acrn : a big little hypervisor for iot development...kernel user kernel vm api keystore virtual...
TRANSCRIPT
ACRNTM: A Big Little Hypervisor for IoT Development
Eddie Dong, Intel Open Source Technology Center
Key contributors: Christopher Cormack, Matthew Curfman, Jeff Jackson
V0.2 Status Update
Table of Contents
PART 1: What is ACRN
PART 2: Architecture Models
PART 3: Development Status
PART 4: Call for Participation
…………………………………………….. page 3
…………………………………………….. page 5
…………………………………………….. page 10
…………………………………………….. page 17
What is ACRN
ACRN is a Big Little Hypervisor for IoT Development !
Usage Difference: From Server to IoT
Server Usage IoT Usage
Open/Close Platform Open Mostly Closed
System Software Distribution One binary for a variety of product,
and/or with add-on hardware
Customized per product
Real Time No Yes for many systems
Functional Safety No Yes for some usages
Video (including Camera) No Yes for many usages
Audio No Yes for many usages
Performance Yes Yes
Isolation Yes Yes
Security Yes Yes
Migration Very Important Yes for some usages
IoT Virtualization would be largely different with that of Server virtualization
ACRN Focus
Small Footprint
Built for IoT
Adaptability
Built for Real-Time
Safety Criticality
Truly Open Source
Sharing Mode & Partition Mode
ACRN
Instrument Cluster
Device Model
Sharing Mode
Service OS (SOS)
IVI IVI
ACRN
Partition Mode Partition Mode
Deep Learning Deep Learning
Sharing Mode SOS-Less Partition Mode
Hybrid Mode
Privileged VM, loaded by Hypervisor
Completely independent of SOS
ACRN hypervisor (IEC-61508)
Orchestration Agent
Device Model
Soft Realtime
UOS
HMIProcess Control PLC
Service OS (SOS) Preempt-RT
Privileged VM
Auto PLC IPC Robotics
Hard Realtime
SOS
Normal VM Normal VM
ACRN hypervisor (IEC-61508)
Orchestration Agent
Device Model
Soft Realtime
Partition Mode Sharing Mode
HMIAuto PLC IPC Robotics Process Control PLC
Service OS (SOS)
Hard Realtime
Preempt-RT
Privileged VM, loaded by SOS
But independent of SOS at Runtime
Trusty
World
ACRN Sharing Mode for IVI Usage
Subtext goes hereService VM
(PIT, PCI, ACPI ..)
Hypercalls
VT-d EPT
ACRN HypervisorVMX
Virtio API Trusty API vPIC/vLAPIC/
vIOAPIC/vMSI
ACRN Device
Model
(Mediators)
VM
Manager
Linux VM
virtio
FE Drivers
User
Kernel
User
Kernel
VM API
Keystore
Virtual Firmware
EnclavesEnclaves
Android
World
virtio
FE Drivers
User
Kernel
Virtual Firmware
VMX non-root
operation
VMX root
operation
Android VM
Keystore
Native Device DriverNative Device Driver
Kernel Mediators
Instrument
Cluster (IC)
Virtio & Hypercall
Module (VHM)
ACRN
Services
PM Agency
Keybox
Automotive Boot Loader (SBL, ABL or UEFI)
Apollo Lake, KSL-I PlatformCSE
ACRN Partition Mode for Industrial Usage
VT-d EPT
ACRN Hypervisor
VMX vRTCPartitioned virtual
IOAPIC
RT APP
RT VM
VMX non-root operation
VMX root operation
UEFI Firmware
Virtual PCI /
Host bridge
RT APP
Non-RT
APPNon-RT
APP
RT Kernel
GUI VM(Could be extended to run SOS)
APP
Kernel
APPAPP
CPU Core
LAPIC
CPU Core
LAPIC
CPU Core
LAPIC
CPU Core
LAPIC
RT VM uses dedicated hardware
resources (CPU/Memory/Devices)
• LAPIC Passthru for exit-less MSI
interrupt / Timer
• IOAPIC partition with global
vectoring
• Cache Partitioning
Minimal in-hypervisor devices
• Virtual RTC
• Virtual PCI controller and host
bridge
GUI VM can be extended as SOS to
support more VMs
• Hybrid model
Hypervisors Feature Comparison
Features ACRN KVM XEN
Hypervisor Type 1 Type 2 Type 1
Lines of Code (LOC) 28K 10M+ ~299K
Functional Safety Capable Yes (**) No No
MISRA Yes No No
USB Host + Device Host only Host only
Device sharing Yes Yes Yes
Virtio Yes Yes No (Xen specific PV)
Vhost WIP Yes No
VM management Yes Yes (libvirt) Yes (libvirt)
Nested virtualization No Yes Yes
VM migrations No Yes Yes
CPU hotplug No Yes Yes
Edge/ IoT Devices
Data Center/Servers
***Lines of source code is collected by running cloc to parse the hypervisor directory
ACRN: As of Sep 25 (open source V0.2 Release)
XEN: As of Oct 10 (commit: 92666fdd6e0afab989b2d89759d9b43f2c645ae7)
ACRN Lines of Code
0
5000
10000
15000
20000
25000
30000
ww19 ww21 ww23 ww25 ww27 ww29 ww31 ww33 ww35 ww37 ww39
Lin
es o
f C
od
eACRN Source Code Size
C Header Assembly
Towards MISRA-C Compliance
0
5000
10000
15000
20000
25000
Num
ber
of V
iola
tion
s
Mandatory Required Advisory
• Statistics from commercial safety-qualified checker.
• False positives and intended deviations tracked in weekly-updated sheets.
• Pull requests are scanned hunting for new violations.
80% reduction
Preliminary GPU Performance on Apollo Lake
Performance Test Cases in Android Native Guest Guest VS Native
Carchase_offscreen 12.63 10 79.18%
Manhattan_3.1_offscreen 20.73 17 82.01%
H.264_MPEG4_AVC_1080p60 60 55.4 92.33%
H.265_HEVC_4kx2kp60_10bits_playback 59.99 53.1 88.51%
12.6320.73
60 59.99
1017
55.4 53.1
0
10
20
30
40
50
60
70
fram
e p
er s
eco
nd
(fp
s)
Native
Guest
Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or
software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on
performance tests and on the performance of Intel products, visit Intel Performance Benchmark Limitations.
Configuration for Real Time Latency
Common
• Dell-7050 (i7-7700), 3.6GHZ, 8MB Cache
• ACRN with hybrid mode
• Service VM uses Clearlinux, running SCP
Configuration 1
• RT-VM runs tickles Zephyr with 64KB memory
• Cyclic Test to measure the scheduler jitter & OS Tick latency
Configuration 2
• RT-Linux (4.14) with 1GB memory
• Cyclic Test to measure the scheduler jitter between native and VM
Preliminary Jitter with Zephyr
Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or
software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on
performance tests and on the performance of Intel products, visit Intel Performance Benchmark Limitations.
Preliminary Jitter with RT-Linux
Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or
software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on
performance tests and on the performance of Intel products, visit Intel Performance Benchmark Limitations.
Native Jitter
Jitter as a
VM
ACRN Roadmap
Dates below are for reference only and subject to change
Area v0.1@Q2‘18 v0.2@Q3’18 V0.5@Q4’18 V1.0@Q1‘19 V1.x@2019
HW
• APL NUC (UEFI)
• APL UP2 (UEFI)
• APL NUC (UEFI)
• APL UP2 (UEFI)
• APL NUC (UEFI)
• KBL NUC (UEFI)
• APL UP2 (UEFI)
• APL NUC (UEFI)
• KBL NUC (UEFI)
• APL UP2 (UEFI)
• APL NUC (UEFI)
• KBL NUC (UEFI)
• APL UP2 (UEFI)
• ARM
Hypervisor
• VT-x
• VT-d
• CPU static-partitioning
• memory partitioning
• Virtio (v0.95)
• VHM
• EFI boot
• Clear Linux as guest
• Virtio (v1.0)
• Power Management
(Px/Cx)
• VM management
• ACRN debugging tool
• vSBL
• Android as guest
• AliOS as guest
• Zephyr as guest
• MISRA C compliance
• Logical partitioning without
Service OS
• Trusty (Security)
• SBL boot
• vHost
• Power Management
(S3/S5)
• Real Time
• Windows as guest
• VxWorks as guest
• Functional Safety capable
• CPU sharing
• OVMF
• ARM
I/O
virtualization
• Storage
• Ethernet
• USB host controller (PT)
• USB device controller (PT)
• Audio (PT)
• WiFi (PT)*
• Touch (PT)
• GPU Sharing:
• GPU Surface Sharing
• IPU Sharing*
• GPU Prioritized Rendering
• Touch sharing
• IOC sharing*
• Audio sharing
• USB host controller Sharing
• USB DRD virtualization
• GPIO virtualization • HECI sharing (Security)
• CSME/DAL sharing (Security)
• TPM Sharing (Security)
• eAVB/TSN Sharing
• SR-IOV*
Call for Participationhttps://projectacrn.github.io/index.html
https://projectacrn.org
Joining ACRN Community Today!!!