A copy of the first draft text is included here, and a blue summary of
...
most paragraphs.
...
The purpose of that is to discuss the general structure/content of the document on a higher level.
(and then to discuss the details of each paragraph)
...
What HV technology can do for future automotive systems.
Motivation: Why to use HV:
Today, we see the advent of multicore system-on-chip (SoC), originally design for the mass-market of consumer electronics, entering the critical infrastructure of cars and trucks. Buzzwords like cell-phone on wheels have been coined. However, this is only the beginning, in the near future we will see the advent of central compute platforms, i.e., massive multicore SoCs thing over not only fundamental functions in the vehicle but also its control. This is a game changer for the SW stacks we use in our cars, including the underlying operating systems.
...
Use of legacy systems with minor modifications,
address what kind of modifications we expect,
What does the HW(vendor) to support platform virtualization
Also address problem of open source firmware and driver (MCAL) qualification when running virtualized drivers (see also section 3). HV helps with this by
...
Dmitry mentions i.mx 8 has special features that simplify device sharing/assignment to VMs, e.g. USB that could be interesting case-study information.
Details pending (make sure to check what is public information first).
Surveillance, Isolation (Timing and Spatial) and all that
To establish well-defined behavior of SW at platform-level several design paradigms can be followed, where each prioritize different aspects, e.g., fault-detection versus information hiding, high-performance vs. good worst-case timing behavior. At the bottom-line it appears that one of the fundamental principles of establishing safe and secure execution environments is about isolation and surveillance.
...
Also include use of special purpose Guest/OS for isolating a specific functionality, i.e, building safety and security island
Kai & Adam
Inter-core communication
Matti, Dimitri
Sharing Devices -- Virtio
Kai & Gunnar
Content:
As already outlined, the VMM component in the system needs to provide a virtual platform to the guest operating system. This includes a set of common devices that a VM typically needs, including console, network and block devices. When an OS runs bare-metal on the hardware, a regular driver is used to drive, for example, the network interface controller (NIC). The interface between the NIC and the OS is based on memory-mapped IO which is the optimal way of communicating with a physical device. When providing a VM a virtual device, the memory-mapped approach is not the most efficient one. First, because this requires the so-called trap-and-emulate technique where each access to the MMIO-region is trapped into the VMM and second because the NIC needs to be emulated by the VMM which is actually more complicated than required for this use-case. It is much easier in terms of required software as well as offers more performance when using a device for a VM that is particularly made for being used in Vms.
...
SUMMARY: More unique features possible with an HV
ALL SUMMARIES TOGETHER (AS OUTLINE)
TITLE: What HV technology can do for future automotive systems.
Motivation: Why to use HV:
SUMMARY: More cores in SoCs → changes the SW stacks
...
SUMMARY: A HV must execute in higher privilege mode
What does the HW(vendor) to support platform virtualization
SUMMARY: Hardware support for virtualization is included in modern processors
Surveillance, Isolation (Timing and Spatial) and all that
SUMMARY: Explain isolation, timing, spacial
Inter-core communication
Matti, Dimitri (more Matti rather)
Sharing Devices -- Virtio
SUMMARY: The need for virtual platform. Shortly compare full hardware virtualization/emulation with… not doing that.
SUMMARY: The current contents of VIRTIO spec
...