Search
Close this search box.

Why use a hypervisor for zonal computers?

Safe Cockpit Controller

Since the days are gone when performance gains are achieved simply by raising the clock frequency or adding more processor cores, the various suppliers must invent new technology and forge new paths with new partners. The resulting megatrend in the automotive industry towards software-defined vehicles is changing the vehicle architectures of the future and requires, among other things, systems that can perform multiple functions on a single piece of hardware. In this context, the various software services must be securely separated from each other and meet their respective real-time requirements. Virtualization is the key technology that makes this possible. It causes systems to be separated both at the software level and with hardware support. This can be done, for example, by combining a microcontroller with hardware virtualization and a hypervisor that picks up and extends the hardware virtualization.

What is a zonal computer?

Automotive manufacturers and ECU suppliers in the real-time domain are under constant pressure to merge more functions onto hardware. They need to reduce costs (less hardware, cables, weight) while achieving better performance (energy efficiency, safety, security) and integrating more functions ( electrification, connectivity, autonomous driving). Future architectures will not distribute the functions among many ECUs and will not group them by domains on powerful processors; instead, there will be a central computer for each spatial area in the vehicle. These zonal computers in the front, center, and rear of the vehicle, are connected via a central gateway. The central gateway thus acts as a central block, forwarding data reliably, securely protected against attacks, and at high speed.

The Front Zonal Computer

The Zonal Front Computer is located in the front of a vehicle. Within this zone, all the functions of the body, IO aggregation, power distribution, and part of the ADAS sensors can be consolidated there. This consolidation of different applications comes in the background with a strict separation requirement on all the levels across the firmware. This means that e.g., safety, timing, or security cannot be reduced nor the functionality of the particular application. ASIL-D application can’t be compromised by any other software running as QM or ASIL-B. Also, the swap to a new firmware image cannot influence the execution of the functionalities that coexist inside the Microcontroller.

Hardware virtualization

Chip manufacturers produce ECUs that separate the different software packages while ensuring real-time performance predictability and freedom from interference. Functions integrated into the operating system are allocated to different memory areas, creating a “spatial” separation. The segmentation then ensures that the functions do not interfere with each other. Simply by integrating a software package on a chip with hardware virtualization, it is already possible to integrate applications with different functional safety requirements.

Virtualization by hypervisor technology

The separation of functions by hardware virtualization alone is not sufficient to fully exploit this enormous power. Additional virtualization technology is needed that not only enables the integration of numerous applications but can also run several operating systems side by side on which the various functions are located. Hypervisors, which completely separate all software components from the hardware and enable the software components – i.e., both the operating systems and the applications running on them – to be completely independent and not influence each other, as well as being able to be updated in a modular way, are suitable for this.

How the hypervisor works

The hypervisor on COQOS Hypervisor SDK creates virtual machines to separate services. The services run independently in their respective virtual machines, each of them assigned to specific hardware resources. By isolating the virtual machines from each other, they are free from interference. Even if the services originate from different vendors, they can be developed, deployed, and updated independently. It is even possible to update a single service after the start of production, without revalidating the real-time properties of the other services. 

COQOS Hypervisor SDK picks up the hardware virtualization in the Stellar products and configures the boundaries and the access rights of the initiators to the various targets or the shared resources.

The hypervisor works on the highest privileged level, has full access, and configures initially the entire system. This includes setting the identification of the VMs, also known as VMID (Virtual Machine Identification), based on which the accesses will be validated via the firewalls and other hardware mechanisms provided in hardware.

Your Request

    Whitepaper Safe Cockpit Controller

    Thank you for your interest in our subsequent technical documents. We offer you the possibility to download the document and would be pleased to send you further information regarding the whitepaper at the e-mail address provided. By providing your email address, you confirm that we may contact you regarding this matter.





    I agree that we process the data entered in the form field for advertising purposes and send you further information about our products and solutions by mail, telephone or e-mail. The provision of your data for advertising purposes is done in return for receiving test access to one of our products.

    You can revoke your consent at any time with effect for the future. Please send us an e-mail to datenschutz@opensynergy.com.

    Collected data will be deleted. For further information on this data processing, please refer to our privacy notice.