Upload
vohanh
View
224
Download
0
Embed Size (px)
Citation preview
Secure Real-time Operating System
for Connected Cars
2017-11-6
eSOL Co., Ltd.
2
About eSOL
HistoryBasic Information
Key CustomersARM Ltd., Sony Group Companies, KONICA MINOLTA Group
Companies, NIKON CORPORATION, EPSON Group Companies, Hitachi
Group Companies, Panasonic Group Companies, Canon Inc., Beckman
Coulter K.K., Alpine Electronics, Inc., TOYOTA MOTOR CORPORATION,
NISSAN MOTOR CO.,LTD., Honda R&D Co.,Ltd., Mazda Motor
Corporation, DENSO CORPORATION, AISIN AW CO., LTD., Robert Bosch
Car Multimedia GmbH, Delphi Automotive LLP, BROTHER
INDUSTRIES,LTD., DAIKIN INDUSTRIES,LTD, Nintendo Co., Ltd.,
KYOCERA Corporation, Murata Manufacturing Group Companies,
OMRON Group Companies, Renesas Electronics Corporation, Texas
Instruments Japan Limited, Rakuten Edy, Inc., SATO CORPORATION,
NEC Group Companies, Fujitsu Group Companies, NIPPON MEAT
PACKERS Group Companies, ITOHAM FOODS Group Companies, EZAKI
GLICO Group Companies, Meiji Group Companies, MORINAGA MILK
INDUSTRY Group Companies, Tokyo International Air Cargo Terminal
LTD., Japan Airlines Co., Ltd. (random order)
1975 Established ERG Co., Ltd. on May 29
1999 Released the PrKERNELv4 real-time OS
2001 Rename ERG Co., Ltd. to eSOL Co., Ltd.
Released the eBinder IDE
2005 Released the eT-Kernel real-time OS
2006 Released the eT-Kernel Multi-Core Edition real-time OS
Released the eSOL Emusen tools for handy terminals
2008 Released eT-Kernel Multi-Core Edition Memory Partitioning
2009 Investment by ARM Ltd. in eSOL
Released eSOL Geminus series handy terminals
2011 Published eT-Kernel Temporal Partitioning
Released eSOL ECUSAR AUTOSAR tools
2012 Developed real-time operating system for many-core processors
"eMCOS"
2014 Released software development kit for many-core processors,
"eMCOS SDK".
2015 Established new subsidiary eSOL TRINITY Co., Ltd
Achieved ISO 26262 (ASIL D) and IEC 61508 (SIL 4) for eT-Kernel.
2016 Established AUBASS Co., LTD
Achieved IEC62304 for RTOS Product Development Process
Founded May 1975 (Founded as ERG Co., Ltd.)
Capital US$2.4 million (Apr 2017)
President Katsutoshi Hasegawa
Revenues US$57 million(Fiscal year 2016)
Employees 370
Head Offices Tokyo, Japan
Automotive Strategy
• BSW Development & Selling License
• Tool Development & Selling License
• BSW Engineering Service
• Functional Safety (ISO26262) Tools &
Consultation Services
• Process Management Tools
• Model-Based Development (MBD) Tools
& Services
• Static Analysis Tools
• Virtual Platform and Simulator
• Training
• Scalable/High Reliability RTOS& IDE
• Functional Safety (ISO26262) Certification
• Engineering Service
• Academic and Industry activity• Autosar Premium Member
• Embedded Multicore Consortium
• Multicore Association SHIM Working Group
• Internet ITS Consortium, Urban Drive working group
3
eSOL strong relationship with Arm
• Arm Training PartnereSOL key focus is to support Arm architecture, and we provide Arm architecture training
program for embedded engineers.
• eSOL IDE with Arm Compiler 6Our latest IDE tool is bundled with Arm compiler 6.
We are also promote ARM complier for AUTOSAR Adaptive platform.
• is integrated with Arm Fast Models
Arm Fast Models Support software development using eSOL's RTOS platform
and skills related to Arm architecture.
• Awarded distributor
eSOL is awarded “Most Forward Thinking Distributor in Asia 2017”
LLVM/Clang
5
Market Trends for Connected Car:
Era of High Performance
&
Parallel Computing requirements
6
Connected car: OS innovation is the key
http://www.businesswire.com/news/home/20170613006441/en/Top-5-Vendors-Automotive-Connected-Car-Platform
eSOL Real Time OS innovations in line with CPU growth trends
Mono function
7
Single core Homogenous Multi core Heterogeneous Multicore
OS-less
Basic scheduler
Real Time OS
Multi Core RTOS Many core RTOS
Low
Multifunction
・Software
scale
High
・Multi-interconnectivity
CPU
OS
・Independent control functionFunctions
Core
Core Core
Core Core
Core Core
Core Core
Core Core
Core Core Core
Core c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
Many core
・High Performance
Parallel Computing
Small Large
8
Connected car: Data security and privacy as no.1 priority
KPMG Global Automotive Executive Survey 2017
9
eSOL Innovative RTOS
Scalable RTOS• Cutting edge scalable Real Time OS, with the Functional Safety certified TRON
based Real Time OS to suit our customers’ development system, model and
applications.
11
12
Overcome challenges with AMP / SMP features
• Co-existence of SMP and AMP programs in the same system
・ Task-to-task synchronization / communication / exclusion functions are available on
all cores , and between cores・ Priority-based preemptive scheduling same as single core
・ Configurable core numbers(1 to 4)
• Software reusability for existing software asset that uses AMP scheduling mode
• 4 scheduling modes (Blend scheduling) are available to match requirements of
target system
13
Examples of Multi-core System Configuration
C1 C2
Multiprocessor integration
C1 C2
μITRON/ Linux system integration
C1 C2 C1 C2
AMP/ SMP system integration
C1 C2
OS/ OS-less integration
Blended scheduling – two modes: SPM and TSM
Co-existence of SMP and AMP programs in the same system using a special
blended scheduling mode. There are a total of four available scheduling modes,
based on the following two modes.**
Single Processor Mode (SPM)
True SMP Mode (TSM)
Tasks are dynamically allocated to
an available CPU core based on their
priority. The developer selects a CPU
core on which to run a program. TSM
maximizes the performance of the
system.
This mode allows the developer to
specify a single-core CPU unit
where process/task is generated.
The program operates similarly to
AMP-based system, which executes
only on the specified core.
SPM TSM
**Other scheduling modes will be explained separately.
15
Scalable Real-time Operating System
16
Limitation of current multicore-OS design
• Shared memory & cache coherency dependency
• Multi-core support is done through architecture expansion on conventional OS
used on single core CPUs
-OS management data is shared among multiple cores→ OS parallelism is hindered
• Without cache coherency, OS will come to a halt
• Even if cache coherency is observed, the performance
is low and unusable.
17
Scalability Issue in OS
• As the number of cores increase, scalability cannot be achieved via deploying
multiple OSs and hypervisor.
- Hypervisor holds a collection of cores and map these cores to multiple OSs, this AMP
approach does not solve the problem of scalability issue as the number of cores increase, which
further complicates the development structure.
Core comm
module
Complicated
Multicore and Manycore Technology
• Scalable multi-manycore RTOS, from single-
core to hundreds of cores
• Distributed micro-kernel architecture allows
seamless integration of heterogeneous and
multi-chip systems
• Patented scheduling algorithm achieves both
realtime capability and throughput
• Micro-kernel features
-Thread scheduling
-Messaging passing (Thread/cores)
-Core Kernel memory management
-Interrupt management
• Server/client model
Server invocation from the client is done by
message transmission
• Already supports versatile architectures: Single
to 16-core RH850, 256-core KALRAY, ARM
MPCore, 36-core-TILERA, and more coming
Distributed Micro-kernel Architectures
The world leading advanced multi-manycore technology with eSOL’s OS expertise
18
• Load-balancing policy: Semi-priority based scheduling
19
Patented Thread Scheduler
Migration takes place automatically (load-balancing), upon
load average balance of all cores.
“Soft Realtime Threads”:
always RUNNING if the thread is READY state.
“Hard Realtime Threads”:
PRI 1
PRI 6
PRI 20
PRI 30
PRI 10
Core #1
PRI 55
PRI 2
PRI 45
PRI 70
Core #2
PRI 4
PRI 10
PRI 12
PRI 11
Core #2
PRI 11
PRI 15
PRI 9
Core #3
PRI 15
PRI 65
PRI 5
PRI 6
JP PAT 5734941 and 5945617
2
1
)256(
c
j
threadreadyPjWi
2
1
n
i
WiD
Benefits
• Thread communication beyond boundaries of heterogeneous architecture
• Realization of Autonomous Distributed & Cooperated System
• Allows isolated hardware to communicate among one other.
• Ability to communicate though cores / power lines might be physically separated.
(Different from hypervisor approach)
• Hypervisor allows 2 segregation of OSs on a system, and eMCOS allows communication among CPU cores
• Distributed MicroKernel Architecture
• New architecture that resolves cache coherency bottleneck that associate with core scalability.
• Parallelizer tools (eSOL MBP, Silexica SLX) integration.
20
Scalable Real-time Operating System
21
eSOL MBP (Model Based Parallelizer) for reliable and efficient parallel code
generation
TransactionData
Transaction
by other products
Sending &
Receiving Data
Embedded
Coder
Simulink Model
C Source
SHIM xml
Parallelized
C code
Function of MBP:
1. Select paralleling information
2. Performance Estimation
3. Assigning Core
4. Generate Parallelized Code
Visualizaton
Modeling
MBP(Model Based Parallelizer)
system architecture
User
MBP- Extract block structure
- Estimate performance of each
block
- Assign each block to core
- Generate parallelized codes
- Visualize parallel structure- etc.
Reference to
performance calculation
Use your compiler to build
eSOL CONFIDENTIAL
Testing environment for autonomous driving & ADAS)
22
Micro Processor
・・・
ECU
C source
code
Simulink
Imperas (M*SDK)
Arm FastModelsEngine
ECU
CAN/Ethernet/FlexRay
Hitex Tessy
Software Unit Test
・・・・・
Software Parallelization
Support
Building a
Virtual PlatformEmbedded System Technology
Whole-Car Simulation
Traffic Simulation
Brake
ECU
Simulink Simulink
Silexica SLX
eSOL MBP
Virtual SystemA
pp
lica
tio
n 1
Ap
plica
tio
n 2
Ap
plica
tio
n n
The realtime control part of ADAS software
“Autoware”(*1) had been implemented on
eMCOS, that shown in ADAS car drive
demonstration.
(*1) Autoware is developed by Nagoya Univ., Nagasaki
Univ., and AIST.
eMCOS application case examples
ROS (Robot Operating System)environment
had build on eMCOS and Linux.
Autoware functions are implemented as ROS node.
ADAS car drive demonstration
in Aichi ITS world 2015 / the 19th Nagoya Motorshow
At the 19th Nagoya Motorshow, Nov. 2015
23
eMCOS application case examples
24
25
Safety and Security
26
ISO26262 ASIL D
IEC61508 SIL 4
Software Development
Process
eSOL has obtained the highest level for
Functional Safety・ISO26262 ASIL D
・IEC61508 SIL4
for eT-Kernel/Compact.
And IEC62304 Software Development Process
certification.
eSOL also provides the eT-Kernel Safety
Package, which includes manuals and reports on
eT-Kernel platform, which can assist customers
on their system level certification.
Functional Safety Certification
IEC62304
27
Security Implementation References for
Embedded Systems
• Web Account Hack
• Embedded device is connected to the Internet.
• Hacker exploits security bugs found in code and
steal confidential information from user web account
• Security is maintained on OS level by preventing
the hacker execution in a unsecured region
Protection against In-Memory Attack
28
In-Memory Protection on eT-Kernel
29
30
Implementation with
Armv8-M Trustzone
• What if a surveillance IP camera is hacked ?
• Surveillance IP camera is connected to the Internet.
• A malware is downloaded via the Internet and
the camera is hijacked by hacker’s attack.
• The surveillance IP camera is no more useful !
• Camera can be secured by preventing malware
execution using OS function.
eT-Kernel for Armv8-M TrustZone DemoHacking surveillance IP camera …
31
eT-Kernel for Armv8-M TrustZone Demo Architecture
32
Malicious program get
itself loaded into the RAM
via security hole found in
the server task.
The return address for
normal task gets
overwritten with the starting
address of the malicious
program.
ClientMalicious
Program
Malicious
ProgramServer Task
Server
Security routine is capable of detecting
illegal task when it calls for kernel API.
Illegal task will be terminated and system
returns to normal state.
Innovative RTOS catering to the ever growing demand for CPU
performance in connected cars
• eSOL robust and scalable for parallel computation on high
performance CPUs based on single core, multi core, many core, among
others.
Safety & Security
• eSOL is ISO 26262 ASIL D, IEC61508 SIL4, and IEC62304 certified.
Safety Package can be acquired to assist customers for system level
certification.
• eSOL provides one stop-solution for customers with expertise from
renowned vendors in security solution.
Conclusion
33
Thank you.
www.esol.co.jp