Page tree
Skip to end of metadata
Go to start of metadata

Based among other things on the idea presented at GENIVI AMM in Munich regarding VIRTIO use both with and without hypervisor, to communicate between multiple OSes, the need has been identified to describe the complexity of system design on modern heterogeneous multi-core SoCs, running several different Operating System kernel instances.


Intro.   Why ?  Motivation
-- consolidation of systems,  "mixed criticality" requirements, e.g. security, safety, real-timedness.
This background is well know... Previous AGL white paper intro should cover this quite well, for example.  
Generally try reuse, don't redo, and complement with what is missing.

Overall scope:   Multi-OS System design on heterogeneous multi-cores ?
With and without hypervisor.  Dedicated cores.  Isolation possibilities for memory, peripherals, etc.  Light-weight solutions.  
Dedicated cores or Linux Containers.  
        Understanding what is what... must be done right. search and reuse LXC description.

Include MCU-style hypervisors. (what does the word hypervisor mean here?)

Traditionally MCU classes were targeted for their use and position in the car such as body, powertrain and chassis and safety.
To address the needs of zone-based electrical architectures these classes have begun to be consolidated. The requirement to isolate functionality with different safety or security requirements has meant these new MCUs may have support for h/w virtualisation. Examples: RH850/U2A series.

When hardware has support for isolation.  TrustZone, but also other.  
     ARM input on this?  Lots of ARM updates in the pipe... timing (can become obsolete quickly)
     Describe at least High-level understanding.

  • OS isolation
    • GPU OS isolation
      • Separate input ports
      • GPU scheduler ensuring pipeline for each OS is serviced
      • Memory separation
    • IOMMU (IPMMU) OS isolation
  • Drawing isolation
    • Dedicated functional safety drawing paths, e.g. separate 2D rendering path for cluster telltales
  • Bus Master / IP / Memory access isolation
    • Independent security and safety groups control access of IP on bus and memory protection
  • Multi-level security isolation outside of common IP such as TrustZone
    • e.g. Implementation in real time R7 CPU
  • Lifecycle Management
    • e.g. control of security at different stages of its life

System-level quality of service.   Future Some architectures can guarantee QoS on internal interconnects and caches, etc.  (what else?) controlled by VM configuration or h/w controls.

Example of current architectures is support for QoS on AXI bus masters and GPU on R-Car.

(work needed to separate future from current architectures. MPEM future for example? Presumably other examples of current architectures be it SoC specific or IP)
 – ref armv8 manual.  MPEM Memory system resource performance....

Inter-partition protocols for example leveraging VIRTIO.  (Partitions = VMs, to/from HV, but also between OSes running bare metal on dedicated core)  

Hardware Device sharing - main purpose of Hypervisors.  However device sharing can be set up with other means?

Yes, examples:

  • h/w display layers
  • GPU virtualisaton with OS ID support

 – Review "Adam's wish list" for silicon vendors...  might be included in white paper as a result.
     → Risk of being outdated quickly since hardware is changing quickly
 - Mostly HW features but also may include firmware requirements.

System design is unique –  Not 100$ common hardware feature across all of them.  But a small core of features are common.
Other hardware features can be mapped to functions of the system.  E.g. if you need function X, then require hardware feature Y.  Include optional and mandatory requirements.

The wishlist is likely to be more of principles than hard detailed requirements.  In some areas analyze the more detailed requirements e.g. "X number of DMA channels"

Experiences that lead to requirements → 64 bit support on all I/O masters...
  .... Is this risking scope creep for the white paper?
Wish list might be better as independent.

Key topics:  Partitioning and Spatial/Timing isolation of parts.


  • Establishing common language/terms/understanding
  • Design guidance

Focus on using established and traditional terms (some were defined in 1970s...)

Target audience

  • System Architects - system design guidance
  • Guiding purchasing of ECU systems... requirements on the hardware and software stacks
  • HW / SoC designers (for the needed HW features)
  • IP-vendors (ARM, Synopsys, Imagination Technologies, Cadence)

  • No labels