Real-Time Systems (RTS), a subsidiary of German board maker congatec, has developed a hypervisor designed for safety-critical systems using the Intel safety processors.
The Type 1 RTS Safe Hypervisor is operating system independent and targets mixed-critical workloads based on x86 multicore processor technologies and will be available worldwide.
The hypervisor will be delivered in 2023 as a complete OEM package, bundling the certified real-time hypervisor with functionally safe and non-safe virtual machines and a certified safe OS such as the Linux-based Zephyr or QNX.
The bundle targets any off-the-shelf or custom-specific embedded computing platform equipped with functional safety (FuSa) x86 processors. The first implementations will be based on Intel Atom x6000E Series processors with integrated Intel Safety Island and 11th Generation Intel Core processors.
- First industrial use for ACRN hypervisor
- TenAsys, RTS team on embedded PC hypervisor technology
- congatec enters functional safety market
Target markets for the hypervisor are collaborative robotics, industrial automation, autonomous vehicles, medical equipment, construction and agricultural machinery, and rail transportation.
The hypervisor is designed as a Type 1 real-time hypervisor that avoids adding latency to the safe OS. The safe OS will have direct and exclusive access to the allocated hardware resources. Communication between the different mixed-critical applications and processes is ensured by functionally safe shared memory and/or virtual Ethernet channels.
The supported safe operating systems will be QNX and Zephyr, combined with Linux or other standard x86 real-time operating systems for non-safe applications. The hypervisor will support on-chip Intel Safety Island as integrated in the Intel Atom x6000E Series processors or external safe logic for Intel Core and Xeon processors. At least two cores are required to deploy the new functionally safe hypervisor, besides PCIe pass-through to exclusively assigned devices. As a minimum, a quadcore processor is therefore recommended to be able to host non-critical applications as well.
Developers can integrate the dedicated boot loader, the RTS Safe Hypervisor, and their safe OS. There is no need to compile or re-build the hypervisor software as the configuration only needs to be written to a plain-text configuration file. They decide whether the hypervisor and safe OS are locked into the firmware – making it part of the board – or securely loaded from storage devices such as eMMCs. Non-safe Linux OS implementations on virtual machines can be deployed and modified by OEMs as needed.
“We want to ensure that engineers get the most efficient route to fully functional-safety-compliant applications by utilizing pre-certified platforms. Safe real-time hypervisor technology is the key to tying everything together, from safe hardware, safe Type 1 grade virtual machines, and safe OSes to non-safe domains running multi-purpose OSes,” said Michael Reichlin, CEO at Real-Time Systems.
“In the end, application engineers only need to take care of their safety-critical application part to gain functional safety certification,” he said. “This is ultra-convenient in an IoT- and AI-driven decade, where many innovations are emerging in the autonomous vehicle and collaborative robot sectors, for example. Here the core functions must comply with functional safety standards. The non-safe part of the bundle, on the other hand, can be modified and updated as needed without affecting the functionally safe parts in any way. And the real sweet spot for engineers is that they can utilize standard x86 technologies,”
Typical mixed-critical applications include complete solutions on a single embedded computing platform that combine real-time enabled safe controls with non-safety applications – such as GUIs, AI logic or vision and situational awareness systems. With the Industry 4.0 trend, IoT gateways are becoming increasingly embedded. Integrated gateways are required, for superordinated control logic over real-time 5G and/or for anything related to the IT/OT fusion trend to enable predictive maintenance and new business models via agile subscriptions with pay-per-use and usage-based pricing.
This allows OEMs to use a single hardware platform for mixed-critical application designs, reducing system cost and improving reliability. Another benefit is that engineers can manage critical and non-critical applications on one single chip or hardware, which eases application engineering and testing and data exchange between these applications. And despite the single-system approach, such a hypervisor implementation allows all non-safety applications to be continuously updated and modified without recertifying the safety-relevant components. This is not just important for innovation but also for improving cyber security.
Target certifications include IEC 61508 for safety-related embedded systems as the baseline (for all SIL levels) as well as ISO 13849 for the safety of machinery (up to PL e), IEC 62304 for medical device software (up to Class C) and EN 50128 for railway (up to SIL‑4). Cyber security certifications such as IEC 62443‑4 for industrial automation and control systems will also be covered.
Engineers who want to prepare their platform for the RTS Safe Hypervisor can start work with Real-Time Systems’ standard hypervisor technology and their preferred safe OS. The platform can then switch to the new RTS Safe Hypervisor scheduled for release in the first half of 2023.
Other articles on eeNews Europe
- Algorithms agreed for post-quantum security standard
- Europe looks to boost deeptech startups
- Using quantum light to boost microphone sensitivity
- Icefall identifies vulnerabilities in industrial equipment