A copy of the first draft text is included here, and a blue summary of some paragraphs. This is to discuss the general structure/content of the document.
What HV technology can do for future automotive systems.
...
SUMMARY: Optimize for (average) performance, not automotive requirements
Feedback: There is more diversity than this chapter suggests. Some may choose a more consumer-like processors but there are also modern multi-core processors that are automotive grade
some vendors create massive compute power but with high power needs (heat), others may be better at keeping low power.
Moreover, deterministic timing for guaranteeing low service latencies even in worst-case scenarios is traded with Moreover, deterministic timing for guaranteeing low service latencies even in worst-case scenarios is traded with service strategies which optimize the average ant not the worst case. An example to this is as follows: in a manycore system with private L1 and a shared L2 cache, SW executing on different cores will mutually evict each other's cache entries.
...
isolating critical devices from non-critical ones, allows one to build systems with mixed-criticality w.r.t. safety-relevance.
qualified driver needs to come with the driver host or even the HV provideror even the HV provider
SUMMARY: Hardware support for virtualization is included in modern processors
Kai, Adam & Bernhard
This is directed towards the HV vendor to avoid the problems we have seen in the past.
Content: All modern processors, including Arm Cortex-A’s and Intel’s x86, support the virtualization of operating systems by means of providing adequate functionality for providing a virtual view of the system and having system software, the hypervisor, have full control of guest operating systems. A microkernel can offer support for this functionality. As already described, the microkernel will only offer the necessary functionality and all other support for running VMs shall be implemented in user-level functionality. For supporting virtualization extensions of the CPU, the microkernel provides the functionality to create VM containers and context switch those between other VMs and normal programs on the microkernel. The virtual platform, that is required to run a guest operating system, is provided by user-level virtual machine monitor (VMM). A common design pattern is to use one VMM per VM, using the isolation features of the microkernel to protect VMs among each other.SUMMARY: Hardware support for virtualization is included in modern processors, using the isolation features of the microkernel to protect VMs among each other.
SUMMARY: This paragraph speaks a lot about microkernel / HV / software layer also, and only a small part about actual Hardware features?
Dmitry mentions i.mx 8 has special features that simplify device sharing/assignment to VMs, e.g. USB that could be interesting case-study information.
Details pending (make sure to check what is public information first).
Surveillance, Isolation (Timing and Spatial) and all that
...
SUMMARY: Need for virtual platform. Shortly compare full hardware virtualization/emulation with… not doing that.
Discussion (Adam): Agree, VIRTIO kind of assumes paravirt. for devices. Memory/CPU side is similar - either hardware has support or not.
That should be described separately from device handling, because paravirt means something different there.
Fortunately, there is a standard for this, VirtIO, which all current operating systems, including Linux, offer support for.
...
Inter-core communication
Matti, Dimitri (more Matti rather)
Sharing Devices -- Virtio
...