COQOS Hypervisor SDK enables the convergence of several functionalities on a single hardware while providing freedom from interference between systems of different criticality. A typical use case is the safe cockpit controller that runs an instrument cluster and in-vehicle infotainment system simultaneously, on a single processor.
The core technology of COQOS Hypervisor SDK is the hypervisor. The hypervisor makes it possible to run several guest Operating Systems (including Linux, Android, AUTOSAR or other operating systems) in separated virtual machines. OpenSynergy’s hypervisor is a next generation hypervisor, taking full advantage of the newest hardware extensions and specially tailored to the needs of automotive applications. High efficiency and absolute functional reliability are achieved by a lean kernel and support for hardware virtualization. Guest operating systems such as Linux or Android do not need to be adapted to run in a VM. The applications on these guests achieve a performance approaching that of natively executed applications. The system is extraordinarily flexible, economical, and functionally reliable due to the minimal trusted code-base. OpenSynergy has applied its long-lasting experience and highly specialized automotive expertise to the development of this product.
On top of the hypervisor, the SDK provides modular features corresponding to the needs of the customer. The IXCF Communication Framework transfers data securely between the VMs: it provides virtual networking between the VMs and allows the efficient sharing of data and events. In addition, COQOS Hypervisor SDK contains the drivers required to share specific SoC resources, including sharing mass storage, graphics processing or displays.
For customers who need seamless integration of the ECU into the in-vehicle network, running multi-purpose software systems simultaneously on the same platform, COQOS Hypervisor SDK can provide a pre-integrated AUTOSAR environment in a dedicated VM. It offers the fastest option for installing standard AUTOSAR-compliant automotive services, such as diagnostics, and it makes possible to use AUTOSAR software components that implement real-time applications.
The COQOS hypervisor has been developed according to Automotive SPICE and ISO26262 ASIL-B practices.
You find here a description of a typical use case such as a “Safe Cockpit Controller“.
Providing scalability and flexibility
COQOS Hypervisor SDK can scale across various applications. It can run on compact micro-processors as well as high-performance multi-core processors. It can be used for small, simple systems with just a few virtual machines (VMs).
At the same time, it is also perfect for complex infotainment systems with several guest operating systems, each running in its own virtual machine.
Using hardware more efficiently
The assignment of VMs to cores in a multi-core processor is highly flexible. Several VMs can access one core, or, vice versa, one VM can tap into the computing power of several cores. Due to the minimalistic Type-1 Hypervisor, it takes maximal advantage of hardware virtualization extensions.
Improving safety
Having separate VMs for isolated functions, COQOS Hypervisor SDK provides the benefit that functional disruptions cannot affect systems in other VMs. This architecture simplifies the challenge of high functional safety. The hypervisor is designed from the ground up for supporting applications with high requirements in terms of safety and security.
A configurable system supervisor (watchdog) in a separate VM can monitor the behavior of specific applications and intervene if the system does not respond properly.
Providing security
Guest operating systems run independently of each other on the software VM in COQOS Hypervisor SDK. In this way, the partitioning functions as a firewall, offering protection from outside attacks.
Integrating AUTOSAR seamlessly
COQOS Hypervisor SDK contains a CAN Gateway which is integrated in a VM, that
• Enables seamless integration of the ECU running COQOS Hypervisor SDK into the in-vehicle network
• Offers the fastest option for installing standard AUTOSAR-compliant automotive services such as diagnostics
• Makes it possible to use AUTOSAR software components that implement real-time applications
Saving time and money
Using open source software makes it possible to reuse software systems from the field of consumer electronics. This reduces R&D costs and shortens the time required for development.
Efficient hypervisor
The COQOS hypervisor
Hardware Support
Target processor architectures
SoCs
Hypervisor
The hypervisor creates virtual machines (VMs):
Android and Linux
COQOS SDK supports the following guest
operating systems:
CAN Gateway
The CAN Gateway is a minimalistic AUTOSAR stack, that contains:
Features
Fast-boot
COQOS SDK includes a fast-boot loader and a modular-boot mechanism, which allows VMs to load and start sequentially.
Shared Graphics and GPU
Several VMs with graphic-intensive applications fulfilling different requirements on safety and real-time Performance, can share one display surface (Shared Graphics) and use the same Graphics Processing Unit (GPU) and display hardware concurrently (Shared GPU).
Shared Hardware
Many important use cases require that a single hardware resource is shared among multiple VMs. OpenSynergy’s approach enables graphical output of VMs that run on top of a hypervisor with different requirements in terms of safety and real time performance on one or multiple displays.
ISO 26262
TÜV-Süd has confirmed that the COQOS Hypervisor as part of the COQOS Hypervisor SDK meets the requirements of ISO 26262 up to ASIL-B and has issued an associated Technical Report.
Inter-X Communication Framework (IXCF)
IXCF transfers data between VMs running multi-purpose or real time operating systems. IXCF consist of:
System Supervisor
A configurable watchdog (contained in a separate VM) can observe the behavior of specific applications and take action when the system does not perform correctly.