PikeOS Certified Hypervisor

Embedded Virtualization

PikeOS Certified Hypervisor

Embedded Virtualization

PikeOS embedded virtualization is designed to manage virtualization along with the special requirements of complex embedded systems, e.g. real-time responsiveness, deterministic and diverse hardware and software support. While server or desktop virtualization mainly targets space partitioning to make better use of an x86 hardware platform, PikeOS embedded virtualization offers more flexibility through time and space partitioning. PikeOS embedded virtualization provides partitions for multiple guest operating systems, so-called personalities, and supports diverse hardware platforms.

Partitioning according to ARINC 653

Partitioning is a PikeOS concept described in the ARINC 653 specification for system partitioning and scheduling which is often required in safety-critical systems in the avionics industry. Partitioning allows a software architect to build multiple partitions on top of the PikeOS micro-kernel that can host real-time operating systems, run-time environments or APIs along with their world of application programs (see info graphic above). Each of these partitions receives its own set of system resources.

Applications operate completely isolated and are controlled only by the PikeOS micro-kernel. There is no way for a program in one partition to affect or harm another. In this way multiple guest operating systems are able to safely coexist on a single machine and their individual functionalities can be tailored to match the requirements of their application programs. Partitioning helps to reduce the amount of hardware in complex systems and makes software integration much easier.

Micro-kernel based Para-Virtualization

PikeOS embedded virtualization is based around a small micro-kernel which provides core functions. By means of these functionalities the system's resources, e.g. memory, I/O devices, CPU-time, etc., can be divided into separate subsets. The PikeOS micro-kernel serves as hypervisor or virtual machine monitor (VMM) and traps any attempts by user programs to execute privileged instructions or to otherwise access resources outside of their set. In this way, it implements para-virtualization similar to Xen.

Hardware Virtualization

Some architectures provide hardware virtualization, e.g. by means of a second level MMU. On those architectures, the PikeOS hypervisor is capable to execute unmodified guest operating systems. This effetively means, that the adoptions for para-virtualization are no longer neccessary.

The implementation of hardware virtualization support in PikeOS is divided in two parts:  The hypervisor, implemented as a part of the PikeOS kernel, and the manager, which is a regular PikeOS application using the kernel API to create and manage a guest. When the manager requests to create a new guest, the hypervisor will allocate the required resources and initialize the context to enable the guest’s start up later. For a guest to have memory or hardware resource access, a specific mapping table must be created which will be used as a second mapping level.  This table will in turn be used by the hypervisor to convert physical addresses to intermediate physical addresses for the virtual machine. This is usually done with support by the MMU.

Reduction of Software Complexity

Computers today generally do not suffer from lack of performance, but they often have severe reliability problems. In embedded systems, where malfunction of appliances can be a severe threat to the lives of humans, software complexity is the core problem. With micro-kernel based virtualization, applications are no longer forced to unconditionally trust a huge monolithic kernel containing a lot of complex functionalities that the application may or may not need. Instead, each subsystem can choose the amount of code that it wants to trust, thus providing more stability and helping to reduce the complexity of the whole system.

Cost-efficient Software Integration and Protection of intellectual Property

Software integration becomes more or less a question of configuration. The flexible design of PikeOS embedded virtualization enables system architects to integrate software applications of different suppliers on one platform in a cost-efficient, safe and secure way. It even allows integration of APIs supporting legacy software. All applications reside in encapsulated partitions where the PikeOS micro-kernel controls access, protecting intellectual property against unwarranted access.