Real-Timeness and System Integrity on a Asymmetric Multi Processing configuration D&E Event November 2nd Relator: Manuele Papais Sales & Marketing Manager 1
DAVE Embedded Systems DAVE Embedded Systems' HEADQUARTER Via Talponedo, 29/A 33080 Porcia, Italy DAVE Embedded Systems' BRANCH OFFICE Maximilianstrasse, 13 80539 München, Germany
DAVE Embedded Systems Sales Offices: USA California UK Swindon France Paris Israel Tel Aviv Belgium / The Netherlands Telerex B.V. Now opening: Japan DAVE Embedded Systems' HEADQUARTER Via Talponedo, 29/A 33080 Porcia, Italy DAVE Embedded Systems' BRANCH OFFICE Maximilianstrasse, 13 80539 München, Germany
DAVE Embedded Systems Concept and Design of Embedded Systems
DAVE Embedded Systems Solutions Provider Concept and Design of Embedded Systems Supporting and Promoting Customer Ideas and Concepts from Scratch to Business
Products Portfolio
Products Portfolio System On Modules Texas Instruments SITARA, DA VINCI NXP i.mx6... XILINX Zynq
Products Portfolio System On Modules Single Board Computers Texas Instruments SITARA, DA VINCI Wall mount NXP i.mx6... DIN Bar mount XILINX Zynq
Products Portfolio System On Modules Single Board Computers Customized Solutions Texas Instruments SITARA, DA VINCI Wall mount Based on customer requirements NXP i.mx6... DIN Bar mount Based on existing proven solutions XILINX Zynq
Products Portfolio System On Modules Single Board Computers Customized Solutions Texas Instruments SITARA, DA VINCI Wall mount Based on customer requirements NXP i.mx6... DIN Bar mount Based on existing proven solutions XILINX Zynq Available with advanced SW elements
Products Portfolio System On Modules Single Board Computers Customized Solutions Texas Instruments SITARA, DA VINCI Wall mount Based on customer requirements NXP i.mx6... DIN Bar mount Based on existing proven solutions XILINX Zynq Available with advanced SW elements Linux Kernel & Drivers
Products Portfolio System On Modules Single Board Computers Customized Solutions Texas Instruments SITARA, DA VINCI Wall mount Based on customer requirements NXP i.mx6... DIN Bar mount Based on existing proven solutions XILINX Zynq Available with advanced SW elements Linux Kernel & Drivers Android BSP
Products Portfolio System On Modules Single Board Computers Customized Solutions Texas Instruments SITARA, DA VINCI Wall mount Based on customer requirements NXP i.mx6... DIN Bar mount Based on existing proven solutions XILINX Zynq Available with advanced SW elements Linux Kernel & Drivers Android BSP FPGA Vivado Project and SDSoC/HLS examples
Products Portfolio System On Modules Single Board Computers Customized Solutions Texas Instruments SITARA, DA VINCI Wall mount Based on customer requirements NXP i.mx6... DIN Bar mount Based on existing proven solutions XILINX Zynq Available with advanced SW elements Linux Kernel & Drivers Android BSP FPGA Vivado Project and SDSoC/HLS examples RTOS Integration/examples
AMP Asymmetric Multi Processing BIG - LITTLE NXP Vybrid TI AM335...
AMP Asymmetric Multi Processing BIG - LITTLE SIMMETRIC NXP Vybrid TI AM335... NXP i.mx6 DUAL Lite NXP i.mx6 DUAL NXP i.mx6 QUAD...
AMP Asymmetric Multi Processing BIG - LITTLE SIMMETRIC NXP Vybrid TI AM335... NXP i.mx6 DUAL Lite NXP i.mx6 DUAL NXP i.mx6 QUAD...
Cortex-A9 architecture Multicore platform approach Low power architecture Industrial grade proof
Cortex-A9 architecture Multicore platform approach Low power architecture Industrial grade proof TrustZone IP integrated
Cortex-A9 architecture Multicore platform approach Low power architecture Industrial grade proof TrustZone IP integrated NXP i.mx6
Cortex-A9 architecture Multicore platform approach Low power architecture Industrial grade proof TrustZone IP integrated NXP i.mx6 Xilinx Zynq
Cortex-A9 architecture Multicore platform approach Low power architecture Industrial grade proof TrustZone IP integrated NXP i.mx6 Xilinx Zynq
The TrustZone IP Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone
The Asymmetric Multi Processing on Zynq Architecture AXI bus Processing System (PS) Programmable Logic (PL) FPGA
The Asymmetric Multi Processing on Zynq Architecture AXI bus Processing System (PS) Programmable Logic (PL) FPGA Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture RTOS / Bare Metal Real Time AXI bus Processing System (PS) Programmable Logic (PL) FPGA Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture Linux No - Real Time RTOS / Bare Metal Real Time AXI bus Processing System (PS) Programmable Logic (PL) FPGA Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture Processing System (PS) AXI bus ASYNC Comm Programmable Logic (PL) FPGA SHARED Data Linux No - Real Time RTOS / Bare Metal Real Time Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture Processing System (PS) AXI bus INTEGRITY ASYNC Comm Programmable Logic (PL) FPGA SHARED Data Linux No - Real Time RTOS / Bare Metal Real Time Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture Processing System (PS) 1st boot Master AXI bus ASYNC Comm INTEGRITY 2nd Slave Programmable Logic (PL) FPGA SHARED Data Linux No - Real Time RTOS / Bare Metal Real Time Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture Processing System (PS) L2 Cache 1st boot Master AXI bus ASYNC Comm INTEGRITY 2nd Slave Programmable Logic (PL) FPGA SHARED Data Linux No - Real Time RTOS / Bare Metal Real Time Hard Real Time
The Asymmetric Multi Processing on Zynq Architecture Processing System (PS) L2 Cache 1st boot Master AXI bus ASYNC Comm INTEGRITY 2nd Slave Programmable Logic (PL) FPGA SHARED Data Linux No - Real Time RTOS / Bare Metal Real Time Hard Real Time Traditional AMP has not ALL these feature so, integrate all new feature listed?
The TrustZone-based Approach Processing System (PS) AXI bus Programmable Logic (PL) FPGA It is required a Software Monitor
The TrustZone-based Approach SAFEG monitor with TrustZone AXI bus Processing System (PS) Programmable Logic (PL) FPGA It is required a Software Monitor Customized version of SAFEG
The TrustZone-based Approach SAFEG monitor with TrustZone TRUST No TRUST OS (RTOS) OS (GPOS) SAFEG monitor with TrustZone AXI bus Processing System (PS) Programmable Logic (PL) FPGA It is required a Software Monitor Customized version of SAFEG The monitor is responsible for: Enable TrustZone IP Initialize Trusted /Non Trusted areas
The TrustZone - based Approach Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone
The TrustZone - based Approach SPI UART1 Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone UART2 NS SS NS
The TrustZone - based Approach SPI UART1 Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone UART2 NS SS NS
The TrustZone - based Approach CORE0 CORE1 S SPI S NS UART1 Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone UART2 NS SS NS
The TrustZone - based Approach CORE0 CORE1 S SPI S NS UART1 Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone UART2 NS SS NS
The TrustZone - based Approach X Not allowed CORE0 CORE1 S SPI S NS UART1 Like the 33rd bit Transaction (S)ecure / (NS)Non Secure) Trustzone UART2 NS SS NS
The TrustZone - based Approach X Not allowed CORE0 CORE1 S SPI S NS UART1 Like the 33rd bit UART2 NS SS NS Transaction (S)ecure / (NS)Non Secure) This applies to: Cores DMA... Trustzone For INTC... Linux must ask to Monitor The OK for modify INTC
The TrustZone-based Approach AXI bus Processing System (PS) Programmable Logic (PL) FPGA SAFEG monitor with TrustZone TRUST No TRUST OS (RTOS) OS (GPOS) SAFEG monitor with TrustZone DATA I/O RTOS DATA BUS GPOS DATA It is required a Software Monitor Customized version of SAFEG The monitor is responsible for: Enable TrustZone IP Initialize Trusted /Non Trusted areas Setup data struct and except handlers Memory RTOS GPOS Memory Memory
The TrustZone-based Approach AXI bus Processing System (PS) Programmable Logic (PL) FPGA SAFEG monitor with TrustZone MASTER SLAVE TRUST No TRUST OS (RTOS) OS (GPOS) SAFEG monitor with TrustZone DATA I/O RTOS DATA BUS GPOS DATA It is required a Software Monitor Customized version of SAFEG The monitor is responsible for: Enable TrustZone IP Initialize Trusted /Non Trusted areas Setup data struct and except handlers Start Trusted OS Memory RTOS GPOS Memory Memory
DAVE Embedded Systems' example SAFEG monitor with TrustZone AXI bus Processing System (PS) Programmable Logic (PL) FPGA
DAVE Embedded Systems' example SAFEG monitor with TrustZone Statically assigned OS AXI bus Processing System (PS) Programmable Logic (PL) FPGA
DAVE Embedded Systems' example SAFEG monitor with TrustZone Statically assigned OS 100% No Trusted Linux AXI bus Processing System (PS) Programmable Logic (PL) FPGA
DAVE Embedded Systems' example SAFEG monitor with TrustZone Statically assigned OS 100% No Trusted Linux 100% Trusted FreeRTOS No context switch Reduced latency AXI bus Processing System (PS) Programmable Logic (PL) FPGA
DAVE Embedded Systems' example AXI bus Processing System (PS) Programmable Logic (PL) FPGA SAFEG monitor with TrustZone Statically assigned OS Statically partinioned Mem partitioning 100% No Trusted Linux 100% Trusted FreeRTOS No context switch Reduced latency
DAVE Embedded Systems' example AXI bus Processing System (PS) Programmable Logic (PL) FPGA SAFEG monitor with TrustZone Statically assigned OS Statically partinioned Mem partitioning 100% No Trusted Linux 100% Trusted FreeRTOS No context switch Reduced latency No trusted private Area (MMU level)
DAVE Embedded Systems' example AXI bus Processing System (PS) Programmable Logic (PL) FPGA SAFEG monitor with TrustZone Statically assigned OS Statically partinioned Mem partitioning 100% No Trusted Linux 100% Trusted FreeRTOS No trusted private Area (MMU level) No context switch Reduced latency Trusted private Area (TrustZone level)
DAVE Embedded Systems' example AXI bus Processing System (PS) Programmable Logic (PL) FPGA SAFEG monitor with TrustZone Statically assigned OS Statically partinioned Mem partitioning 100% No Trusted Linux 100% Trusted FreeRTOS No trusted private Area (MMU level) No context switch Reduced latency Trusted private Area (TrustZone level) Shared Area (Not Trusted)
Details: The MEM partinioning Mem partitioning END of SDRAM LINUX 0x10000000 RPMSG buffer and shared data 0x04000000 Monitor 0x01000000 FreeRTOS 0x00000000
Details: The BOOT process 0 RESET
Details: The BOOT process 0 RESET 1 BootROM: FSBL taken from NV-memory and loaded on On Chip Memory
Details: The BOOT process 0 RESET 1 BootROM: FSBL taken from NV-memory and loaded on On Chip Memory 2 FSBL: SDRAM init and Uboot image load in memory
Details: The BOOT process 0 RESET 1 BootROM: FSBL taken from NV-memory and loaded on On Chip Memory 2 FSBL: SDRAM init and Uboot image load in memory 3 Uboot: loads in SDRAM: Monitor Trusted code FREERTOS No Trusted code LINUX
Details: The BOOT process 0 RESET 1 BootROM: FSBL taken from NV-memory and loaded on On Chip Memory 2 FSBL: SDRAM init and Uboot image load in memory 3 Uboot: loads in SDRAM: Monitor Trusted code FREERTOS No Trusted code LINUX 4 Uboot: gives control to Monitor
Details: The BOOT process 0 RESET 1 BootROM: FSBL taken from NV-memory and loaded on On Chip Memory 2 FSBL: SDRAM init and Uboot image load in memory 3 Uboot: loads in SDRAM: Monitor Trusted code FREERTOS No Trusted code LINUX 4 Uboot: gives control to Monitor 5 Monitor: Init TrustZone Enable data structures and Handlers for both cores Gives to Trust code the control of machine FREERTOS MASTER
Details: The BOOT process 0 RESET 1 BootROM: FSBL taken from NV-memory and loaded on On Chip Memory 2 FSBL: SDRAM init and Uboot image load in memory 3 Uboot: loads in SDRAM: Monitor Trusted code FREERTOS No Trusted code LINUX 4 Uboot: gives control to Monitor 5 Monitor: Init TrustZone Enable data structures and Handlers for both cores Gives to Trust code the control of machine FREERTOS 6 RTOS FreeRTOS: Under his control decides to start No Trusted OS (LINUX) MASTER SLAVE
Details: Inter-World comm Several methods available OP - TEE dualoscom Based on TOPPERS Very specific Too SW layers RPMsg Based on TI DSP accepted on mainline Used by Xilinx in AN Very well structured on buffers and cache handlings OpenAMP Similar to RPMsg Used on MPSoCs
Details: Inter-World comm Several methods available OP - TEE dualoscom RPMsg Selection Criterias OpenAMP
Details: The BOOT process Several methods available OP - TEE dualoscom RPMsg Selection Criterias Acceptance into Mainline Linux Kernel OpenAMP
Details: The BOOT process Several methods available OP - TEE dualoscom RPMsg OpenAMP Selection Criterias Acceptance into Mainline Linux Kernel Control over the isolation level between the two worlds
Details: The BOOT process Several methods available OP - TEE dualoscom RPMsg OpenAMP Selection Criterias Acceptance into Mainline Linux Kernel Maintenance future developments Control over the isolation level between the two worlds
Details: The BOOT process Several methods available OP - TEE dualoscom RPMsg OpenAMP Selection Criterias Acceptance into Mainline Linux Kernel Maintenance future developments Control over the isolation level between the two worlds The level of isolation is application dependent
Details: The BOOT process Several methods available OP - TEE dualoscom RPMsg OpenAMP Selection Criterias Acceptance into Mainline Linux Kernel Maintenance future developments Control over the isolation level between the two worlds The level of isolation is application dependent
Details: L2 cache management Processing System (PS) FreeRTOS Trusted AXI bus LINUX No Trusted Programmable Logic (PL) FPGA
Details: L2 cache management LINUX No Trusted FreeRTOS Trusted L1 cache L1 cache MMU MMU AXI bus Processing System (PS) Programmable Logic (PL) FPGA
Details: L2 cache management LINUX No Trusted FreeRTOS Trusted L1 cache L1 cache MMU MMU SHARED MEMORY AXI bus Processing System (PS) Programmable Logic (PL) FPGA PRIVATE MEMORY
Details: L2 cache management LINUX No Trusted FreeRTOS Trusted L1 cache L1 cache MMU MMU AXI bus Processing System (PS) Programmable Logic (PL) FPGA L2 cache PRIVATE MEMORY SHARED MEMORY PRIVATE MEMORY
Details: L2 cache management LINUX No Trusted FreeRTOS Trusted L1 cache L1 cache MMU MMU AXI bus Processing System (PS) Programmable Logic (PL) FPGA L2 cache PRIVATE MEMORY SHARED MEMORY PRIVATE MEMORY Linux performances are not affected by dual OS solutions FreeRTOS determinism is granted Shared mem is not cached
Details: L2 cache management LINUX No Trusted FreeRTOS Trusted L1 cache L1 cache MMU MMU OCM AXI bus Processing System (PS) Programmable Logic (PL) FPGA L2 cache PRIVATE MEMORY SHARED MEMORY PRIVATE MEMORY Linux performances are not affected by dual OS solutions FreeRTOS determinism is granted Shared mem is not cached Internal OCM can be granted only to Trust OS
Details: Performances achieved Processing System (PS) FreeRTOS Trusted AXI bus LINUX No Trusted Programmable Logic (PL) FPGA TEST BENCH: used the internal timer to measure the latency between: INT handling INT service
Details: Performances achieved Processing System (PS) IDLE Google Stress Test SAT FreeRTOS Trusted AXI bus LINUX No Trusted Programmable Logic (PL) FPGA
Details: Performances achieved LINUX No Trusted FreeRTOS Trusted IDLE IDLE Google Intensive Mem Stress Test SAT Task AXI bus Processing System (PS) Programmable Logic (PL) FPGA
Details: Performances achieved LINUX No Trusted FreeRTOS Trusted IDLE IDLE Latency Linux IDLE RTOS IDLE min 287ns avg 287ns max 548ns AXI bus Processing System (PS) Programmable Logic (PL) FPGA
Details: Performances achieved Processing System (PS) FreeRTOS Trusted IDLE Google Stress Test SAT Latency Linux IDLE RTOS IDLE LINUX SAT RTOS IDLE min 287ns 287ns avg 287ns 296ns max 548ns 539ns AXI bus LINUX No Trusted Programmable Logic (PL) FPGA
Details: Performances achieved Processing System (PS) FreeRTOS Trusted Google Intensive Mem Stress Test SAT Task AXI bus LINUX No Trusted Programmable Logic (PL) FPGA Latency Linux IDLE RTOS IDLE LINUX SAT RTOS IDLE LINUX SAT RTOS 16k task load min 287ns 287ns 287ns avg 287ns 296ns 205ns max 548ns 539ns 575ns Linux performances not affect RTOS in any condition FreeRTOS latency is granted with not heavy load tasks
Details: Performances achieved Processing System (PS) FreeRTOS Trusted Google Intensive Mem Stress Test SAT Task AXI bus LINUX No Trusted Programmable Logic (PL) FPGA Latency Linux IDLE RTOS IDLE LINUX SAT RTOS IDLE LINUX SAT RTOS 16k task load LINUX SAT RTOS 128k task load min 287ns 287ns 287ns 1268ns avg 287ns 296ns 205ns 2024ns max 548ns 539ns 575ns 3050ns Linux performances not affect RTOS in any condition FreeRTOS latency is granted with not heavy load tasks FreeRTos is affected by high mem loads due to it is not cached
Details: Performances achieved LINUX No Trusted FreeRTOS Trusted IDLE IDLE Google Intensive Mem Stress Test SAT Task AXI bus Processing System (PS) Programmable Logic (PL) FPGA Latency Linux IDLE RTOS IDLE LINUX SAT RTOS IDLE LINUX SAT RTOS 16k task load LINUX SAT RTOS 128k task load min 287ns 287ns 287ns 1268ns avg 287ns 296ns 205ns 2024ns max 548ns 539ns 575ns 3050ns Linux performances not affect RTOS in any condition FreeRTOS latency is granted with not heavy load tasks FreeRTos is affected by high mem loads due to it is not cached The L2 cache can be also used only on Trust OS there are pro and cons (typically a determinism reduction is noted)
Future works and references
Future works and references Complete Reboot of Slave core from Master Core
Future works and references Complete Reboot of Slave core from Master Core Deep understanding and optimization of INTerrupt handling and communication data interchange between two worlds related to determinism and latency aspects
Future works and references Complete Reboot of Slave core from Master Core Deep understanding and optimization of INTerrupt handling and communication data interchange between two worlds related to determinism and latency aspects Refers to: http://www.dave.eu/sites/default/files/brx-wp001.pdf Yashu Gosain and Prushothaman Palanichamy, Xilinx WP429 - TrustZone Technology Support in Zynq-7000 All Programmable SoCs (v1.0), May 20, 2014 DAVE Embedded Systems, AN-BELK-001: Asymmetric Multiprocessing (AMP) on Bora Linux FreeRTOS, TOPPERS SafeG home page (English), -, https://www.toppers.jp/en/safeg.html and many others
Question and answers
DAVE S.r.l. Via Talponedo, 29/A I-33080, Porcia (PN) Italy Tel +39 0434 921215 Fax +39 0434 1994030 www.dave.eu info@dave.eu wiki.dave.eu 87