Xen Project Automotive and Embedded Overview

Similar documents
Security and Performance Benefits of Virtualization

Xen Automotive Hypervisor Automotive Linux Summit 1-2 July, Tokyo

Multicore platform towards automotive safety challenges

Heterogeneous Real-Time SoC Software Architecture

HW isolation for automotive environment BoF

Virtual Open Systems (VOSyS)

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

Designing Security & Trust into Connected Devices

New ARMv8-R technology for real-time control in safetyrelated

Compute solutions for mass deployment of autonomy

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Linux and AUTOSAR Vector Informatik Congress, Stuttgart,

Safe Multi-Display Cockpit Controller

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Xen Community Update. Ian Pratt, Citrix Systems and Chairman of Xen.org

10 Steps to Virtualization

Designing Security & Trust into Connected Devices

NEXT GENERATION INFOTAINMENT CONNECTIVITY AND TELEMATICS SOFTWARE FROM PROOF-OF-CONCEPT TO START-OF-PRODUCTION

Real-Time Systems and Intel take industrial embedded systems to the next level

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Growth outside Cell Phone Applications

HPE ProLiant ML350 Gen P 16GB-R E208i-a 8SFF 1x800W RPS Solution Server (P04674-S01)

How to protect Automotive systems with ARM Security Architecture

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

HPE ProLiant ML350 Gen10 Server

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Domain Interaction Strategy

Interaction between AUTOSAR and non-autosar Systems on top of a Hypervisor

The Missing Piece of Virtualization. I/O Virtualization on 10 Gb Ethernet For Virtualized Data Centers

Integration of Active Noise Control in future IVI system designs

Wayland IVI Extension

Xen on ARM. Stefano Stabellini

Advanced IP solutions enabling the autonomous driving revolution

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016

Virtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software

Abstract. Testing Parameters. Introduction. Hardware Platform. Native System

ARM processors driving automotive innovation

Autonomous Driving Solutions

Xen Project Status Ian Pratt 12/3/07 1

Designing Security & Trust into Connected Devices

Intel s s Security Vision for Xen

ARM Security Solutions and Numonyx Authenticated Flash

A Developer's Guide to Security on Cortex-M based MCUs

Junhong Jiang, Kevin Tian, Chris Wright, Don Dugger

A Big Little Hypervisor for IoT Development February 2018

Xen Project Overview and Update. Ian Pratt, Chairman of Xen.org, and Chief Scientist, Citrix Systems Inc.

WHY SHOULD I USE OVM. For Oracle Databases By Francisco Munoz Alvarez Oracle Professional Services Manager

Acano solution. White Paper on Virtualized Deployments. Simon Evans, Acano Chief Scientist. March B

Software Verification for Low Power, Safety Critical Systems

BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

What s New (and better) in Qt

Security for the Xen Hypervisor Status Quo & Perspective 2006

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

Presentation's title

Optimizing and Enhancing VM for the Cloud Computing Era. 20 November 2009 Jun Nakajima, Sheng Yang, and Eddie Dong

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

The Next Steps in the Evolution of Embedded Processors

A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

Integrating ROS and ROS2 on mixed-critical robotic systems based on embedded heterogeneous platforms

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

Lars Kurth Community Manager, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix

Data Protection for Cisco HyperFlex with Veeam Availability Suite. Solution Overview Cisco Public

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Meet Qt. The Leading Cross-Platform Application and UI Framework. The Qt Company. June

BOSCH CASE STUDY. How Bosch Has Benefited from GENIVI Adoption

Fundamentals of HW-based Security

Real Safe Times in the Jailhouse Hypervisor Unrestricted Siemens AG All rights reserved

Huawei FusionCloud Desktop Solution 5.1 Resource Reuse Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01.

ARM instruction sets and CPUs for wide-ranging applications

Exploring System Coherency and Maximizing Performance of Mobile Memory Systems

Software architecture in ASPICE and Even-André Karlsson

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Heterogeneous Software Architecture with OpenAMP

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

SCALE 14X. The Bare-Metal Hypervisor as a Platform for Innovation. By Russell Pavlicek Xen Project Evangelist

Making Supercomputing More Available and Accessible Windows HPC Server 2008 R2 Beta 2 Microsoft High Performance Computing April, 2010

Components & Characteristics of an Embedded System Embedded Operating System Application Areas of Embedded d Systems. Embedded System Components

automatisiertensoftwaretests

Safety and Security for Automotive using Microkernel Technology

Enterprise-class desktop virtualization with NComputing. Clear the hurdles that block you from getting ahead. Whitepaper

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

10 th AUTOSAR Open Conference

White Paper. Securing the virtual infrastructure without impacting performance

VMware vsphere with ESX 4 and vcenter

Open Source in Automotive Infotainment

Wind River Android Solutions

IoT It s All About Security

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Using the MPU with an RTOS to Enhance System Safety and Security

Performance Evaluation of Virtualization Technologies

EC H2020 dredbox: Seminar School at INSA Rennes

CLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University

CONCEPTS GUIDE BlueBoxx

The Road to a Secure, Compliant Cloud

Open Server Architecture

Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors

Transcription:

Xen Project Automotive and Embedded Overview April, 2018 Lars Kurth Chairman, Xen Project Advisory Booard This work is licensed under a Creative Commons Attribution-Share Alike 4.0 (CC BY-SA 4.0) GENIVI is a registered trademark of the GENIVI Alliance in the USA and other countries. Copyright GENIVI Alliance 2018.

Agenda Ecosystem Overview Xen Project Capabilities and Challenges The Elephant in the Room: Safety Certification

Examples: Defense/Embedded OpenXT www.openxt.org FOSS Platform for security research, security applications and embedded appliance integration building on Xen & OpenEmbedded Part fork of Xen Project, but significant effort to un-fork has started in 2017. Several key players: AIS, Apertus Solutions, BAE Systems, U.S. Air Force Research Laboratory Virtuosity dornerworks.com Consultancy with embedded/avionics/ medical focus. Maintains Virtuosity Hypervisor with support for a XILINX and NXP Arm SoCs. Product variant of Virtuosity for defence/avionics use-cases. 2 nd generation product (predecessor = ARLX released in 2015). Certification packages for: DO-178, IEC 62304, ISO 26262 Standards: ARINC 653, Vehicular Integration for C4ISR/EW Interoperability (VICTORY), Future Airborne Capability Environment (FACE ) XenZynq xilinx.com Xen Zynq Distribution originally developed by Dornerworks. Latest product incarnation is called Virtuosity Hypervisor. Investing in Xen Functionality related to power management and managing heterogeneity in general.

Examples: Automotive EPAM epam.com Product: Fusion Scalable & secure software deployment platform for distributed (cloud+vehicle) automotive service products. Uses isolated Xen VM in vehicles to deploy service containers. Ongoing Contributions: PV drivers: input, sound & DRM Xen OP-TEE support Co-processor (GPU) sharing framework Hard real-time support research Power Management & HMP RTOS Dom0 / Dom0-less system Safety certification GlobalLogic globallogic.com Product: Nautilus Pioneered Xen based automotive solution. Used to be very active within the Xen Project from 2013-2016, but recently has been primarily product focused. Misc Automotive vendors that occasionally contribute to and engage with the Xen Project. Renesas HW enablement in Xen. Test Platforms for Xen Project CI. Bosch Car GmbH Code Contributions since 2015 LG, ADIT, Samsung Not much information

Agenda Ecosystem Overview Xen Project Capabilities and Challenges The Elephant in the Room: Safety Certification

Automotive Requirements vs. Xen Project Compute Requirements C1: Static resource partitioning and flexible on-demand resource allocation (CPU, RAM, GPU and IO) Xen Project Core functionality, multiple schedulers, GPU/co-processor sharing, memory ballooning, etc. C2: Memory/IO bus bandwidth allocation and rebalancing WIP: Effort by several parties to enable Hard RT support on Xen Peripherals Requirements P1: GPU and displays shall be shared between execution environments supporting both fixed (each one talks to its own display or to a specified area on a single display) and flexible configurations (shape, z-order, position and assignment of surfaces from different execution environments may change at run time). P2: Inputs shall be routed to one or multiple execution environments depending on current mode, display configuration (for touchscreens), active application (for jog dials & buttons), etc. P3: Audio shall be shared between execution environments. Sound complex mixing policies for multiple audio streams and routing of dynamic source/sink devices (BT profiles, USB speakers/microphones, etc.) shall be supported. P4: Network shall be shared between execution environments. Virtual networks with different security characteristics shall be supported (e.g., traffic filtering and security mechanisms). P5: Storage shall support static or shared allocation, together with routing of dynamic storage devices (USB mass storage). Xen Project Via GPU sharing (and WIP coprocessor sharing), PV Drivers (PV DRM) Via PV Drivers (PV KBDFRONT) Via PV Drivers (PV SOUND) Via PV Drivers & Disaggregation Xen Security Modules Via PV Drivers

Automotive Requirements vs. Xen Project, continued Security Requirements SE1: Root of Trust and Secure boot shall be supported for all execution environments. SE2: Trusted Computing (discrete TPM, Arm TrustZone or similar) shall be available and configurable for all execution environments. SE3: Hardware isolation shall be supported (cache, interrupts, IOMMUs, firewalls, etc.). Safety Requirements SA1: System monitoring shall be supported to attest and verify that the system is correctly running. SA2: Restart shall be possible for each execution environment in case of failure. SA3: Redundancy shall be supported for the highest level of fault tolerance with fall-back solutions available to react in case of failure. SA4: Real time support shall be guaranteed together with predictive reaction time. Xen Project x86: TPM 2.0, Intel TXT, AMD SVM Arm: supported with OPTEE x86: in Xen; some extras in OpenXT Arm: OPTEE (WIP: up streaming) Core functionality (except firewalls) Xen Project Can be implemented through VMI in Hypervisor, agents outside or through a hybrid Core Functionality WIP: This has to be analysed in scope of "safety certification" initiative, as well as "dom0-less" Xen and "minimal" Kbuild Different scheduler options with different trade-offs. WIP: Benchmarks with recommendations and Hard RT support.

Automotive Requirements vs. Xen Project, continued Performance and Power Consumption Requirements PP1: Virtualization performance overhead shall be minimal: 1-2% on CPU/memory benchmarks, up to 5% on GPU benchmarks. PP2: Predictability shall be guaranteed. Minimal performance requirements shall be met in any condition (unexpected events, system overload, etc.). PP3: Execution environments fast boot: Less than 2 seconds for safety critical applications, less than 5 seconds for Instrument Cluster, and 10 seconds for IVI. Hibernate and Suspend to RAM shall be supported. PP4: Execution environments startup order shall be predictable. PP5: Advanced power management shall be implemented with flexible policies for each execution environment. Xen Project Arm: fulfils requirements x86: not verified Different scheduler options with different trade-offs. Benchmarks with recommendations in progress. Possibly some code changes will be up streamed. Arm: Proven by both GlobalLogic and EPAM Core functionality Arm: Partially implemented (not yet up-streamed). Further work by EPAM, XILINX and Aggios planned.

Agenda Ecosystem Overview Xen Project Capabilities and Challenges The Elephant in the Room: Safety Certification

Our Approach for now: Make it easier for down-streams to Safety Certify MISRA Compliance 1 Identify compliance partner that is willing to work with the project PRQA 2 WIP: Formalize relationship between vendor and the project 3 Iteratively address compliance issues within the Xen Project community: start with potentially controversial and high impact issues. Dom0 RTOS (e.g. FreeRTOS) as Dom0, or Dom0-less stack with minimal management tools. Lead Community Member EPAM Dornerworks as collaborator Minimal Xen Create minimal Kbuild for Xen as a reference, using Renesas R-Car as starting point Lead Community Member Stefano Stabellini EPAM, Dornerworks, XILINX and others as collaborators Reliable data about achievable minimal code size and community challenges that need to be resolved Note: Dom0 and Minimal Xen do not need to be complete to get sufficient data Certification Partners 1 WIP: Identify possible certification partners and understand the framework they are willing to work with. Note: Dornerworks is a possible partner given past certification experience on Xen 2 Formalize relationship between vendor and the project 4 Complete MISRA compliance work for majority of issues. Stage 2: Create shared certification artefacts under the guidance/with support from certification partner Adapt development processes, where feasible.

Code Size: Where are we starting from Arm Full ARM 64 and 32 bit, with everything enabled. x86 On x86 Xen, there is little configurability today, but Components K SLOC Calculation K SLOC /xen/common 33.4 /xen/arch/arm 19.8 /xen/drivers 16.0 Total 69.3 Xen on ARM64 with ACPI (used in servers) and ARM32 disabled is 60K SLOC today. Future: A minimal Xen configuration for a small set of boards should be in the order of 40K to 50K SLOC, smaller if common code can be aggressively removed via Kconfig. x86 with everything enabled 325 x86 PVH for Intel only, no server features 128 However, the 128K SLOC figure includes most Intel SKUs. Focusing on the latest hardware only should reduce this significantly. Cost Example: DO-178C, 45K SLOC DAL E (0.11 h/sloc): 2.4 man years ASIL-A DAL C (0.20 h/sloc): 4.5 man years ASIL-B/C DAL A (0.67 h/sloc): 15 man years ASIL-D Hours for vendor with certification experience Perspective: Total Xen Community Dev Effort 2014-2017: 41 to 50 man years per year Using conservative COCOMO model

Thank you! Visit GENIVI at http://www.genivi.org or http://projects.genivi.org Contact us: help@genivi.org This work is licensed under a Creative Commons Attribution-Share Alike 4.0 (CC BY-SA 4.0) GENIVI is a registered trademark of the GENIVI Alliance in the USA and other countries. Copyright GENIVI Alliance 2018.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback