Why to use a Cockpit Controller?
Driver assistance technologies and infotainment, displayed on high performance graphics, have become competitive arenas for car manufacturers. As a result, the automotive industry focusses on development of the cockpit controller. This central computing unit brings together consumer electronics, driver information, convenience features and driver assistance systems on a single chip. These systems inform, assist, navigate and turn driving into an integrated driving experience.
OpenSynergy offers the precise technology to enable this combination of different functions on a single System-on-Chip (SoC). Customers can integrate and run multi-purpose operating systems, such as Linux and Android along with real-time OS or AUTOSAR-compliant software, on OpenSynergy’s COQOS Hypervisor SDK.
First hypervisor complying to the new version of ISO 26262
The certified hypervisor, as a key component of COQOS Hypervisor SDK, creates a secure separation between the software systems by generating secure virtual machines (VMs). Software systems for the instrument cluster, the infotainment systems, the Advanced Driver Assistance Systems or the AUTOSAR software, are integrated separately into each of these VMs. Computer-intensive programs for high-resolution graphics can be used as well as fast booting and real-time functions. TÜV SÜD has confirmed that the hypervisor complies to ISO 26262:2018 ASIL-B
TÜV certified Safety Concept
OpenSynergy’s Safety Concept for a Linux-based cockpit controller is based on COQOS Hypervisor SDK. TÜV SÜD has confirmed that this concept satisfies the safety requirements up to ISO 26262 ASIL-B.
OpenSynergy proposes to use Linux to render the digital instrument cluster. This takes maximal advantage of the open source eco-system and the operating system that the SoC vendors support best. Thousands of experts are working on improving Linux constantly to enable the automotive industry to rapidly develop, with low costs even more dependable products.
Most of the information rendered on the instrument cluster display underlies higher requirements on the availability, quality-of-service and boot-times but still does not underlie any formal safety requirements. A small part of the information rendered on some displays is subject to functional safety requirements (according to ISO 26262): these typically are warning signs or “telltales”.
Telltales are warning signs that alert the driver of a malfunction in the car (e.g. warnings about airbag failure, brakes, ABS, engine failure) or a dangerous driving situation (e.g. coming from a driver assistance system). Most OEMs will give this function an ASIL level of QM, A or B. In some cases, driving suggestions (such as the recommended gear), that might impact the safety of the vehicle, will also be assigned an ASIL level.
Although Linux is an ideal operating system to render the instrument cluster, it cannot provide the required safety (ASIL) level by itself. For this reason, OpenSynergy has developed a safety concept for digital instrument clusters to address the ASIL-B safety requirements. This safeguard mechanism called IC-Guard is based on OpenSynergy’s COQOS Hypervisor SDK.
OpenSynergy has integrated a Linux subsystem in a second VM on COQOS Hypervisor. It is used to render all graphical elements for the instrument cluster, including the safety-critical tell tales. An RTOS subsystem also running in a separate VM is used to independently run and verify the safety-critical subset of the graphical elements rendered by Kanzi on Linux. By separating the instrument cluster software and the guard mechanism into different VMs, this safety feature is protected from interference. In case of any software failure in the VM running the instrument cluster, the guard mechanism would activate near-immediate recovery of the instrument cluster.
Whitepaper