Virtualization for Embedded Systems

What Is Virtualization for Embedded Systems?

Virtualization for embedded systems creates a software abstraction layer that runs on top of an embedded hardware System on a Chip (SoC) platform or operating system.

Virtualization was developed in the 1960s to partition mainframe computers for better utilization and has been a primary enabling technology for cloud services. Now it is deployed across a broad range of computing, including desktops and embedded environments.

A common type of virtualization uses a hypervisor which enables multiple virtual machines (VMs) running separate applications, services, and even different operating systems to coexist on one hardware platform.

Benefits of Virtualization for Embedded Systems

Hypervisor-based virtualization provides a range of benefits. Since their origin in the 1960s they have enabled more efficient use of resources, and added agility, flexibility, and scalability to computing design, specifically:

  • Dedicated individual hardware is not needed for each VM, which reduces the amount of hardware required to run a wide range of applications and services, reducing costs
  • Each VM can virtualize a different operating system environment so that they can be run simultaneously on the same embedded hardware, reducing hardware weight, cost and complexity
  • Virtualization enables compartmentalization of applications and services so that a software failure on one VM is isolated and won’t cause problems elsewhere; a failing VM can be restarted while other VMs run without any impact
  • Compartmentalization also improves security, as each VM can be isolated so that even if one environment is compromised, others stay accessible
  • If there is a need to move from one type of underlying hardware to another (a genuine problem in the automotive industry during the chip supply shortage), only the host hypervisor will need to be re-coded, but the emulation it provides can be the same, reducing development time

Virtualization and Hypervisors

Hypervisors provide the software mechanism that enables virtualization of hardware and software in an embedded system. Hypervisors, also known as a virtual-machine monitors, are  the software used to create and run VMs, which abstract the hardware host and run a guest OS.

The Popek/Goldberg Theorem specifies that a hypervisor should meet the following three criteria.

1. Equivalence

Virtual machines (VMs) running in the hypervisor are essentially the same as the underlying hardware. A guest does not need to know that it is running in a VM to function properly.

The above statement does not preclude using paravirtualized devices or other strategies requiring virtualization awareness. Such strategies may be used to provide functionality and improve performance.

2. Safety

Apart from guest access to pass-through device memory, the hypervisor maintains control of the hardware at all times, regardless of what the guests do. It controls guests' abilities to access hardware devices, limits guests' ability to access host-physical memory to their assigned memory regions, has ultimate control over scheduling, manages interrupt routing, and can terminate a guest, regardless of what the guest may be attempting to do.

3. Performance

Execution of programs running in VMs is only minimally slower than running directly on the hardware.

How Virtualization for Embedded Systems Works

A hypervisor manages the virtual machines, spinning them up when requested, running them, monitoring them, shutting them down and handling the interface between the VMs and the underlying hardware. It also logically separates the VMs to provide resiliency and security. The term 'hypervisor host' (or sometimes abbreviated to 'host') refers to supporting software running in parallel with the virtual machines that provide services for the guests. Host software is important as it runs the sharing frameworks needed for multiple guests to coordinate their access to hardware and system services.  

The VM emulates a hardware platform, enabling the installation of a guest operating system compatible with the emulated hardware. Applications can then be executed on this guest operating system.

The applications can function as if the guest operating system is running on physical hardware. VMs can exchange information between themselves (with the hypervisor managing the sharing of hardware resources), but they usually run within separate spaces.

Hypervisors can use virtual input and output (VirtIO), a standard for sharing resources that a particular VM needs but does not have on its own (for example a network card). VirtIO is an interface that allows a virtual machine to use its host’s devices through minimized virtual devices.  Having guest VMs access devices through VirtIO enhances performance, as this method requires just the setup and configuration needed to send and receive data, while the host machine handles most of the setup and maintenance of the actual physical hardware.

The structure of virtualization is fundamentally similar when used in data centers or embedded systems. Whereas data centers will run one of a small number of different hardware platforms and operating systems, embedded system SoCs and operating systems can be much more varied.

The general benefits of virtualization equally apply in automotive: reduced hardware complexity and cost, alongside high security and reliability provided by VM isolation. The ability to run disparate environments on the same hardware is also advantageous. For example, the QNX® Hypervisor provides isolation and protection in the hypervisor host, which can reduce or remove the need for additional virtual machines. Virtual machines come at a cost: boot time, memory, CPU overhead, safety certification demands. So the ability to run software alongside a smaller set of VMs in a safety-certified hypervisor host environment can be beneficial.

Virtual Machines Vs. Containers for Embedded Systems

Just as cloud services are now offered as VMs or containers, embedded systems can support both approaches, too. Both are types of virtualizations. However, a VM emulates an entire platform, enabling the installation of a standard operating system and applications. A container only virtualizes layers, such as specific services or applications, above the operating system. The container includes just the dependencies required to run an application or service.

BlackBerry QNX is trusted across multiple industries to provide the software foundation for safe, secure and reliable systems that get to market faster. In this section, you’ll learn about our other tools and services—including a hypervisor, middleware, professional services and supplementary solutions—as well as about our heritage and deep expertise in embedded system software.

BlackBerry QNX offers a broad range of safety-certified and secure software products complemented by world-class professional services to help embedded developers increase reliability, shorten time-to-market, and reduce development cost.

Check Out Our Other Ultimate Guides

Structural Dependency
Information about the UNECE WP.29 regulations, the countries where they apply and how they aim to mitigate the cybersecurity risks posed to passenger vehicles.
Structural Dependency
Covers topics such as embedded systems protection, security exploits and mitigation, and best practices
Structural Dependency
Offers key concepts and information on standards for safe system design
Structural Dependency
Defines autonomous systems and the various levels of autonomy
Read the Guide