D



Hypervisor [jailhouse]

In 2014, the development of the open source hypervisor Jailhouse was started. Jailhouse is specifically designed for the use of isolated real-time applications, be it bare-metal or RTOS based, or certifiable software.

Jailhouse uses asymmetric multi-processing (AMP) to achieve its goals. With Jailhouse, hardware is statically partitioned with strict separation between each CPU and device. A new configuration file allows the partitioning to be adjusted at any time.

The overall design target is simplicity. As little code as possible should be used in order to fulfill the two most important requirements for Jailhouse: Realtime capability and certifiability (verifiability).

Therefore, Jailhouse is a type 1 hypervisor. The first initialization of the hardware is done by Linux, so the hypervisor can remain extremely lean. Right from the beginning, a large number of supported (and supportable) hardware is therefore available. And it should become an open source solution (GPLv2), so that it is visible for everyone what is done and how it is done.

The result is convincing - Jailhouse now supports x86 and ARM (v7 and v8) processors. A precondition is that the CPUs support a virtualization solution in hardware (e.g. Intel VT-x; ARM VE). This supports code that is significantly smaller than 10,000 LoC each, and the realtime capability is provided or maintained with an additional latency of the order of about 1 µsec, which is due to the hypervisor.

 

 Jailhouse therefore permits solutions, which were previously distributed across different computers/controllers, to be combined and run on a homogeneous or heterogeneous multi-core CPU. Thanks to the ability to support different operating systems, the applications often need not be changed.

Support by Linutronix is available
among others for iMX7, iMX8, TI 6xxx, Xilinx Ult-raScale+,Renesas STM32MP1xx.


In the context of security, the combination of Trusted Platform Module (TPM) or TrustedZone (TZ), Trusted Execution Environment (TEE) and hypervisor is also interesting. Linutronix is happy to support you in this context as well. See also Linux Security.