Revision as of 01:16, 15 May 2019 by Lars.kurth (Moved from Category:Safety_Certification)
Automotive functions requirements for virtualized ECUs (copied from the AGL whitepaper)
- C1: Static resource partitioning and flexible on-demand resource allocation (CPU, RAM, GPU and IO).
- C2: Memory/IO bus bandwidth allocation and rebalancing.
- P1: GPU and displays shall be shared between execution environments supporting both fixed (each one talks to its own display or to a specified area on a single display) and flexible configurations (shape, z-order, position and assignment of surfaces from different execution environments may change at run time).
- P2: Inputs shall be routed to one or multiple execution environments depending on current mode, display configuration (for touchscreens), active application (for jog dials & buttons), etc.
- P3: Audio shall be shared between execution environments. Sound complex mixing policies for multiple audio streams and routing of dynamic source/sink devices (BT profiles, USB speakers/microphones, etc.) shall be supported.
- P4: Network shall be shared between execution environments. Virtual networks with different security characteristics shall be supported (e.g., traffic filtering and security mechanisms).
- P5: Storage shall support static or shared allocation, together with routing of dynamic storage devices (USB mass storage).
- SE1: Root of Trust and Secure boot shall be supported for all execution environments.
- SE2: Trusted Computing (discrete TPM, Arm TrustZone or similar) shall be available and configurable for all execution environments.
- SE3: Hardware isolation shall be supported (cache, interrupts, IOMMUs, firewalls, etc.).
- SE4: Secure updates shall be supported.
Performance and Power consumption
- PP1: Virtualization performance overhead shall be minimal: 1-2% on CPU/memory benchmarks, up to 5% on GPU benchmarks.
- PP2: Predictability shall be guaranteed. Minimal performance requirements shall be met in any condition (unexpected events, system overload, etc.).
- PP3: Execution environments fast boot: Less than 2 seconds for safety critical applications, less than 5 seconds for Instrument Cluster, and 10 seconds for IVI. Hibernate and Suspend to RAM shall be supported.
- PP4: Execution environments startup order shall be predictable.
- PP5: Advanced power management shall be implemented with flexible policies for each execution environment.
- SA1: System monitoring shall be supported to attest and verify that the system is correctly running.
- SA2: Restart shall be possible for each execution environment in case of failure.
- SA3: Redundancy shall be supported for the highest level of fault tolerance with fallback solutions available to react in case of failure.
- SA4: Real time support shall be guaranteed together with predictive reaction time.