New age vehicles are evolving every day with newer features for comfort, convenience and safety. As the number of functionalities needed to be performed by modern vehicles increases, so does the cost of implementing them on different hardware platforms. Car makers are addressing this increase in cost by executing the desired features on a single embedded platform with the much-needed processing horsepower.
However, executing disparate functions on the same hardware comes with the challenge of in-vehicle security, which a technology called virtualization addresses.
The need for virtualization
Embedded virtualization is a key technology that makes it possible to allocate the resources of an embedded processor to multiple applications and operating systems in a secure manner. But why is that needed? As more and more complex functions get executed on a single processor, there are increasing threats of one program interfering with the other, in turn, hampering the performance of safety-critical applications. Consider a case where the LTE communication stack used by infotainment system is subverted by a hacker. Now the hacker has access to other systems and possibly an ADAS system that could have serious repercussions on vehicle safety!
So, different functions in a modern car such as infotainment, digital instrument cluster and safety must run independently and in an isolated manner. Virtualization is the technology capable of offering this in a secure and efficient way. It hosts the isolated execution of different environments concurrently on a single hardware system
Multiple applications using a common hardware require a virtualization solution that allows for them to logically use the hardware to their full extent.
What is a Hypervisor?
A hypervisor is a low-level program in virtualization that allows a single processor to be shared with multiple applications that run on different operating systems. Put simply, a hypervisor can be called as a computer software that allows multiple operating systems to utilize a common CPU, memory, etc. It also decides the hardware allocation for each.
Types of Hypervisors
Hypervisors are classified into Type 1 and Type 2, depending on where it is in the architecture.
Type 1 Hypervisors - These hypervisors run on the host machine’s hardware directly, without the intervention of an underlying Operating System. This means that the hypervisor has direct hardware access without contending with the Operating System and drivers.
Type 2 Hypervisors - This type of hypervisor is built on top of the Operating System. Because of its reliance on the host machine’s underlying Operating System, it is referred to as a “hosted hypervisor”. The hypervisor runs as an application within the Operating System, which then runs directly on the host computer,
Figure 1- Types of Hypervisors
Let’s get a brief understanding of readily available type 1 and type 2 hypervisors in market and how they differ from each other.
Xen Hypervisor
Xen hypervisor is a Type -1, open-source bare-metal hypervisor. It is developed by the Linux foundation project, and with time, it has improved and started to be used on servers, public clouds, desktops, embedded systems and vehicles.
Xen hypervisor allows users to partition or utilize multiple resources by means of virtualization and secure sharing of single hardware resources. This also provides a stable interface with ever-changing applications and platforms. In few cases, Xen can be configured as a portioning hypervisor while eliminating scheduler overheads, which helps in reducing latency, delegating I/O and memory isolation issues of hardware with an IOMMU (Input-output memory management unit). Xen also provides static CPU assignments and multiple real-time schedulers to further isolate resources and provide real-time guarantees. Being an open source hypervisor, the Xen community is currently focused on implementing Xen with ISO 26262 ASIL-B requirements.
Kernel-based Virtual Machine (KVM)- A Type-2 Hypervisor
KVM is a Type-2 hypervisor included in the Linux kernel and implemented as a kernel module. It uses CPU Virtualization extensions to execute guest’s instructions directly on the host processors and to provide a virtual machine with isolated execution environments. KVM takes from the Linux kernel functions such as memory management and CPU scheduling, and relies on external user space components to execute virtual machines. In fact, KVM uses Quick Emulator (QEMU) for emulating guest hardware devices and instantiating guests. QEMU and KVM are able to run unmodified guests.
Hypervisors and automotive compliance
The demand for hypervisor in the automotive industry is increasing by the day. When we are running different OS using hypervisor on the same ECU, one needs to take care of the security integrity of each OS and the hypervisor. The automotive industry is heavily regulated and all systems need to be fail-safe. To address this, an international standard for functional safety of automotive systems is defined, which is known as ISO 26262 – more commonly known as the functional safety standard. The first step in ISO 26262 compliance is to find the safety integrity level, also known as the ASIL level. An ASIL level expresses the level of risk reduction required to prevent a specific hazard and is based on three primary attributes – severity, probability of exposure and controllability. ASIL-D represents the highest level and ASIL-A represents the lowest. Once the level is determined, the standard then goes on to define how to develop the software for that level. Going by this, even the hypervisors need to be functional safety compliant and achieve safety certifications.
Challenges in implementing embedded hypervisors
Now that we have established the fact that hypervisors are much needed for automotive electronics, there are quite a few hurdles along the way in implementing them on an embedded platform:
- Hibernation support for multiple domains - Enabling sleep mode or hibernation mode for apps that are not in use all the time
- Cold boot-time optimization, especially on multiple domains like Linux, RTOS or Android - Enabling a fast boot or a quicker boot-up time for features like infotainment
- Virtualization for GPU and other co-processors - Enabling utilization of single GPU for multiple screens in the car like digital instrument cluster, rear seat display & primary infotainment screen
- TEE support for Guest OS - Enabling guest operating systems and legacy applications to run without any modification
Conclusion
To provide enhanced convenience and safety features modern-day cars are loaded with embedded processors and sensors. Given the complexity and the need for enhanced safety, Hypervisors are becoming a mandatory solution to keep all the costs at check while providing necessary isolation in a safe manner. As the automotive industry continues to adopt functional safety standards defined by ISO 26262, even the modern-day hypervisors need to comply with the same to ensure the integrity of the complete automotive system.
