Bao: A Lightweight Static Partitioning Hypervisor for Modern Multi-Core Embedded Systems

Authors José Martins, Adriano Tavares , Marco Solieri, Marko Bertogna, Sandro Pinto



PDF
Thumbnail PDF

File

OASIcs.NG-RES.2020.3.pdf
  • Filesize: 0.6 MB
  • 14 pages

Document Identifiers

Author Details

José Martins
  • Centro Algoritmi, Universidade do Minho, Portugal
Adriano Tavares
  • Centro Algoritmi, Universidade do Minho, Portugal
Marco Solieri
  • Università di Modena e Reggio Emilia, Italy
Marko Bertogna
  • Università di Modena e Reggio Emilia, Italy
Sandro Pinto
  • Centro Algoritmi, Universidade do Minho, Portugal

Cite AsGet BibTex

José Martins, Adriano Tavares, Marco Solieri, Marko Bertogna, and Sandro Pinto. Bao: A Lightweight Static Partitioning Hypervisor for Modern Multi-Core Embedded Systems. In Workshop on Next Generation Real-Time Embedded Systems (NG-RES 2020). Open Access Series in Informatics (OASIcs), Volume 77, pp. 3:1-3:14, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2020)
https://doi.org/10.4230/OASIcs.NG-RES.2020.3

Abstract

Given the increasingly complex and mixed-criticality nature of modern embedded systems, virtualization emerges as a natural solution to achieve strong spatial and temporal isolation. Widely used hypervisors such as KVM and Xen were not designed having embedded constraints and requirements in mind. The static partitioning architecture pioneered by Jailhouse seems to address embedded concerns. However, Jailhouse still depends on Linux to boot and manage its VMs. In this paper, we present the Bao hypervisor, a minimal, standalone and clean-slate implementation of the static partitioning architecture for Armv8 and RISC-V platforms. Preliminary results regarding size, boot, performance, and interrupt latency, show this approach incurs only minimal virtualization overhead. Bao will soon be publicly available, in hopes of engaging both industry and academia on improving Bao’s safety, security, and real-time guarantees.

Subject Classification

ACM Subject Classification
  • Security and privacy → Virtualization and security
  • Software and its engineering → Real-time systems software
Keywords
  • Virtualization
  • hypervisor
  • static partitioning
  • safety
  • security
  • real-time
  • embedded systems
  • Arm
  • RISC-V

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. L. Abeni and D. Faggioli. An Experimental Analysis of the Xen and KVM Latencies. In 2019 IEEE 22nd International Symposium on Real-Time Distributed Computing (ISORC), pages 18-26, May 2019. URL: https://doi.org/10.1109/ISORC.2019.00014.
  2. P. Axer, R. Ernst, He. Falk, A. Girault, D. Grund, N. Guan, B. Jonsson, P. Marwedel, J. Reineke, C. Rochange, M. Sebastian, Reinhard Von Hanxleden, R. Wilhelm, and W. Yi. Building Timing Predictable Embedded Systems. ACM Trans. Embed. Comput. Syst., 13(4):82:1-82:37, March 2014. URL: https://doi.org/10.1145/2560033.
  3. A. Bansal, R. Tabish, G. Gracioli, R. Mancuso, R. Pellizzoni, and M. Caccamo. Evaluating the Memory Subsystem of a Configurable Heterogeneous MPSoC. In Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT), page 55, 2018. Google Scholar
  4. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP '03, pages 164-177, New York, NY, USA, 2003. ACM. URL: https://doi.org/10.1145/945445.945462.
  5. K. Barr, P. Bungale, S. Deasy, V. Gyuris, P. Hung, C. Newell, H. Tuch, and B. Zoppis. The VMware Mobile Virtualization Platform: Is That a Hypervisor in Your Pocket? SIGOPS Oper. Syst. Rev., 44(4):124-135, December 2010. URL: https://doi.org/10.1145/1899928.1899945.
  6. M. Bechtel and H. Yun. Denial-of-Service Attacks on Shared Cache in Multicore: Analysis and Prevention. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 357-367, April 2019. URL: https://doi.org/10.1109/RTAS.2019.00037.
  7. A. Blin, C. Courtaud, J. Sopena, J. Lawall, and G. Muller. Maximizing Parallelism without Exploding Deadlines in a Mixed Criticality Embedded System. In 2016 28th Euromicro Conference on Real-Time Systems (ECRTS), pages 109-119, July 2016. URL: https://doi.org/10.1109/ECRTS.2016.18.
  8. P. Burgio, M. Bertogna, I. S. Olmedo, P. Gai, A. Marongiu, and M. Sojka. A Software Stack for Next-Generation Automotive Systems on Many-Core Heterogeneous Platforms. In 2016 Euromicro Conference on Digital System Design (DSD), pages 55-59, August 2016. URL: https://doi.org/10.1109/DSD.2016.84.
  9. D. Cerdeira, N. Santos, P. Fonseca, and S. Pinto. SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems. In IEEE Symposium on Security and Privacy (S&P), Los Alamitos, CA, USA, 2020. Google Scholar
  10. G. Cicero, A. Biondi, G. Buttazzo, and A. Patel. Reconciling security with virtualization: A dual-hypervisor design for ARM TrustZone. In 2018 IEEE International Conference on Industrial Technology (ICIT), pages 1628-1633, February 2018. URL: https://doi.org/10.1109/ICIT.2018.8352425.
  11. A. Crespo, I. Ripoll, and M. Masmano. Partitioned Embedded Architecture Based on Hypervisor: The XtratuM Approach. In 2010 European Dependable Computing Conference, pages 67-72, April 2010. URL: https://doi.org/10.1109/EDCC.2010.18.
  12. C. Dall. The Design, Implementation, and Evaluation of Software and Architectural Support for ARM Virtualization. PhD thesis, Columbia University, 2018. Google Scholar
  13. Q. Ge, Y. Yarom, D. Cock, and G. Heiser. A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. Journal of Cryptographic Engineering, 8:1-27, April 2018. URL: https://doi.org/10.1007/s13389-016-0141-6.
  14. M. R. Guthaus, J. S. Ringenberg, D. Ernst, T. M. Austin, T. Mudge, and R. B. Brown. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. WWC-4 (Cat. No.01EX538), pages 3-14, December 2001. URL: https://doi.org/10.1109/WWC.2001.990739.
  15. Hafnium. Hafnium, 2019. URL: https://hafnium.googlesource.com/hafnium/.
  16. G. Heiser. The Role of Virtualization in Embedded Systems. In Workshop on Isolation and Integration in Embedded Systems, 2008. URL: https://doi.org/10.1145/1435458.1435461.
  17. G. Heiser and B. Leslie. The OKL4 Microvisor: Convergence Point of Microkernels and Hypervisors. In Proceedings of the First ACM Asia-pacific Workshop on Workshop on Systems, APSys '10, pages 19-24, New York, NY, USA, 2010. ACM. URL: https://doi.org/10.1145/1851276.1851282.
  18. Z. Hua, J. Gu, Y. Xia, H. Chen, B. Zang, and H. Guan. vTZ: Virtualizing ARM TrustZone. In 26th USENIX Security Symposium (USENIX Security 17), pages 541-556, Vancouver, BC, August 2017. USENIX Association. Google Scholar
  19. J. Hwang, S. Suh, S. Heo, C. Park, J. Ryu, S. Park, and C. Kim. Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones. In IEEE Consumer Communications and Networking Conference, pages 257-261, 2008. URL: https://doi.org/10.1109/ccnc08.2007.64.
  20. R. Kaiser and S. Wagner. Evolution of the PikeOS microkernel. In First International Workshop on Microkernels for Embedded Systems, volume 50, 2007. Google Scholar
  21. N. Klingensmith and S. Banerjee. Hermes: A Real Time Hypervisor for Mobile and IoT Systems. In Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications, HotMobile '18, pages 101-106, New York, NY, USA, 2018. ACM. URL: https://doi.org/10.1145/3177102.3177103.
  22. T. Kloda, M. Solieri, R. Mancuso, N. Capodieci, P. Valente, and M. Bertogna. Deterministic Memory Hierarchy and Virtualization for Modern Multi-Core Embedded Systems. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 1-14, April 2019. URL: https://doi.org/10.1109/RTAS.2019.00009.
  23. H. Li, X. Xu, J. Ren, and Y. Dong. ACRN: A Big Little Hypervisor for IoT Development. In Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2019, pages 31-44, New York, NY, USA, 2019. ACM. URL: https://doi.org/10.1145/3313808.3313816.
  24. W. Li, Y. Xia, L. Lu, H. Chen, and B. Zang. TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms. In Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2019, pages 2-16, New York, NY, USA, 2019. ACM. URL: https://doi.org/10.1145/3313808.3313810.
  25. Arm Ltd. Arm Architecture Reference Manual Supplement - Memory System Resource Partitioning and Monitoring (MPAM), for Armv8-A, 2018. URL: https://developer.arm.com/docs/ddi0598/latest.
  26. U. Lublin, Y. Kamay, D. Laor, and A. Liguori. KVM: the Linux virtual machine monitor. In Proceedings of the Linux Symposium, 2007. Google Scholar
  27. R. Mancuso, R. Dudko, E. Betti, M. Cesati, M. Caccamo, and R. Pellizzoni. Real-time cache management framework for multi-core architectures. In 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 45-54, April 2013. URL: https://doi.org/10.1109/RTAS.2013.6531078.
  28. J. Martins, J. Alves, J. Cabral, A. Tavares, and S. Pinto. uRTZVisor: A Secure and Safe Real-Time Hypervisor. Electronics, 6(4), 2017. URL: https://doi.org/10.3390/electronics6040093.
  29. Mark F. Mergen, Volkmar Uhlig, Orran Krieger, and Jimi Xenidis. Virtualization for High-performance Computing. SIGOPS Oper. Syst. Rev., 40(2):8-11, April 2006. URL: https://doi.org/10.1145/1131322.1131328.
  30. P. Modica, A. Biondi, G. Buttazzo, and A. Patel. Supporting temporal and spatial isolation in a hypervisor for ARM multicore platforms. In 2018 IEEE International Conference on Industrial Technology (ICIT), pages 1651-1657, February 2018. URL: https://doi.org/10.1109/ICIT.2018.8352429.
  31. C. Moratelli, S. Zampiva, and F. Hessel. Full-Virtualization on MIPS-based MPSOCs Embedded Platforms with Real-time Support. In Proceedings of the 27th Symposium on Integrated Circuits and Systems Design, SBCCI '14, pages 44:1-44:7, New York, NY, USA, 2014. ACM. URL: https://doi.org/10.1145/2660540.2661012.
  32. D. G. Murray, G. Milos, and S. Hand. Improving Xen Security Through Disaggregation. In Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '08, pages 151-160, New York, NY, USA, 2008. ACM. URL: https://doi.org/10.1145/1346256.1346278.
  33. R. Müller, D. Danner, W. S. Preikschat, and D. Lohmann. Multi Sloth: An Efficient Multi-core RTOS Using Hardware-Based Scheduling. In 26th Euromicro Conference on Real-Time Systems, pages 189-198, July 2014. URL: https://doi.org/10.1109/ECRTS.2014.30.
  34. A. Patel, M. Daftedar, M. Shalan, and M. W. El-Kharashi. Embedded Hypervisor Xvisor: A Comparative Analysis. In 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, pages 682-691, March 2015. URL: https://doi.org/10.1109/PDP.2015.108.
  35. S. Pinto, H. Araujo, D. Oliveira, J. Martins, and A. Tavares. Virtualization on TrustZone-Enabled Microcontrollers? Voilà! In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 293-304, April 2019. URL: https://doi.org/10.1109/RTAS.2019.00032.
  36. S. Pinto, J. Pereira, T. Gomes, A. Tavares, and J. Cabral. LTZVisor: TrustZone is the Key. In 29th Euromicro Conference on Real-Time Systems (ECRTS), pages 4:1-4:22, 2017. URL: https://doi.org/10.4230/LIPIcs.ECRTS.2017.4.
  37. S. Pinto and N. Santos. Demystifying Arm TrustZone: A Comprehensive Survey. ACM Comput. Surv., 51(6):130:1-130:36, January 2019. URL: https://doi.org/10.1145/3291047.
  38. Gerald J. Popek and Robert P. Goldberg. Formal Requirements for Virtualizable Third Generation Architectures. Commun. ACM, 17(7):412-421, July 1974. URL: https://doi.org/10.1145/361011.361073.
  39. Minos Project. Minos - Type 1 Hypervisor for ARMv8-A, 2019. URL: https://github.com/minos-project/minos-hypervisor.
  40. E. Qaralleh, D. Lima, T. Gomes, A. Tavares, and S. Pinto. HcM-FreeRTOS: Hardware-centric FreeRTOS for ARM multicore. In 2015 IEEE 20th Conference on Emerging Technologies Factory Automation (ETFA), pages 1-4, September 2015. URL: https://doi.org/10.1109/ETFA.2015.7301570.
  41. R. Ramsauer, J. Kiszka, D. Lohmann, and W. Mauerer. Look Mum, no VM Exits!(Almost). In Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT), 2017. Google Scholar
  42. A. Sadeghi, C. Wachsmann, and M. Waidner. Security and privacy challenges in industrial Internet of Things. In 2015 52nd ACM IEEE Design Automation Conference (DAC), pages 1-6, June 2015. https://doi.org/10.1145/2744769.2747942.
  43. D. Sangorrín, S. Honda, and H. Takada. Dual Operating System Architecture for Real-Time Embedded Systems. In International Workshop on Operating Systems Platforms for Embedded Real-Time Applications, Brussels, Belgium, pages 6-15, 2010. Google Scholar
  44. J. Shuja, A. Gani, K. Bilal, A. Khan, S. Madani, S. Khan, and A. Zomaya. A Survey of Mobile Device Virtualization: Taxonomy and State of the Art. ACM Computing Surveys, 49(1):1:1-1:36, April 2016. URL: https://doi.org/10.1145/2897164.
  45. S. Stabellini. Static Partitioning Made Simple. In Embedded Linux Conference (Noth America), 2019. URL: https://www.youtube.com/watch?v=UfiP9eAV0WA.
  46. P. Varanasi and G. Heiser. Hardware-supported Virtualization on ARM. In Proceedings of the Second Asia-Pacific Workshop on Systems, APSys '11, pages 11:1-11:5, New York, NY, USA, 2011. ACM. URL: https://doi.org/10.1145/2103799.2103813.
  47. S. Xi, J. Wilson, C. Lu, and C. Gill. RT-Xen: Towards Real-time Hypervisor Scheduling in Xen. In Proceedings of the Ninth ACM International Conference on Embedded Software, EMSOFT '11, pages 39-48, New York, NY, USA, 2011. ACM. URL: https://doi.org/10.1145/2038642.2038651.
  48. H. Yun, G. Yao, R. Pellizzoni, M. Caccamo, and L. Sha. MemGuard: Memory bandwidth reservation system for efficient performance isolation in multi-core platforms. In 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 55-64, April 2013. URL: https://doi.org/10.1109/RTAS.2013.6531079.