Hypervisor solution

The choice of the hypervisor solution was critical for the implementation of multipurpose ECU prototype since it should provide capabilities for flexible scheduling of diverse applications, partitioning and isolation of resources and support for porting Linux and AUTOSAR OS architectures. There was several open source as well as proprietary hypervisor solutions applicable for embedded systems domain like Kernel- based Virtual Machine (KVM), Xen, OKL4, Wind River Hypervisor and COQOS. We carried out a comparative analysis of the features of these hypervisors, as shown in Table 5.1, in order to select a suitable hypervisor for our proposed pilot implementation of multipurpose ECU hosting both Linux OS and AUTOSAR architecture.

5.3.2.1 Comparative Analysis of the Hypervisor solutions

There are several open source hypervisor solutions like KVM and Xen, and we considered them for our prototype implementation [55, 57].

KVM: This is an open source hypervisor, and it utilizes Linux as the host OS. The

guest OS are ported on top of the Linux kernel and it requires hardware virtualization extensions [55]. The main disadvantage in this is that Linux kernel does not provide support for hard real-time applications and at best it can be used only for soft real-time applications. It is mainly used in server systems and general embedded devices [54, 57].

Xen: This is most commonly used open source Type1 hypervisor, and it can support

both full virtualization as well as paravirtualization if there are no hardware virtualization extensions available in the processor platform [54]. Since it is open source code, developers need to implement suitable and specific scheduling algorithms as per the requirements of the target applications. It is mainly used in mobile platforms and general embedded devices [55, 56].

Even though, we can avoid high costs by using an open source hypervisor, there is limited information available about the security assurance levels of open source hypervisors and this is critical for automotive embedded applications. Both KVM and Xen hypervisors do not provide support for AUTOSAR architecture and hence it requires extensive effort to port it on top of the hypervisor abstraction layer for our pilot implementation.

There were several proprietary hypervisor solutions like Wind River, OKL4 Microvisor and COQOS, and we considered them as well for our prototype implementation of multipurpose ECU system.

Wind River Hypervisor: This is a Type1 embedded hypervisor implemented by Wind

River, and it provides support for real-time behavior and capabilities required for high performance embedded applications [59]. It delivers a thin virtualization layer with minimal codebase. It implements reliable and safe partitioning and also the scheduling mechanism can be configured or modified according to the requirement of the target applications. Even though, it provides support for the various processor architectural models, there was no pluggable board support packages (BSPs) available for Freescale boards at the time of our thesis work. Wind River Hypervisor solution is used in a wide

AUTOSAR and Linux – Single Chip solution 36 array of embedded applications like aerospace, telecom equipment, consumer and medical embedded devices, mobile platforms as well as automotive systems [59].

OKL4 Microvisor: This is an open source, microkernel based hypervisor solution

provided by OK Labs. It has good support for real-time systems, resource management and a minimal codebase. It is mainly used in mobile platforms and supports several guest OS such as Linux distribution, Android, Symbian and Windows. However, there is not much support available for AUTOSAR architecture and hence extensive effort is needed to port it on top of OKL4 Microvisor [58, 60].

Table 5.1 Comparative analysis of hypervisor solutions for our prototype model. COQOS: Open synergy’s COQOS product is based on the SYSGO's PikeOS

AUTOSAR and Linux – Single Chip solution 37 also provides full support for Linux, Android and AUTOSAR framework. Also, the microkernel allows safe and reliable partitioning of the processor resources. It also fulfills the highest safety and security standards as the PikeOS microkernel has been extensively used in avionics and safety critical applications. It also provides a configurable communication bridge between the Linux and AUTOSAR OS. COQOS uses paravirtualization instead of hardware-assisted virtualizations and provides paravirtualized versions of Linux and Android guest OS. Another appealing factor is that COQOS has been specifically designed for the automotive ECU systems and for integration of AUTOSAR based automotive application with Linux/Android based infotainment application [12,26].

5.3.2.2 COQOS Hypervisor solution

Finally, OpenSynergy’s COQOS hypervisor was selected as the suitable virtualization solution for the pilot implementation of multipurpose ECU [12]. The primary motive behind the selection of the COQOS hypervisor solution was because it meets all the requirements as specified in Section 5.1.

(i) Resource Partitioning: As explained in Section 4.2.2, COQOS provides a resource partitioning mechanism to allocate system resources for different OS partitions. AUTOSAR and Linux OS can be hosted in separate partitions on a single hardware platform and share the system resources using this mechanism.

(ii) Time Partitioning Mechanism: As explained in Section 4.2.3, COQOS provides time partitioning mechanism to allot CPU time slots for different OS partitions hosting real-time and non-real-time applications. AUTOSAR real-time and Linux non-real-time applications can access the CPU time using this flexible time partitioning scheme.

(iii) Inter system Communication Mechanism: As explained in Section 4.2.4, COQOS provide several communication methods to enable inter OS communication between the partitions, and one of those methods was utilized for transfer of data signals between AUTOSAR and Linux application in our prototype model.

(iv) COQOS is specially designed for the automotive domain, and it had good support for paravirtualization of AUTOSAR architecture and embedded Linux OS [12].

(v) It is based on PikeOS microkernel that provides a lightweight abstraction layer with minimal code base. It has been extensively used in safety-critical avionics and industrial applications. It can fulfill hard, real-time features and is certified for compliance with the stringent safety standards (IEC61508, EN 50128, etc.)[26].