A Comprehensive Overview Last Updated: January

A Comprehensive Overview Last Updated: January

Project ACRN: A Comprehensive Overview Last updated: January 19, 2021 Content ❖ Introduction ❖ Architecture ❖ Value Proposition ❖ Key Capabilities ❖ Scenarios Introduction ACRN™ is a flexible, lightweight reference hypervisor, built with real-time and safety-criticality in mind, optimized to streamline embedded development through an open source platform. - A Linux Foundation Project Launched in March 2018 - Version 1.0 released in May 2019 - Version 2.0 released in June 2020 Overallarchitecture ACRN is a registered trademark of the Linux Foundation. *Other names and brands may be claimed as the property of others. Value Proposition - ACRN Small Footprint • Optimized for resource-constrained devices • Small codebase: less than 40,000 vs. >156,000 lines of code for datacenter-centric hypervisors Functional Safety & Hard Real-time • Heterogeneous Workloads Consolidation • Supports also the most demanding workloads: safety-critical and real- time Open-source with Flexible License • Permissive BSD license enables proprietary Guest OS • Business-friendly to adopt, modify and integrate • True open source with a vibrant Community ACRN reduces system deployment complexity, enables heterogeneous architectures, and provide TCO advantages Key Capabilities Functional Safety Hard Real-time MISRA-C Compliance Support hard or soft RT VM FuSa certification targeted Optimized for RT, e.g. no VMExit*, cache isolation Security & Isolation Rich I/O Mediation Full isolation for mixed criticality workloads Graphics, Audio, USB… Intel VT backed isolation Industry standard Virtio BE/FE drivers Secure boot Permissive Open Source License Flexible Architecture Permissive BSD-3-clause license Partition Mode, Sharing mode Linux Foundation Affiliation Hybrid (mix of partition & share) mode System Manageability Various Guest OSes Support Flexible VM lifecycle Management Linux*, Zephyr*, Android*, VxWorks*, Windows*… Virtualization API supported (libvirt) Ease of use Secure Container ACRN configuration tool Kata Containers enabled for starting isolated Rich documentation and secure containers Multiple-channel community support *Other names and brands may be claimed as the property of others ACRN™ & OSV/ISV Vendors A transparent enabler Productize on top of Project’s Goal that provides: ACRN directly by adding Provide an embedded • A common architecture to be value with: hypervisor reference used as-is • Proprietary Service VM or RTOS solution to enable • A high quality reference OSV/ISVs stack optimized for embedded • Commercial Licensing development • Commercial Support Move the industry towards faster TTM Industry User VMs Post-launched Key Challenges: RTVM ❑ Mixed Workloads: Service VM ▪ Real-Time vs non Real-Time PLC Machine HMI Learning ▪ Isolation vs Sharing Compute Robotics Device Visual ❑ Real-Time (Hard / Soft) Model AI Computin g ▪ GBE packet IO control loop < 12us ▪ MSI interrupt latency < 4us ▪ Cyclictest jitter < 10us ACRN hypervisor ❑ HMI ▪ Windows 10 Hybrid Key Challenges: Pre-launched User VMs Safety VM ❑ Mixed Workloads: User VM Service VM ▪ Safety-Critical and normal Machine workloads Learning PLC ▪ Isolation and Sharing Device Robotics Model AI ❑ Functional Safety ▪ IEC 61508-3 (Industrial) ACRN hypervisor ACRN is a registered trademark of the Linux Foundation. *Other names and brands may be claimed as the property of others. Hybrid Real-Time Key Challenges: Pre-launched User VMs Real-Time TVM ❑ Mixed Workloads: User VM Service VM ▪ Real-Time and normal workloads Machine HMI ▪ Isolation and Sharing Learning PLC Device Visual ❑ Real-Time (Hard / Soft) Robotics Model AI Computin Compute ▪ GBE packet IO control loop < 12us g ▪ MSI interrupt latency < 4us ▪ Cyclictest jitter < 10us ACRN hypervisor Logical Partition Pre-launched Pre-launched Safety/RTVM Safety/RTVM User VM User VM PLC PLC Robotics Robotics ACRN hypervisor Open Source with Flexible Licensing ● Scalable support ● Significant R&D and development cost savings ● Transparent open source development model ● Collaborative SW development with industry leaders ● Permissive BSD licensing Real Time Auto PLC IPC Robotics IPC Robotics ❑ Support hard or soft Real- Hard Real-Time Soft Real-Time Time VMs (RTVMs) Dev ice Model ❑ No VMEXIT during runtime operations vLAPIC vIOAPIC vPIC ACRN Hypervisor vMSI vUART … ❑ Highly optimized for RT: • LAPIC passthrough • RDT for resources isolation (cache and memory) LAPIC0 LAPIC1 LAPIC2 LAPIC3 • PCI device passthrough CPU0 CPU1 CPU2 CPU3 • Static CPU assignment IOAPIC Cache Cache Cache PCI dev PCI dev ❑ Still use EPT and VT-d for VM isolation System Manageability VM Type & Severity: • Load Order: Pre-launched, Service VM, Post-launched • Category of VM: Service VM, User VM (can be pre- launched or post-launched) VM HW • Severity: Safety VM > Hard RT VM > Soft RT VM > Type & Resource Severity Service VM > Standard VM HW Resource: • CPU, memory & cache, devices, etc • Partitioning or sharing based on VM type & severity System System Management: Manage • HW resources statically assigned at build time or dynamically assigned during runtime • ACRN configuration tool: offline tool • General reference design for VM & system lifecycle management • Virtualization API: libvirt System Security Secure Boot Isolation Runtime Security • Measured Boot • Isolation for mixed • Virtual TPM • Verified Boot criticality workloads • Trusty • Intel Virtualization • Supervisor-Mode technologies: VT-x, Access Prevention VT-d (SMAP) • Kata Containers • Supervisor-Mode • EPT memory Execution Isolation Prevention (SMEP) • Interrupt isolation • Software Guard • Cache Allocation Extension (SGX) Technology (CAT) • Dynamic Application Loader (DAL) • Total Memory Encryption (TME) Rich I/O Mediation • I/O device mediators GPU Ethernet Block Audio IPU I2C GPIO Touch USB Mediated Virtio Virtio Virtio Virtio Virtio Virtio Virtio Emu. Passthru • Various security virtualization features RPMB CSE TPM Android Trusty Verify Boot Seed SGX Virtio Virtio Emu. Emu. Emu. Emu. Emu. • PCI devices pass-through (VT-d) capability too Diverse Guest OSes Supported Ease of Use Fast Development Rich Documentation • Short Learning Curve • Getting Started Guide • Straight-forward coding • Architecture & Design styles • Contributing Guides • Multiple-channel • Tutorial Community (Mailing list, • Release notes WeChat, TCM, etc) Easy Deployment Flexible License • Out-of-Box Experience • BSD license for • VM Configuration Tool Hypervisor & Device • CPU assignment models • I/O sharing or pass-through • Dual Licenses for the • Pre-defined Configuration • Rich supported OS types ACRN Linux kernel • Orchestration drivers • OTA Fin.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    19 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us