth Low Energy (BLE), Ultra-wideband (UWB) and Zephyr RTOS, tracks distance measurement between two or more people. With this product, businesses will be able to help employees maintain and track the 6-feet distance between others.

As a sign of commitment to developers like these, the Zephyr Project created a form that will notify product makers, who are not currently members, of vulnerabilities that may impact their products during the embargo window. Zephyr Project members receive this information already. To learn more about Zephyr’s commitment to product makers or to sign up for the notifications, click here.

A Growing IoT Ecosystem

Today, the Zephyr Project welcomes Laird Connectivity and teenage engineering to its growing IoT ecosystem. The new members join Adafruit, Antmicro, Eclipse Foundation, Foundries.io, Intel, Linaro, Nordic Semiconductor, NXP®, Oticon, SiFive, Synopsys, Texas Instruments and more to create an open hardware and software ecosystem using the Zephyr OS.

“Developers have many options when it comes to selecting an RTOS for embedded microcontrollers, but the Zephyr Project is one of the fastest growing open-source and broadly contributed RTOS projects of its kind,” said Jonathan Kaye, Senior Director, Product Management at Laird Connectivity.  “Joining the Zephyr Project allows Laird Connectivity to deliver more design flexibility than ever across our wireless modules, IoT Devices and Gateways. Our customers can leverage community support, better device security, high performance in resource-light environments, and license-free use for commercial applications. And by using one shared platform, they can build a highly reusable code base that rapidly accelerates their IoT development with Laird Connectivity products.”

“teenage engineering is developing embedded products in a wide range of complexity: from single core Cortex-M0 to multicore and multiprocessor systems with totals of up to 5 different mcu’s from various vendors,” said David Eriksson Head of Hardware at teenage engineering. “Our goal is to build the perfect multi-chip system where we capture what each breed of processor does best and allow them to work together in harmony. With Zephyr, we can develop anywhere. We make sure that code can run on host as well as device, and that interconnectivity is platform agnostic allowing a mix of real hardware and desktop emulation. We prefer to develop with open tools, so Zephyr is really the only sane choice for an RTOS where it is possible to achieve true transparency on all layers of the stack. We are happy to become members of The Linux Foundation and the Zephyr Project and to take part in shaping and influencing the future of embedded systems.”

In April, Zephyr celebrated 40,000 commits on Github and has now completed more than 41,000 to date with support for more than 200 boards.

Open Source Summit

The Zephyr Project will be present at the Linux Foundation’s Open Source Summit Virtual event on June 29-July 2. Several members will be giving presentations that include Zephyr including a keynote by Kate Stewart about open source in safety critical applications on July 1 at 9 am CST. Additional talks will be given by Zephyr project members from the Eclipse Foundation, Intel and Linaro. Learn more here.

Additionally, on July 2 from 2-3:30 pm, Zephyr will host a Mini-Summit that will offer an overview to the RTOS, introduction to west, how Bluetooth works with Zephyr and insight into security, safety certification and a product use case. Registration is free for OSS + ELC attendees. Learn more here.

To learn more about Zephyr RTOS, visit the Zephyr website and blog.

About the Zephyr™ Project

The Zephyr Project is a small, scalable real-time operating system for use on resource-constrained systems supporting multiple architectures. To learn more, please visit www.zephyrproject.org.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

Latest release includes new features for audio, connectivity, security, OTA and speech recognition

SAN FRANCISCO, CA, April 22, 2020 — Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced the latest code release of the AGL platform, UCB 9.0, also known under the codename “Itchy Icefish.”

Developed through a joint effort by dozens of member companies, the AGL Unified Code Base (UCB) is an open source software platform that can serve as the de facto industry standard for infotainment, telematics and instrument cluster applications. 

“The AGL platform continues to evolve and mature based on input and requirements from automakers, several of which are currently using AGL in production vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “This latest code release includes audio, connectivity and security enhancements, improvements to speech recognition, and many HTML5 demo apps.” 

Many AGL members have already started integrating the UCB into their production plans. The 2020 Subaru Outback and Subaru Legacy uses open source software from the AGL UCB, Mercedes-Benz Vans is using AGL as a foundation for a new onboard operating system for its commercial vehicles, and Toyota’s AGL-based infotainment system is now in Toyota and Lexus vehicles globally.

UCB 9.0/Itchy Icefish includes an operating system, middleware and application framework. New updates to the AGL platform include:

  • Over-the-Air (OTA): Update for ostree (SOTA)
  • Application Framework: improvements including implementing Token Logic based security
  • Speech Recognition: Alexa Auto SDK 2.0; improved Speech-API and voiceagent integration; new open source version of display cards for Speech Recognition
  • Audio: enhancements to PipeWire and WirePlumber
  • Connectivity: improved networking support and network settings; reworked bluetooth APIs and extended to pbap and map protocols
  • HTML5 Apps: security converted to using Token Logic; HTML5-only image available using Web App Manager (WAM) and Chromium; HTML Demo apps available for Home Screen, Launcher, Dashboard, Settings, Media Player, Mixer, HVAC, and Chromium Browser
  • Instrument Cluster: QML Reference Apps: Steering Wheel Controls via LIN to IVI Apps, refreshed Instrument Cluster app that includes CAN messages from Steering Wheel/IVI
  • Board Support Package updates: Renesas RCar3 BSPs updated to v3.21 (M3/H3, E3, Salvator); enhanced support for SanCloud BeagleBone Enhanced + Automotive Cape support; i.MX6 using etnaviv (cubox-i target); enhanced Raspberry Pi 4 support

The full list of additions and enhancements to UCB 9.0 can be found here.

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Automotive Grade Linux is hosted at the Linux Foundation. Learn more at automotivelinux.org.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at LinuxFoundation.org. 

Media Inquiries
Emily Olin
Automotive Grade Linux, the Linux Foundation 

SAN FRANCISCO, March 31, 2020 — Automotive Grade Linux (AGL), a collaborative cross-industry effort developing an open source platform for connected car technologies, announces three new members: MERA, Mocana, and Osaka NDS.

“With the support of 11 major automakers, we are increasingly seeing more vehicles in production with AGL,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We look forward to working with all of our new members as we continue to expand the AGL platform and the global ecosystem of products and services that support it.”

AGL is an open source project at the Linux Foundation that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open, shared software platform for all technology in the vehicle, from infotainment to autonomous driving. Sharing a single software platform across the industry reduces fragmentation and accelerates time-to-market by encouraging the growth of a global ecosystem of developers and application providers that can build a product once and have it work for multiple automakers.

New Member Quotes:

MERA
“MERA, as a software development company, has been using open source software for many years, bringing best in class solutions to its customers in various industries like ICT, Industrial IoT, Automotive, FinTech and others,” said Dmitry Oshmarin, CTO of MERA. “As experts in embedded software development, especially in the Linux environments, we plan to contribute to Automotive Grade Linux. At the same time, we will leverage this new experience to help our customers to benefit from using AGL in their products.”

Mocana
“Automotive manufacturers and suppliers are connecting a broadening range of systems and devices onboard vehicles to deliver mission-critical safety capabilities as well as significantly enhance the user experience. Many of these on-board systems also incorporate virtualized systems or containers to streamline and scale the delivery of key functionalities,” said Dave Smith, President of Mocana. “This increase in connectivity provides additional insight into the performance and reliability of systems to improve system performance and safety, as well as minimize downtime and reduce maintenance costs. Unfortunately, it also introduces new cybersecurity risks and ways for hackers to attack these on-board systems to compromise their safety and uptime – and generate inaccurate alerts, messaging and data. We plan to design plug-n-play solutions that integrate with the AGL platform to enable scalable, end-to-end security, to protect any AGL-based systems on-board connected or autonomous vehicles.”

Osaka NDS
“Osaka NDS CO.,Ltd is leader in developing, deploying and supporting commercial and industrial embedded Linux solutions and services, and we are excited about joining the AGL community,” states Yutaka Toida, Osaka NDS’s Director. “We look forward to working with other AGL members as we continue to expand the AGL platform to support new mobility solutions and connected car applications.”

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Automotive Grade Linux is hosted at the Linux Foundation. Learn more at automotivelinux.org.

Media Inquiries
Emily Olin

LAS VEGAS – CES 2020, January 7, 2020Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, today announced that the Subaru Starlink infotainment platform on the all-new 2020 Subaru Outback and the 2020 Subaru Legacy uses open source software from the AGL Unified Code Base (UCB) platform.

Subaru Starlink on the 2020 Subaru Outback

“Using AGL’s open source software allows us to easily customize the user experience and integrate new features, creating an integrated cockpit entertainment system that is more enjoyable for drivers,” said Mr. Naoyoshi Morita, General Manager of Electronic Product Design Dept. of Subaru Corporation. “We believe that shared software development through Automotive Grade Linux benefits the entire industry, and we look forward to our continued involvement and collaboration with other automakers and suppliers.”

AGL is supported by more than 150 members, including 11 automakers, who are working together to develop the AGL Unified Code Base (UCB) platform, a shared software platform that can serve as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing an open platform allows for code reuse and a more efficient development process as developers and suppliers can build once and have a product work for multiple automakers.

“Subaru has been an AGL member for many years, and we are very excited to see them use AGL in production,” said Dan Cauchy, Executive Director of Automotive Grade Linux. “The AGL platform continues to gain traction, and we expect to see more automakers using it in production in the years to come.”

AGL BOOTH AT CES 2020
The AGL booth at CES 2020 in the Westgate Hotel Pavilion, booth 1815, features 19+ demos by AGL members showing infotainment, instrument cluster, autonomous driving, security, connectivity, and other applications running on the AGL open source software platform.

The AGL booth will be open to the public during CES show hours and during the AGL Evening Reception & Demo Showcase on Wednesday, January 8, from 6:00 – 8:00 pm PT. Additional details and registration for the Evening Reception are available here.

Media and analysts are also invited to attend an AGL Media Happy Hour at CES on Tuesday, January 7, from 3:00 – 5:00 pm PT in the AGL booth. Please RSVP here.

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Learn more: https://www.automotivelinux.org/

Automotive Grade Linux is a Collaborative Project at The Linux Foundation. Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems. www.linuxfoundation.org

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Inquiries
Emily Olin

Automotive Grade Linux Booth at CES 2020 Showcases 2020 Mazda CX-30, 2020 Toyota RAV4, and 20+ Open Source AGL-Based Demos

18 AGL members including DENSO, DENSO TEN, Mazda, Panasonic, Renesas, NTT DATA MSE, and Suzuki, will show instrument cluster, infotainment, connected car, and cybersecurity applications running on AGL technology

SAN FRANCISCO, December 3, 2019 – Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, will be at  CES 2020 demonstrating open source infotainment and instrument cluster applications along with 20+ connected car demonstrations developed by AGL members.

The AGL Booth in the Westgate Hotel Pavilion #1815 will feature a 2020 Toyota RAV4 with an AGL-based multimedia system that is currently in production, a 2020 Mazda CX-30 showcasing a proof of concept (POC) demo using new AGL reference hardware, and automotive technology demonstrations by: AISIN AW, DENSO, DENSO TEN, Igalia, IoT.bzh, LG Electronics, Mazda, Microchip, NTT DATA MSE, OpenSynergy, Panasonic, Renesas, SafeRide Technologies, Suzuki, SYSGO, Tuxera and VNC Automotive. The booth will be open to the public during CES show hours from January 7-10, 2020.

“Instrument Cluster has been a big focus over the past year, and we look forward to demonstrating the amazing work being done by our members to optimize the AGL platform for use in lower performance processors and low-cost vehicles, including motorcycles,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We are proud to be showing vehicles from Toyota and Mazda and we will also have 20+ open source demos in our booth, a small sampling of some of the AGL-based products and services that automakers and suppliers continue to bring to market.”

AGL is an open source project hosted at the Linux Foundation that is changing the way automotive manufacturers build software.  More than 150 members, including 11 automakers, are working together to develop a common platform that can serve as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing an open platform allows for code reuse and a more efficient development process as developers and suppliers can build once and have a product work for multiple automakers.

The AGL Unified Code Base (UCB) platform includes an operating system, middleware and application framework, and provides 70-80% of the starting point for a production project. Automakers and suppliers customize the other 20-30% of the platform with features, services and branding to meet their product and customer needs.

Many AGL members have already started integrating the UCB into their production plans. Mercedes-Benz Vans is using AGL as a foundation for a new onboard operating system for its commercial vehicles. Toyota’s AGL-based infotainment system is now in Toyota and Lexus vehicles globally and will be on display in the AGL booth in a 2020 Toyota RAV4. A list of additional products and services that support AGL are available are in the AGL Vendor Marketplace.

AGL DEMOS AT CES 2020
The AGL booth will feature several core UCB demos developed collaboratively by the AGL community, as well as 20 product and proof of concept (PoC) demos.

The AGL booth will be open to the public during CES show hours and during the AGL Evening Reception & Demo Showcase on Wednesday, January 8, from 6:00 – 8:00 pm PT. Additional details and registration for the Evening Reception are available here.

Media and analysts are also invited to attend an AGL Media Happy Hour at CES on Tuesday, January 7, from 3:00 – 5:00 pm PT in the AGL booth. RSVP here or contact us to schedule an on-site briefing.

Core AGL UCB Demos:

  • Instrument Cluster: Infotainment and Instrument Cluster applications using container technology to run on a single microprocessor core. The speedometer and tachometer, along with a center display, show information from the infotainment system such as map data and media player information.
  • Infotainment: demonstrates media player, tuner, navigation, web browser, Bluetooth, WiFi, HVAC control, and audio mixer applications running the latest Happy Halibut code release (8.0.4). Adjust the HVAC or control multimedia via voice recognition with Amazon Alexa.
  • Steering wheel: A production steering wheel from Suzuki is incorporated into both demos. The second demo unit features the Infotainment and Instrument Cluster running on different boards with a CAN bus connection between them to share commands from the steering wheel as well as other vehicle data such as speed from a basic vehicle simulation. Commands available from the steering wheel include media functions and cruise control.

Demos by AGL members:

  • Aisin AW – AGL Low-Spec Cockpit: Demonstration shows another container integration based on a new draft version of AGL platform architecture.
  • DENSO and DENSO TEN – Next Gen Cockpit System: Next Gen Cockpit System demonstrated by DENSO and DENSO TEN.
  • Igalia – HTML5 apps on AGL platform: Pure HTML based UI and applications running on the different AGL reference hardware boards.
  • IoT.bzh – AGL@Sea: Ship cockpit simulation using the AGL platform with HTML5 and Android apps running inside secured containers with a cybersecurity attack scenario.
  • LG Electronics – HTML5 UI/UX for Automotive Infotainment with Autonomous Driving Simulation: Flexible and user-customizable HTML5 UI/UX for automotive infotainment using LG’s Web App Manager and Enact framework running on AGL, along with the open source LGSVL Simulator which supports development and testing of autonomous driving software (e.g. Autoware, Apollo, or the AGL Unified Autonomous Driving Platform).
  • Mazda – New Reference Hardware Demo on the 2020 Mazda CX-30: Showcasing interchangeable architecture hardware with 2 DIN form factor designed by the AGL Reference Hardware System Architecture Export Group. AGL demonstration running on the new reference hardware in 2020 Mazda CX-30.
  • Microchip Technology – INICnet™ Technology – Microphone Network & eCall: Showcasing AGL in conjunction with a safety critical application. Based on INICnet™ technology, it features an emergency response system (eCall) with a Simplex Daisy chain topology and the network diagnosis feature.
  • NTT DATA MSE – Voice Agent Service: Realization of a hybrid voice agent service based on AGL. User can receive various feedback from an agent service just by talking to it.
  • OpenChain Project – Open Source Compliance for Automotive: The OpenChain Project will demonstrate how open source tooling can help automate open source compliance in the automotive industry. The demonstration will be based on real world experiences from companies in key automotive manufacturing markets such as Japan.
  • OpenSynergy – Automotive Virtual Platform based on certified Hypervisor: Hypervisor-based cockpit solution enabling a virtual platform which integrates a large number of different functions, from entertainment and infotainment applications to Telematics Control Units (TCU) to Driver Information Systems. The solution integrates AGL and the hypervisor is the first Type 1 hypervisor compliant to ISO 26262:2018 ASIL-B.
  • Panasonic – AGL VR Cockpit: Improved Development Kit: Advanced HMI Development tools for AGL using Reference Hardware and HMD (Head Mounted Display). The Reference Hardware enables engineers to start IVI software development without production hardware, reducing software development lead time. The HMD, produced by Panasonic, features a wide view angle which is effective for evaluating cockpit HMI.
  • Renesas – Cloud-based Vehicle Service Delivery Platform and Cockpit ECU Reference Solution: Demonstrate container based secure microservice deployment that supports easy to develop solution to realize Time to Market. Cockpit ECU will kickstart your development with this all new reference solution from Renesas.
  • SafeRide Technologies – vSentry™: Multi-layer cybersecurity software solution for connected and autonomous vehicles that combines deterministic and zero false-positive protection for software network and connectivity – including IDPS, Firewall and Access Control – with a Machine Learning and Deep Learning profiling and anomaly detection technology for future-proof security.
  • Suzuki – AGL Instrument Cluster Demo: Highlights how the AGL platform can be optimized for Instrument Cluster applications and for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack.
  • SYSGO – Secure Automotive Gateway: Secure Automotive Gateway demo with significant automotive security features such as Fast and Secure Boot, an intrusion detection system (IDS), a simulated software over the air (OTA) process, firewall and a secure application loader. All of which is supported by a remote tablet, an infotainment screen and a cluster screen running on the latest AGL UCB release (Happy Halibut).
  • Toyota – Multimedia: 2020 RAV4 with the latest infotainment system based on AGL.
  • Tuxera – IVI/Cluster Storage Health Widget: A widget that Tier-1s, OEMs, or even end users can use to check the “health” of the flash memory storage. The demo will simultaneously demonstrate virtualization through a Xen hypervisor to run AGL and Android IVIs where the widget can be displayed.
  • VNC Automotive – Connectivity that Moves: Demonstration of seamless connectivity between IVI and the mobile devices used within the car, and how a modular architecture can future-proof IVI systems by enabling them to be enhanced with additional applications and content provided by smartphones and add-on boxes. VNC Automotive will also have the first public unveiling of their new rear-seat entertainment solution. This uses the capabilities of AGL to aggregate multimedia content from multiple sources and stream them to the screens in the back of the car, as well as passengers’ tablets and headphones.

###

Media Inquiries
Emily Olin

German Autolabs, KPIT, MontaVista, OTAinfo, OUTCERT, and Ovo also join AGL

SAN FRANCISCO, October 10, 2019 — Automotive Grade Linux (AGL), a collaborative cross-industry effort developing an open source platform for connected car technologies, announces seven new members. SAIC Motor has joined as a Silver member, and German Autolabs, KPIT, MontaVista, OTAinfo, OUTCERT, and Ovo Automotive join as Bronze members.

“We are excited to welcome SAIC Motor as our first car manufacturer from China. This will allow us to expand our global ecosystem into the Chinese and Asian markets” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “AGL now has the support of 11 automakers which account for approximately sixty percent of worldwide annual vehicle shipments. We look forward to working with SAIC and all of our other new members as we continue to expand the AGL platform to support new mobility solutions and connected car applications.”

AGL is an open source project at the Linux Foundation that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open, shared software platform for all technology in the vehicle, from infotainment to autonomous driving. Sharing a single software platform across the industry reduces fragmentation and accelerates time-to-market by encouraging the growth of a global ecosystem of developers and application providers that can build a product once and have it work for multiple automakers.

Automotive Grade Linux members will come together for the bi-annual AGL All Member Meeting on October 22-23, 2019, in Monte Carlo, Monaco to learn about the latest developments, share best practices and collaborate to drive rapid innovation across the industry. The meeting is open to all current AGL members. Details and registration information can be found here

New Member Quotes: 

German Autolabs
“German Autolabs is a pioneer in Automotive Voice Assistance,” said Holger G. Weiss, co-founder and CEO of German Autolabs. “Our full-stack conversational assistance solution is fully offline-capable and provides customizable white-label VPA technology solutions for Automotive OEM and fleet operators. Automotive Grade Linux (AGL) as a standardized operating system provides a reliable and customer agnostic framework for our embedded stack. We plan to contribute to Speech, Connectivity, Navi and UI/Graphics expert groups.”

KPIT
“We believe in Reimagining Mobility for creating a cleaner, smarter & safer world, and connected vehicles play a central role in our vision,” said Anup Sable, CTO, KPIT Technologies Ltd. “We have been working closely with several carmakers over the last decade, and our Linux based infotainment platform is part of millions of vehicles. We are proud to be part of the AGL community and the Linux Foundation, where we can contribute our expertise in infotainment, Linux, cybersecurity, clusters and connectivity.”

MontaVista
“MontaVista Software is the worldwide leader in developing, deploying and supporting commercial and industrial embedded Linux solutions and services, and we are excited about joining the AGL Community,” states Ravi Gupta, MontaVista Software’s CEO. “As the next generation vehicles become more software oriented, ensuring the quality and reliability of that software is absolutely critical to the safety and security of transportation for decades to come. Our goal is to contribute to the AGL Community in developing new features and technologies, and as well as the long term support strategy for these complex systems.”

OUTCERT
“We built a technology education platform whose foundations rely on collaboration with organizations in a very broad spectrum. Linux and Open Source technologies have disrupted each and every segment covered in that spectrum,” said Lital Shoshan Idel, CEO at OUTCERT. “We foresee significant upskilling in the automotive workforce as it embraces rapid adoption of emerging technologies.”

Ovo Automotive
“Ovo delivers virtualized Android apps to connected vehicles directly from the cloud, providing OEMs, dealers, and fleet owners full control over the screens of their vehicles by choosing the Android apps to run,” said Dr. Gilad Zlotkin, CEO and Co-founder at Ovo Automotive. “We believe that openness is one of the greatest drivers of innovation and we see value in bringing the Android apps ecosystem into AGL. Being a proactive member of Automotive Grade Linux will enable us to better serve our clients.”

SAIC
“In recent years, SAIC aims at the new trend of the development of the automobile industry — electrification, intelligent network connection, sharing and internationalization. In the future, SAIC will take intelligent network-based cars, smart travel solutions and intelligent manufacturing as an important starting point to explore and practice the broader and deeper integration of big data, cloud computing and artificial intelligence with the automobile industry, and contribute to the acceleration of transformation and upgrading of China’s automobile industry,” said Chen Hong, CEO of SAIC MOTOR. “Automotive Grade Linux (AGL) is the only organization addressing all software in the car, including Infotainment, Instrument Cluster, HUD, ADAS, Function safety and Autonomous Driving, which will help us to achieve the goal promptly.”

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Automotive Grade Linux is hosted at the Linux Foundation. Learn more at automotivelinux.org.

Media Inquiries
Emily Olin
Automotive Grade Linux
eolin@linuxfoundation.org

Private and public interests converge to advance aviation interoperability for safe and efficient drone operations under Linux Foundation’s open governance and collaboration model

SAN FRANCISCO, September 18, 2019 – The Linux Foundation today announced it will host the InterUSS Platform Open Source Project to enable trusted, secure and scalable interoperability between UAS Service Suppliers (USSs) that advances safe, equitable and efficient drone operations. Initial contributors include both industry and regulatory organizations Wing, AirMap, Uber and the Swiss Federal Office of Civil Aviation (FOCA).

Similar to the evolution of cities, our skies are becoming busier with traffic. In an effort to unleash innovation and ensure safety, aviation regulators around the world are implementing UAS Traffic Management (UTM, also referred to as U-Space) to support rapidly increasing and highly diverse drone operations. Under UTM, a set of USSs (also known as U-Space Service Providers orUSPs) assist drone operators to conduct safe and compliant operations. USSs can provide service in overlapping airspace and share data when required to support services such as a strategic deconfliction of flight plans and remote identification and industry is developing standards for this data sharing through organizations such as ASTM International. The InterUSS Project provides a forum for collaboration and development of standards-compliant, open source implementations that facilitate communication in the UTM/U-Space environment.

The InterUSS Platform supports a range of UTM / U-Space services by facilitating communications between USSs and implements the Discovery and Synchronization Service (DSS) defined in the ASTM Remote ID standard. This includes two primary functions. First, it enables a USS to discover other USSs from which it needs to obtain information about flights and constraints in the airspace. Second, it provides mechanisms that require a USS to prove that it is aware of those flights and constraints. The InterUSS Platform accomplishes these functions without requiring any personally identifiable information and enables the USSs to share data only when necessary. The InterUSS platform was developed by industry in consultation with regulators and standards bodies around the world. It also provides a framework for interoperability in NASA’s UTM Technology Capability level demonstrations and the FAA’s UTM pilot program.

“Drones and their interoperability represents one of the most important areas of innovation across the technology industry,” said Mike Dolan, vice president of strategic programs, the Linux Foundation. “We’re excited to support the InterUSS Platform and global developer community to advance drone operations around the world.”

The Foundation will use an open governance model, including a Technical Advisory Council (TAC) comprised of a variety of technical stakeholders in the drone space. Project inclusion will be determined by a review and curation process managed by the TAC.

Founding Members

 AirMap

“The InterUSS Platform enables that any drone operator, enterprise or individual can have safe and equitable access to airspace,” said Andreas Lamprecht, CTO at AirMap. “This open source implementation of the ASTM standard for the Discovery and Synchronization Service represents a huge step forward in nurturing an open, interoperable and diversified market for UAS services.”

Uber

“Drone-based deliveries have the potential to get products to people quickly and conveniently. Rolling out standards-compliant UAS traffic management services intelligently means creating a universal and secure communication protocol that drone operators can use for safely sharing the airspace. We believe this technology should be open. That’s why Uber is proud to join the InterUSS-Platform as a Premier member, as we believe this open project will advance the technology to make safe drone operations a standard feature in our lives,” said Tom Prevot, director of airspace systems at Uber Elevate.

Wing

“Interoperability through open standards is essential for a UTM ecosystem in which each USS can participate and innovate to address the unique needs of their customers,” said Reinaldo Negron, Wing’s Head of UTM. “As a compliant implementation of the ASTM Discovery and Synchronization Service, the InterUSS Platform provides the foundation for that interoperability.  Wing is looking forward to continuing our collaboration with industry partners and regulators to build safe and effective solutions for UTM.”

Federal Office of Civil Aviation (FOCA), Switzerland

“From an authority point of view, a close cooperation between industry and regulators is essential to ensure optimal conditions for Switzerland to remain a competitive location for innovation and digitalization in aviation worldwide. The Discovery and Synchronization Service is a key element of the Swiss U-Space Architecture and the development of its open source implementation, the InterUSS-Platform, is an important effort towards interoperability. Joining the Linux Foundation is therefore a logical step forward to ensure that FOCA can effectively perform its role as an enabler and oversight authority.” said Lorenzo Murzilli, Leader of Innovation and Digitalization Unit and Head of the Swiss U-space Program.

 

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of the Linux Foundation, please visit our trademark usage page at https://www.linuxfoundaton.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
pr@linuxfoundation.org