Designing IoT Systems Using Real-Time Operating Systems and Type 1 Hypervisors

The Internet of Things (IoT) is a technology development trend that spans many industries, including wearables, smart meters, smart appliances, and automobiles. As our reliance on connected devices and the information they provide continues to increase, factors such as service time and reliability play a key role in its success and the entire IoT ecosystem. Smart home appliances and in-vehicle infotainment head units represent a broad category of IoT systems that require both connectivity and highly reliable execution.

Author: Mentor Graphics

The Internet of Things (IoT) is a technology development trend that spans many industries, including wearables, smart meters, smart appliances, and automobiles. As our reliance on connected devices and the information they provide continues to increase, factors such as service time and reliability play a key role in its success and the entire IoT ecosystem. Smart home appliances and in-vehicle infotainment head units represent a broad category of IoT systems that require both connectivity and highly reliable execution.

Smart appliances such as washing machines have a rich user interface (UI) capable of handling any number of commands. The device can be remotely controlled through a smartphone, connected to the power grid, and washed at off-peak times when electricity is cheaper. Of course the washing machine must be able to perform one function well and very reliably – the laundry function. Industrial systems have more stringent real-time control requirements, and it is important to ensure that real-time control and other critical operations can operate independently of higher-level functions.

The automotive industry is also investing in connected cars, such as collecting telematics data and delivering in-vehicle infotainment (IVI) through updatable and downloadable applications (Apps) to meet consumer expectations. Automakers face a lot of scrutiny to ensure in-vehicle infotainment systems are safe. App downloads must not interfere with more critical functions of the in-vehicle infotainment system, such as video from the rear camera. In this case, an operating system like Android might be a viable option to provide applications, while the core system of the in-vehicle infotainment system could be based on a Linux platform. A similar general-purpose operating system industrial environment may also include a real-time operating system (RTOS) that performs critical real-time control functions, while Linux, the general-purpose operating system (OS), provides the user interface and supervises data communications.

Code module independence by using MMU/MPU under RTOS

A RTOS and a standalone mode, such as Mentor Graphics’ Nucleus RTOS, can separate and protect code modules using a memory management unit (MMU) available on many SoC devices. Figure 1 illustrates how real-time control tasks can share the protected memory area of ​​the kernel, while other software tasks are divided into their own protected memory areas. Interconnect functions and remote updates share the same area, while user interface and other application tasks are assigned to a separate area. The separate application subsystem approach prevents interconnect functions or user interface application subsystems from corrupting the kernel or real-time control operations.

Designing IoT Systems Using Real-Time Operating Systems and Type 1 Hypervisors

Separate control of connectivity and remote updates with a single process model.

One of the advantages of using a real-time operating system over a general-purpose operating system is the real-time nature of its kernel. The real-time operating system provides strict real-time scheduling to ensure the operation of priority tasks. The process mode RTOS guarantees deterministic real-time scheduling and adds storage protection. Storage protection does not change task priorities and system responses. Figure 2 shows that the application (task 7) and remote update tasks can be executed at the same priority in separate independent storage areas while the control and connection tasks can be executed at a higher priority. This is largely different from how programs are executed in general-purpose operating systems. In a protected RTOS environment, developers can freely adjust the priority of tasks without merging them into a common storage area.

Designing IoT Systems Using Real-Time Operating Systems and Type 1 Hypervisors

The RTOS-based process model also allows process modules (collections of tasks and library functions within a common independent storage area) to be continuously loaded and unloaded while the system is running. In addition to significantly updating the system, this allows developers to continually reconfigure devices to have different operating modes, switching between different task separation and priority configurations.

Application of multi-OS system through type 1 virtual machine hypervisor

The multi-core processors found in today’s embedded devices provide greater processing power and connectivity options. These devices make the integration of multiple operating systems a viable security method to introduce interconnectivity while ensuring the execution of more important functions. Even in industries that are very safety-conscious, such as automotive, consumers now expect in-vehicle infotainment systems to provide the same apps as smartphones and tablets.

Before the advent of the Internet of Things and the Internet of Vehicles, security and reliability were achieved through physical separation, with multiple individual processors on the same or separate panels to ensure design robustness. With today’s consolidated embedded systems, a recommended way to introduce connectivity is to use multiple operating systems, with separation enforced by Type 1 Hypervisors, in effect separating and virtualizing device resources, ensuring that necessary automotive functions take precedence over connected applications function of the program.

Figure 3 illustrates how a hypervisor, such as Mentor Graphics’ Hypervisor, can be used in an automotive infotainment system whose connected application functionality is Android and other in-vehicle infotainment systems are Linux-based.

Designing IoT Systems Using Real-Time Operating Systems and Type 1 Hypervisors

A hypervisor is more than a simple separation as shown in Figure 3, it also provides a mechanism to restrict peripheral devices from entering specific application domains. As far as in-vehicle infotainment systems are concerned, we may want to limit the use of the in-vehicle CAN bus to only allow the in-vehicle infotainment system to access CAN data, while networked Android applications can only access data through inter-process communication (IPC) and Linux based in-vehicle infotainment system application. At the same time, we want both Linux and Android to be able to use the local memory card to view media files. Figure 4 illustrates how a hypervisor allows us to directly map and paravirtualize peripherals. This enables developers to restrict access to the CAN bus and to implement the sharing of other resources such as memory cards.

Designing IoT Systems Using Real-Time Operating Systems and Type 1 Hypervisors

Use a hypervisor to separate and share peripherals.

Test reliability in real-world scenarios

So far we have illustrated two possible approaches to designing an IoT system, the use of a real-time operating system and a type 1 hypervisor. Of course there are many different variations and ideal methods depending on the specific device. However all connected systems would benefit from some level of testing to ensure correct operation in the field. Automated safety spike testing and stress testing of connected devices is an example where failure of a protocol stack or process control function can be detected. Additionally, the functional health of the device can be determined in a simulated attack. Other tests that should be performed include sending invalid or scattered packets, executing test frameworks, and probing known vulnerabilities in the software stack. Performing these tests can increase the robustness of the connected device in practical applications.

Design for Renewability

Users of mobile devices are familiar with the need to constantly upgrade their devices, patch bugs, add security updates, or increase device performance—all effortlessly over the air. Both the RTOS-based process model and the use of Type 1 Hypervisors facilitate the design of embedded systems that can be updated over the air in a secure manner. By separating application subsystems that can be continuously loaded and unloaded, both approaches can update specific subsystems over time, fix bugs, or address reliability issues during development and live applications.

in conclusion

The breadth and associated capabilities of IoT devices often require developers to integrate code from multiple sources, including domestic, commercial, and open source. All of this adds to the negative impact on the sensitivity and reliability of Internet of Things (IoT) connected devices. Separating application subsystems using a real-time operating system that includes a process model and integrating multiple operating systems using a type 1 hypervisor are effective ways to introduce interconnectivity in applications and systems that require a high level of reliability.

In addition to choosing the appropriate system architecture and technical approach, designers must add additional tests in time to ensure proper operation, consider the entire operational lifecycle of the device, and have the ability to update device software quickly, seamlessly, and as easily as possible.

About the Author

Kamran Shah is the Director of Marketing for the Embedded Software Group at Mentor Graphics. He fills multiple technical roles, including product marketing, product management, and research and development. Throughout his career, Kamran has led innovation in embedded systems development, including heterogeneous targets, software-defined radio systems, and cloud-based development tools and services. Kamran holds 15 patents and graduated from Texas A&M University in 1999 with a BS in Computer Engineering.

The Links:   LM24014H SP14Q002-T