Hardware isolation running RTOS concurrently with AGL on ......Hw isolation RTOS and AGL on Renesas...

Hardware isolation running RTOS concurrently with AGL on Renesas R-Car

Julien Massot

( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 2

➢ 28 engineers dedicated to Embedded Linux➢ Our goal is to deploy AGL in cars, boats...

● https://iot.bzh/en/● https://redpesk.bzh/● https://github.com/iotbzh

LORIENT

About us

https://iot.bzh/en/

https://redpesk.bzh/

https://github.com/iotbzh


redpesk®: from sensor to cloud

GoogleOVH

Social identity

µBinder

TLS REST/WebSocket

Linux Embedded Target

CynagoraACLs-DB

High level APIs

Wifi Storage

Audio Network

GraphicsHID

Secure-Gateway

ACL hooks

Session Mngt.

Permission Agent

Federated Identity

Config.json

IdentityStore

Micro-service Framework

Second FactorAuth.

RTOS

Cloud publication

binding

Redis

MQTT

CoAP

Ap

plic

atio

n F

ram

ew

ork

SQL Binding

Redis Binding

LXD container

Cloud infrastructure


Agenda

● What is hardware isolation ?● What is a co-processor ?● Introducing Zephyr in AGL environment● Communicating between Zephyr and AGL framework● Manage your co-processor from Linux● Next steps


Hardware isolation vs hypervisor

++Sharing-- Privileges

Hypervisor

XEN L4RE

KVM VmWare

Hardware isolationCo-processor RTOS

Zephyr FreeRTOS

Mbed OS Nuttx

OS Containers

Docker LXC

nspawn

Desktop Containers

Flatpak Snap

AppImage

may share RAM area

share hardware

share Kernel

share runtime

++Isolation++Privileges


Isolating your safety task

● Dedicate hardware ressources: CPU, peripherals, memory● Make your safety tasks more predictable● Reduce attacks surface of your software● Two (or more) OS running on the same SoC● Only certify a small code base● Communicate with your Linux AGL applications


What is a Co-processor ?

● A physical computing unit● May not run the same OS, or even bare metal● May not share the same architecture (ISA)● Armv7, DSP..● May not be binary compatible● Can handle specific tasks● Radio, video, audio, neural network, safety


R-CAR H3 SoC

Cortex-A57

Cortex-A57 Cortex-A57



Cortex-A53

Cortex-R7

Flash LPDDR4

video codec processor 3D graphics processor

DisplayVideo signalprocessor

Audio DSP Sound routing

UART CAN I2C GPIO

USB 3 SATA PCI-E Ethernet

Architecture of Renesas R-CAR H3 SoC

Cortex-R7 ?


Cortex-R7

● General purpose microcontroller● Not already affected to audio processing or video compression● Can access any memory mapped devices (CAN, I2C, ..)● Armv7 800MHz● Dual core lockstep, suitable for safety● GIC interrupt controller● Enough to run complex tasks, sounds cool !


Pickup an RTOS

● If possible free and Open Source● With a comprehensible documentation● And a dynamic community● That fill the gap between Linux and µController world● With Posix compatibility● Go for the Zephyr project !


The Zephyr project

● Started from Wind River’s Rocket OS● Linux Foundation project● Small kernel● Many protocol stacks (IPv4, IPv6, BLE, CAN)● Auditable code base developed with a goal of safety certifications (IEC 61508)● Long term support (LTS) with security updates● Apache 2.0 open source license● Many sponsors and contributors

Facebook, Google, Intel, Nordic Semiconductor, NXP, Linaro

https://www.zephyrproject.org/the-zephyr-project-leverages-new-member-tools-to-improve-automation-on-the-road-to-safety-certification/


Run your application onZephyr

● Dedicate hardware devices and resources to Zephyr● Port your platform, if not already supported● Write your board dts● Write or reuse your required driver serial, CAN, I2C● Re-use stack an OS services IPv6 BLE, CANOpen,

MQTT● Port your application


Here we arebut too much isolated !

Linux Cortex A57/A53CANGPIOUART

I2CSPI

Renesas Gen3 SoC

App Framework

Sig

nal

Co

mpo

ser

Bin

din

g

Ap

plic

atio

nC

usto

m L

ogi

c

console

PWM

Critical application

Cortex R7


Let’s addcommunication

Cortex R7 Linux Cortex A57/A53

Shared Memory

MailboxInterprocessor Interrupts

CANGPIOUART

I2CSPI

OpenAMPlibmetal

Mailbox

Remoteproc

interrupts

rpmsg

Renesas Gen3 SoC

App Framework

Sig

na

l Co

mpo

ser

Bin

din

g

App

lica

tion

Cus

tom

Lo

gic

console

Realtime & Secure Area

PWM

Critical application


OpenAMP details

SharedMemory

MFISinterrupts

RX VRing

TX VRing

Vring buffers

Zephyr Cortex R7 Device

Resource table

ipm_rcar

Service

OpenAMPLibrary

Open sourcecomponent

Open SourcePlatform

component

Application

hardware

Linux Cortex A5x Host

Client application

RPMsg

Virtio

rcar_rprocremoteproc

rcar_mfismailbox

ipm


use AGL Binder on OpenAMP

Could be more convenient to access API and not buffer.

OpenAMP is just a transport, that can send or receive datas.

Use OpenAMP as a transport for AGL Binder as of TCP or websocket (In progress)

BINDER

Applicationgeolocation

BINDER

GPS

µBINDER

WS /TCPRPMSGOpenAMP

Co-ProcessorRTOS

Main processorLinux AGL

R-CarSoC


Co-processor life cycle management

● Linux Remoteproc framework allows to:● Let Linux handle the co-processor LCM● Load a specific firmware for the filesystem● So that you can update the firmware over the air● Start stop a remote processor / Attach to a running processor● initiate shared memory for communication● Get debug trace from the debugfs


Playing with remoteproc

● Specify a firmware to boot

$ echo -n "renesas/zephyr.elf" > /sys/class/remoteproc/remoteproc0/firmware● Start stop a remote processor

$ echo start > /sys/class/remoteproc/remoteproc0/state

remoteproc remoteproc0: powering up cr7

remoteproc remoteproc0: Booting fw image renesas/zephyr.elf, size 413184

remoteproc remoteproc0: remote processor cr7 is now up

$ echo stop > /sys/class/remoteproc/remoteproc0/state

remoteproc remoteproc0: stopped remote processor cr7● Get the debug output

$ cat /sys/kernel/debug/remoteproc/remoteproc0/trace0

*** Booting Zephyr OS build zephyr-v2.5.0 ***


What you can currently do with Zephyr forRenesas R-Car Gen3

● Send and receive CAN frames● Read and write to an I2C device● Use GPIO● Start firmware from Linux● Communicate with Linux AGL● Fetch and compile:

$ west init -m [email protected]:iotbzh/zephyr.git --mr renesas

$ west sync

$ west build -b rcar_ulcb_cr7 zephyr/samples/basic/blinky --build-dir ulcb-blinky


Current work

● Goal is to go for Zephyr mainline● Already added support for Cortex-R7● H3ULCB support is pull requested● Integration with AGL application framework● With end to end security from RTOS to Linux and Cloud


Q&A

Lorient Harbour, South Brittany, France

Thi

s p

ictu

re is

an

orig

inal

pic

ture

ta

ken

by J

ack

Mam

ele

t in

200

6. I

t is

un

der

the

GN

U F

ree

Doc

ume

ntat

ion

Lic

ense

an

d th

e C

reat

ive

Com

mo

ns A

ttrib

utio

n.

https://www.gnu.org/licenses/fdl-1.3.fr.html

https://creativecommons.org/licenses/by-sa/3.0/deed.fr


Links

● IoT.bzh:– Website: https://iot.bzh/– Publications: https://iot.bzh/en/publications– Github: https://github.com/iotbzh– Renesas Zephyr: https://github.com/iotbzh/zephyr/tree/renesas

● Zephyr:

- Getting Started https://docs.zephyrproject.org/latest/getting_started/index.html● AGL:

– Website: https://www.automotivelinux.org/– Documentation: http://docs.automotivelinux.org/– Sources: https://git.automotivelinux.org/

https://iot.bzh/

https://iot.bzh/en/publications

https://github.com/iotbzh

https://github.com/iotbzh/zephyr/tree/renesas

https://docs.zephyrproject.org/latest/getting_started/index.html

https://www.automotivelinux.org/

http://docs.automotivelinux.org/

https://git.automotivelinux.org/

Hardware isolation running RTOS concurrently with AGL on ......Hw isolation RTOS and AGL on Renesas...

Documents

Transcript of Hardware isolation running RTOS concurrently with AGL on ......Hw isolation RTOS and AGL on Renesas...