22
Hardware isolation running RTOS concurrently with AGL on Renesas R-Car Julien Massot
Hardware isolation running RTOS concurrently with AGL on Renesas R-Car
Julien Massot
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 2
➢ 28 engineers dedicated to Embedded Linux➢ Our goal is to deploy AGL in cars, boats...
● https://iot.bzh/en/● https://redpesk.bzh/● https://github.com/iotbzh
LORIENT
About us
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 3
redpesk®: from sensor to cloud
GoogleOVH
Social identity
µBinder
TLS REST/WebSocket
Linux Embedded Target
CynagoraACLs-DB
High level APIs
Wifi Storage
Audio Network
GraphicsHID
Secure-Gateway
ACL hooks
Session Mngt.
Permission Agent
Federated Identity
Config.json
IdentityStore
Micro-service Framework
Second FactorAuth.
RTOS
Cloud publication
binding
Redis
MQTT
CoAP
Ap
plic
atio
n F
ram
ew
ork
SQL Binding
Redis Binding
LXD container
Cloud infrastructure
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 4
Agenda
● What is hardware isolation ?● What is a co-processor ?● Introducing Zephyr in AGL environment● Communicating between Zephyr and AGL framework● Manage your co-processor from Linux● Next steps
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 5
Hardware isolation vs hypervisor
++Sharing-- Privileges
Hypervisor
XEN L4RE
KVM VmWare
Hardware isolationCo-processor RTOS
Zephyr FreeRTOS
Mbed OS Nuttx
OS Containers
Docker LXC
nspawn
Desktop Containers
Flatpak Snap
AppImage
may share RAM area
share hardware
share Kernel
share runtime
++Isolation++Privileges
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 6
Isolating your safety task
● Dedicate hardware ressources: CPU, peripherals, memory● Make your safety tasks more predictable● Reduce attacks surface of your software● Two (or more) OS running on the same SoC● Only certify a small code base● Communicate with your Linux AGL applications
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 7
What is a Co-processor ?
● A physical computing unit● May not run the same OS, or even bare metal● May not share the same architecture (ISA)● Armv7, DSP..● May not be binary compatible● Can handle specific tasks● Radio, video, audio, neural network, safety
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 8
R-CAR H3 SoC
Cortex-A57
Cortex-A57 Cortex-A57
Cortex-A57 Cortex-A53
Cortex-A53 Cortex-A53
Cortex-A53
Cortex-R7
Flash LPDDR4
video codec processor 3D graphics processor
DisplayVideo signalprocessor
Audio DSP Sound routing
UART CAN I2C GPIO
USB 3 SATA PCI-E Ethernet
Architecture of Renesas R-CAR H3 SoC
Cortex-R7 ?
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 9
Cortex-R7
● General purpose microcontroller● Not already affected to audio processing or video compression● Can access any memory mapped devices (CAN, I2C, ..)● Armv7 800MHz● Dual core lockstep, suitable for safety● GIC interrupt controller● Enough to run complex tasks, sounds cool !
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 10
Pickup an RTOS
● If possible free and Open Source● With a comprehensible documentation● And a dynamic community● That fill the gap between Linux and µController world● With Posix compatibility● Go for the Zephyr project !
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 11
The Zephyr project
● Started from Wind River’s Rocket OS● Linux Foundation project● Small kernel● Many protocol stacks (IPv4, IPv6, BLE, CAN)● Auditable code base developed with a goal of safety certifications (IEC 61508)● Long term support (LTS) with security updates● Apache 2.0 open source license● Many sponsors and contributors
Facebook, Google, Intel, Nordic Semiconductor, NXP, Linaro
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 12
Run your application onZephyr
● Dedicate hardware devices and resources to Zephyr● Port your platform, if not already supported● Write your board dts● Write or reuse your required driver serial, CAN, I2C● Re-use stack an OS services IPv6 BLE, CANOpen,
MQTT● Port your application
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 13
Here we arebut too much isolated !
Linux Cortex A57/A53CANGPIOUART
I2CSPI
Renesas Gen3 SoC
App Framework
Sig
nal
Co
mpo
ser
Bin
din
g
Ap
plic
atio
nC
usto
m L
ogi
c
console
PWM
Critical application
Cortex R7
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 14
Let’s addcommunication
Cortex R7 Linux Cortex A57/A53
Shared Memory
MailboxInterprocessor Interrupts
CANGPIOUART
I2CSPI
OpenAMPlibmetal
Mailbox
Remoteproc
interrupts
rpmsg
Renesas Gen3 SoC
App Framework
Sig
na
l Co
mpo
ser
Bin
din
g
App
lica
tion
Cus
tom
Lo
gic
console
Realtime & Secure Area
PWM
Critical application
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 15
OpenAMP details
SharedMemory
MFISinterrupts
RX VRing
TX VRing
Vring buffers
Zephyr Cortex R7 Device
Resource table
ipm_rcar
Service
OpenAMPLibrary
Open sourcecomponent
Open SourcePlatform
component
Application
hardware
Linux Cortex A5x Host
Client application
RPMsg
Virtio
rcar_rprocremoteproc
rcar_mfismailbox
ipm
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 16
use AGL Binder on OpenAMP
Could be more convenient to access API and not buffer.
OpenAMP is just a transport, that can send or receive datas.
Use OpenAMP as a transport for AGL Binder as of TCP or websocket (In progress)
BINDER
Applicationgeolocation
BINDER
GPS
µBINDER
WS /TCPRPMSGOpenAMP
Co-ProcessorRTOS
Main processorLinux AGL
R-CarSoC
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 17
Co-processor life cycle management
● Linux Remoteproc framework allows to:● Let Linux handle the co-processor LCM● Load a specific firmware for the filesystem● So that you can update the firmware over the air● Start stop a remote processor / Attach to a running processor● initiate shared memory for communication● Get debug trace from the debugfs
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 18
Playing with remoteproc
● Specify a firmware to boot
$ echo -n "renesas/zephyr.elf" > /sys/class/remoteproc/remoteproc0/firmware● Start stop a remote processor
$ echo start > /sys/class/remoteproc/remoteproc0/state
remoteproc remoteproc0: powering up cr7
remoteproc remoteproc0: Booting fw image renesas/zephyr.elf, size 413184
remoteproc remoteproc0: remote processor cr7 is now up
$ echo stop > /sys/class/remoteproc/remoteproc0/state
remoteproc remoteproc0: stopped remote processor cr7● Get the debug output
$ cat /sys/kernel/debug/remoteproc/remoteproc0/trace0
*** Booting Zephyr OS build zephyr-v2.5.0 ***
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 19
What you can currently do with Zephyr forRenesas R-Car Gen3
● Send and receive CAN frames● Read and write to an I2C device● Use GPIO● Start firmware from Linux● Communicate with Linux AGL● Fetch and compile:
$ west init -m [email protected]:iotbzh/zephyr.git --mr renesas
$ west sync
$ west build -b rcar_ulcb_cr7 zephyr/samples/basic/blinky --build-dir ulcb-blinky
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 20
Current work
● Goal is to go for Zephyr mainline● Already added support for Cortex-R7● H3ULCB support is pull requested● Integration with AGL application framework● With end to end security from RTOS to Linux and Cloud
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 21
Q&A
Lorient Harbour, South Brittany, France
Thi
s p
ictu
re is
an
orig
inal
pic
ture
ta
ken
by J
ack
Mam
ele
t in
200
6. I
t is
un
der
the
GN
U F
ree
Doc
ume
ntat
ion
Lic
ense
an
d th
e C
reat
ive
Com
mo
ns A
ttrib
utio
n.
( AGL AMM March-2021)Hw isolation RTOS and AGL on Renesas R-Car 22
Links
● IoT.bzh:– Website: https://iot.bzh/– Publications: https://iot.bzh/en/publications– Github: https://github.com/iotbzh– Renesas Zephyr: https://github.com/iotbzh/zephyr/tree/renesas
● Zephyr:
- Getting Started https://docs.zephyrproject.org/latest/getting_started/index.html● AGL:
– Website: https://www.automotivelinux.org/– Documentation: http://docs.automotivelinux.org/– Sources: https://git.automotivelinux.org/
