Consolidating multiple processors to reduce product cost
In some embedded system designs, multiple processors have been used in order to implement multiple functions in a more secure and reliable way than would have been possible on a single processor under the control of a single operating system instance. OKL4’s system virtualization capability provides an alternative approach that requires only a single processor, resulting in a lower cost device. In this use case, OKL4 virtual machines provide the isolation required between subsystems without requiring a separate dedicated processor for each.
When used to provide system virtualization, OKL4 offers the following benefits:
- Improved reliability and security because of the fact that each virtual machine has a separate address space. In addition, when guest operating systems are run in an OKL4 VM, each system runs entirely at user level, and it is not privileged, as it would be on bare hardware.
High levels of system performance can be achieved in this configuration, largely because of OKL4’s high performance inter process communication (IPC).
In addition to supporting one or more virtual machines’ hosting operating systems and their applications, OKL4 provides a lightweight execution environment that offers critical programs a minimal trusted computing base, allowing further improvements in reliability and security.
- The resulting software design is more portable across processors since it is based on partitioning the work for multiple virtual machines rather than multiple physical machines. An architecture based on three virtual machines managed by OKL4 can be run on a single-core, dual-core, quad-core, or more core processor without changing the architecture. In contrast, an architecture based on using each core in a dual-core processor independently (often called Asymmetric Multiprocessing or AMP) must be modified in a much more significant way to work on a four-core processor.
Design flexibility and reliability is also increased by OKL4’s flexible device handling infrastructure, which allows devices to be shared by multiple virtual machines and to reside either within an operating system environment or in an isolated and protected domain of their own.