Security via partitioning is the reason hypervisors are popular in embedded applications ranging from industrial control to self-driving cars. The ability to isolate a virtual machine (VM) via hardware allows real-time VMs to run alongside non-real-time operating systems, making it easier to verify the integrity of a system.
Many hypervisor systems provide a dynamic environment where repartitioning can occur on-the-fly, but that’s not always a great idea for embedded systems. Lynx Software Technologies released its MOSA.ic hard partitioning last year, and latest version now makes it easier to utilize with integrated VMs like support for Azure IoT (see figure).
Lynx MOSA.ic initially targeted the U.S. Department of Defense’s Modular Open Systems Approach (MOSA). MOSA targets interoperability in defense systems, but the technology is equally applicable in platforms from Industry 4.0 to medical devices where certification and safety- and security-related applications are key.
MOSA.ic essentially requires a designer to specify all of the VM partitions and communication between them before a system even boots. This configuration remains in place until the system is shut down. Therefore, verification can be done by certifying the configuration and, subsequently, the VMs that also must be certified, such as real-time control applications.
The latest release of MOSA.ic is now divided into LYNX MOSA.ic for Industrial, LYNX MOSA.ic for UAVs/Satellites, and LYNX MOSA.ic for Avionics. Each supports VM clients that have been integrated so they can be easily utilized by developers.
The industrial version includes support for IoT platforms like Azure IoT Edge Runtime that works on Linux and the Azure RTOS ThreadX. Other IoT platforms such as FreeRTOS are in the mix as well. Developers can do this integration and testing themselves for any platform, but Lynx has been working to make sure these platforms mesh with MOSA.ic.
As one might expect, the Avionics version supports guests like LynxOS-178, which can be certified for DO-178 avionic hardware. Interestingly, the UAV/Satellites version includes Kubernetes container orchestration support. This can be used in the other configurations, but it targets this space because containers are becoming more important in supporting such applications.
All platforms will run Lynx Simple Applications (LSA), which are bare-metal software. The fixed system configuration actually lends itself into cobbling together a system using LSAs that are isolated but very efficient. Low-level, high-performance shared-memory communication is one way to link LSAs.
Deterministic and secure systems can be built using MOSA.ic. Having tested VM solutions will make building these systems easier.