The software reference platform now presented consists of the virtual, i.e. hardware-independent AGL operating system running on a pre-configured COQOS Hypervisor SDK from the same manufacturer. This SDK includes the latest devices available according to the VIRTIO standard. Members of the AGL project can integrate their applications on this reference platform and develop a cockpit controller for evaluation purposes.
Automotive Grade Linux is a collaborative open source project. It is developing a fully open Linux-based software stack for the connected car. Many OEMs and suppliers support the project because they expect AGL to become a de facto standard for the automotive industry. Members include OEMs Ford, Mercedes-Benz and virtually all Japanese manufacturers. Among the tier-one suppliers, Bosch, Continental and Denso are on board. Companies from the semiconductor industry such as Arm, Intel, Nvidia, NXP and Renesas are also in the big AGL boat.
In recent years, AGL has adopted the open source Virtual I/O Device (VIRTIO) standard. This device sharing framework is already well established in the cloud environment and is now gaining traction in the automotive industry. “For future cockpit architectures, we recognise the trend towards consolidation of multiple functions. That’s why virtualisation has become a high priority for Automotive Grade Linux,” said Dan Cauchy, Executive Director of AGL.
The VIRTIO standard is maintained by the OASIS Open Consortium. OEMs and suppliers achieve maximum flexibility through the VIRTIO framework, which consists of being able to switch between SoCs and hypervisors to best suit their needs.
OpenSynergy’s virtual platform COQOS Hypervisor SDK offers, according to the vendor, the most mature VIRTIO framework and thus optimally supports the virtualisation of open source operating systems such as Automotive Grade Linux. The trial version for AGL, which has now been released, provides a configured COQOS Hypervisor SDK that is deployed on the AGL operating system.
AGL members can use the software on the current hardware provided by the AGL joint project. The trial version maps a cockpit domain controller, i.e. it provides two virtual machines: one VM runs the (AGL-based) Instrument Cluster and has direct access to the hardware devices; the second VM contains the (AGL-based) infotainment and is fully virtualised – it has access to the underlying hardware but relies solely on VIRTIO drivers. Although Linux is not in itself a secure operating system, customers can use this solution to create a secure Linux-based instrument cluster. OpenSynergy has developed a protection mechanism for this purpose, which ensures that the instrument cluster correctly displays the safety-relevant indicator lights. TÜV SÜD has confirmed that this safety concept meets the safety requirements for the correct display of indicator lights up to ISO 26262 ASIL-B.
With the reference platform, OpenSynergy intends to serve primarily the cockpit domain in the car, as before. But E/E architects in automotive technology have been talking for years about powerful computing platforms for the various vehicle domains in order to counter the sprawling proliferation of ECUs. On these platforms, the ECUs, which are still mostly implemented in hardware, should run as virtual software tasks – under a virtual operating system. Would Automotive Grade Linux be a possible candidate for such an environment? “As things stand today, rather not,” says Ralph Sasse, Technical Account Manager at OpenSynergy. The reason lies in the extremely tough requirements for real-time behaviour and functional safety, which are not yet met here for the time being. The present platform meets the functional safety requirements with a trick, a workaround as described above.
In the case of safety-critical tasks, there is also the fact that in today’s state of development, a safety coprocessor typically monitors the system – and this coprocessor is usually not part of the SoC hardware that takes over the numerous performance-thirsty computing tasks in such domain controllers. However, numerous processor suppliers are working on integrating safety functions on their SoCs in the next generation of their computing platforms. Then, according to Sasse, AGL could have a chance to be established on such high-performance domain controllers. The Linux expert explains how this could look: “The computationally intensive performance part could run under AGL, possibly with a parallel RTOS for monitoring.” However, separate edge processors would still be responsible for the I/O activities, such as processing security-relevant radar or camera data in real time.