Adding Linux to a device in order to provide an open application environment
Based on customer and market demand, many designers are looking to add a Linux environment and enable third-party Linux applications. In many devices, this is motivated by the need to leverage the rich ecosystem of software available for a Linux environment. In other devices, this is motivated by a requirement to make the device “open” in the sense of allowing users to load and use applications not included in the manufacturer’s software. In both cases, it is essential that Linux be introduced in a way that does not compromise the reliability or security of the core capabilities of the device. While it may be acceptable to reinstall a downloaded game on a mobile phone due to a problem in the Linux environment, it is certainly not acceptable to have a problem with that game interfere with the ability to make and receive phone calls.
One capability provided by OKL4 is system virtualization. One of the best uses of virtualization in an embedded system is to add an open application environment, such as Linux, to a previously closed device. Virtualization allows the existing proven software to run in one virtual machine and the open Linux environment to run in another. In this case, it is essential that the virtual machines are isolated from one another. Only through such isolation can the added risks to reliability and security be contained within that open environment. Further, this isolation prevents compromise of the proven reliability and security of the legacy software environment that runs within the other virtual machine. For Linux and other GPL-licensed operating systems, some development projects also have a requirement to keep certain software IP in an execution environment isolated from the Linux OS environment. OKL4’s support for Linux virtual machines is available today. Support for additional operating systems within a virtual machine is available through either the OKL4 product roadmap or OK Labs professional services.
When used to provide system virtualization, OKL4 offers the following benefits:
Reduced risk to critical system functions as a result of including an “open” Linux environment in the device. Risk is reduced because each virtual machine has a separate address space and, when run in an OKL4 VM, Linux runs entirely at user level and is not privileged, as it would be on bare hardware.
High levels of system performance. Increased System Performance is achieved in this configuration. This is largely a result of OKL4’s high performance inter process communication (IPC).
- Increased reliability and security. In addition to supporting one or more VM and hosting operating systems and their applications, OKL4 provides lightweight execution environments that offer critical programs a minimal trusted computing base. This allows for further improvements in reliability and security.
Design flexibility and reliability. OKL4’s flexible device handling infrastructure allows devices to be shared by multiple virtual machines and to reside either within an operating system environment or in an isolated and protected domain of their own.
This capability of OKL4 has been used in a reference design for mobile device graphics based on the FancyPants™ multimedia GUI platform for embedded devices. In this reference design, OKL4 and OK Linux provide two isolated virtual machines, each running Linux. In order to support application graphics on both virtual machines, instances of FancyPants Graphics run on both. One of the virtual machines runs the FancyPants™ Canvas Server, which allows the two instances of FancyPants Graphics to share the same display resources. The reference design involves one virtual machine running a phonebook/dialer application while the second virtual machine runs a media player for playing video and browsing pictures. Using the multiple VMs to separate the media player from the dialer application and distributing the FancyPants Graphics capability, makes the dialer application secure from any problems that might occur with the media player or the instance of Linux that supports it. OKL4’s ability to place the drivers for the touch screen and frame buffer outside of the two Linux virtual machines provides further benefit because the applications are in their own protected domains. Isolation of drivers in this manner not only improves system reliability but also makes it easier to debug device driver problems during development. Since Canvas clients within a virtual machine share a single Canvas server, the ability of OKL4 to provide high performance communication between VMs is critical to this solution. In this particular case, a shared memory region is established for the image bugger and the OKL4 IPC. This shared memory region is used for image buffer update protocol and touch screen event-related communication between the two virtual machines.