Hypervisor is OS-independent and functional safety certified
An OS-independent, functional safety-certified Type 1 hypervisor has been announced by Real-Time Systems (RTS). It targets mixed-critical workloads based on x86 multicore processor technologies and will be available worldwide.
The RTS Safe Hypervisor will be delivered as an OEM package, bundling the certified real-time hypervisor with functionally safe and non-safe virtual machines and a certified safe OS such as the Linux-based Zephyr or QNX. This bundle targets any off-the-shelf or custom-specific embedded computing platform equipped with FuSa (functional safety) -capable x86 processors, said Real-Time Systems. The first implementations will be based on Intel Atom x6000E Series processors with integrated Intel Safety Island and 11th Generation Intel Core processors.
“We want to ensure that engineers get the most efficient route to fully functional-safety-compliant applications by utilising pre-certified platforms. Safe real-time hypervisor technology is the key to tying everything together, from safe hardware, safe Type 1 grade virtual machines, and safe OSes to non-safe domains running multi-purpose OSes,” said Michael Reichlin, CEO at Real-Time Systems.
Application engineers only need to take care of the safety-critical application part to gain functional safety certification. For example, continued Reichlin, in the autonomous vehicle and collaborative robot sectors, for example, core functions must comply with functional safety standards. The non-safe part of the bundle can be modified and updated without affecting the functionally safe parts in any way. “And the real sweet spot for engineers is that they can utilise standard x86 technologies,” said Reichlin.
Typical mixed-critical applications include complete solutions on a single embedded computing platform that combine real-time enabled safe controls with non-safety applications – such as GUIs, AI logic or vision and situational awareness systems. IoT gateways are becoming increasingly embedded, requiring integrated gateways for super-ordinated control logic over real-time 5G and / or for anything related to the IT / OT fusion trend to enable predictive maintenance and new business models via agile subscriptions with pay-per-use and usage-based pricing.
Using a single hardware platform for mixed-critical application designs results in cost savings due to a reduced system count, for an improved mean time between failures (MTBF) compared to multi-system installations. Another benefit is that engineers can manage critical and non-critical applications on one single chip or hardware. Despite the single-system approach, such a hypervisor implementation allows all non-safety applications to be continuously updated and modified without recertifying the safety-relevant components, said the company. This is not just important for innovation but also for improving cyber security, added Real-Time Systems.
Target markets for the RTS Safe Hypervisor are collaborative robotics, industrial automation, autonomous vehicles, medical equipment, construction and agricultural machinery, and rail transportation. Target certifications include IEC 61508 for safety-related embedded systems as the baseline (for all SIL levels) as well as ISO 13849 for the safety of machinery (up to PL e), IEC 62304 for medical device software (up to Class C) and EN 50128 for railway (up to SIL‑4). Cyber security certifications such as IEC 62443‑4 for industrial automation and control systems will also be covered.
The RTS Safe Hypervisor is designed as a Type 1 real-time hypervisor that avoids adding latency to the safe OS. The safe OS will have direct and exclusive access to the allocated hardware resources. Communication between the different mixed-critical applications and processes is ensured by functionally safe shared memory and/or virtual Ethernet channels.
Customers can easily integrate the dedicated boot loader, the RTS Safe Hypervisor, and their safe OS, confirmed Real-Time Systems. There is no need to compile or re-build the hypervisor software as the configuration only needs to be written to a plain-text configuration file. Customers decide whether the hypervisor and safe OS are locked into the firmware – making it part of the board – or securely loaded from storage devices such as eMMCs. Non-safe Linux OS implementations on virtual machines can be deployed and modified by OEMs as needed.
Engineers who want to prepare their platform for utilising the RTS Safe Hypervisor today, can start engineering with Real-Time Systems’ standard hypervisor technology and their preferred safe OS. The platform can then switch to the new RTS Safe Hypervisor scheduled for release in the first half of 2023.
