Embedded Systems Design Europe - March 2008 - (Page 27)

linux tainly improved, these requirements are best met by a small and highly efﬁcient real-time operating system (RTOS). Second is the problem of security. In a mobile-phone handset, for example, the communication stack is of critical importance – if it is subverted by an attacker, the phone could be turned into a jammer that disables communication in the whole cell. Similarly, an encryption subsystem needs to be strongly protected from being compromised. It’s no insigniﬁcant challenge to create a secure system that runs millions of lines of code; inevitably, the code contain tens of thousands of bugs, many of which can compromise the system’s security. Increasingly prone to attacks, embedded Linux implementations are large enough (hundreds of thousands of lines of code) to contain as many as a thousand bugs. Because the Linux operating system normally runs in privileged mode, once it is compromised, attacks on any part of the system are possible. Third is the issue of license separation. Linux is a frequently deployed high-level operating system. Among its advantages are the royalty-free status, independence from speciﬁc vendors, widespread deployment, and a strong and vibrant developer community. A frequent concern about Linux is that it’s distributed under the GPL license, which requires that all derived code is subject to the same license and thus becomes open source. Some legal arguments claim that the license applies even to device drivers that are loaded into the kernel as binaries at run time. This restriction creates a potential problem for chipmakers who consider device interfaces valuable proprietary IP. An open-source device driver will effectively publish those device interfaces, a strong disincentive for using Linux in many embedded systems scenarios. As is the trend with desktop applications developers, many embedded systems developers are looking to the cal to the original machine; 2. Programs that run in this environment show, at worst, minor decreases in speed; and 3. The VMM is in complete control of system resources. All three characteristics are important and contribute to making virtualization highly useful. The ﬁrst (similarity) ensures that software that runs on the real machine will run on the virtual machine. The second (efﬁciency) ensures that virtualization is practical from the performance point of view. The efﬁciency feature requires that the vast majority of instructions be directly executed by the hardware: any form of emulation or interpretation replaces a single virtual-machine instruction by several instructions of the underlying hardware. This requires that the virtual hardware be almost identical to the physical hardware on which the VMM is hosted. Small differences are possible, such as the physical hardware may miss some instructions of the virtual hardware (as long as they aren’t heavily used), the memory-management unit may be different, or devices may differ. However, not all instructions can be directly executed. The resource-control feature requires that all instructions that deal with resources must access the virtual rather than the physical resources. This means such instructions must be interpreted by the VMM, as otherwise virtualization is violated. Speciﬁcally, the virtual machine must interpret two classes of instructions: 1. control-sensitive instructions modify the privileged machine state and therefore interfere with the hypervisor’s control over resources; and 2. behavior-sensitive instructions access (read) the privileged machine state. While these instructions can’t change resource allocations, they reveal the state of real resources, specifically when they differ from the virtual 27 use of system virtualization environments, also called system virtual machines, to resolve, or at least minimize, such problems. Unlike process virtual machine environments speciﬁc to particular programming languages, such as the Java VM, system virtual machines correspond to actual hardware and can execute complete operating systems in isolation from other similar instantiations in the same computing environment. This article will explain embeddedsystem virtual machine models and explores where and how they can be used to make Linux-based applications faster and more responsive and secure. THE BASICS OF VIRTUALIZATION Virtualization refers to providing a software environment in which programs (including operating systems) can run as if on bare hardware, as Figure 1 shows. Such an environment is called a virtual machine. A virtual machine is an efﬁcient, isolated duplicate of the real machine. The software layer that provides the virtual machine environment is called the virtual machine monitor (VMM), or hypervisor. The VMM has three essential characteristics: 1. It provides an environment for programs that is essentially identi- www.embedded.com/europe | embedded systems design europe | MARCH 2008 026-027-028-029-030_ESDE.indd 27 5/03/08 15:24:20 http://www.embedded.com/europe

Table of Contents Feed for the Digital Edition of Embedded Systems Design Europe - March 2008

Embedded Systems Design Europe - March 2008 Distributors to Increase Embedded Focus Kontron and Quanta to Join Forces Coverity Raises $22m as European Business Booms Help is at Hand for Europe's Industrial Control Developers Milestones in Embedded Systems Microsoft is Recruiting for Embedded Center in Aachen European Designers to Win Cash for Green Designs Duo Work on Smaller Form Factor Europe Invests in Real-Time Java for Multicore Systems Curtiss-Wright Buys Pentland Systems Designing DSP-Based Motor Control Using Fuzzy Logic Lower the Cost of Intelligent Power Control with FPGAs Virtualizing Embedded Linux Back to the Future: Manchester Encoding Is Multicore Hype or Reality New Products Advertising Contacts

Embedded Systems Design Europe - March 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.