Secure Real-time Operating System

for Connected Cars

2017-11-6

eSOL Co., Ltd.

2

About eSOL

HistoryBasic Information

Key CustomersARM Ltd., Sony Group Companies, KONICA MINOLTA Group

Companies, NIKON CORPORATION, EPSON Group Companies, Hitachi

Group Companies, Panasonic Group Companies, Canon Inc., Beckman

Coulter K.K., Alpine Electronics, Inc., TOYOTA MOTOR CORPORATION,

NISSAN MOTOR CO.,LTD., Honda R&D Co.,Ltd., Mazda Motor

Corporation, DENSO CORPORATION, AISIN AW CO., LTD., Robert Bosch

Car Multimedia GmbH, Delphi Automotive LLP, BROTHER

INDUSTRIES,LTD., DAIKIN INDUSTRIES,LTD, Nintendo Co., Ltd.,

KYOCERA Corporation, Murata Manufacturing Group Companies,

OMRON Group Companies, Renesas Electronics Corporation, Texas

Instruments Japan Limited, Rakuten Edy, Inc., SATO CORPORATION,

NEC Group Companies, Fujitsu Group Companies, NIPPON MEAT

PACKERS Group Companies, ITOHAM FOODS Group Companies, EZAKI

GLICO Group Companies, Meiji Group Companies, MORINAGA MILK

INDUSTRY Group Companies, Tokyo International Air Cargo Terminal

LTD., Japan Airlines Co., Ltd. (random order)

1975 Established ERG Co., Ltd. on May 29

1999 Released the PrKERNELv4 real-time OS

2001 Rename ERG Co., Ltd. to eSOL Co., Ltd.

Released the eBinder IDE

2005 Released the eT-Kernel real-time OS

2006 Released the eT-Kernel Multi-Core Edition real-time OS

Released the eSOL Emusen tools for handy terminals

2008 Released eT-Kernel Multi-Core Edition Memory Partitioning

2009 Investment by ARM Ltd. in eSOL

Released eSOL Geminus series handy terminals

2011 Published eT-Kernel Temporal Partitioning

Released eSOL ECUSAR AUTOSAR tools

2012 Developed real-time operating system for many-core processors

"eMCOS"

2014 Released software development kit for many-core processors,

"eMCOS SDK".

2015 Established new subsidiary eSOL TRINITY Co., Ltd

Achieved ISO 26262 (ASIL D) and IEC 61508 (SIL 4) for eT-Kernel.

2016 Established AUBASS Co., LTD

Achieved IEC62304 for RTOS Product Development Process

Founded May 1975 (Founded as ERG Co., Ltd.)

Capital US$2.4 million (Apr 2017)

President Katsutoshi Hasegawa

Revenues US$57 million(Fiscal year 2016)

Employees 370

Head Offices Tokyo, Japan

Automotive Strategy

• BSW Development & Selling License

• Tool Development & Selling License

• BSW Engineering Service

• Functional Safety (ISO26262) Tools &

Consultation Services

• Process Management Tools

• Model-Based Development (MBD) Tools

& Services

• Static Analysis Tools

• Virtual Platform and Simulator

• Training

• Scalable/High Reliability RTOS＆ IDE

• Functional Safety (ISO26262) Certification

• Engineering Service

• Academic and Industry activity• Autosar Premium Member

• Embedded Multicore Consortium

• Multicore Association SHIM Working Group

• Internet ITS Consortium, Urban Drive working group

3

eSOL strong relationship with Arm

• Arm Training PartnereSOL key focus is to support Arm architecture, and we provide Arm architecture training

program for embedded engineers.

• eSOL IDE with Arm Compiler 6Our latest IDE tool is bundled with Arm compiler 6.

We are also promote ARM complier for AUTOSAR Adaptive platform.

• is integrated with Arm Fast Models

Arm Fast Models Support software development using eSOL's RTOS platform

and skills related to Arm architecture.

• Awarded distributor

eSOL is awarded “Most Forward Thinking Distributor in Asia 2017”

LLVM/Clang

5

Market Trends for Connected Car:

Era of High Performance

&

Parallel Computing requirements

6

Connected car: OS innovation is the key

http://www.businesswire.com/news/home/20170613006441/en/Top-5-Vendors-Automotive-Connected-Car-Platform

eSOL Real Time OS innovations in line with CPU growth trends

Mono function

7

Single core Homogenous Multi core Heterogeneous Multicore

OS-less

Basic scheduler

Real Time OS

Multi Core RTOS Many core RTOS

Low

Multifunction

・Software

scale

High

・Multi-interconnectivity

CPU

OS

・Independent control functionFunctions

Core

Core Core

Core Core

Core Core

Core Core

Core Core

Core Core Core

Core c

c

c

c

c

c

c

c

c

c

c

c

c

c

c

c

Many core

・High Performance

Parallel Computing

Small Large

8

Connected car: Data security and privacy as no.1 priority

KPMG Global Automotive Executive Survey 2017

9

eSOL Innovative RTOS

Scalable RTOS• Cutting edge scalable Real Time OS, with the Functional Safety certified TRON

based Real Time OS to suit our customers’ development system, model and

applications.

11

12

Overcome challenges with AMP / SMP features

• Co-existence of SMP and AMP programs in the same system

・ Task-to-task synchronization / communication / exclusion functions are available on

all cores , and between cores・ Priority-based preemptive scheduling same as single core

・ Configurable core numbers（1 to 4）

• Software reusability for existing software asset that uses AMP scheduling mode

• 4 scheduling modes (Blend scheduling) are available to match requirements of

target system

13

Examples of Multi-core System Configuration

C1 C2

Multiprocessor integration

C1 C2

μITRON/ Linux system integration

C1 C2 C1 C2

AMP/ SMP system integration

C1 C2

OS/ OS-less integration

Blended scheduling – two modes: SPM and TSM

Co-existence of SMP and AMP programs in the same system using a special

blended scheduling mode. There are a total of four available scheduling modes,

based on the following two modes.**

Single Processor Mode (SPM)

True SMP Mode (TSM)

Tasks are dynamically allocated to

an available CPU core based on their

priority. The developer selects a CPU

core on which to run a program. TSM

maximizes the performance of the

system.

This mode allows the developer to

specify a single-core CPU unit

where process/task is generated.

The program operates similarly to

AMP-based system, which executes

only on the specified core.

SPM TSM

**Other scheduling modes will be explained separately.

15

Scalable Real-time Operating System

16

Limitation of current multicore-OS design

• Shared memory & cache coherency dependency

• Multi-core support is done through architecture expansion on conventional OS

used on single core CPUs

-OS management data is shared among multiple cores→ OS parallelism is hindered

• Without cache coherency, OS will come to a halt

• Even if cache coherency is observed, the performance

is low and unusable.

17

Scalability Issue in OS

• As the number of cores increase, scalability cannot be achieved via deploying

multiple OSs and hypervisor.

- Hypervisor holds a collection of cores and map these cores to multiple OSs, this AMP

approach does not solve the problem of scalability issue as the number of cores increase, which

further complicates the development structure.

Core comm

module

Complicated

Multicore and Manycore Technology

• Scalable multi-manycore RTOS, from single-

core to hundreds of cores

• Distributed micro-kernel architecture allows

seamless integration of heterogeneous and

multi-chip systems

• Patented scheduling algorithm achieves both

realtime capability and throughput

• Micro-kernel features

-Thread scheduling

-Messaging passing (Thread/cores)

-Core Kernel memory management

-Interrupt management

• Server/client model

Server invocation from the client is done by

message transmission

• Already supports versatile architectures: Single

to 16-core RH850, 256-core KALRAY, ARM

MPCore, 36-core-TILERA, and more coming

Distributed Micro-kernel Architectures

The world leading advanced multi-manycore technology with eSOL’s OS expertise

18

• Load-balancing policy: Semi-priority based scheduling

19

Patented Thread Scheduler

Migration takes place automatically (load-balancing), upon

load average balance of all cores.

“Soft Realtime Threads”:

always RUNNING if the thread is READY state.

“Hard Realtime Threads”:

PRI 1

PRI 6

PRI 20

PRI 30

PRI 10

Core #1

PRI 55

PRI 2

PRI 45

PRI 70

Core #2

PRI 4

PRI 10

PRI 12

PRI 11

Core #2

PRI 11

PRI 15

PRI 9

Core #3

PRI 15

PRI 65

PRI 5

PRI 6

JP PAT 5734941 and 5945617

2

1

)256(

c

j

threadreadyPjWi

2

1

n

i

WiD

Benefits

• Thread communication beyond boundaries of heterogeneous architecture

• Realization of Autonomous Distributed & Cooperated System

• Allows isolated hardware to communicate among one other.

• Ability to communicate though cores / power lines might be physically separated.

(Different from hypervisor approach)

• Hypervisor allows 2 segregation of OSs on a system, and eMCOS allows communication among CPU cores

• Distributed MicroKernel Architecture

• New architecture that resolves cache coherency bottleneck that associate with core scalability.

• Parallelizer tools (eSOL MBP, Silexica SLX) integration.

20

Scalable Real-time Operating System

21

eSOL MBP (Model Based Parallelizer) for reliable and efficient parallel code

generation

TransactionData

Transaction

by other products

Sending &

Receiving Data

Embedded

Coder

Simulink Model

C Source

SHIM xml

Parallelized

C code

Function of MBP:

1. Select paralleling information

2. Performance Estimation

3. Assigning Core

4. Generate Parallelized Code

Visualizaton

Modeling

MBP(Model Based Parallelizer)

system architecture

User

MBP- Extract block structure

- Estimate performance of each

block

- Assign each block to core

- Generate parallelized codes

- Visualize parallel structure- etc.

Reference to

performance calculation

Use your compiler to build

eSOL CONFIDENTIAL

Testing environment for autonomous driving & ADAS)

22

Micro Processor

・・・

ECU

C source

code

Simulink

Imperas (M*SDK)

Arm FastModelsEngine

ECU

CAN/Ethernet/FlexRay

Hitex Tessy

Software Unit Test

・・・・・

Software Parallelization

Support

Building a

Virtual PlatformEmbedded System Technology

Whole-Car Simulation

Traffic Simulation

Brake

ECU

Simulink Simulink

Silexica SLX

eSOL MBP

Virtual SystemA

pp

lica

tio

n 1

Ap

plica

tio

n 2

Ap

plica

tio

n n

The realtime control part of ADAS software

“Autoware”(*1) had been implemented on

eMCOS, that shown in ADAS car drive

demonstration.

(*1) Autoware is developed by Nagoya Univ., Nagasaki

Univ., and AIST.

eMCOS application case examples

ROS (Robot Operating System）environment

had build on eMCOS and Linux.

Autoware functions are implemented as ROS node.

ADAS car drive demonstration

in Aichi ITS world 2015 / the 19th Nagoya Motorshow

At the 19th Nagoya Motorshow, Nov. 2015

23

eMCOS application case examples

24

25

Safety and Security

26

ISO26262 ASIL D

IEC61508 SIL 4

Software Development

Process

eSOL has obtained the highest level for

Functional Safety・ISO26262 ASIL D

・IEC61508 SIL4

for eT-Kernel/Compact.

And IEC62304 Software Development Process

certification.

eSOL also provides the eT-Kernel Safety

Package, which includes manuals and reports on

eT-Kernel platform, which can assist customers

on their system level certification.

Functional Safety Certification

IEC62304

27

Security Implementation References for

Embedded Systems

• Web Account Hack

• Embedded device is connected to the Internet.

• Hacker exploits security bugs found in code and

steal confidential information from user web account

• Security is maintained on OS level by preventing

the hacker execution in a unsecured region

Protection against In-Memory Attack

28

In-Memory Protection on eT-Kernel

29

30

Implementation with

Armv8-M Trustzone

• What if a surveillance IP camera is hacked ?

• Surveillance IP camera is connected to the Internet.

• A malware is downloaded via the Internet and

the camera is hijacked by hacker’s attack.

• The surveillance IP camera is no more useful !

• Camera can be secured by preventing malware

execution using OS function.

eT-Kernel for Armv8-M TrustZone DemoHacking surveillance IP camera …

31

eT-Kernel for Armv8-M TrustZone Demo Architecture

32

Malicious program get

itself loaded into the RAM

via security hole found in

the server task.

The return address for

normal task gets

overwritten with the starting

address of the malicious

program.

ClientMalicious

Program

Malicious

ProgramServer Task

Server

Security routine is capable of detecting

illegal task when it calls for kernel API.

Illegal task will be terminated and system

returns to normal state.

Innovative RTOS catering to the ever growing demand for CPU

performance in connected cars

• eSOL robust and scalable for parallel computation on high

performance CPUs based on single core, multi core, many core, among

others.

Safety & Security

• eSOL is ISO 26262 ASIL D, IEC61508 SIL4, and IEC62304 certified.

Safety Package can be acquired to assist customers for system level

certification.

• eSOL provides one stop-solution for customers with expertise from

renowned vendors in security solution.

Conclusion

33

Thank you.

www.esol.co.jp