Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Homogeneous Multicore is not new! 2 mentor.com/embedded
Neither is Heterogeneous Multicore! 3 mentor.com/embedded
The World is More Connected 4 mentor.com/embedded
Connectivity includes Cars This isn t just an evolution of technology-enabled, connected vehicles. This goes beyond self-driving cars. And it s more than a simple sensor-network: This is the era of smart mobility an Internet of Cars. Thilo Koslowski Vice President, Distinguished Analyst Automotive practice at Gartner Inc. Source: http://www.wired.com/opinion/2013/01/forget-the-internet-of-things-here-comes-the-internet-of-cars/ 5 mentor.com/embedded
Security 6 mentor.com/embedded
Shorter Cycles 7 mentor.com/embedded
Increasing Vehicle Complexity Up to 65 million lines of code, 30 million for the multimedia system 25-200 microprocessors Recent high-end luxury car ECU connections: 10 for FlexRay, 73 for CAN and 61 for LIN Base vehicles employ 1,376 wires with a total length of 2,474 meters. A fully optioned vehicle requires 2,385 wires, with a total length of 4,293 meters. 500 LEDs are deployed, no light bulbs Source: The Hansen Report on Automotive Electronics, July/August 2013 100 motors in the interior 8 mentor.com/embedded
ARM Embedded Processors 9 mentor.com/embedded
SoCs Rapidly Changing, Functionality Increases Rapid Production Change 10 mentor.com/embedded
Linux As in many markets the adoption and use of Linux is accelerating in the automotive domain, including for In-vehicle infotainment Cluster Advanced Driver Assistance Functions 11 mentor.com/embedded
Memory Peripherals A Solution Approach: Virtualization Embedded hypervisors High performance, e.g. runtime and boot time Strong isolation Highly robust Hypervisor Security Strong isolation and containment of guests Secure critical information and software Widespread use of open source software Embedded Linux gaining widespread adoption System robustness allowed by separation IP protection provided through system partitioning RTOS RTOS SW Stack 1 SW Stack 2 Hypervisor CPU Core CPU Core CPU Core CPU Core RTOS Bare-Metal 12 mentor.com/embedded
Virtualization: oversubscription Apps Linux App RTOS App BME Mem vdev Mem Dev Mem Dev Hypervisor CPU CPU Devices Memory When more guests need to run than cores available 13 mentor.com/embedded
Virtualization: consolidation Apps Apps Apps Apps Linux Linux Linux Android Mem vdev Mem vdev Apps Apps Mem vdev Mem vdev Linux RTOS/BM Mem vdev Mem vdev Hypervisor Hypervisor CPU CPU CPU CPU Devices Memory Hypervisor CPU CPU CPU CPU Devices Memory CPU CPU CPU CPU Devices Memory Reliably run multiple of the same or different guests 14 mentor.com/embedded
Virtualization: robustness and security Apps Apps Apps Apps Apps Apps Apps Apps Linux, RTOS, Bare Metal Linux, RTOS, Bare Metal Devices Memory Devices Memory Hypervisor Trusted Execution Environment CPU CPU CPU CPU Devices Memory Devices Memory Increase reliability of the existing software by enabling virtualization, security and separation capabilities of the hardware 15 mentor.com/embedded
Security via ARM TrustZone ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. Security can be further enhanced via Trusted boot Security through separation 16 mentor.com/embedded
ARM TrustZone worlds Apps App App Apps App App LINUX RTOS DRM LINUX RTOS DRM Mem vdev Mem Dev Mem Dev Mem vdev Mem Dev Mem Dev Hypervisor Hypervisor CPU CPU CPU CPU CPU CPU CPU CPU Devices Memory Devices Memory Device A Device B Memory Memory Device A Device B Memory Memory Normal World Secure World 17 mentor.com/embedded
ARM TrustZone example Software that runs in the Normal World is assumed to be flawed from a safety and security perspective. This software is expected to contain bugs, exploits, hacks, faults, or irregularities that could expose sensitive information or functions. Secure World applications have complete access to the hardware and resources that are associated with both worlds. TrustZone does nothing to improve the safety or security of the Trusted software itself which must be explicitly tested and independently validated. 1 2 3 4 5 6 7 8 9 * 0 # Secure Element (SecurCore) 18 mentor.com/embedded
Virtualization uses in automotive Security and Robustness Isolation of critical software from the rest of the code and reducing the burden of testing and re-certification Licensing and IP Separation Partitioning of the software with incompatible licensing terms and protecting of proprietary IP from open source licensing terms Software Reuse Upgrade path from an RTOS based device to the one that incorporate Linux, allowing to leverage Linux software ecosystem while preserving legacy investment Real Time Performance Devices that take advantage of Linux ecosystem and wealth of existing functionality could benefit from real time responsiveness of BM guest Fast Startup Starting VMs in a particular order would help with staged boot process 19 mentor.com/embedded
Automotive Virtualization Requirements Type 1 (bare metal) hypervisor Sub 10K LOC code base Exploit hardware virtualization extensions for security and efficiency Hypervisor with a Security focus Strong isolation and containment of guests Secure critical information & software (TrustZone support and Trusted Execution Environment implementation) Multi-Core and Multi-Guest enabled Multicore Capable: Single VM on a multiple cores Multiple VMs on a single or multiple cores Combine UP and SMP guests 20 mentor.com/embedded
Automotive Virtualization Requirements Hardware Support ARM Cortex A9: i.mx6 reference platform ARM Cortex A15: OMAP5 and J6 reference platforms Flexible Scheduling Dedicate guests to cores or time-slice core for multiple VMs Extensive Device Model Flexibility & Performance Directly-assign devices for performance - GPUs, NICs Virtual device model to share device between VMs - Ethernet and Serial Guest Support GENIVI compliant YOCTO based Linux distribution Android RTOS Bare-Metal environment Configurations Linux - Linux, Linux -Android, Linux - BME, BME 21 mentor.com/embedded
Summary Security and Separation Exposure via many connectivity options increases attack surfaces and jeopardizes reliable system function. Highly integrated systems need separation and protection of the sensitive data. Performance Highly integrated systems need separation and protection of the sensitive data. Widespread use of Linux and other Open Source Software Ecosystems of applications offer in-vehicle consumer demanded experiences. Protection of software license rights. Separation, Security and Performance are increasingly important for the embedded systems driven to a large extent by the Intelligent and Open Devices in vehicles and the Internet of Things 22 mentor.com/embedded
Q & A 23 mentor.com/embedded