Channels ▼
RSS

Tools

An Architecture for In-Vehicle Infotainment Systems


Intel Technologies

Intel includes various technologies in its products, but the relevant ones for the Intel-based IVI platform are covered here from the IVI usage perspective. Each of the Intel platform solutions has varying levels of technology support, due to independencies on various platform hardware component features. While we cover these technologies and their applicability to the Intel-based IVI platform, one must reference each of the product SKU specifications for the available support.

Virtualization. Virtualization creates a level of abstraction between physical hardware and the operating system. The abstraction layer, referred to as the hypervisor, executes the OS as a guest within a virtual machine (VM) environment and virtualizes or emulates the platform resources (CPU, memory, and I/O) to the guest OS. Multiple guest operating systems can be supported by the hypervisor, each encapsulated within its own VM, executing unmodified software stacks with user applications (fully virtualized) or modified to run in conjunction with the hypervisor (para-virtualized).

Intel Virtualization Technology (Intel VT) applicable to the Intel-based IVI platform is based on two different components, namely Intel Virtualization Technology (Intel VT) for IA-32, Intel 64 and Intel Architecture (Intel VT-x) support on the processor and Intel Virtualization Technology (Intel VT) for Directed I/O (Intel VT-d) support in the controller hub. Intel VT-x constitutes a set of virtual-machine extensions (VMXs) that support virtualization of the processor hardware. Intel VT-d provides IO device assignment to the VM with hardware-assisted DMA and interrupt remapping from the I/O devices. For complete details of Intel VT, visit http://developer.intel.com.

Each of the Intel platform solutions has a varying set of hardware capabilities for virtualization. The key virtualization usage models for the Intel-based IVI platform that a car OEM can use with the appropriate built-in Intel VT hardware are described in the following paragraphs.

Consolidation: This usage model is the concept of combining multiple applications, each of them executing on a separate hardware platform, onto a single hardware platform without modification of the application or the OS. Executing on a virtualized platform, each application executes within its own OS environment as a guest within a separate VM. These embedded applications are typically characterized as running under a real-time OS (RTOS) with one or more dedicated I/O devices. The driving function behind consolidation is the cost reduction associated with fewer platforms and lower maintenance costs, power consumption, heat dissipation and cooling, and weight, while increasing platform reliability due to fewer components, as illustrated in Figure 7.

Figure 7: Consolidation usage model

Examples of IVI and vehicle applications that could be consolidated are listed below.

  • Engine information: alerts, warnings, and diagnostics
  • Auto control, information: wipers, lights, turn signal, tire pressure
  • Driver assist: lane departure warning, blind spot detection, front/rear proximity, external temperature, and directional information
  • Fuel economy: average and instantaneous MPG, optimum speed, distance remaining to refuel
  • Environmental controls: interior lighting, temperature regulation, mirror and seat positioning
  • Electronic dashboard

Hybrid: The hybrid usage model diverges from the typical embedded hypervisor as a thin virtualization layer by integrating a RTOS or kernel into the hypervisor or partially-virtualizes an RTOS for closer coupling with the platform I/O, as shown in Figure 8. This usage model has particular value to the IVI market segment where the existing RTOS along with the IVI applications executing on it can be either integrated or partially-virtualized with the hypervisor, while new applications offered by a general purpose OS (GPOS) can be quickly brought to the IVI platform by executing it in a separate VM. Another consideration for the RTOS and GPOS partitioning is the boot time of the OS and availability requirements of the application. Applications or devices that require immediate availability are allocated to the RTOS partition, while those applications which are tolerant of a few seconds of delay in availability can execute in the GPOS partition.

Figure 8: Hybrid usage model

Examples of applications that could execute in a hybrid usage model and their applicable partition are listed below.

  • RTOS partition
    • Rearview camera
    • Audio, video playback
    • Digital radio
    • Cell phone hands free
  • GPOS partition
    • Games
    • Navigation
    • Electronic owner's manual

One of the challenges is to provide I/O access to VMs through an efficient and secure implementation. Three such implementations are device emulation or partial virtualization or hardware assisted virtualization. Device emulation implements the physical device driver in the hypervisor, which emulates existing interfaces and incurs a latency penalty as each I/O must traverse the emulation driver. Partial virtualization allows a VM to directly access an I/O device to eliminate the latency penalty through a set of VMM specific interfaces, which require changes in the guest OS. The hardware-assisted I/O virtualization requires support in the platform chipset hardware.

The virtualization hypervisor induces overhead on the IVI platform performance, whether it is through the virtualization of the processor or emulation of the IO. Optimizing the hypervisor to reduce virtualization overhead and achieve near real-time latency is an opportunity for continuous performance improvements. The consolidation and hybrid usage models presented previously are just two examples of how virtualization can be implemented in an Intel-based IVI platform. Developing other models and application partitioning provides numerous opportunities for product differentiation and value-add to the end customer. Depending on the VMM model chosen, appropriate hardware may need to be designed into the platform upfront or select the appropriate Intel architecture-based processor and chipset solution for the Intel-based IVI platform.

Intel Hyper Threading Technology (Intel HT Technology)

This is one of the Intel technologies that is enabled by default on the Intel-based IVI platform in hardware. The key dependency to leverage from this is the support in the OS for symmetric multiprocessing (SMP). Some applications have been benchmarked and are known to show an improvement in performance by 30 percent with Intel Hyper Threading Technology (Intel HT Technology). The enabling of Intel HT Technology is transparent to the application, in the sense that the same applications running on a uni-processor machine can run in a seamless way. Future Intel-based IVI platform processors may support multiple cores and the same SMP software would run unchanged.

Maximum benefit of Intel HT Technology to the end-customer depends on the collaborative effort by the IBV, OSV, and ISV. Supporting SMP by default in the OS is an opportunity for the OS vendors to help facilitate execution of heavier workloads more efficiently. The application vendors in turn can develop high performance applications through development of multi-threaded applications that can execute in parallel. The benefits can be further extended by the ISVs making their middleware and device driver software MP-safe such as with reentrancy and non-blocking APIs.

Security

There are two key aspects of security that an Intel-based IVI platform is targeted to support for "open and closed device" usage models and they are (1) to enable a tamper-resistant software environment to protect against malicious attacks and (2) to offer ability to playback DRM-protected content like Blu-Ray for rear-seat entertainment. The usage model shown in Table 2 for the Intel-based IVI platform exposes it to various types of threats and therefore presents the need to protect against them.

Table 2: Usage model and security threats

Based on the usage model described in Table 2, the assets on the platform that need to be protected that a hacker could attempt to compromise are as follows:

  • Platform resources such as CPU, memory, network (3G, WiMax, WiFi).
  • Privacy-sensitive data such as personal identification, address book, location, e-mail messages, DRM-protected copyrighted content like music and video.
  • Trusted services such as financial, device management and provisioning, trusted kernel components

The mitigation against the security threats shall require the Intel-based IVI platform security architecture to use a combination of hardware and software security ingredients like:

  • Trusted boot, secure storage and key management with Trusted Computing Group's Trusted Platform Module (TPM), coupled with appropriate hardware based root of trust such as Intel Trusted Execution Technology (Intel TXT). The Intel TXT feature is available only on certain Intel Architecture Processors. In its absence, an appropriate alternative mechanism may be supported. These security features are becoming pervasive on most mobile platforms and would be very applicable to the Intel-based IVI platform as well.
  • DRM content protection based on commercial media players executing on Intel architecture.
  • Application isolation through OS-based mechanisms.
  • Trusted domains and domain isolation through virtualization.
  • Anti-virus through third-party software libraries and application design.

Security is a strong requirement, considering the new threats the automobile is exposed to due to connectivity to the Internet and rich features as shown in Table 2. Providing a secure car in an open usage model has become a challenge. Not all of the above features are present in the current generation of the Intel-based IVI platforms. The expectation is that over time, many of these will be enabled in a phased manner.

The Intel-based IVI platform with an Intel Atom processor and an industrial grade TPM device will allow a car OEM to deliver differentiating security. This is also a great opportunity for third-party vendors to provide various platform security ingredients as outlined in the Table 3.

Table 3: Security mitigation strategies

ThreatsSecurity IngredientMalware attackApplication isolation, domain isolation, tamper-resistant software (TRS), anti-virus protectionSteal privacy sensitive dataTrusted boot, secure storageSteal DRM protected contentApplication isolation, domain isolation, tamper-resistant softwareChange OS/software stackTamper-resistant software, trusted OS, secure bootDoS attackTamper-resistant software, trusted OS, Anti-virus protection, trusted bootSteal OEM dataTamper-resistant softwarePhishingAnti-virusSteal user dataSecure key management, secure storage, tamper-resistant software

The support for each of the security ingredients translates into the following opportunities:

  • Silicon vendors or IHVs: Hardware for trusted boot and DRM, such as TPM
  • OS and software vendors: Develop and deliver hardware and OS-assisted trusted boot, domain isolation, application isolation, anti-virus and DRM-enabled media players
  • Academia: More research into robust crypto algorithms, audio/video encoding/decoding standards and a balanced hardware/software solution that would make efficient use of the CPU.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video