
Safe system architecture
Instead of having several dedicated ECUs the showcased integration solution is based on a multi-core CPU. At the moment up to four cores are being used but in the future even a many-core CPU could be an option. The computing power and infrastructure of the hardware is controlled by the SYSGO PikeOS hypervisor, Fig.2. It divides the CPU into several virtual machines with different OSs. The big benefit of this architecture lies in the fact that it allows to use mature, unmodified guest OSs and automotive-certified OSs and applications on a single hardware without mutual interference. Even if one OS should fail, the other OSs on the other virtual machines will continue to run unaffected.
Fig.2: Domain integration with hypervisor architecture
However, dividing the virtual machines in a trusted and an untrusted zone does not only ensure reliability, it is also a perfect way of handling the dynamics of consumer electronics: Frequent updates and the installation of new Android apps, for instance, are perfectly permissible in the untrusted zone, while they are not in the trusted zone.
Splendid “Isolationism”
As the automotive industry is regulated by stringent safety standards, it is of paramount importance to certify safety relevant OSs and applications and to re-use them. This applies to the hypervisor software as