At the RTS Embedded Systems show in Paris this week, Sysgo demonstrated its PikeOS microkernel using ARM’s TrustZone technology to enable secure communications between Android apps in “Normal World” and a PikeOS-based cryptographic app in “Secure World.”
Sysgo points out that the embedded market is evolving rapidly due to the growing importance of mobility and intelligent systems. “Both consumers and industrial devices are now requiring new technologies to meet today’s and future challenges in the areas of performance, safety, and especially security,” says the company.
According to Sysgo, ARM’s TrustZone technology has the ability to provide system-wide security, by partitioning system assets into two regions, dubbed Secure World and Normal World, as illustrated in the TrustZone architecture drawing below.
ARM TrustZone hardware architecture
Access to Secure World assets is limited to “secure software,” whereas Normal World assets can be accessed by software not constrained by security requirements (e.g. Android).
In its Paris demonstration, Sysgo configured a hypervisor architecture, in which its PikeOS 3.3 microkernel served as the Secure World OS and Android 4.0.1 served as the Normal World OS, running on a Freescale i.MX6-based board.
PikeOS hypervisor architecture
In the demonstration, a cryptographic algorithm implemented by a PikeOS application in Secure World could not be directly accessed by Android applications in Normal World, due to TrustZone protection. Instead, the Android application requiring cryptographic services had to go through a secure path managed by PikeOS in Monitor Mode.
In the demo, the PikeOS hypervisor provides the following functions:
- Handles Monitor Mode exceptions
- Assigns devices to Secure World or Normal World
- Splits memory between Secure World and Normal World
- Assigns cores to Normal World or Secure World
- Initializes and starts the Normal World OS (Android, in the demo)
- Provides ways for PikeOS applications to handle Normal World requests
Sysgo says the demo involved making “very limited” changes to Android, so that it could run in Normal World. A special driver was created, to facilitate communication between Android applications and Secure World. Overall, the demo showed an “alliance between the security features brought about by a software solution and the ones brought about by a hardware solution,” says Sysgo marketing VP Jacques Brygier.
According to Sysgo, PikeOS’s microkernel architecture makes it useful for resource-constrained devices having real-time requirements, as well as for applications in larger systems. The OS supports both single- and multi-core processors, and on multi-core systems it’s usable in both asymmetric multiprocessing (AMP) and symmetric multiprocessing (SMP) modes. The microkernel’s “Safe and Secure Virtualization” (SSV) technology is claimed to allow multiple OS instances to work “safely and securely” on separate sets of resources within a single machine.
As a hypervisor, PikeOS supports Android, Linux, PikeOS Native, ARINC 653, POSIX, RTEMS, iTRON, and more. as “guest” operating systems. The company says PikeOS is certifiable to DO-178B/C, IEC 61508, EN 50128, IEC 62304, ISO 26262 safety standards, is MILS compliant, and is involved in a number of security standard Common Criteria EAL certification projects.
Sysgo also offers an embedded Linux distribution called “eLinOS.” For further details, visit Sysgo’s website, here.