A Comprehensive Overview Last Updated: January

Project ACRN: A Comprehensive Overview

Last updated: January 19, 2021 Content

❖ Introduction ❖ Architecture ❖ Value Proposition ❖ Key Capabilities ❖ Scenarios Introduction

ACRN™ is a flexible, lightweight reference hypervisor, built with real-time and safety-criticality in mind, optimized to streamline embedded development through an open source platform.

- A Linux Foundation Project Launched in March 2018 - Version 1.0 released in May 2019 - Version 2.0 released in June 2020 Overallarchitecture

ACRN is a registered trademark of the Linux Foundation. *Other names and brands may be claimed as the property of others. Value Proposition - ACRN

Small Footprint • Optimized for resource-constrained devices • Small codebase: less than 40,000 vs. >156,000 lines of code for datacenter-centric hypervisors

Functional Safety & Hard Real-time • Heterogeneous Workloads Consolidation • Supports also the most demanding workloads: safety-critical and real- time

Open-source with Flexible License • Permissive BSD license enables proprietary Guest OS • Business-friendly to adopt, modify and integrate • True open source with a vibrant Community

ACRN reduces system deployment complexity, enables heterogeneous architectures, and provide TCO advantages Key Capabilities Functional Safety Hard Real-time MISRA-C Compliance Support hard or soft RT VM FuSa certification targeted Optimized for RT, e.g. no VMExit*, cache isolation

Security & Isolation Rich I/O Mediation Full isolation for mixed criticality workloads Graphics, Audio, USB… Intel VT backed isolation Industry standard Virtio BE/FE drivers Secure boot

Permissive Open Source License Flexible Architecture Permissive BSD-3-clause license Partition Mode, Sharing mode Linux Foundation Affiliation Hybrid (mix of partition & share) mode

System Manageability Various Guest OSes Support Flexible VM lifecycle Management Linux*, Zephyr*, Android*, VxWorks*, Windows*… Virtualization API supported (libvirt)

Ease of use Secure Container ACRN configuration tool Kata Containers enabled for starting isolated Rich documentation and secure containers Multiple-channel community support *Other names and brands may be claimed as the property of others ACRN™ & OSV/ISV Vendors

A transparent enabler Productize on top of Project’s Goal that provides: ACRN directly by adding Provide an embedded • A common architecture to be value with: hypervisor reference used as-is • Proprietary Service VM or RTOS solution to enable • A high quality reference OSV/ISVs stack optimized for embedded • Commercial Licensing development • Commercial Support

Move the industry towards faster TTM Industry

User VMs Post-launched Key Challenges: RTVM ❑ Mixed Workloads: Service VM ▪ Real-Time vs non Real-Time PLC Machine HMI Learning ▪ Isolation vs Sharing Compute Robotics Device Visual ❑ Real-Time (Hard / Soft) Model AI Computin g ▪ GBE packet IO control loop < 12us ▪ MSI interrupt latency < 4us ▪ Cyclictest jitter < 10us ACRN hypervisor ❑ HMI ▪ Windows 10 Hybrid

Key Challenges: Pre-launched User VMs Safety VM ❑ Mixed Workloads: User VM Service VM ▪ Safety-Critical and normal

Machine workloads Learning PLC ▪ Isolation and Sharing Device Robotics Model AI ❑ Functional Safety ▪ IEC 61508-3 (Industrial)

ACRN hypervisor

ACRN is a registered trademark of the Linux Foundation. *Other names and brands may be claimed as the property of others. Hybrid Real-Time

Key Challenges: Pre-launched User VMs Real-Time TVM ❑ Mixed Workloads: User VM Service VM ▪ Real-Time and normal workloads Machine HMI ▪ Isolation and Sharing Learning PLC Device Visual ❑ Real-Time (Hard / Soft) Robotics Model AI Computin Compute ▪ GBE packet IO control loop < 12us g ▪ MSI interrupt latency < 4us ▪ Cyclictest jitter < 10us ACRN hypervisor Logical Partition

Pre-launched Pre-launched Safety/RTVM Safety/RTVM

User VM User VM

PLC PLC

Robotics Robotics

ACRN hypervisor Open Source with Flexible Licensing

● Scalable support ● Significant R&D and development cost savings ● Transparent open source development model ● Collaborative SW development with industry leaders ● Permissive BSD licensing Real Time

Auto PLC IPC Robotics IPC Robotics ❑ Support hard or soft Real- Hard Real-Time Soft Real-Time Time VMs (RTVMs)

Dev ice Model ❑ No VMEXIT during runtime operations

vLAPIC vIOAPIC vPIC ACRN Hypervisor vMSI vUART … ❑ Highly optimized for RT: • LAPIC passthrough • RDT for resources isolation (cache and memory) LAPIC0 LAPIC1 LAPIC2 LAPIC3 • PCI device passthrough CPU0 CPU1 CPU2 CPU3 • Static CPU assignment IOAPIC Cache Cache

Cache PCI dev PCI dev ❑ Still use EPT and VT-d for VM isolation System Manageability

VM Type & Severity: • Load Order: Pre-launched, Service VM, Post-launched • Category of VM: Service VM, User VM (can be pre- launched or post-launched) VM HW • Severity: Safety VM > Hard RT VM > Soft RT VM > Type & Resource Severity Service VM > Standard VM

HW Resource: • CPU, memory & cache, devices, etc • Partitioning or sharing based on VM type & severity

System System Management: Manage • HW resources statically assigned at build time or dynamically assigned during runtime • ACRN configuration tool: offline tool • General reference design for VM & system lifecycle management • Virtualization API: libvirt System Security

Secure Boot Isolation Runtime Security

• Measured Boot • Isolation for mixed • Virtual TPM • Verified Boot criticality workloads • Trusty • Intel Virtualization • Supervisor-Mode technologies: VT-x, Access Prevention VT-d (SMAP) • Kata Containers • Supervisor-Mode • EPT memory Execution Isolation Prevention (SMEP) • Interrupt isolation • Software Guard • Cache Allocation Extension (SGX) Technology (CAT) • Dynamic Application Loader (DAL) • Total Memory Encryption (TME) Rich I/O Mediation

• I/O device mediators

GPU Ethernet Block Audio IPU I2C GPIO Touch USB

Mediated Virtio Virtio Virtio Virtio Virtio Virtio Virtio Emu. Passthru

• Various security virtualization features

RPMB CSE TPM Android Trusty Verify Boot Seed SGX

Virtio Virtio Emu. Emu. Emu. Emu. Emu.

• PCI devices pass-through (VT-d) capability too Diverse Guest OSes Supported Ease of Use

Fast Development Rich Documentation • Short Learning Curve • Getting Started Guide • Straight-forward coding • Architecture & Design styles • Contributing Guides • Multiple-channel • Tutorial Community (Mailing list, • Release notes WeChat, TCM, etc)

Easy Deployment Flexible License • Out-of-Box Experience • BSD license for • VM Configuration Tool Hypervisor & Device • CPU assignment models • I/O sharing or pass-through • Dual Licenses for the • Pre-defined Configuration • Rich supported OS types ACRN Linux kernel • Orchestration drivers • OTA Fin