In unicore systems, the hypervisor can provide real-time cyclic scheduling of multiple guest OSs, which means the real-time and interrupt latency is controlled by the hypervisor (not the guest OSs running on it) and can add higher degrees of determinism to OSs that traditionally don’t allow for it. OSs such as Windows where source code isn’t available can run in a fully virtualized environment, and OSs such as Linux can be para-virtualized to help increase OS performance.
The embedded hypervisor will generally run with a realtime separation kernel, with the hypervisor providing the virtual environments, and the separation kernel providing the real-time, multicore, and partitioning support. In applications that require safety and security, the separation kernel and hypervisor can also make sure that OSs that run in their virtual environments are separated by software from other applications or OSs running on the same hardware.
Any communication required between these environments is governed by security policies defined by the system designer that are then enforced by the separation kernel. Designers can feel comfortable that any fault conditions or even malicious attacks that occur in a virtual environment are then contained in that environment while the rest of the system continues to function, maintaining both safety and security requirements.
Many more use cases for the embedded hypervisor will start to determine its widespread use in tomorrow’s embedded systems. This is probably the most significant technology to hit embedded software in the last 20 years, and it’s likely to shape our next generation of embedded systems.
Reprints
