Deterministic Separation Kernel for Mixed-Criticality Workloads
The core of PikeOS is a high-performance, hard real-time separation kernel. It strictly enforces spatial and temporal partitioning through a MILS (Multiple Independent Levels of Security) architecture, ensuring that applications of varying criticality levels coexist without cross-interference. This provides guaranteed resource availability, bounded interrupt latencies, and predictable Worst-Case Execution Times (WCET), which are essential for the most demanding mission-critical systems.
Type 1 Hypervisor for Hardware Consolidation
By executing directly on the silicon with maximum CPU privilege, PikeOS eliminates the overhead and attack surfaces associated with a host operating system. This bare-metal architecture provides a secure abstraction layer that enables the concurrent execution of heterogeneous guest operating systems—ranging from general-purpose OSs like Linux and Android to specialized RTOSs—while maintaining near-native performance through hardware-assisted isolation and direct resource mapping.
Strict Time & Space Partitioning (Robust Isolation)
PikeOS ensures that applications are strictly isolated through hardware-supported memory protection and deterministic time-slice scheduling. A failure or malicious exploit in one partition cannot impact the performance or integrity of others. This robust partitioning is the key to hosting mixed-criticality workloads on a single SoC.
Multi-Core Support (SMP & AMP Multiprocessing)
PikeOS provides advanced multi-core capabilities, supporting both Symmetric (SMP) and Asymmetric (AMP) multiprocessing. It includes mechanisms to mitigate cross-core interference, such as cache coloring and memory bandwidth monitoring. This ensures that real-time performance is maintained even as system complexity scales across multiple CPU cores.
MILS Architecture (Multiple Independent Levels of Security)
The PikeOS architecture strictly adheres to the MILS concept, enabling the coexistence of components with different Security levels on a single processor. It enforces a "Security by Design" approach by controlling the information flow between partitions. This simplifies the development of secure gateways and cross-domain solutions.
Multiple Guest OS Support
PikeOS offers an industry-leading range of "Personalities" to run diverse guest operating systems concurrently. It supports or own ELinOS, as well as Linux, Android, Windows, certified POSIX, and specialized Avionics or Automotive standards like ARINC 653 and AUTOSAR. This allows developers to reuse legacy code and open-source libraries alongside Safety-critical tasks.
Safety & Security Certifications
PikeOS is designed from the ground up to meet the most stringent industry standards for functional Safety. It supports certification up to SIL 4 (Railway), DAL A (Avionics), ASIL D (Automotive), and ECSS Cat. A (Space) on the same platform. This makes it the premier choice for complex systems requiring multi-standard compliance. PikeOS 5.1 is therefore certified to Common Criteria EAL 5+ or the Airbus SAR SAL.
Certification Kits (Documentation & Artifacts)
SYSGO provides comprehensive Certification Kits that include all necessary documentation, test plans, and evidence for regulatory authorities. These kits drastically reduce the time and cost associated with certifying a final product. They leverage SYSGO’s decades of experience in navigating the most demanding certification processes.
Common Criteria EAL 5+ Security Certification
As a world leader in secure virtualization, PikeOS Version 5.1 is certified according to Common Criteria EAL 5+ for its separation kernel. This high-level Security assurance verifies that the kernel's isolation mechanisms are architecturally sound and resistant to sophisticated attacks. It provides a trusted foundation for systems handling sensitive data or connected to external networks.
Secure Boot & Hardware Root of Trust
To ensure system integrity from the first instruction, PikeOS integrates with hardware-based Security features like Secure Boot. It establishes a chain of trust by verifying signatures of the bootloader, kernel, and partition images. This prevents the execution of unauthorized or tampered software during the power-on sequence.
Native Graphics & Virtualized GUI Support (GPU Sharing)
The platform provides sophisticated graphics support, allowing multiple partitions to share a single GPU or display controller. Safe graphical backends ensure that critical instruments and non-critical entertainment UIs remain isolated. It supports modern standards like OpenGL and Wayland to enable high-performance user interfaces.
Certified Network Stacks (TCP/IP, UDP, AFDX, ARINC 664)
PikeOS includes certifiable communication stacks tailored for both industrial and aerospace requirements. These stacks are designed for high reliability and can be integrated into Safety-critical certification paths. They provide the necessary connectivity for modern IoT and Avionics systems without sacrificing determinism.
Intrusion Detection & Integrated Firewalls for Guest Partitions
Network traffic between partitions and external interfaces can be monitored and filtered using integrated Security components. PikeOS allows for the implementation of partition-specific firewalls to block unauthorized communication attempts. This adds an extra layer of defense-in-depth to virtualized environments.
wolfSSL & CycurHSM: Integrated Security & Crypto Libraries
Through partnerships with leading security providers, PikeOS offers pre-integrated libraries for encryption, TLS, and HSM management. These libraries are optimized for embedded use and support hardware acceleration where available. They enable secure end-to-end communication and protected storage of cryptographic keys.
Trusted Platform Module (TPM) & Hardware Security Module (HSM)
PikeOS leverages hardware Security modules like TPMs to provide secure key storage and platform attestation. It can use these modules to perform cryptographic operations in a hardware-isolated environment. This is essential for meeting modern Cybersecurity requirements in automotive and industrial sectors.
Multi-Language Support (C/C++, Ada, Rust)
The platform supports a variety of programming languages to suit different Safety and performance needs. While C and C++ are standard, PikeOS also provides excellent support for Ada and the memory-safe Rust language. This allows teams to use modern development paradigms while maintaining strict Safety compliance.
CODEO: Eclipse-based Integrated Development Environment
CODEO is the unified development cockpit for PikeOS, providing a graphical environment for system configuration, coding, and deployment. It features specialized wizards for partitioning and resource allocation, significantly reducing the complexity of hypervisor setup. The IDE supports the entire lifecycle from initial prototyping to final system analysis.
QEMU-based HW Emulators & Target Simulators
Developers can accelerate their projects by using integrated QEMU emulators to run PikeOS images on host PCs. This allows for software development and testing to begin long before final hardware is available. It supports a wide range of architectures including ARM, x86, PowerPC, and RISC-V.
Health Monitoring & Error Management Framework
Built-in health monitoring functions detect and handle system anomalies, such as memory violations or deadline misses, in real-time. The framework allows for configurable recovery strategies, such as restarting a single partition without affecting the rest of the system. This significantly enhances the overall availability and fault tolerance of the device.
System-wide Debugging & Hardware Trace Support
PikeOS offers advanced debugging tools that can inspect multiple partitions and the kernel simultaneously. It supports non-intrusive hardware tracing to capture timing behavior and system events with microsecond precision. These tools are vital for identifying complex race conditions and optimizing multi-core performance.