SlideShare a Scribd company logo
ACRN Functional Safety Design and
Certification Plan
MAO, Junjie <junjie.mao@intel.com>
ACRN vMeet-Up Europe 2021
Outline
▹Safety Concept
▹Development Model and Techniques
▹Inter-VM Interference and Mitigations
▹Certification Plan
5/28/2021 ACRN Functional Safety Design and Certification Plan 2
Safety Concept
5/28/2021 ACRN Functional Safety Design and Certification Plan 3
Safety
App
Safety VM
BIOS
Safety OS
Non-safety VM
APP
Linux Kernel
APP
APP
CPU Core
LAPIC
CPU Core
LAPIC
CPU Core
LAPIC
CPU Core
LAPIC
ACRN Hypervisor
VT-d EPT VMX
Virtual PCI /
Host bridge
Physical Platform
Certified
by
Intel
and/or
customers
Not
certified
IEC 61508 Certification
Scope for ACRN
• The “partition mode”:
• 2 partitions with mixed-criticality
• Static core & memory partitioning
• Targeted SC 3
Development Model
Supporting Process
ACRN Market
Requirements
ACRN Software
Safety Requirements
ACRN Software
Architecture Design
ACRN Module
Design
Coding
ACRN Module Test
ACRN Integration
Test
ACRN Validation
Test
Change
Management
Configuration
Management
Document
Management
Tool
Classification and
Qualification
Requirement
Management
Verification
Output
Verification
5/28/2021 ACRN Functional Safety Design and Certification Plan 4
Development Techniques
5/28/2021 ACRN Functional Safety Design and Certification Plan 5
Semi-formal
notations
Bi-directional
traceability
Modular design
Event-driven
architecture
Failure mode
and effect
analysis
Coding
guidelines and
static analysis
Fault injection
test
Structural
coverage
Requirement Categorization
5/28/2021 ACRN Functional Safety Design and Certification Plan 6
Functional
Requirements
• Virtual CPU capabilities
• VM boot sequence
• VM initial states
Safety & Security
Requirements
• Interference mitigations
• Side-channel vulnerability
mitigations
Assumptions of Use
• Hardware capabilities
• System-level mitigations
to failures
Architecture Design Aspects
Initialization
• Hardware
resources
• Software data
• Hardware
virtualization
extension
Runtime
• Handling of VM
exits
Error Mitigation
• Error detection
• Error handling
Module decomposition and interface definitions
5/28/2021 ACRN Functional Safety Design and Certification Plan 7
Inter-VM Interference
Spatial Temporal
Memory
Non-safety
VM
Read/write
Memory
Non-safety
VM
1. program DMA
Device
2. read/write
Shared Cache
Non-safety
VM
Safety VM
1. load 2. evict
Non-safety
VM
Safety VM
Local
Cache
Local
Cache
Coherency traffic
Shared Cache /
Memory Controller
Non-safety
VM
Safety VM
Shared Cache /
Memory Controller /
Peripheral Bus
Non-safety
VM
Safety VM
Device
Non-safety
VM
1. program
interrupt
Device
2. deliver
interrupt
Safety VM
Reference:
[1] O. Kotaba, J. Nowotsch, M. Paulitsch, S. Petters, H. Theiling. Multicore In Real-Time Systems – Temporal Isolation Challenges Due To Shared Resources. WICERT workshop as part of DATE 2013
5/28/2021 ACRN Functional Safety Design and Certification Plan 8
Mitigating Spatial Interference
Memory
Non-safety
VM
Read/write
Memory
Non-safety
VM
1. program DMA
Device
2. read/write
Memory
Non-safety
VM
EPT
Memory
Non-safety
VM
Device
IOMMU
5/28/2021 ACRN Functional Safety Design and Certification Plan 9
Mitigating Temporal Interference
Shared Cache
Non-safety
VM
Safety VM
1. load 2. evict
Non-safety
VM
1. program
interrupt
Device
2. deliver
interrupt
Safety VM
Shared Cache
Non-safety
VM
Safety VM
1. load 2. evict
Cache Partitioning
Non-safety
VM
Device
Safety VM
IOMMU
5/28/2021 ACRN Functional Safety Design and Certification Plan 10
Residual Temporal Interference
Non-safety
VM
Safety VM
Local
Cache
Local
Cache
Coherency traffic
Shared Cache /
Memory Controller
Non-safety
VM
Safety VM
Shared Cache /
Memory Controller /
Peripheral Bus
Non-safety
VM
Safety VM
Device
• No invalidation due to
conherency
• But the coherency
traffic remains.
• No way to prevent
non-safety VM from
locking cache/memory
temporarily
• Lack hardware support
for bandwidth
allocation
The residual temporal interference is assumed to be mitigated by external watchdogs.
5/28/2021 ACRN Functional Safety Design and Certification Plan 11
ACRN Certification Plan
Submit concept-
phase work
products to TÜV
SÜD
May 2020
Received the
technical report on
the concept stating
that the ACRN
Hypervisor Software
Component from
Intel Corporation is
able to fulfil the
requirements in
accordance to SIL 3
of IEC 61508:2010.
June 2020
Complete the
submission of
detailed-test phase
work products to
TÜV SÜD
May 2021 (in the
plan)
Final audit
June 2021 (in the
plan)
5/28/2021 ACRN Functional Safety Design and Certification Plan 12
Concluding Remarks
▹ ACRN partition mode allows consolidation of mixed-critical workloads in
safety-critical uses.
▹ ACRN leverages hardware mechanisms for interference mitigation.
Residual temporal interference exists and requires system-level
mitigations.
▹ ACRN is on the way to complete the certification1.
5/28/2021 ACRN Functional Safety Design and Certification Plan 13
1 The package of certified ACRN will be available under NDA (Non-Disclosure Agreement). Contact your sales representative for access.
THANK YOU

More Related Content

What's hot

Project ACRN Device Model architecture introduction
Project ACRN Device Model architecture introductionProject ACRN Device Model architecture introduction
Project ACRN Device Model architecture introduction
Project ACRN
 
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
Project ACRN
 
ACRN vMeet-Up EU 2021 - hypervisor new platform enabling
ACRN vMeet-Up EU 2021 - hypervisor new platform enablingACRN vMeet-Up EU 2021 - hypervisor new platform enabling
ACRN vMeet-Up EU 2021 - hypervisor new platform enabling
Project ACRN
 
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
Project ACRN
 
Project ACRN Device Passthrough Introduction
Project ACRN Device Passthrough IntroductionProject ACRN Device Passthrough Introduction
Project ACRN Device Passthrough Introduction
Project ACRN
 
Project ACRN system debug
Project ACRN system debugProject ACRN system debug
Project ACRN system debug
Project ACRN
 
Project ACRN Yocto Project meta-acrn layer introduction
Project ACRN Yocto Project meta-acrn layer introductionProject ACRN Yocto Project meta-acrn layer introduction
Project ACRN Yocto Project meta-acrn layer introduction
Project ACRN
 
Project ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN expose and pass through platform hidden PCIe devices to SOSProject ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN
 
Project ACRN how to build a Yocto Project-based SOS
Project ACRN how to build a Yocto Project-based SOSProject ACRN how to build a Yocto Project-based SOS
Project ACRN how to build a Yocto Project-based SOS
Project ACRN
 
Project ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementationProject ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementation
Geoffroy Van Cutsem
 
ACRN vMeet-Up EU 2021 - Real Time Management and Performance Optimization
ACRN vMeet-Up EU 2021 - Real Time Management and Performance OptimizationACRN vMeet-Up EU 2021 - Real Time Management and Performance Optimization
ACRN vMeet-Up EU 2021 - Real Time Management and Performance Optimization
Project ACRN
 
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
The Linux Foundation
 
Project ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN USB mediator introduction
Project ACRN USB mediator introduction
Project ACRN
 
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisorProject ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN
 
Project ACRN GVT-d introduction and tutorial
Project ACRN GVT-d introduction and tutorialProject ACRN GVT-d introduction and tutorial
Project ACRN GVT-d introduction and tutorial
Project ACRN
 
Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN EtherCAT 101
Project ACRN EtherCAT 101
Project ACRN
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
The Linux Foundation
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17:  An introduction to Xen Project VirtualisationRootlinux17:  An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
The Linux Foundation
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
The Linux Foundation
 
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
The Linux Foundation
 

What's hot (20)

Project ACRN Device Model architecture introduction
Project ACRN Device Model architecture introductionProject ACRN Device Model architecture introduction
Project ACRN Device Model architecture introduction
 
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
ACRN vMeet-Up EU 2021 - Bridging Orchestrator and Hard Realtime Workload Cons...
 
ACRN vMeet-Up EU 2021 - hypervisor new platform enabling
ACRN vMeet-Up EU 2021 - hypervisor new platform enablingACRN vMeet-Up EU 2021 - hypervisor new platform enabling
ACRN vMeet-Up EU 2021 - hypervisor new platform enabling
 
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
 
Project ACRN Device Passthrough Introduction
Project ACRN Device Passthrough IntroductionProject ACRN Device Passthrough Introduction
Project ACRN Device Passthrough Introduction
 
Project ACRN system debug
Project ACRN system debugProject ACRN system debug
Project ACRN system debug
 
Project ACRN Yocto Project meta-acrn layer introduction
Project ACRN Yocto Project meta-acrn layer introductionProject ACRN Yocto Project meta-acrn layer introduction
Project ACRN Yocto Project meta-acrn layer introduction
 
Project ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN expose and pass through platform hidden PCIe devices to SOSProject ACRN expose and pass through platform hidden PCIe devices to SOS
Project ACRN expose and pass through platform hidden PCIe devices to SOS
 
Project ACRN how to build a Yocto Project-based SOS
Project ACRN how to build a Yocto Project-based SOSProject ACRN how to build a Yocto Project-based SOS
Project ACRN how to build a Yocto Project-based SOS
 
Project ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementationProject ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementation
 
ACRN vMeet-Up EU 2021 - Real Time Management and Performance Optimization
ACRN vMeet-Up EU 2021 - Real Time Management and Performance OptimizationACRN vMeet-Up EU 2021 - Real Time Management and Performance Optimization
ACRN vMeet-Up EU 2021 - Real Time Management and Performance Optimization
 
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...XPDS16:  AMD's virtualization memory encryption technology - Brijesh Singh, A...
XPDS16: AMD's virtualization memory encryption technology - Brijesh Singh, A...
 
Project ACRN USB mediator introduction
Project ACRN USB mediator introductionProject ACRN USB mediator introduction
Project ACRN USB mediator introduction
 
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisorProject ACRN CPU sharing BVT scheduler in ACRN hypervisor
Project ACRN CPU sharing BVT scheduler in ACRN hypervisor
 
Project ACRN GVT-d introduction and tutorial
Project ACRN GVT-d introduction and tutorialProject ACRN GVT-d introduction and tutorial
Project ACRN GVT-d introduction and tutorial
 
Project ACRN EtherCAT 101
Project ACRN EtherCAT 101Project ACRN EtherCAT 101
Project ACRN EtherCAT 101
 
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
XPDDS18: The Evolution of Virtualization in the Arm Architecture - Julien Gra...
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17:  An introduction to Xen Project VirtualisationRootlinux17:  An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
 
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
 

Similar to ACRN vMeet-Up EU 2021 - functional safety design and certification plan

silo.tips_flash-bootloader-product-information.pdf
silo.tips_flash-bootloader-product-information.pdfsilo.tips_flash-bootloader-product-information.pdf
silo.tips_flash-bootloader-product-information.pdf
afra151
 
The Next Step of OpenStack Evolution for NFV Deployments
The Next Step ofOpenStack Evolution for NFV DeploymentsThe Next Step ofOpenStack Evolution for NFV Deployments
The Next Step of OpenStack Evolution for NFV Deployments
Dirk Kutscher
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xen
Bitdefender Enterprise
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
AdaCore
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
ssusere142fe
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting Guide
Michael Dotson
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
Canturk Isci
 
“Efficient Video Perception Through AI,” a Presentation from Qualcomm
“Efficient Video Perception Through AI,” a Presentation from Qualcomm“Efficient Video Perception Through AI,” a Presentation from Qualcomm
“Efficient Video Perception Through AI,” a Presentation from Qualcomm
Edge AI and Vision Alliance
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
Canturk Isci
 
StarlingX - Driving Compute to the Edge with OpenStack
StarlingX - Driving Compute to the Edge with OpenStackStarlingX - Driving Compute to the Edge with OpenStack
StarlingX - Driving Compute to the Edge with OpenStack
Stacy Véronneau
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
Ashley Zupkus
 
NXP_SDV_RealTime software development organisation
NXP_SDV_RealTime software development organisationNXP_SDV_RealTime software development organisation
NXP_SDV_RealTime software development organisation
ssuser57b3e5
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 
M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019
Robert Parker
 
Virutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter SecurityVirutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter Security
guestb09e16
 
HTTP Adaptive Streaming – Quo Vadis? (2023)
HTTP Adaptive Streaming – Quo Vadis? (2023)HTTP Adaptive Streaming – Quo Vadis? (2023)
HTTP Adaptive Streaming – Quo Vadis? (2023)
Alpen-Adria-Universität
 
Designing CloudStack Clouds
Designing CloudStack CloudsDesigning CloudStack Clouds
Designing CloudStack Clouds
ShapeBlue
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
Rahul Mohandas
 
How Dell and Intel are Optimizing OpenStack Clouds
How Dell and Intel are Optimizing OpenStack CloudsHow Dell and Intel are Optimizing OpenStack Clouds
How Dell and Intel are Optimizing OpenStack Clouds
OpenStack_Online
 
SecPod: A Framework for Virtualization-based Security Systems
SecPod: A Framework for Virtualization-based Security SystemsSecPod: A Framework for Virtualization-based Security Systems
SecPod: A Framework for Virtualization-based Security Systems
Yue Chen
 

Similar to ACRN vMeet-Up EU 2021 - functional safety design and certification plan (20)

silo.tips_flash-bootloader-product-information.pdf
silo.tips_flash-bootloader-product-information.pdfsilo.tips_flash-bootloader-product-information.pdf
silo.tips_flash-bootloader-product-information.pdf
 
The Next Step of OpenStack Evolution for NFV Deployments
The Next Step ofOpenStack Evolution for NFV DeploymentsThe Next Step ofOpenStack Evolution for NFV Deployments
The Next Step of OpenStack Evolution for NFV Deployments
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xen
 
The Muen Separation Kernel
The Muen Separation KernelThe Muen Separation Kernel
The Muen Separation Kernel
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting Guide
 
20160221 va interconnect_pub
20160221 va interconnect_pub20160221 va interconnect_pub
20160221 va interconnect_pub
 
“Efficient Video Perception Through AI,” a Presentation from Qualcomm
“Efficient Video Perception Through AI,” a Presentation from Qualcomm“Efficient Video Perception Through AI,” a Presentation from Qualcomm
“Efficient Video Perception Through AI,” a Presentation from Qualcomm
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 
StarlingX - Driving Compute to the Edge with OpenStack
StarlingX - Driving Compute to the Edge with OpenStackStarlingX - Driving Compute to the Edge with OpenStack
StarlingX - Driving Compute to the Edge with OpenStack
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
NXP_SDV_RealTime software development organisation
NXP_SDV_RealTime software development organisationNXP_SDV_RealTime software development organisation
NXP_SDV_RealTime software development organisation
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019M14: MQ security deep dive ITC 2019
M14: MQ security deep dive ITC 2019
 
Virutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter SecurityVirutalization and the Future of Datacenter Security
Virutalization and the Future of Datacenter Security
 
HTTP Adaptive Streaming – Quo Vadis? (2023)
HTTP Adaptive Streaming – Quo Vadis? (2023)HTTP Adaptive Streaming – Quo Vadis? (2023)
HTTP Adaptive Streaming – Quo Vadis? (2023)
 
Designing CloudStack Clouds
Designing CloudStack CloudsDesigning CloudStack Clouds
Designing CloudStack Clouds
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
How Dell and Intel are Optimizing OpenStack Clouds
How Dell and Intel are Optimizing OpenStack CloudsHow Dell and Intel are Optimizing OpenStack Clouds
How Dell and Intel are Optimizing OpenStack Clouds
 
SecPod: A Framework for Virtualization-based Security Systems
SecPod: A Framework for Virtualization-based Security SystemsSecPod: A Framework for Virtualization-based Security Systems
SecPod: A Framework for Virtualization-based Security Systems
 

Recently uploaded

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 

Recently uploaded (20)

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 

ACRN vMeet-Up EU 2021 - functional safety design and certification plan

  • 1. ACRN Functional Safety Design and Certification Plan MAO, Junjie <junjie.mao@intel.com> ACRN vMeet-Up Europe 2021
  • 2. Outline ▹Safety Concept ▹Development Model and Techniques ▹Inter-VM Interference and Mitigations ▹Certification Plan 5/28/2021 ACRN Functional Safety Design and Certification Plan 2
  • 3. Safety Concept 5/28/2021 ACRN Functional Safety Design and Certification Plan 3 Safety App Safety VM BIOS Safety OS Non-safety VM APP Linux Kernel APP APP CPU Core LAPIC CPU Core LAPIC CPU Core LAPIC CPU Core LAPIC ACRN Hypervisor VT-d EPT VMX Virtual PCI / Host bridge Physical Platform Certified by Intel and/or customers Not certified IEC 61508 Certification Scope for ACRN • The “partition mode”: • 2 partitions with mixed-criticality • Static core & memory partitioning • Targeted SC 3
  • 4. Development Model Supporting Process ACRN Market Requirements ACRN Software Safety Requirements ACRN Software Architecture Design ACRN Module Design Coding ACRN Module Test ACRN Integration Test ACRN Validation Test Change Management Configuration Management Document Management Tool Classification and Qualification Requirement Management Verification Output Verification 5/28/2021 ACRN Functional Safety Design and Certification Plan 4
  • 5. Development Techniques 5/28/2021 ACRN Functional Safety Design and Certification Plan 5 Semi-formal notations Bi-directional traceability Modular design Event-driven architecture Failure mode and effect analysis Coding guidelines and static analysis Fault injection test Structural coverage
  • 6. Requirement Categorization 5/28/2021 ACRN Functional Safety Design and Certification Plan 6 Functional Requirements • Virtual CPU capabilities • VM boot sequence • VM initial states Safety & Security Requirements • Interference mitigations • Side-channel vulnerability mitigations Assumptions of Use • Hardware capabilities • System-level mitigations to failures
  • 7. Architecture Design Aspects Initialization • Hardware resources • Software data • Hardware virtualization extension Runtime • Handling of VM exits Error Mitigation • Error detection • Error handling Module decomposition and interface definitions 5/28/2021 ACRN Functional Safety Design and Certification Plan 7
  • 8. Inter-VM Interference Spatial Temporal Memory Non-safety VM Read/write Memory Non-safety VM 1. program DMA Device 2. read/write Shared Cache Non-safety VM Safety VM 1. load 2. evict Non-safety VM Safety VM Local Cache Local Cache Coherency traffic Shared Cache / Memory Controller Non-safety VM Safety VM Shared Cache / Memory Controller / Peripheral Bus Non-safety VM Safety VM Device Non-safety VM 1. program interrupt Device 2. deliver interrupt Safety VM Reference: [1] O. Kotaba, J. Nowotsch, M. Paulitsch, S. Petters, H. Theiling. Multicore In Real-Time Systems – Temporal Isolation Challenges Due To Shared Resources. WICERT workshop as part of DATE 2013 5/28/2021 ACRN Functional Safety Design and Certification Plan 8
  • 9. Mitigating Spatial Interference Memory Non-safety VM Read/write Memory Non-safety VM 1. program DMA Device 2. read/write Memory Non-safety VM EPT Memory Non-safety VM Device IOMMU 5/28/2021 ACRN Functional Safety Design and Certification Plan 9
  • 10. Mitigating Temporal Interference Shared Cache Non-safety VM Safety VM 1. load 2. evict Non-safety VM 1. program interrupt Device 2. deliver interrupt Safety VM Shared Cache Non-safety VM Safety VM 1. load 2. evict Cache Partitioning Non-safety VM Device Safety VM IOMMU 5/28/2021 ACRN Functional Safety Design and Certification Plan 10
  • 11. Residual Temporal Interference Non-safety VM Safety VM Local Cache Local Cache Coherency traffic Shared Cache / Memory Controller Non-safety VM Safety VM Shared Cache / Memory Controller / Peripheral Bus Non-safety VM Safety VM Device • No invalidation due to conherency • But the coherency traffic remains. • No way to prevent non-safety VM from locking cache/memory temporarily • Lack hardware support for bandwidth allocation The residual temporal interference is assumed to be mitigated by external watchdogs. 5/28/2021 ACRN Functional Safety Design and Certification Plan 11
  • 12. ACRN Certification Plan Submit concept- phase work products to TÜV SÜD May 2020 Received the technical report on the concept stating that the ACRN Hypervisor Software Component from Intel Corporation is able to fulfil the requirements in accordance to SIL 3 of IEC 61508:2010. June 2020 Complete the submission of detailed-test phase work products to TÜV SÜD May 2021 (in the plan) Final audit June 2021 (in the plan) 5/28/2021 ACRN Functional Safety Design and Certification Plan 12
  • 13. Concluding Remarks ▹ ACRN partition mode allows consolidation of mixed-critical workloads in safety-critical uses. ▹ ACRN leverages hardware mechanisms for interference mitigation. Residual temporal interference exists and requires system-level mitigations. ▹ ACRN is on the way to complete the certification1. 5/28/2021 ACRN Functional Safety Design and Certification Plan 13 1 The package of certified ACRN will be available under NDA (Non-Disclosure Agreement). Contact your sales representative for access.