Hypervisor separates software worlds in the dashboard: Page 3 of 6

May 01, 2014 //By Torsten Posch, Continental AG
Hypervisor separates software worlds in the dashboard
Hypervisor technology offers a new integration path for the vehicle interior domain. One of the biggest benefits down that alley is a better way to meet the need for a consistent, holistic human machine interface in the car while maintaining safe and secure real-time systems in a heterogeneous software environment.
well: SYSGO PikeOS hypervisor architectures, for instance, have already been successfully certified for mission critical avionics (e.g. in the Airbus) and rail use. In contrast it would be a rather futile effort to try and certify something as rich as Linux to an ASIL-B standard. While certifying around half a million lines of code in the case of Linux would indeed be a Herculean task of unending frustration, the hypervisor’s few thousand lines of code are a real asset.

The hypervisor strictly separates the virtual machines and their OSs from the hardware In/Outs, Fig.3. Any request of a virtual machine for hardware access has to be approved by the hypervisor. This equally applies to trusted automotive OSs and to partially trusted OSs. If several virtual machines share hardware, they have to ask permission to do so at the shared services. Even if the request is granted, it will be the hypervisor which then accesses the source OS and provide the requested data – not the virtual machine itself. This architecture elegantly avoids problems like data races, which could result from Linux storing data on a memory while other virtual machines accesses it. Untrusted external requests have to pass through the firewall of the security policy if they request data. Only after approval can an untrusted OS/application request data via the shared services.

Fig.3: Secure In/Outs, shared services and a firewall make it possible to run trusted and untrusted systems on one hardware

The clearly defined security policy of the firewall works both ways, though. It does provide security but is also provides an opportunity for the big Android developer community to come up with innovative automotive apps. While it would be wise to open this door to a certain extent only, the security policy is an element of making the architecture future-proof as the rules of security can be redefined if needed.

Holistic HMI based on hypervisor technology

Handling heterogeneous

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.