Why Virtualization on Microcontrollers

Why Virtualization on Microcontrollers

Embedded virtualization is a key technology for the future of automotive systems. Virtualization makes it possible to allocate the resources of a processor to multiple safely separated applications and operating systems.  This is an effective approach to redesign the vehicle electronics architecture, take full advantage of the performance of processors and address the growing complexity of software-defined functions. What was previously possible on application processors in infotainment and connectivity now also comes to the real-time processors and microcontrollers required in other vehicle domains. A new hypervisor platform opens up many opportunities for the next generation of increasingly automated cars.

The New In-Vehicle Architectures

Fig1.: New architecture integrating many software functions on more powerful devices.
Vehicles need continuously increasing processing power to run software-defined functions providing infotainment and connected services, assisting the driver, making the vehicle safer, and managing energy sources. 
 
The era where each new vehicle function required the integration of a new ECU (Electronic Control Unit) is long over. Vehicle manufacturers are designing new architectures whereby many software functions are integrated on more centralized, powerful devices, often called “domain controllers” and “zonal computers.
The various functions in the car have very different requirements on the capabilities of the underlying software and hardware platforms.  Software applications do not only require generic processing power but need specialized accelerators to process camera images or radar data, and run artificial intelligence algorithms such as deep learning.  In addition, the vehicle functions have different requirements for functional safety (from ISO26262 “QM” to “ASIL-D”), boot times, and real-time behavior.

 

Respond Of The Hardware Industry

The industry has developed very powerful microcontrollers to run as many functions as possible on one piece of hardware. This simplifies network complexity and reduces costs and the weight of the vehicle. For this consolidation of software systems, the market offers various solutions based on different methods. One approach is to isolate the consolidated functions and prevent interference of software systems with different requirements and safety levels by virtualization with hardware support: Functions integrated into the operating system are allocated to different memory areas, creating a “spatial” separation. The segmentation then ensures that the functions do not interfere with each other. This means that simply by integrating a software package on a chip with hardware virtualization, it is already possible to integrate applications with different functional safety requirements.

Virtualization by Hypervisor

Fig2.: A powerful microcontroller can  integrate all functions of the body, IO aggregation, power distribution, and part of the ADAS sensors.
 
The separation of functions by hardware virtualization alone is not sufficient to fully exploit this enormous power. Additional virtualization technology is needed that not only enables the integration of numerous applications but can also run several operating systems side by side on which the various functions are located.
Hypervisors are suitable for this, since they completely separate all software components from the hardware and enable the software components – i.e., both the operating systems and the applications running on them – to be completely independent and not influence each other, as well as being able to be updated in a modular way.

Standard-based devices

With this approach, the entire functions of a domain (e.g., body, cockpit, ADAS) can run together and simultaneously on a single ECU. Thanks to the high performance of the latest microcontrollers, the number of integrated functions can still be expanded to a relevant extent. Future architectures will favor the spatial aggregation of functions, i.e., zonal computers because in this way the cabling throughout the vehicle is reduced. Thanks to the virtual devices that OpenSynergy offers on its COQOS Hypervisor SDK in addition to the hypervisor, the systems here communicate without additional hardware.

For the development of these virtual devices, OpenSynergy has been an active member of the OASIS Open consortium since 2018 and specifies the most important devices according to the open VIRTIO standard.

 

Use case zonal computer

In the car, there is not only one single zone, but in fact several zones defined into several logical blocks, which consolidate the functionalities for each physical area. This means that there are zonal computers in the front, center, and rear of the vehicle, which are connected via a central gateway. The central gateway thus acts as a central block, forwarding data reliably, securely protected against attacks, and at high speed.

An example of an application is COQOS Hypervisor SDK running on the processor of a Zonal Front Computer. Within this zone, all the functions of the body, IO aggregation, power distribution, and part of the ADAS sensors can be consolidated there. This consolidation of different applications comes in the background with a strict separation requirement on all the levels across the firmware. This means that e.g., safety, timing, or security cannot be impeded, nor can the functionality of the particular application be reduced. Also, the swap to a new firmware image cannot influence the execution of the functionalities that coexist inside the microcontroller.

 

Virtualization Versus AUTOSAR

To a certain extent, classic AUTOSAR already provides such separation, even supporting several ASIL-levels, without the need of a hypervisor.  AUTOSAR provides separation at the level of the operating system and the applications consist of individual software-components.  However, in complex software systems, the configuration of AUTOSAR becomes extremely complex as the behavior of the operating system and the services in the basic-software needs to be defined centrally, which breaks modularity.  AUTOSAR also requires all applications to follow the AUTOSAR standard, even to the same version.  Finally, the result of the AUTOSAR development process is a monolithic system that does not allow for modular software updates.

The hypervisor adds an additional level of decoupling, supporting a critical first level of separation in development, configuration, integration and software update.  Within one virtual machine, an AUTOSAR-based system (providing a second level of separation) will be used in many cases.  Several virtual machines can run different systems with different AUTOSAR implementations or even non-AUTOSAR-compliant software.

 

Advantages Over Non-Hypervisor Methods

The use of virtualization technology brings numerous advantages for the integration of software systems in the vehicle:

  1. Virtualization makes it simpler to provide freedom from interference by enforcing temporal and spatial separation.
  2. Virtualization allows independently developed software partitions to run on the same ECU. The software partitions may use different software stacks.
  3. Virtualization allows consolidation of software from multiple legacy ECUs into a newer, more powerful ECU.
  4. New functions, and the introduction of multi- and many-core systems increase software complexity. Analyzing real-time behavior becomes more difficult. Because the hypervisor enforces strict timing protection, temporal interference between software components in different virtual machines is avoided, allowing for an easier understanding of the system decomposed to partitions at the function level.
  5. Virtualization allows for new workflows in software development where different suppliers can develop software for different virtual machines in parallel, thus allowing OEMs a more flexible approach as well as reducing hardware costs.
  6. Having independent and modular software updates can lead to a significant reduction in the effort needed to re-qualify software partitions, especially when the changes are small.

Conclusion

Embedded virtualization, already in production on application processors, in-vehicle domains such as connectivity and infotainment, is now coming to microcontrollers and real-time processors. This technology will enable the integration of more complex software functions on domain controllers that cannot only use application processors. The new generations of microcontrollers have built-in hardware extensions. COQOS Hypervisor SDK for real-time processors picks up the hardware virtualization and extends it to make virtualization easier and more effective. With this virtualization technology automotive manufacturers can reliably execute multiple functions and various software services on a single piece of hardware, securely separated from other functions.

Back