How Xen Hypervisor Enhances Security and Reliability of Infotainment Systems
Automotive infotainment systems are becoming increasingly sophisticated, with a wide range of software components running simultaneously.
This complexity can make these systems vulnerable to security breaches and software crashes, which can impact their reliability and safety.
In this article, we explore the need for virtualization technology, specifically the Xen hypervisor, in enhancing the security and reliability of infotainment systems. We discuss how the Xen hypervisor can be used to isolate different software components in virtual machines, preventing vulnerabilities and crashes from affecting the entire system.
We also examine the benefits of using a hypervisor in terms of software updates and maintenance.
What is a Xen based Hypervisor?
The Xen hypervisor is a popular virtualization technology that enables multiple operating systems to run on a single computer system, isolating each operating system from the others.
This isolation can help prevent security breaches and software crashes from affecting the entire system.
Additionally, virtualization technology can provide greater flexibility in terms of software updates and maintenance, allowing individual software components to be updated or replaced.
Xen Hypervisor in Automotive Infotainment Systems
The infotainment system has become an integral part of all modern vehicles. It provides drivers and passengers with a wide range of features such as multimedia players, communication stacks, and user interfaces.
These systems are becoming increasingly complex, with multiple software components running simultaneously on a single platform. However, this complexity can also make them vulnerable to security breaches and software crashes, which can impact their reliability and safety.
Security breaches can include interface with the vehicle systems (CAN/MOST), climate control, vehicle services, sensors, diagnostics, calibration, configuration, emergency services, driver assistance, or camera systems (dashcam for driver monitoring, rear view, front view, etc.).
To address these challenges, virtualization technology, specifically the Xen hypervisor, can be used to enhance the security and reliability of infotainment systems.
The XEN Architecture
Xen does not include any of the device drivers natively. It has direct access to the physical devices by guest OS; so the size of the hypervisor is kept small.
Xen provides a virtual environment between the Hardware and the OS.
Domain 0 is a privileged guest OS task which loads first when Xen boots without any file system drivers available. It is designed to access hardware directly to manage devices. Domain 0 allocates and maps hardware resources for the guest domains.
The Xen Project Hypervisor supports multiple virtual CPU schedulers, and each of these schedulers have different properties.
The hypervisor scheduler checks the various vCPUs of the virtual machines and decides the one that should run on the host’s physical CPUs (pCPUs), at any point in time.
It also enables more schedulers to be active concurrently on disjoint groups of pCPUs.
The Scheduling will not happen for virtual CPUs; it takes place on the core.
As discussed above, domains are the tasks of the OSes. Domain 0 (Dom 0) is the host and Domain U (Dom U) is the guest.
In normal CPU scheduling, any domain can access any of the threads on the Core. This can lead to data breach.
In the case of Xen hypervisor core scheduling, the core is assigned to particular pairs of domains, as shown in the image above.
The first two cores are occupied by domain0, i.e., Dom0 vcpu0, Dom0 vcpu1, Dom0 vcpu4, Dom0 vcpu5, as per the figure. Also, the third core is occupied by domainU, i.e., DomU vcpu0, DomU vcpu1.
A thread is free in one of the cores ocupied by domain0 (Dom0 vcpu4). However, it is not possible for domainU to occupy this place. This also implies that all threads of a core are scheduled together, and the bonding between vcores and vCPUs is fixed. This feature ensures that any kind of data breach is avoided.
This is the default scheduler of Xen hypervisor, where each domain will have a weight and cap. Depending on this, the priority will be calculated, i.e., which domain has to be given the highest priority.
The credit scheduler will take the inputs from the priority and assign the physical CPUs to the particular domain based on the timeslice set.
The default value is set to 30ms. Smaller values like 10ms, 5ms, and 1ms can be set for latency-sensitive workloads.
Advanced Features of XEN That Makes It Different from Normal Virtualization
- Xen Hypervisor can boot multiple OS on a single hardware using virtualization method.
- Each virtual machine supports a single guest. So, there can be multiple virtual machines at a time. Providing this illusion is called hypervisor.
- Each Virtual machine in XEN has its own OS and kernel.
- In Xen, the guest OS will not have direct access to the physical hardware. It has to write into a grant table. The grant reference will be sent to the Host OS. Using a hyper call, it will send the commands to XEN and the memory will be mapped to the particular domain. This process is based on events, and hence, it is referred to as event-driven.
- When the OS starts booting, XEN will stop the booting process at the bootloader and it starts booting up the XEN. Once XEN is completely booted up, it will boot the Host OS first and then the remaining guest OS.
- The physical memory cannot be shared with host and guest OS separately. It is split into virtual memory with fixed length blocks known as pages.
- Virtual address is mapped to the physical address in page frame.
- The guest OS cannot communicate with the other guest OS directly. It has to communicate with the help of XEN, using the virtual memory.
- If the Host or the guest OS needs to access the physical hardware, then it has to be through the XEN virtual CPUs.
- Speed and efficiency are improved with scheduling as resources are provided when needed, dynamically.
Advantages of XEN in Automotive eCockpit
- With the help of XEN, automotive cockpit becomes more cost efficient, because it is possible to boot two different OS on a single hardware platform. For example, if we need Linux for the digital instrument cluster and Android for the infotainment system, both OS can be booted on the same hardware.
- Two different displays can be included, or a single display can be divided into two parts for each OS.
- Using core scheduling, the data can be protected from security breaches.
Xen Hypervisor is a popular open-source virtualization technology that is used by Tesla Model S and Model X, Jaguar Land Rover, Boeing 787 Dreamliner, Parrot Bebop 2 drone, and Kubota tractor. These are just a few examples of the many vehicles that use the Xen Hypervisor.
As an open-source technology, Xen is widely used and can be customized to suit the needs of different applications and industries.
Disadvantages of XEN Hypervisor
- It has a large footprint and is confined to Linux for Dom 0.
- Xen supports only a limited version of Android and does not support the latest Android version, which is essential for infotainment systems.
The use of Xen hypervisor in infotainment systems can enhance the security, reliability, and flexibility of these systems. This makes it an essential tool for developers and manufacturers in this field. Future research can explore the optimization of Xen hypervisor for better performance in infotainment systems.
Nakshatra A, Software Engineer – Embitel
Nakshatra is part of the Validation Team at Embitel. She has 3+ years of experience in BSP development and System Validation for real time embedded applications.
Outside of work, she is passionate about music and art.