Automotive Requirements

From Xen

Automotive Requirements

Automotive functions requirements for virtualized ECUs (copied from the AGL whitepaper)

Computing

  • C1: Static resource partitioning and flexible on-demand resource allocation (CPU, RAM, GPU and IO).
  • C2: Memory/IO bus bandwidth allocation and rebalancing.

Peripherals sharing

  • P1: GPU and displays shall be shared between execution environments supporting both fixed (each one talks to its own display or to a specified area on a single display) and flexible configurations (shape, z-order, position and assignment of surfaces from different execution environments may change at run time).
  • P2: Inputs shall be routed to one or multiple execution environments depending on current mode, display configuration (for touchscreens), active application (for jog dials & buttons), etc.
  • P3: Audio shall be shared between execution environments. Sound complex mixing policies for multiple audio streams and routing of dynamic source/sink devices (BT profiles, USB speakers/microphones, etc.) shall be supported.
  • P4: Network shall be shared between execution environments. Virtual networks with different security characteristics shall be supported (e.g., traffic filtering and security mechanisms).
  • P5: Storage shall support static or shared allocation, together with routing of dynamic storage devices (USB mass storage).

Security

  • SE1: Root of Trust and Secure boot shall be supported for all execution environments.
  • SE2: Trusted Computing (discrete TPM, Arm TrustZone or similar) shall be available and configurable for all execution environments.
  • SE3: Hardware isolation shall be supported (cache, interrupts, IOMMUs, firewalls, etc.).
  • SE4: Secure updates shall be supported.

Performance and Power consumption

  • PP1: Virtualization performance overhead shall be minimal: 1-2% on CPU/memory benchmarks, up to 5% on GPU benchmarks.
  • PP2: Predictability shall be guaranteed. Minimal performance requirements shall be met in any condition (unexpected events, system overload, etc.).
  • PP3: Execution environments fast boot: Less than 2 seconds for safety critical applications, less than 5 seconds for Instrument Cluster, and 10 seconds for IVI. Hibernate and Suspend to RAM shall be supported.
  • PP4: Execution environments startup order shall be predictable.
  • PP5: Advanced power management shall be implemented with flexible policies for each execution environment.

Safety

  • SA1: System monitoring shall be supported to attest and verify that the system is correctly running.
  • SA2: Restart shall be possible for each execution environment in case of failure.
  • SA3: Redundancy shall be supported for the highest level of fault tolerance with fallback solutions available to react in case of failure.
  • SA4: Real time support shall be guaranteed together with predictive reaction time.