emtrion goes virtual

In the past few months emtrion has broaden its knowledge base towards the open source virtualization platform Jailhouse [1]. The eventual goal is to provide customers a virtualization solution that is real-time capable, lightweight, secure, certifiable and operable on emtrion hardware. The main advantage to customers will be the reduction of costs through the combination of multiple hardware units into one single unit that handles multiple tasks.

Jailhouse is a Linux-based, so-called partitioning hypervisor. The open source project is led by Siemens and has so far been contributed by Huawei and ARM among others. The main goal of the project is to provide real-time capability by keeping the hypervisor as lightweight and as small as possible while at the same time ensuring the secure separation of the virtual machines by the concept of partitioning. So the code is intended to be simple and manageable while using the available hardware support as effectively as possible. This reduces the hypervisor's overhead to a minimum and leads to a highly performant solution targeted at use cases found in the embedded world such as real-time requirements.

In contrast to other solutions the concept of Jailhouse is to strictly divide the hardware, including the CPU cores into so-called cells. Cell is the Jailhouse specific term for a virtual machine and describes the hardware environment in which a so-called inmate is being executed. Inmates can be the Linux kernel, real-time operating systems like FreeRTOS or a bare-metal application. A key advantage of the Jailhouse approach is the possibility to manage and control the hypervisor from your ordinary Linux distribution’s shell. The hypervisor can be started and stopped and of course cells can be started and stopped on the fly. The hypervisor binary itself is loaded into memory through a driver module. The Linux system that controls the hypervisor is called the root cell.

Jailhouse needs some configuration effort and cannot be run out of the box. Both the cells and the running inmates have to be customized to fit the hardware and the virtual environment.

Since Jailhouse is a partitioning hypervisor as said before, each cell has its own set of CPU cores. There is no CPU scheduling and thus no CPU sharing between the cells. At least one CPU is completely allocated to one cell. This means one cannot run more cells than CPU cores are available. Regarding the evolution on today’s multi-core processor market even in embedded systems this should not be seen as a show-stopper but rather a step to a more real-time centric approach.

Obviously the partitioning scheme also applies to the numerous hardware devices found on an embedded platform. Each hardware device has its registers mapped to a certain fixed area in memory. This concept is called memory mapped I/O. This is where Jailhouse comes into play. Through the cell’s configuration file each cell has its own assigned hardware. Accesses to memory are controlled by the hypervisor according to that configuration.

Jailhouse makes extensive use of the ARM Virtualization Extensions [2] that were introduced for this very purpose. Their main task is providing the hardware support for the handling and allocation of interrupts and the already mentioned control of memory accesses through extensions of the Memory Management Unit. Jailhouse therefore needs CPUs that support the Virtualization Extensions. This applies to emtrion hardware such as the emCON-RZ/G1E [3] and emCON-RZ/G1M [4] based on SoCs by Renesas.

A concrete use case could be one of an industrial controller board that consists of a Qt touchscreen UI running Linux within the root cell on one or more CPUs and a real-time cell on another CPU running FreeRTOS to control a machine as depicted in Fig. 1.

Certainly in almost all use cases there is a need of communication between cells and a need to share hardware resources among each other, for example when hardware such as the Ethernet controller is supposed to be used by more than one cell. This so-called inter-cell communication is still work in progress as of today. There have been different approaches depending on the hardware architecture but on ARM the final solution is likely to comprise the concept of an ivshmem-like platform device known from Qemu [5] but based on MMIO. An ARM-specific signaling between the cells through interrupts is yet to be implemented in some way as well.

So far the emtrion software team has successfully tested different cell inmates such as FreeRTOS, the Linux kernel and bare-metal applications and is looking forward to provide its customers solutions based on Jailhouse in the future.