The growing number of electronic control devices in vehicles calls for a short-term solution that allows several functions to be integrated onto one chip. Avionics provides one model: in that field, the technology of partitioning has already been in use for ten years . A microkernel, acting as the basic operating system, generates partitions in which other operating systems can run. Software company OpenSynergy has made this technology part of its standard software platform, and prepared it for adoption by the car industry.
This article addresses this transference, in particular with regard to maintaining the safety standards that apply to the development of automotive software.
The large number of electronic control devices found in vehicles already has a significant impact on the total weight of cars, and thus on their fuel consumption. Electronic hardware also adds considerable cost, so that using even more hardware in vehicles would therefore be irresponsible, both ecologically and economically. Carmakers and automotive suppliers have only one option: to integrate several functions onto one control device. The safest and most efficient solution is the combination of microkernel and virtualization technology.
In this technology, a microkernel forms the basis of the software architecture, providing the basic functions to allow the integration of additional operating systems. It generates different logical software partitions on the processor. Operating systems with very different requirements can be integrated onto each of these partitions, because the partitions run independently of one another. Even if the software in one partition crashes, the entire system continues to run unhindered. This type of system design prevents the operating systems from influencing one another, and thus simultaneously enhances protection from malicious attacks.
Virtualization technology means that the operating systems installed in the partitions no longer use the physical hardware; they use "virtual" hardware instead. This allows even highly complex operating systems to run in a partition.Partitioning already in use in aircraft
Partitioning through the use of microkernels has already been in use in aircraft technology for over ten years. This technology is used as part of integrated modular avionics (IMA) architecture (illustration 1
). Several years ago engineers were able to reduce the number of control devices required in aircraft even as the number of software systems needed continued to rise. Airbus, for example, uses the microkernel PikeOS from SYSGO AG for its long-haul Airbus A350 aircraft, as well as for its military cargo plane Airbus A400M. PikeOS is certified in accordance with the DO-178B safety standard.
The fact that microkernel technology reached maturity long ago in avionics gives rise to the question as to why this secure technology is not already firmly established in the automotive industry. The most likely answer is that interest in microkernel solutions has grown only recently because the large number of electronic control devices is only now becoming a challenge in cars, unlike in airplanes. In addition, new technologies must also now meet the safety requirements for software in cars, as well as formal standards like ISO 26262.
OpenSynergy started pursuing this idea of using microkernel technology to integrate software into cars in 2007, and has turned it into a marketable product. To do that, the company integrated the microkernel PikeOS into COQOS, its standards-based software platform (illustration 2
). Thanks to this microkernel, COQOS offers independent partitions on which software systems with different timing requirements and safety levels can run without interfering with one another. That means that Linux-based infotainment software can run on one partition while automotive systems run on another. COQOS also features an AUTOSAR interface for the integration of automotive software, so that AUTOSAR-compatible programs can be integrated easily [2
The microkernel in COQOS is certified in accordance with the DO-178B safety standard. But as it is uncommon to apply avionics components to automotive electronics, the extent to which avionics software meets the requirements of automotive standards had never been examined. This question is especially important because the ISO 26262 has been published.