VOSySmcs - Automotive mixed-criticality virtualization product software stack
In the era of connected electric/hybrid vehicles, the automotive industry is facing a revolution, accelerated by an un-avoidable integration of Autonomous Driving and AI. Its electronic components, based on increasingly complex, heterogeneous hardware platforms and an exponentially growing software represent a key strategic challenge. To cope with this revolution while limiting the number and costs of Electronic Components Units (ECU), car-makers are pushing for ECU consolidation with mixed-criticality requirements. In this disruptive context, VOSySmcs, an innovative, scalable and open software stack solution, enables Tier-1 vendors to answer the requirements set by the car-makers with a secure, modular and high performance solution.
VOSySmcs innovation resides into open source components (including certified RTOS) modular integration upon a slim proprietary certified virtualization layer (VOSYSmonitor). VOSySmcs opens to a completely new generation of software driven vehicles, where autonomous driving with virtualized access to AI hardware acceleration mechanism can be orchestrated and executed in isolated virtual machines, with stringent ISO-26262 certification requirements. Any solution, to be viable and acceptable by the automotive market, has to be safety functional certified ISO-26262. VOSySmcs satisfies these requirements by providing as key certified components, VOSYSmonitor (the system partitioner) and an open source RTOS.
VOSYSmcs software stack overview
The product VOSySmcs flyer is made available in English.
A virtualized and accelerated mixed-criticality software stack to consolidate safety-aware applications in modern vehicles
VOSySmcs is a perfect solution to enable reduction of the overall cost (e.g., space, cables, power consumption, materials, integration effort) of complex automotive systems by addressing consolidation on a single platform with special attention to safety and security. These two aspects are very close in autonomous connected vehicles since it is not possible to ensure safety without security. Indeed, if a hacker manages to exploit a security hole to remotely take over the control of a vehicle and cause an accident, it is a safety issue.
In this context, VOSySmcs is based on a key component called VOSYSmonitor, a low latency certified system partitioner, that provides a system-wide security approach to isolate the critical components of a system (e.g., RTOS, AUTOSAR OS) from the non-critical applications (e.g., IVI system), which might be exposed to malicious attacks. Such a technology ensures a higher protection for the critical domain than traditional type-1 hypervisors that might suffer from security issues, thus causing guests and host denial of services.
VOSySmcs consists of a full fledged software stack to support a modern generation of car virtual cockpit where the In-Vehicle Infotainment (IVI) system and the Instrument Digital Cluster are consolidated and interact on a single platform. Indeed, traditional gauges and lamps are replaced by digital screens offering opportunities for new functions and interactivity. Vehicle information, entertainment, navigation, camera/video and device connectivity are being combined into displays. However, this different information does not have the same level of criticality and the consolidation of mixed-critical applications represent a real challenge that must respect the stringent requirements of the ISO 26262 functional safety standard.
VOSySmcs enables the integration of safety-critical and non-critical information on a single display, while providing rendering guarantees for the safety-critical output. In addition, VOSySmcs supports a similar concept for the sound management in order to guarantee the availability of the sound system to the safety-critical subsystem (e.g., warning signal), while still allowing the non-critical partition to play music/sound (e.g., radio, navigation, etc) but with a lower priority and without affecting the safety-critical application. The VOSySmcs innovation resides into the usage of open source components extended by Virtual Open Systems, such as ISO 26262 certifiable FreeRTOS, open source hypervisor (e.g., Linux-KVM, XEN) to manage the consolidation of safety-critical and non-critical information upon a slim proprietary certified system partitioner VOSYSmonitor.
VOSySmcs application in Automotive - Digital Cluster and In-Vehicle Infotainment consolidation
VOSySmcs reduces the safety certification costs by using certified components (i.e., VOSYSmonitor, certifiable FreeRTOS) that leverage on a hardware isolation mechanism, therefore, fewer lines of code in the system are required, which further reduces the cost of safety certification.
Last but not least, VOSySmcs is the perfect solution to address the future challenges related to the consolidation of software functionalities for Advanced Driver Assistance Systems (ADAS), which adds an extraordinary amount of new functions.
VOSySmcs - main features
VOSYSmcs is based on existing technologies developed/extended by Virtual Open Systems:
- VOSYSmonitor: Safety Element out of Context (SEooC) certified low level firmware that enables the co-execution of two systems by leveraging ARM TrustZone in order to provide a strong isolation and high performance modular architecture
- VOSYSVirtualNet: Provide a safe, portable and efficient communication channel based on IP stack (virtual Ethernet) between both systems consolidated with VOSYSmonitor
- FreeRTOS: ISO26262 Certifiable open source FreeRTOS version extended with graphics and sound management.
- Safe Split Display: Solution to share a screen display between both systems, while ensuring that the critical output (e.g., tell tales) is not impacted by the rendering of non-critical application (e.g., IVI system).
- Safe Audio Sharing: Solution to share the sound system between both domains, while ensuring that the critical output (e.g., warning signal) is not impacted by the non-critical application (e.g., IVI system).
- GPU virtualization: Enhance non-critical Virtual Machines (VMs) with 3D acceleration capacity for advanced graphics rendering close to native performance
- Software Over the Air (SOTA) support: Provide a secure process to update the software/firmware of VOSySmcs software stack without compromising safety.