Written by Jonathan Cartrette, Zephyr community member and Director of Technology, IoT Systems, Legrand North America
We as a species have created an interdependence on technology. That interdependence has created billions of lines of deeply embedded code of widely varying quality that age offline for decades latently in possession of connectivity, sensors, and actuators that can do damage. The resource combination (in particular) of large capacity/ ultra-low-power Cortex M3-M4 or similar sized RISC-V running Zephyr OS presented the first scalable, transparent vision I’d seen to bring all the code everywhere in such devices up to an exceptional code quality level. Even if it’s a kids toy, these devices have the connectivity and resources to do harm. We as a community must fix all the code. And that means giving even the “least important” projects in the embedded, connected products realm the chance at the best possible starting basis for both initial code quality and maintenance.
Why? Deeply embedded code has transitioned from “Fly by wire” to “Fly by algorithm” with few if any laypeople realizing the subtlety. I mean for “fly by wire” to generally indicate embedded systems that generally would simply transfer the intent and direct motion of the user to do something physically impossible; like lift an aileron ~50ft long against the gale of a 500kt airspeed. The system is absolutely necessary and its failure by any means, including compromised functional quality or intentional tampering, have the same consequences. Yet in all cases, generally it will be the failure of the system to be able to respond to the user inputs or threshold triggers. Not a failure of the will of the system to act.
“Fly by algorithm” on the other hand I mean to refer to the potential for exactly that; a system where sufficient portions of functionality are delegated to a supervisory digital process that is allowed to tell the user “no.” A deeply embedded sheep dog, if you will, with one specific flock of sensors and actuators to herd, and the user is to trust the proven reliability of the noble canine. But when algorithms “byte” we get Boeing 737-MAX. When algorithms attack systems from within their deeply embedded nature means that they are denied access to some set of sensors and actuators and it should make one think, “I can’t do that, Dave.” If they get to get that level of power the code needs to bullet-proof functionality with extreme transparency. And that’s true with way more than airplanes because the connectivity in these devices means that they can directly interact with so many other devices in our lives
An answer Zephyr RTOS is providing is to the question of, “How do we scale a global uptick in code quality?” Unfortunately, the answer is perhaps the least interesting thing to talk about for many; basic operational efficiency of development teams. The intent for the LTS builds to carry forward certifications that can show no disruptions to pedigree and provenance won’t just scale the avoidance of test and certification effort. There will be a snowball of deferred certification and testing costs accruing over time.
Why Zephyr enables this vision has to do with the toolchain and build system, and even repository structures for shared libraries and modules. The community is effectively building an ecosystem-enabler, not just an RTOS. DevOps pipelines for embedded and deeply code are pure gold for software and firmware sustaining, but they are not new concepts. Zephyr OS making this available for free from the community at this level of vision and quality is a proof point of the vision of the project to see the next frontier of problems to solve as we scale the IoT.