Xen role, details of implementation and problems in a sample solution based on OSS (Android, Linux and Xen) that addresses Automotive requirements such as ultra-fast RVC boot time, quick IVI system boot time, cloud connectivity and multimedia capabilities, reliability and security through hardware virtualization. Secure CAN/LIN/MOST bus integration handled by Linux on Dom0 while Android runs customizable QML-based HMI in a sandbox of DomU. These case studies will include but not be limited to: computing power requirements, memory requirements, virtualization, stability, boot-time sequence and optimization, video clips showing results of the work done. Case study is built on TexasInstruments OMAP5 SoC.

1. Xen in OSS based In-Vehicle
Infotainment Systems
Xen Project Developer Summit
October 25, 2013
©2013 GlobalLogic Inc.

2. Artem Mygaiev
Leading of Embedded Practice in GlobalLogic-Ukraine
Embedded SW
Linux kernel
Wireless networking
2
CONFIDENTIAL
E-mail: artem.mygaiev@globallogic.com
Skype: rosenkrantzguildenstern

3. About GlobalLogic
−
−
−
−
Technology services company
Headquartered in Silicon Valley
Design studios in the US and UK
Engineering centers in the US, Ukraine,
India, Argentina, China
− 1000+ product releases
− 200 active clients
− 6,600 people
3
CONFIDENTIAL
www.globallogic.com

4. Case Study
4
CONFIDENTIAL

5. Nautilus Platform Goals
Creating and
maintaining
Automotive-Grade
Android (AGA)
distribution.
Creating a single
platform that would
leverage AGA , GENIVI
Linux, and Xen to allow
quick implementation of
end-to-end IVI
products.
Xen is key component of the solution

6. Why virtualize?
6

7. “Ford Sync software today contains 10,000,000+ lines of code”
- John Ellis, Ford @ GENIVI All members meeting
New business models: overcome disconnect
between mobile and automotive industry
• Short time to market cycle
• Connected car concept
• 3rd party applications
• Cost reduction

8. When my phone software freezes
D’OH, REBOOT!

9. When my car software freezes

10. So what is critical, what is not?
Vehicle software
Infotainment software
•
•
•
Powered by highly reliable OS like
QNX or Autosar (or Automotive
Grade Linux?)
Mission critical tasks
– Interface to the vehicle systems
(CAN/MOST)
– Climate control, vehicle services,
sensors
– Diagnostic, calibration, configuration
– Emergency services
– Driver assistance
– Cameras (driver, rear view, front
view, etc.)
•
•
May be powered by not so reliable OS
like Android or Windows
User interface including speech
recognition and TTS
Connectivity services
–
–
–
•
•
•
Phone connection, Bluetooth
Wireless display sink (Miracast, AirPlay,
MirrorLink)
Wireless hotspot
Navigation
Cloud applications
Multimedia services
–
–
–
uPnP/DLNA
A/V playback
Radio (SXM, DAB, FM/AM)

11. Virtualization on ARM
11

12. •
•
•
Guest OS same kernel/user privilege structure
HYP mode higher privilege than OS kernel level
VMM controls wide range of OS accesses
•
•
•
•
2 stage VMM
Virtual Interrupt Controller
System MMU
Hardware maintains TZ security (4th privilege)
Non-secure State
App1
App2
Guest Operating System1
App1
Secure State
App2
Guest Operating System2
User Mode
(Non-privileged)
Secure Apps
Supervisor Mode
(Privileged)
Secure OS
Virtual Machine Monitor / Hypervisor
Hyp Mode
(More Privileged)
TrustZone Secure Monitor
(Highest Privilege)

13. Why Xen?
•
•
•
•
•
Type 1 Hypervisor
Flexible Virtualization Modes
Driver disaggregation
ARM support
Open Source

14. Why TI OMAP5/Jacinto6?
•
•
•
•
•
Dual Cortex A15 SoC
Rich interfaces and peripherals
Mobile-world multimedia capabilities
Ability to re-use Android solution from mobile
GlobalLogic is a TI Platinum Partner

15. Made in GlobalLogic
15

16. Xen in Nautilus: Key Principles
Dual-domain
System
(Android + Linux)
HVM with
SMMU-enabled
driver domain
SMC-firewalled
SoC controls
(MMUs, PM, …)

17. Infotainment Software
Vehicle Software
UI with TTS and speech recognition
Vehicle Service
Climate Control,
Sensors, etc.
Diagnostics/
Calibration/
Configuration
Emergency
Services
Phone
BT
NAV
Cloud
Apps
Wireless
Display
sync
System Services
System Services
IPC
IPC
Linux
Android
DOMU
DOM0
Xen
DLNA
Multi
media
Radio

18. .
−
−
Most of interfaces (UART, I2C) can be
DMAed trough EDMA though
accessible trough SMMU
−
PCI express is accessible trough
SMMU
−
Some interfaces (USB, SATA, etc.)
have internal DMAs and must be
paravirtualized
−
18
Dual M4 cores run SW accelerators
(boot animation, camera, AV codecs,
etc.)
MPU, GFX, BB2D, IPUs, DSPs, EVEs
have own MMUs and can be
configured to work with driver domain

19. .
Dom0
DomU
Xen tools
HMI
Vehicle SW
Android FWs
PM/TM logic
Hyp
Peripherals
19
MMU controls
GIC/GT/Mem
TrustZone
SMC SW

20. Implementation highlights
.
− Forked hypervisor from Xen 4.3 release
− OMAP5 is taken as a reference
−
−
Dom0 - OMAP LK 3.8 (stable)
DomU - OMAP Android LK 3.4 (stable), Xen parameters delivered with
custom ATAGs, backported number of Xen support patches
− Peripherals are directly-accessed by DomU trough memory
mapping, which is completely insecure
− OMAP runtime pm disabled
− SMP is works for Dom0
− No kernel changes needed on Android side so far
− Full system integrated (IPU+Uboot+Xen+Linux+Android)
20

21. Further steps
.
− Switch to the latest Xen 4.4-unstable
−
−
SWIOTLB
SMMU (and other MMUs)
− Port to DRA7xx (Jacinto6) on HW availability
−
−
Switch Dom0 to OMAP LK 3.11
Switch DomU to OMAP Android LK 3.8 (and enable SMP)
− Virtualize OMAP runtime pm
−
Probably move OMAP cpufreq to hypervisor?
− Drop 1:1 memory mapping for DomU
21
−
−
−
Fix virtual block device and implement other virtual devices (USB)
Configure MMUs from hypervisor
Configure SMC firewalls

22. Open issues
.
− Continue work on PM/TM making it more “generic”
− Review hypervisor and tools addressing boot time
− Use hard real-time scheduler (sEDF?)
− Test performance impact on Jacinto6
− Upstream…
− Certification
22

23. Nautilus Case Study
23

24. Boot Timeline
event
display
state
time in
seconds
start
RVC ready
display off
static
image
0.0
0.5
IVI ready
animation
UI
transition
1.5
reverse gear
Rear View Camera
24
7.0
foward gear
main UI view
8.0
selection
Apps

26. Roadmap
• Nautilus demo will be shown on CES 2014
running on TI J6
• Upstream Xen changes – until end of 2013
• Invite community to contribute Nautilus
plaform – next year

27. Bottomline

28. Thank you
Artem Mygaiev
AVP – Delivery Management
artem.mygaiev@globallogic.com
www.globallogic.com
©2013 GlobalLogic Inc.