Creating a safer, greener, more secure future.

SAFERTOS® for Automotive

WITTENSTEIN high integrity systems (WHIS) has long recognised that there is an increasing need for safe, secure, embedded solutions. Our Automotive RTOS package provides responsive, feature rich functionality within a networked environment. SAFERTOS® is the perfect Real Time Operating System for the Automotive sector.

  • SAFERTOS® – Available pre-certified to ISO 26262 ASIL D. A high performance, small footprint RTOS
  • SAFECheckpoints – fulfils the requirement of ISO 26262 ASIL C&D software designs to have a runtime monitor
  • OSEK OS Adaptation Layer – creating a ‘drop-in’ OSEK OS RTOS package ideal for Automotive designs

A SAFERTOS® for Automotive App Note, detailing the options for your Automotive RTOS package, is available here.

See customer reviews, download demos, or contact us to discuss your automotive requirements.

SAFE<strong>RTOS</strong>® Pre-Certified to ISO 26262 ASIL D by TÜV SÜD.

SAFERTOS® Pre-Certified to ISO 26262 ASIL D by TÜV SÜD.

SAFERTOS® is available pre-certified to ISO 26262 -2,-6,-8 ASIL D by TÜV SÜD. The perfect Automotive RTOS solution.

The ISO 26262 standard is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/ Electronic Systems. ISO 26262 defines functional safety for automotive equipment applicable throughout the lifecycle of all automotive electronic and electrical safety-related systems to ensure the safety requirements are met.

ASIL D is the highest degree of automotive safety rating under this standard. ASIL D and is achieved by performing a risk analysis of a potential hazard that examines the severity, exposure and controllability of the vehicle operating scenario – determining the levels of risk.

When designing SAFERTOS®, our engineers have made assumptions about the safety goals and ASIL level required. These safety goals are described within the SAFERTOS® Safety Manual along with the installation and integration instructions. Developers using SAFERTOS® need to confirm that the safety goals defined by SAFERTOS® meet the requirements of their projects.

SAFERTOS® supports certification to ISO 26262 -2,-6,-8 ASIL D for use within automotive safety products.

OSEK OS Adaptation Layer (Optional)

OSEK is an open standard, published by a consortium founded by the automobile industry. OSEK was designed to provide a standard software architecture for the various Electronic Control Units (ECUs) in a vehicle.

SAFERTOS® can be supplied with an optional OSEK OS adaptation layer, supporting OSEK OS Conformance Classes BCC1, BCC2, ECC1 and ECC2. This allows SAFERTOS® to be used as a drop-in component within OSEK OS compliant systems, which are frequently used within automotive embedded systems.

SAFECheckpoints Runtime Verification Monitoring (Optional)

There is an expectation within ISO 26262 that runtime verification monitors will be used to detect, indicate and handle systematic faults within software rated ASIL C and D.

SAFERTOS® includes a range of built-in error checking routines. Additionally, there is the optional SAFECheckpoints module which provides SAFERTOS® with a sophisticated Task Monitoring capability, ensuring the scheduling of Tasks is occurring as intended. The Checkpoints mechanism allows the user to specify timing tolerances for critical sections of code; this can be used to ensure that:

  • Periodic tasks run within tolerances.
  • Sections of processing within tasks complete on time.
  • Interrupt event to handler task processing completes within allowable tolerances.
  • Complex functionality involving multiple tasks completes within allowable tolerances.

Individual checkpoints can specify their own call back function or the system error hook can be activated.

  • Single shot and Periodic checkpoints can be created.
  • Periodic checkpoints can operate in fixed or relative timing modes.

Supported Processors

SAFERTOS® supports all the common architectures used within automotive devices. We have worked closely with Texas Instruments to create a highly optimised port of SAFERTOS® for the Hercules safety controller family, with Infineon for the AURIX Tri-core, and with many other semiconductor companies.

To see our currently supported platforms please see our SAFERTOS® page, or contact us for the most up to date list.

Free Demos & Manuals

Download fully functional, time-limited SAFERTOS® demos, plus manuals, datasheets, and more.

Safety & Performance

Risk reduction is imperative in road vehicle applications that could become life threatening should they fail.

  • SAFERTOS® provides high speed and high performance without compromising safety.
  • SAFERTOS® is a highly deterministic micro kernel that has a minimum ROM footprint in the region of 10 K Bytes.
  • SAFERTOS® contains no dead or unused code and is statically defined at compile time.

It uses deterministic, pre-emptive, priority-based Task scheduling to ensure the primary safety goal – that the highest priority Task able to execute is the Task currently running. SAFERTOS® delivers intrinsic safety checking of key data variables by using inverted mirrored data and enhanced parameter checking.

SAFERTOS® contains features that assist designers of safety critical systems. For example, SAFERTOS® provides tools allowing developers to add a degree of spatial separation between tasks, which used effectively, can help guard against tasks directly making unintentional or accidental access to incorrect memory regions.

With an imperceptible boot time SAFERTOS® is an ideal choice in systems that need to protect users and automotive components from hazards quickly after a power on or brown out event.

Security in Your Automotive Application

Security in Your Automotive Application

Whilst security has always been important, it has become even more of a priority over the last few years. We take cyber security very seriously, and can provide a variety of solutions.

One cyber security risk factor to consider is the length of the supply chain. The more companies you have in your software supply chain, the greater the risk. SAFERTOS® is developed completely in-house here at WHIS, with every line of code accounted for and verified, providing a very strong justification for using SAFERTOS® within security applications.

For additional security, we offer SAFECRC Checker, a safety component from WHIS that can be used in conjunction with SAFERTOS®. SAFECRC Checker guards against corruption and malicious attack by confirming the correctness of your program memory. More about SAFECRC Checker here.

Strengthen Security in Safety-Critical Systems with SAFERTOS® ESM

SAFERTOS®, a leading safety critical RTOS, offers the optional Enhanced Security Module (ESM) to bolster security in automotive environments to comply with the ISO 21434 automotive cybersecurity standard. ISO 21434 is an ISO standard for integrating cybersecurity into automotive development, addressing risks in electronic systems and emphasizing risk management, security in design, validation, and incident response.

Enhanced Security Module: Threat Containment

The ESM is designed to effectively detect and attempt to contain cyber threats. If a threat is identified, the ESM attempts to restrict impact on the compromised Task, preventing it from compromising the entire system. This reduces potential damage to the embedded software application.

Key Features of SAFERTOS® Enhanced Security Module:

  • Enhanced Spatial Separation:
    The ESM provides the tools to implement a robust mechanism to isolate tasks, helping to prevent unauthorized access to memory regions of other tasks.
  • Granular Access Control:
    SAFERTOS® ESM features a configurable Access Control Policy (ACP) for the RTOS API and an Object Access Control Policy (OACP) for system objects like queues and semaphores. This ensures that only authorized tasks can access specific resources.
  • Penetration Detection:
    The ESM includes a built-in penetration detection mechanism that actively monitors for suspicious activity and alerts the application of potential attacks.

Complete Transparency with Design Assurance Pack (DAP)

SAFERTOS® ESM comes with a comprehensive DAP that provides complete transparency into the development process. The DAP includes essential documentation necessary to achieve certification:

  • Threat Assessment and Remediation Analysis (TARA);
  • Cybersecurity Analyses Report (CAR);
  • Security Manual.

Why Choose SAFERTOS® ESM for your embedded project?

  • Enhanced Security for Automotive RTOS:
    Developed specifically for automotive applications, SAFERTOS® ESM aligns with ISO 21434, a critical standard for automotive cybersecurity.
  • Supports ASIL D Requirements:
    SAFERTOS® with the ESM is suitable for automotive applications requiring ASIL D compliance, the highest safety integrity level in ISO 26262 for automotive functional safety.
  • Security-Focused RTOS:
    At WITTENSTEIN high integrity systems, automotive security is paramount. That’s why our ESM is built to align with ISO 21434 standards to safeguard your connected vehicles.

More questions about the ESM? Contact us today.

Automotive Design Assurance Pack

SAFERTOS® is supplied as source code and accompanied by a Design Assurance Pack (DAP). The DAP contains all the design and verification artefacts required to support the standards ISO 26262 ASIL D -2,-6,-8.

SAFERTOS® is delivered tailored to your specific processor/compiler combination, removing the need for retesting on the target hardware, and creating a smooth path to certifying SAFERTOS® integrated within a product. The DAP ensures:

  • No retesting on target hardware is required
  • Easy installation and integration into your development environment
  • Reduced development costs and improved time to market
  • Smooth path to certifying SAFERTOS® within an application

Ask Us a Question

For pricing, licensing, or any other sales or product related questions, please contact us.

Ask us a question

Support and Services

For every RTOS purchased, we supply 12 months free Support and Maintenance. For any question you want answered, any support or guidance that you need during design decisions, we are right there ready to help you. Our engineers enjoy sharing their engineering experiences, and take great pride in providing a responsive, friendly and helpful service. To see more about the support offered, including technical help and updates, view our support page.

One of the advantages of a Support and Maintenance contract is the re-validation of SAFERTOS®. Once per year, on request, WHIS will re- validate SAFERTOS® for a newer version of the compiler, meaning you always have access to the latest tools.

Exceptional High Quality

WHIS uses a high integrity lifecycle to develop, maintain and support SAFERTOS® and its Design Assurance Packs that’s supported by a deeply institutionalised Quality Management System (QMS). Work started on the QMS in 1999, when WHIS was developing flight control systems. Over the subsequent years WHIS has developed its QMS to encompass the range of applications and standards it supports today, as demand for its products and services has broadened and deepened.

Lloyds Register LRQA UK independently certifies the WHIS QMS to ISO 9001, with the applicable scope:

Design, development, installation and support of high integrity systems and software for medical, aviation and industrial applications.
Lloyds Register LRQA UK


Which RTOS is used in automotive?

Different RTOSes are used in cars depending on their job and safety needs. For critical systems, a certified RTOS like SAFERTOS® is necessary to meet strict safety regulations.

What is the most popular RTOS?

FreeRTOS is a free and popular choice for many devices. However, SAFERTOS® is specifically designed for safety critical applications and is pre-certified to ISO 26262. There is an easy upgrade path from FreeRTOS to SAFERTOS®. See our training videos or start using SAFERTOS® for free in our download centre.

What automotive applications use a real-time operating system?

Automotive applications that use an RTOS include:

  • Digital cockpits;
  • Engine control units;
  • Radar/vision systems;
  • Cameras and sensors;
  • Advance driver assist systems;
  • Autonomous drive systems.


AUTOSAR OS is part of a standard system for car software, while SAFERTOS® focuses specifically on safety and meets safety standards like ISO 26262 and IEC 61508.

Beyond SAFERTOS® for Automotive

  • SAFERTOS® CORE: for automotive devices that only need to consider safety and don’t require full certification.
  • Safety Plugins: bring greater robustness to safety critical automotive designs. WHIS Safety components are available with a Design Assurance Pack supporting certification to automotive standards.
  • Board Support Packages and Drivers: delivered either as commercial grade components, or with a Design Assurance Pack supporting submissions and certifications.
  • Training: maximise the use of your RTOS and increase development proficiency by attending one of our comprehensive training courses.
  • Peer review services: sometimes just a few hours of consultancy to review a preliminary automotive design, and check the proposed design approach is taken is correct, can deliver significant benefits to the outcome of a project.
  • Consultancy services: designed to support our automotive customers, allowing us to share our knowledge and experience of automotive device development to help optimise the final design, improve the design processes and smooth the route to certification.