Open source hypervisor exploits hardware virtualization in MIPS CPUs

June 14, 2016 // By Graham Prophet
Imagination Technologies and Kernkonzept have said that the latest release of the open source L4Re hypervisor now supports Imagination’s OmniShield-ready MIPS CPUs. The small footprint L4Re hypervisor, maintained by Kernkonzept (Dresden, Germany), can take advantage of the hardware virtualization technology in MIPS CPUs for more efficient context switching and better use of CPU cycles, leading to improved application headroom.

Hardware virtualization, Imagination says, is gaining attention beyond its traditional home in the data-centre for the benefits it provides across numerous application areas from IoT to consumer to automotive to industrial and beyond. Connected devices can be designed with numerous distinct domains in which multiple operating systems and applications can run independently at the same time on a single platform.

In a related statement, the company says, “Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Imagination Technologies [presents] a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of multi-domain, secure hardware virtualization in MIPS Warrior CPUs. This technology allows developers to create system-wide, hardware-enforced trusted environments that are more secure compared to current solutions; ‘security by isolation’. The platform for the demonstration runs three virtual machines (VMs) on a high-end MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines. The diagram above shows the outline architecture.”

Built in to the latest MIPS CPUs and other processor families, Imagination’s OmniShield technology makes use of hardware virtualization to enable the creation of multiple domains on a single SoC. The L4Re operating system is an ideal match: it works with systems that need to consolidate multiple applications with differing security, safety, or real-time requirements. With OmniShield-enabled MIPS CPUs, the L4Re hypervisor makes it possible for multiple isolated tenants or guests to run on the same host, authorizing access to on-chip resources, prioritizing use of shared resources, and allocating and managing service interrupts from external sources and peripherals.

The L4Re operating system is an open-source system framework for building applications with real-time, security, safety, and virtualization requirements. The L4Re system is built on the principle of a minimal Trusted Computing Base: minimize an application’s attack area by modularization and by reducing its dependencies. It consists of the L4Re hypervisor/microkernel, user-level infrastructure for building trusted native L4Re microapps, and virtual-machine support for running various standard OSes in isolated compartments.