<div class='slidealt'>Experience kvm <a title='virtualization for embedded heterogeneous arm core platforms' href='/en/products'>virtualization extensions</a></div> <div class='slidealt'>Benefit from custom <a title='kvm on arm services full virtualization' href='/en/services'>virtualization services</a></div> <div class='slidealt'>KVM on ARMv7 and ARMv8 <a title='kvm-on-arm open source smu extensions' href='/en/solutions/guides/vfio-on-arm/'>IOMMU full virtualization</a></div> <div class='slidealt'>Virtualization research projects <a title='ARM multicore kvm open source' href='/en/research'>in cloud and embedded systems</a></div> <div class='slidealt'>Virtualization solutions for heterogeneous <a title='ARMv7-ARMv8 virtualization open source solutions' href='/en/solutions'>ARM multicore systems</a></div>

Virtual Open Systems Scientific Publications

x86 System Management Mode Evaluation for Mixed Critical Systems

Secure mixed criticality on x86 systems

Event

Applications in Electronics Pervading Industry, Environment and Society 2020 (ApplePies).

Keywords

Mixed criticality, VM high performance, x86 SMM, virtualization, security.

Authors

Nikos Mouzakitis, Michele Paolino, Daniel Raho (Virtual Open Systems), Miltos Grammatikakis (Hellenic Mediterranean University)

Abstract

As autonomous driving, industry 4.0, smart cities, etc. become very popular, safety relevant computing is demanding high performance processors to manage an increasing number of sensors, actuators and control units. In this context, safety critical environments (typically run by real time operating systems) have to co-exist with one or multiple functional rich environments, e.g., Linux. Existing virtualization technologies today are considered not secure enough to isolate these two execution environment types. For this reason this paper evaluates x86 System Management Mode (SMM) for mixed critical virtualization solutions. Considering them as key performance indicators, interrupt context switch and the minimal round trip time overheads have been measured. The obtained results on an Intel platform of respectively 1.39 and 12.73 microseconds, confirm a high potential for SMM. At the best of our knowledge, this is the first work considering SMM as possible solution for mixed critical environments.

Introduction

Mixed critical systems are today increasingly important with the emergence of autonomous driving, industrial internet of things, smart cities applications. In fact, there is a need to combine software with different levels of criticality in a single platform, to satisfy both certification (e.g., ISO26262 for automotive, IEC61511 for industry, etc.) and user experience requirements (Linux, Android, etc.). An example of mixed critical application is certainly the cockpit of a road vehicle, where safety related warning icons driven by a Real Time Operating System (RTOS) coexist with infotainment (connectivity, radio, road sign recognition, etc.) based on Linux. The performance requirement of mixed criticality systems are increasing as well, driven by autonomous driving, industry 4.0, etc. In this context, there is a need of virtualization solutions that enable a safe and performant execution of different operating systems. Key requirements for such solutions are: i) strong isolation in terms of memory, CPU and IO, ii) low overhead and iii) certifiability. Existing technologies today, i.e., certified hypervisors, leverage low footprint and CPU virtualization extensions to address requirements. However, there are important security issues with virtualization, mainly due to the fact that this technology has not been designed with security or functional safety in mind. For this reason, looking for a solution that provides high computing power and robustness in terms of security and functional safety, this paper proposes to use x86 based processors System Management Mode (SMM) for mixed critical applications. In fact SMM provides a strongly isolated execution environments that runs no intermediation (low overhead) and benefits from a very thin Trusted Computing Base (certifiability). The key idea behind this is to use the isolation provided by SMM to protect the safety critical execution environment, while the feature rich execution environment is run transparently on the system. In this paper, feasibility of this approach is evaluated by measuring the overhead that would be introduced in CPU context-switch operations between an operating system in SMM mode and Linux.

Access the full content of this publication

Login or register to access full information