The automotive electronic industry is now, more than ever, facing cybersecurity, connectivity, and software time-to-market challenges. Recently, in fact, vehicles have been hacked in several ways (e.g., physical and remote unlocking/control) and by different means (i.e., CAN bus, OBD-II, emulated cellular networks, etc.).
Consequently, car makers such as BMW, Fiat Chrysler Automobiles, General Motors, Nissan, and Tesla Motors struggled to shut down connected-car services, mailing updates to users on a USB stick, remotely delivering software updates, or in the worst cases going through vehicle safety recall procedures to fix vulnerabilities.
The first reason for such security problems is that cybersecurity, although widely recognized, has not been a top priority for designers and developers of automotive electronic systems. The second reason, which is more difficult to tackle, is that these systems are increasingly complex and difficult to maintain. Hundreds of sensors, actuators, and Electronic Control Units (ECUs) from different manufacturers, with heterogeneous connectivity requirements, are orchestrated together in a distributed way through communication protocols based on broadcast messages, with a very weak usage of encryption/authentication mechanisms.
To make things worse, future cars are expected to be always connected, producing terabytes of data per day, thus requiring high bandwidth/low latency connectivity for both safety critical (Vehicle to Vehicle, Vehicle to Infrastructure, etc.) and infotainment functions (video/audio streaming, social networks, etc.). Network Functions Virtualization (NFV) and 5G, the standardization group which aims at reshaping future telecom networks around the concept of virtualization and the proposed next wireless communication standard, are multiplying standardization efforts in the direction of hyper-connected cars. However, in this context, interoperability at all levels will be of utmost importance to make things really happen in terms of usability, quality of services. and security.
Another dilemma is how cars with a lifecycle of about 15 years can coexist with connected services having a lifecycle that is a fraction of this time. For instance, Spotify, YouTube, Google Maps, and Twitter did not even exist 15 years ago and might not exist in the same way in 15 years from now.
Today, software automotive systems need to adapt themselves much quicker to new requirements from users, manufacturers, as well as from legal authorities. A big difference from the past is that all of this has to happen during the lifecycle of the very same single car.
This is not only about infotainment, as shown by Volkswagen’s diesel-gate for example, for which a huge deployment of software updates has been mandated by law.
As a result, to realize smart-connected vehicles and to tackle cybersecurity, connectivity, and software time to market challenges, the automotive industry needs a hardware and software architecture that guarantees security, simplified systems management, high processing/networking performance, open standards, interoperability, and flexibility.
This type of requirement fits perfectly with open source virtualization, which is able to provide strong isolation (helping to address cyber security requirements), limited overhead (achieving almost native performance), openness (leveraging on open standards/licenses/code speed up applications time to market and reduce vulnerabilities life), and consolidation (contributing to reduce costs and ease maintenance). This is what makes open source virtualization a smart connected vehicle enabler, and for this reason I believe it should be considered in any future automotive solution design.
AGL Virtualization Expert Group
This is why, in late 2016, I proposed to start the design/development an open source virtualization solution for Automotive Grade Linux (AGL), the most important open source automotive project under The Linux Foundation umbrella targeting to develop an industry reference software stack based on open technologies.
The proposal resulted in the creation of the AGL Virtualization Expert Group (EG-VIRT), which aims to integrate virtualization in the AGL distribution without targeting a specific technology, but building an open infrastructure able to support different potential solutions.
With this in mind, a number of ambitious tasks need to be considered, first and foremost being the choice of the target hypervisor(s). In fact, different architectures and implementations are available: unikernels (e.g., Rump kernel) are extremely thin but usually run simplified applications built for a specific purpose; containers (e.g., Docker) do not need hardware virtualization extensions but are strongly coupled with the host kernel; partitioning hypervisors (e.g., Jailhouse) can benefit from very simple implementations but provide no over commitment and need modified guests; and Type-1/Type-2 hypervisors (e.g., Xen or KVM) are today mature technologies that provide strong isolation/flexibility but slightly higher overhead.
On top of this, we must also provide an open source solution for GPU virtualization and hypervisor/OS certification, needed to finally have a real impact on the market where existing solutions are mostly based on Type-1 hypervisors (either completely closed or based on open source projects like XEN). Other solutions put together different virtualization technologies, e.g., Virtual Open Systems combines a system partitioner based on ARM TrustZone (VOSYSmonitor) with the Type-2 hypervisor KVM.
However, virtualization brings new opportunities, and one of the most important is related to (virtual) ECUs interconnection. In fact, running multiple ECUs in the same system means that there is a need to create new virtual communication mechanisms. This could be the right chance to redefine both physical and virtual ECUs interconnection, in a way that offers stronger security and higher bandwidth.
Briefly, although some say future cars look similar to modern smartphones, I believe reality is more complex than that, and smart connected vehicles are much closer to NFV systems, where a network of virtual ECUs (functions) works together through virtualization consolidation.
For the increasingly growing AGL/EG-VIRT community, the challenges outlined above are not impossible to address. In fact, there are multiple examples of open source projects that created innovation in a disruptive way.
In the meantime, EG-VIRT has taken on the challenge and has already started its activity, focusing on the implementation of a proof-of-concept based on a KVM-enabled AGL distribution on ARM. From this activity, a first set of patches have been published by Virtual Open Systems and will be demonstrated at theAutomotive Linux Summit 2017 in Tokyo during my presentation “How to Introduce Virtualization in AGL? Objectives, Plans and Targets for AGL EG-VIRT.” You are all invited to join the event and the online discussion!
The Automotive Linux Summit 2017, held May 31 – June 2 in Tokyo, gathers the most innovative minds from automotive expertise and open source excellence to drive the future of embedded devices in the automotive arena. Visit the web site to learn more!