Software virtualization is a hot topic these days in the embedded market. New processor technologies and consolidation of embedded systems are two important drivers for implementing virtualization technologies.
Many embedded systems have a real-time component and a storage/display/user interface component. These two components can oftentimes be at odds with one another – the real-time component requires deterministic task scheduling for reliable data sampling and processing while the user interface component allows for rich graphics and user interaction. The user interface component might be a Windows™ or Linux environment where there are a wide variety of applications and graphics packages which lower time to market and development effort. The user interface component typically has no real-time requirements. The real-time component typically uses a real-time operating system (RTOS) foundation that provides a reliable, secure environment for the tasks running on the RTOS. The real-time component feeds the information gathered to the user interface component which then stores & displays the information in a user friendly form, allowing the user to interact with the information more easily and effectively. These two worlds have traditionally been two separate boxes or blades with some kind of network pipe in-between to transfer the information.
Multicore processors and virtualization environments enable a single platform that can support consolidating multiple software environments. The key software enabler for virtualization is called a hypervisor - a hypervisor is the low-level software that partitions hardware resources into separate software environments. This allows multiple operating systems to run on a single hardware platform without compromising security or real-time requirements.
The concept of a hypervisor dates back to the mid 1960s when IBM created a hypervisor to share the memory of an IBM 360 and used half of memory to run the IBM 360 and half to create a virtual IBM 7080 environment. But it really took the advent of multicore processors (almost 40 years later!) implementing a distinct set of cores on a single chip where hypervisors could guarantee separation of software environments with no impact on real-time performance. Prior to multicore, multiprocessor platforms enabled separate operating systems running on a single board. Due to processor, I/O, memory, and cache interconnect complications, it was difficult to create a true hypervisor that could manage and control a multiprocessor platform.
There are two types of hypervisors – a type 1 hypervisor runs directly on top of the platform hardware to manage the guest operating systems. Type 1 hypervisors are often called “native” or “bare metal” hypervisors. Type 2 hypervisors (or “hosted” hypervisors) run on top of an operating system environment. Then within the hosted hypervisor, additional operating systems can be launched. Which type of hypervisor is the best fit depends on the application.
There are other considerations when consolidating software environments under a single virtualized platform – will each environment meet performance criteria? How will the management of these components work within the virtual environment and can the hypervisor help?
The LynxSecure hypervisor from Lynuxworks is an example of a virtualization environment available for the Intel® Core™ i7 platforms. The diagram below shows how LynxSecure can operate in an asymmetric multiprocessing (AMP) or symmetric multiprocessing (SMP) manner (or a mix of both). For AMP applications, a guest operating system is assigned a specific core or set of cores. This is known as processor affinity. In an SMP approach, the operating system is allowed to use any available core within of a set of cores. LynxSecure allows configuration for AMP, SMP or a mix.
LynxSecure also allows for fully virtualized and para-virtualized guest operating systems. Fully virtualized OSs includes Windows XP, Windows 7, Solaris 10, Chromium OS, Linux, and LynxOS-178. This means that the operating system and its applications can run directly within LynxSecure without any modifications. Para-virtualized operating systems are supported if the developer has access to the source code. In the scenario, the developer can modify the operating system for optimizations within the LynxSecure para-virtualized environment. LynxSecure time and space partitioning guarantees real-time determinism and secure separation of memory regions. This is important for any applications that require security of data & instruction execution between operating systems. It’s these capabilities within LynxSecure that guarantee complete separation of operating systems. This is especially important in cases where there may be secure applications running side-by-side with non-secure applications.
The link below references a recent webcast where Kontron and LynuxWorks talk about the 2nd generation Intel Core family and how LynxSecure works. When you go to this link, scroll down to the “Level-up with the 2nd Generation Intel Core Processor Family” presentation. Included in this webcast is a video presentation where LynuxWorks shows a real-life application where LynxSecure was used to consolidate operating system environments on an Intel core i7 Mobile processor.
LynxSecure is first designed to be a separation kernel – second to be a type 1 hypervisor. This means that LynxSecure provides a high level of application isolation and software security & resource sharing within and between the virtualized environments running within the hypervisor.
For more information about virtualization and separation kernels, go to the following link:
There are a number of video and audio recordings that discuss multicore environments and hypervisors.
To view other community content on Virtualization, see “Virtualization- Top Picks”
OpenSystems Media®, by special arrangement with the Intel® Embedded Alliance
Kontron is a Premier member of the Intel® Embedded Alliance.
LynuxWorks is an Affliate member of the Alliance.