Software brings military-grade security to Arm SoC-based designs
Secure virtualisation provider, Lynx Software Technologies, has announced the release of LynxSecure 6.0, the latest version of its award-winning Separation Kernel Hypervisor. The company claims that this new version brings LynxSecure to the Arm architecture for the first time, providing military-grade security coupled with highly efficient virtualisation to multi-core Arm SoC-based designs. The initial port for LynxSecure 6.0 will be available on the Xilinx Zynq Ultrascale+ MPSoC.
LynxSecure 6.0 adds support for the Armv8-A architecture to existing Intel x86 support, offering both the virtualisation and hardware protection capabilities that allow LynxSecure to offer real time performance while maintaining the highest levels of security. LynxSecure supports the 64-bit architecture of Armv8-A, and allows for both 32 and 64-bit virtualised guest OSes to run without modification. LynxSecure fully supports multi-core Arm SoCs by offering core-to-guest OS affinity, support for multi-core guest OSes, and core sharing across multiple guest OSes, enabling developers to take full advantage of multi-core systems.
Robert Day, Vice President of marketing at Lynx, commented: “LynxSecure 6.0 brings a whole new development paradigm to Arm-based designers, allowing the mixing and matching of runtime environments on multi-core Arm-based SoCs. Developers can run safety-critical OSes and applications next to general purpose OSes on a single SoC without compromising the performance, safety or features of either, because LynxSecure 6.0 offers true security separation between these different environments and the devices that they use.”
LynxSecure takes advantage of the MMU, SMMU, and virtualisation capabilities found on Arm Cortex-A processors to fully isolate OSes and applications, and allows access only to the devices allocated to them. This isolation allows for efficient security to be built into the next-gen of connected devices by separating the 'connected' domain from other critical computing domains and protecting the system from IT-borne threats.
“Arm has worked with Lynx to add additional protection to vehicle computing functions through virtualisation features within the latest Armv8-A architecture,” said Rhonda Dirvin, Director of marketing programmes, Embedded and Automotive Line of Business, Arm. “Optimisations for Armv8-A in LynxSecure Separation Kernel Hypervisor enable the partitioning of specific functions. Now developers can safely consolidate traditionally separate hardware systems onto one physical SoC, resulting in performance, energy efficiency and cost benefits in automotive applications.”
The first SoC supported by LynxSecure 6.0 is the Xilinx Zynq UltraScale+ MPSoC, which contains four Cortex-A53 cores, as well as FPGA fabric. The Xilinx device was chosen for its market applicability, early customer interest, and the long-term relationship between Lynx and Xilinx, that made the initial port very smooth. LynxSecure’s ability to run different environments of mixed criticality on the same SoC is synergistic with Xilinx’s approach of hardware separation between the FPGA fabric and the on-chip processor cores and it offers developers what is apparently the most flexible approach to supporting critical computing functions.
Simon George, Director, Product Marketing – Embedded Software at Xilinx, commented: “The combination of LynxSecure with the Zynq UltraScale+ MPSoC offers designers an extremely powerful combination of leading edge hardware and software technologies. Being able to isolate critical computing functions, either in secure virtual domains or hardware fabric, gives developers in safety-critical industries the ability to build zero-compromise solutions to meet the exacting demands of their world."
LynxSecure 6.0 supports both unmodified and para-virtualised guest operating systems as well as the ability to run bare-metal applications directly on LynxSecure. Initially verified operating systems include Linux (Buildroot and Xilinx Petalinux), LynxOS-178 for avionics safety-critical applications and ETAS RTA-OS for automotive Autosar applications.