COQOS Hypervisor SDK

What is Hypervisor technology about?
COQOS Hypervisor SDK enables the convergence of several functionalities on a single System-on-Chip (SoC) while providing freedom from interference between systems of different criticality (assigned to different ASIL levels such as QM, A, B,). The core technology of COQOS Hypervisor SDK is the hypervisor. The hypervisor makes it possible to run several guest Operating Systems (including Linux, Android, AUTOSAR or other operating systems) in separated virtual machines. A typical use case is the safe cockpit controller that runs an instrument cluster and an in-vehicle infotainment system simultaneously, on a single processor.

First hypervisor complying to the new version of ISO 26262
OpenSynergy has developed a hypervisor – the COQOS Hypervisor. This typ-1 hypervisor has been designed as a low-complexity embedded hypervisor especially fitting to automotive applications. It allows customers to build highly compartmentalized systems that can be tailored to the specific requirements. It follows the multi-kernel architecture of the ARMv8 architecture and takes advantage of the hardware virtualization of the SOC using this architecture.The safety properties strongly rely on a systems supervisor component. TÜV SÜD has confirmed that the hypervisor complies to ISO 26262:2018 ASIL-B.

The hypervisor runs directly on the SoC application cores (at the highest privilege level) and creates several virtual machines (VMs). Each VM is isolated from the others and this separation (ISO 26262 calls it “freedom from interference”) supports some of the key integration requirements. The hypervisor supports the controlled interaction between the VMs and devices on the SoC and communication between the VMs.

The COQOS Hypervisor targets the specific needs of automotive devices such as a cockpit controller. COQOS Hypervisor is highly configurable so that customers can for example

  • change the number of VMs
  • assign to physical cores and temporal behavior
  • connect via inter-VM communication channels
  • grant access rights of VMs to devices
  • use it as security features of the hardware

It is minimalistic in its design and therefore is small, fast and certifiable.

VIRTIO devices

The latest version of COQOS Hypervisor SDK supports a large bundle of VIRTIO features. VIRTIO was originally developed for enterprise virtualization workloads and cloud computing that make high demands on data processing performance. With the increasing amount of data driven workloads in vehicles, OpenSynergy sees a perfect fit in VIRTIO for the automotive industry. VIRTIO devices enable OEMs and Tier-1 suppliers to create maximum flexibility: guest operating systems can be used and re-used on different SoCs, including SoCs produced by different vendors. Also, software systems can be moved across different hypervisors without further modification. An example is the cockpit controller, in which the virtual platform enables several software systems to share the GPU power and the various displays available on different ECUs in the car. OpenSynergy drives the acceptance of VIRTIO as a standard to be used in the automotive industry.

Shared Display feature
OpenSynergy’s Shared Display Feature gives full flexibility and control how information is rendered on multiple displays in the vehicle.To satisfy the Cockpit Controller requirements, the reference architecture introduces two key technologies:
Shared GPU: It enables several VMs to use the GPU of the SoC concurrently. This sharing mechanism must support the required quality-of-service.
Shared display: It decouples virtual from physical displays. Applications in VMs can be rendered in virtual displays. A central compositor controls how these virtual displays are rendered on the physical displays available to the cockpit controller.
As information flows within one SoC (and not over networks), efficient communication mechanisms, such as “zero-copy” shared memory, can be used.

Developed as an SEooC and ISO 26262 compliant
To address the safety requirements, OpenSynergy has developed the COQOS Hypervisor as a Safety Element out of Context (SEooC) according to ISO 26262. The SEooC approach means that we have assumed certain safety requirements that our product fulfills. These safety requirements have been derived from our reference architecture for the cockpit controller. Based on these assumed safety requirements, we have designed, implemented and tested the COQOS Hypervisor following the practices required by ISO 26262 up to the level ASIL-B.

Providing scalability and flexibility

COQOS Hypervisor SDK can scale across various applications. It can run on compact micro-processors as well as high-performance multi-core processors. It can be used for small, simple systems with just a few virtual machines (VMs).

At the same time, it is also perfect for complex infotainment systems with several guest operating systems, each running in its own virtual machine.

Using hardware more efficiently

The assignment of VMs to cores in a multi-core processor is highly flexible. Several VMs can access one core, or, vice versa, one VM can tap into the computing power of several cores. Due to the minimalistic Type-1 Hypervisor, it takes maximal advantage of hardware virtualization extensions.

Includes the most advanced VIRTIO devices

  • Runs out of the box with any OS that supports VIRTIO
  • Reduces hardware costs
  • Eliminates vendor lock-in and
  • Minimizes development effort/time to market thanks to open standard
  • Enables reuse of software
  • Allows easy software update (e.g. Android™, AGL, AliOS)

Improving safety

Having separate VMs for isolated functions, COQOS Hypervisor SDK provides the benefit that functional disruptions cannot affect systems in other VMs. This architecture simplifies the challenge of high functional safety. The hypervisor is designed from the ground up for supporting applications with high requirements in terms of safety and security.

A configurable system supervisor (watchdog) in a separate VM can monitor the behavior of specific applications and intervene if the system does not respond properly. It has been developed according to Automotive SPICE.

Providing security

Guest operating systems run independently of each other on the software VM in COQOS Hypervisor SDK. In this way, the partitioning functions as a firewall, offering protection from outside attacks. The lean Type 1hypervisor increases security because of the small attack surface.

Saving time and money

Using open source software makes it possible to reuse software systems from the field of consumer electronics. This reduces R&D costs and shortens the time required for development.

Efficient hypervisor

The COQOS hypervisor

  • has a lean and innovative design providing high performance, safety and security without legacy burdens. It supports full virtualization of the CPU for the guest OS.
  • has been developed according to Automotive SPICE and ISO26262 ASIL-B practices, building upon years of experience in research and automotive mass production
  • has no open source components
  • Supports full automotive use-cases and automotive multi-core SoCs.

Hardware Support

Reference SoC

  • Qualcomm® Snapdragon™ SA8155P

 

Supported SoCs with essential features

  • NXP® i.MX 8
  • NXP® S32G
  • Renesas R-Car H3/M3
  • Samsung Exynos V910
  • TI Jacinto™ 7
  • Any other ARMv8-A SoC can be supported on customer request

 

COQOS Hypervisor

  • Type-1 hypervisor runs directly on the host’s hardware to control the hardware and to manage guest operating systems
  • Supports hardware virtualization
  • Resource visibility based on static configuration
  • Smaller attack surface due to lean
    codebase
  • Tracing Framework where extracted traces can either be analyzed manually or using an analysis/visualization tool

 

ISO 26262
TÜV SÜD certified COQOS Hypervisor to ISO 26262:2018 ASIL-B as Safety Element out of Context (SEooC).

 

VIRTIO Devices

OpenSynergy supports a wide range of virtualized devices and continuously contributes to standardization and open source. Current list of VIRTIO devices in the SDK:

  • VIRTIO-blk (Block device): for mass storage
  • VIRTIO-rpmb (replay protected memory block): reserved section of the block device that only allows restricted operations from guests.
  • VIRTIO-rng (random number generator): hardware component that generates
    random numbers used e.g., for cryptographic functions.
  • VIRTIO-vsock (virtual socket): interface that provides a point-to-point connection between two virtual machines.
  • VIRTIO-gpu: enables graphical output of VMs with different requirements on one or multiple displays (Shared Display) and for paravirtualization of the 3D GPU (Shared GPU)
  • VIRTIO-snd (sound): acts like a virtual audio cable between different VMs.
  • VIRTIO-input: shares input e.g. for touch
  • VIRTIO-console: shares a console (command line interface) from a single virtual machine to other virtual machines.
  • VIRTIO-scmi (System Control and Management Interface): Virtualization of the ARM SCMI standard for seamless pass-through and accessing local sensors such as the gyroscope and accelerometer.
  • VIRTIO-net (Network) for paravirtual ethernet + Virtual Character Driver (VCHAR)

 

Modular and managed boot

  • Bootsystem image is split to smaller HV and VM images
  • Allows to change the boot sequence of the different virtual machines (VMs)
  • Allows shutdown and restart of a single virtual machine

 

Power management

COQOS Hypervisor SDK supports the Arm PSCI specification, all mandatory PSCI calls and
those used by the Linux kernel.

 

Suspend-to-RAM
Suspend-to-RAM orchestrates suspending into a low power consumption mode (= stop execution of OS and put execution state into RAM) of all guest VMs and the whole system (including devices). Reduces energy consumption and enables quick return to the state prior to suspension.

 

TrustZone Mediator
TrustZone allows secure functions e.g., hardware keymaster or playback of digitally protected content. TrustZone mediator allows the communication between VMs and ARM Trustzone. It guarantees secure access to TrustZone by multiple VMs and/or restricts access to TrustZone as per configuration. This feature will be availabe soon.

 

Android, Linux and RTOS

COQOS Hypervisor SDK supports the following guest OSs:

  • Latest Linux versions
  • Latest Android versions
  • OpenSynergy supports out-of-box usage of FreeRTOS.

based on customer needs any OS that runs on the hardware can be supported.

Development Environment

Hypervisor Configuration
COQOS configuration tooling generates the hypervisor configuration from a model described in XML.

 

Build and Integrate
OpenSynergy delivers COQOS Hypervisor SDK as a Yocto “meta-layer”. Yocto is a popular open source Yocto toolchain.


Test and Debug

  • Periscope: monitor the hypervisor and individual guests over a single physical serial link
  • Use ADB (Android Debug Bridge) on multiple guests via a single USB port
  • Extensive tracing support with time-stamp synchonsiation to tracking down difficult issues
  • Use guest tooling such as GDB as in a non-virtual environment

Datasheet

COQOS Hypervisor
COQOS Hypervisor SDK Release v9.5

COQOS Hypervisor SDK Trial for AGL reference platform

Pre-Registration Form

Integrated Cockpit Controller on COQOS Hypervisor SDK

Vimeo

By loading the video, you agree to Vimeos's privacy policy.
Learn more

Load video

COQOS Hypervisor SDK: Suspend to RAM

Vimeo

By loading the video, you agree to Vimeos's privacy policy.
Learn more

Load video

COQOS Hypervisor SDK: Remote GPU

Vimeo

By loading the video, you agree to Vimeos's privacy policy.
Learn more

Load video

Webinar on Virtual I/O Device (VIRTIO)

Vimeo

By loading the video, you agree to Vimeos's privacy policy.
Learn more

Load video

Webinar: Towards a common standard for device virtualization in the cockpit of the future

Vimeo

By loading the video, you agree to Vimeos's privacy policy.
Learn more

Load video

x

    Your Request "COQOS Hypervisor SDK Trial for AGL reference platform"

    Please fill in the following form if you would like to receive our COQOS Hypervisor SDK Trial for AGL. We will check your download request and send you further information at the e-mail address provided. By providing your email address, you confirm that we may contact you regarding this matter.





    You can revoke this consent at any time with effect for the future. Please send us an e-mail to datenschutz[at]opensynergy.com. Further information on data protection can be found in our data protection declaration.

    close