FACE TIM/MOSA Summit: September 2023
I am certain that there will be some formal write-ups in the coming days from esteemed journalist channels like Military Embedded, but we thought we...
At Lynx, we see the support of standards for mission critical systems as just the start. That is because APIs don’t define system behavior and timing. This thoughtful piece by our CTO, Will Keegan, shares more detail about the challenges facing system architects that create deterministic systems for deployment in military and avionics platforms.
The U.S. Department of Defense’s (DoD) Modular Open Systems Approach (MOSA) aims to design systems with highly cohesive, loosely coupled, and severable modules that can be competitively sourced from independent suppliers. Frank Kendall, US Air Force Secretary, highlighted this importance as a key element regarding the Next Generation Air Dominance (NGAD) aircraft. MOSA calls out support for suppliers to be Future Airborne Capability Environment (FACE) conformant, something that Lynx has fully embraced with certificates of conformance for Arm, PowerPC, and x86 architectures.
The Program Executive Office (PEO) of the US Army faces the challenge of modular and incremental deployment of software capabilities. The PEO Aviation (AVN) Enterprise has a platform entitled “Aviation Mission Computing Environment” (AMCE) and is developing its Component Specification Model (CSM).
The AMCE CSM comprises configurable processing, Software Operating Environment (SOE), and software loading requirements. In May 2023, a paper proposed definitions for software modules, operating system properties, and key technologies for two distinct SOEs:
The team asserts that the safety critical SOE must also define a Health Monitor in the FACE I/O Services Segment (IOSS) and an ARINC 653 VM API. If multi-core processor hardware is used for the safety critical SOE, IMA’s “robust partitioning” must be achieved, and the effects of interference channels must be mitigated in accordance with CAST-32A or similar guidance.
The computational subsystem containing a mission critical SOE requires an operating environment that can rapidly integrate capability. Shown below, due to the relief in certification requirements, the operating system replaces the hypervisor in the Safety Critical System and allows use of Symmetric Multicore Processing (SMP) at the OS level. It is then possible to use native containers, the general-purpose operating system or the hypervisor to provide the partitioning needed for DAL D-E mission capability application separation.
The Vertical Flight Society is distributing the paper so we cannot provide a copy here. If you have issues tracking it down via that path, feel free to contact us here and we will happily point you in the right direction. |
![]()
|
I am certain that there will be some formal write-ups in the coming days from esteemed journalist channels like Military Embedded, but we thought we...
We have defined three fundamental horizons that have become a framework of everything that we are doing at Lynx. The first horizon is what I will...
THROUGH THE LENS OF ENGINEERING Recently I read a McKinsey article on “Cracking the complexity code in embedded systems development”, a brilliant...