Real-Time Systems Safe Hypervisor running on Intel Atom x6000E Series enables new functional safety-compliance capabilities

by donpedro

Real-Time Systems (RTS) announces the upcoming availability of its new RTS Safe Hypervisor. The RTS Safe hypervisor will be an OS independent functional safety certified Type 1 hypervisor to target mixed-critical workloads based on x86 multicore processor technologies and will be available worldwide.

The new RTS Safe Hypervisor will be delivered as a complete OEM package, bundling the certified real-time hypervisor with functionally safe and non-safe virtual machines and a certified safe OS such as the Linux-based Zephyr or QNX. This bundle targets any off-the-shelf or custom-specific embedded computing platform equipped with FuSa-capable x86 processors. The first implementations will be based on Intel Atom x6000E Series processors with integrated Intel Safety Island and 11th Generation Intel Core processors.

“We want to ensure that engineers get the most efficient route to fully functional-safety-compliant applications by utilizing pre-certified platforms. Safe real-time hypervisor technology is the key to tying everything together, from safe hardware, safe Type 1 grade virtual machines, and safe OSes to non-safe domains running multi-purpose OSes. In the end, application engineers only need to take care of their safety-critical application part to gain functional safety certification. This is ultra-convenient in an IoT- and AI-driven decade, where many innovations are emerging in the autonomous vehicle and collaborative robot sectors, for example. Here the core functions must comply with functional safety standards. The non-safe part of the bundle, on the other hand, can be modified and updated as needed without affecting the functionally safe parts in any way. And the real sweet spot for engineers is that they can utilize standard x86 technologies,” says Michael Reichlin, CEO at Real-Time Systems, to explain the sales strategy for the new RTS Safe Hypervisor.

Typical mixed-critical applications

Typical mixed-critical applications include complete solutions on a single embedded computing platform that combine real-time enabled safe controls with non-safety applications – such as GUIs, AI logic or vision and situational awareness systems. With the Industry 4.0 trend, IoT gateways are becoming increasingly embedded. Integrated gateways are required, for superordinated control logic over real-time 5G and/or for anything related to the IT/OT fusion trend to enable predictive maintenance and new business models via agile subscriptions with pay-per-use and usage-based pricing.

Benefits of mixed-critical application engineering

OEMs utilizing a single hardware platform for mixed-critical application designs benefit from cost savings due to a reduced system count, resulting in an improved mean time between failures (MTBF) compared to multi-system installations. Another benefit is that engineers can manage critical and non-critical applications on one single chip or hardware, which eases application engineering and testing and data exchange between these applications. And despite the single-system approach, such a hypervisor implementation allows all non-safety applications to be continuously updated and modified without recertifying the safety-relevant components. This is not just important for innovation but also for improving cyber security.

Target markets for mixed-critical application

Target markets for the new RTS Safe Hypervisor are collaborative robotics, industrial automation, autonomous vehicles, medical equipment, construction and agricultural machinery, and rail transportation. Target certifications include IEC 61508 for safety-related embedded systems as the baseline (for all SIL levels) as well as ISO 13849 for the safety of machinery (up to PL e), IEC 62304 for medical device software (up to Class C) and EN 50128 for railway (up to SIL‑4). Lastly, cyber security certifications such as IEC 62443‑4 for industrial automation and control systems will also be covered.

The feature set in detail

The new RTS Safe Hypervisor is designed as a Type 1 real-time hypervisor that avoids adding latency to the safe OS. The safe OS will have direct and exclusive access to the allocated hardware resources. Communication between the different mixed-critical applications and processes is ensured by functionally safe shared memory and/or virtual Ethernet channels. The supported safe OSes will be QNX and Zephyr, combined with Linux or other standard x86 real-time operating systems for non-safe applications. The hypervisor will support on-chip Intel Safety Island as integrated in the Intel Atom x6000E Series processors or external safe logic for Intel Core and Xeon processors. At least two cores are required to deploy the new functionally safe hypervisor, besides PCIe pass-through to exclusively assigned devices. As a minimum, a quadcore processor is therefore recommended to be able to host non-critical applications as well.

Customers can easily integrate the dedicated boot loader, the RTS Safe Hypervisor, and their safe OS. Most comfortable is that there is no need to compile or re-build the hypervisor software as the configuration only needs to be written to a plain-text configuration file. Customers decide whether the hypervisor and safe OS are locked into the firmware – making it part of the board – or securely loaded from storage devices such as eMMCs. Non-safe Linux OS implementations on virtual machines can be deployed and modified by OEMs as needed.

Engineers who want to prepare their platform for utilizing the new RTS Safe Hypervisor today, can start engineering with Real-Time Systems’ standard hypervisor technology and their preferred safe OS. The platform can then switch to the new RTS Safe Hypervisor scheduled for release in the first half of 2023. Additional information about the new RTS Safe Hypervisor can be found at: https://www.real-time-systems.com/functional-safety

Real-Time Systems (RTS)

Related Articles

Leave a Comment