...
- Kai Lampka
June 18th, 2019
Participants
- Philippe Robin
- Adam Lackorzynski
- Dmitry Morozov
- Matti Möll
- Stephen Lawrence
- Vasco Fachin
- Bernhard Rill
- Gunnar Andersson
Apologies
- Kai Lampka
Minutes
Whitepaper scope, followup
- Whitepaper focus: Explain what can be done with current hardware, vs. wish list for the future
- Adam will discuss with Kai when he is back
F2F
- 20-22 Sept. is All Systems Go Conference in Berlin, Fri-Sun
- HV Conference – see Doodle.
Doodle for F2F:
https://dudle.inf.tu-dresden.de/Genivi_HVWS_F2F_Workshop_September_2019/
Number of days? 2 or 3, let's create another poll
https://dudle.inf.tu-dresden.de/v5fxnz31/
AI(all): Fill in both of the 2 Doodles
MCU Hypervisors
Bernhard showing 2 slides (taken from a 162 slide presentation - there is more info of course)
Cores The R7 well known, R52, brand new.
Can control who has access to physical memory
RTOS1 & 2 in the picture accesses physical memory directly. Note still NO address translation.
Multiple RTOS, multiple classic AUTOSAR stacks, for example.
EL-2 MPU is the new one.
You could integrate a rich OS without letting them know they run on the HV.
Applicable only for Cortex A profile only
Hypervisor could be used but trapping accesses would be costly
Better to have operating systems are fully aware/designed.
Separation Kernel might be a more apt name for this simple partitioning (academic discussion)
Changing timing of RTE on a classic autosar stack may need recertification (for critical functions).
With this add on, a safety-critical (ASIL B) can be isolated and guaranteed its resources. – by running more than one complete AUTOSAR stack, in partitions.
Another case: Software updatability – some parts are updatable through SOTA and others cannot be affected.
Note Double or triple memory requirements. (because multiple AUTOSAR stacks) but it might be worth it.
Another use case: Heterogeneous designs. Safety Islands (often implemented in R7).
Known/publicly available info about licensees: NXP, ST and DENSO.
(i.e. R52 silicon is available now)
Adam: On the term "Hypervisor" Some call it Virtualization even when there are only very simple hardware separation features built in.
Note that Other MCU vendors with even less capability built into hardware are using the term "Virtualization support".
From Matti Möll to Everyone: 01:48 AM
http://www.projekt-aramis.de/
From Bernhard Rill to Everyone: 01:49 AM
https://www.aramis2.org/
Matti: A related info from OpenSynergy
https://www.opensynergy.com/wp-content/uploads/2018/06/Hypervisor-for-latest-NXP-microcontroller.pdf
Stephen: Renesas related info: Trustzone security extensions, a similar concept was applied in the R7. See documentation in the Lifecycle documentation for the SoC.
June 11th, 2019
Participants
...