XtratuM | |
Developer: | Real-Time Systems group. Universidad Politécnica de Valencia |
Genre: | Hypervisor for safety-critical systems |
License: | GNU GPL-2.0 |
XtratuM is a bare-metal hypervisor specially designed for embedded real-time systems available for the instruction sets LEON2/3/4 (SPARC v8), ARM v7 and V8 processors (TMS570, R5, A9, A52, A53) and RISC-V processor.[1]
It was initially developed by the Universidad Politécnica de Valencia (Spain). XtratuM was released as free and open-source software, subject to the requirements of the GNU General Public License (GPL), version 2 or any later.
A new version of XtratuM from scratch (XtratuM New Generation XNG) is commercialized by fentISS under a proprietary license. It has been qualified for critical systems.
XtratuM is a hypervisor designed for embedded systems to meet safety critical real-time requirements. It provides a framework to run several operating systems (or real-time executives) in a robust partitioned environment. XtratuM can be used to build a MILS (Multiple Independent Levels of Security) architecture.
The name XtratuM derives from the word stratum. In geology and related fields it means:
Layer of rock or soil with internally consistent characteristics that distinguishes it from contiguous layers.
In order to stress the tight relation with Linux and the open-source movements, the “S” was replaced by “X”. XtratuM would be the first layer of software (the one closest to the hardware), which provides a solid basis for the rest of the system.
XtratuM 1.0 was initially designed as a substitution of the RTLinux HAL (Hardware Abstraction Layer) to meet temporal and spatial partitioning requirements. The goal was tovirtualize the essential hardware devices to execute several OSes concurrently, with at least one of these OSes being a RTOS. The other hardware devices (including booting) were left to a specialdomain, named root domain.
After this experience, it was redesigned to be independent of Linux andbootable. The result of this is XtratuM 2.0 which is type 1 hypervisor that uses para-virtualization. Thepara-virtualized operations are as close to the hardware aspossible. Therefore, porting an operating system that already works on thenative system is a simple task: replace some parts of the operating system HAL with the corresponding hypercalls.
The design of a hypervisor for critical real-time embedded systems follows these criteria:
In the case of embedded systems, particularly avionics systems, the ARINC 653 standard defines a partitioning scheme. Although this standard was not designed to describe how a hypervisor must operate, some parts of the model are quite close to the functionality provided by a hypervisor.
The XtratuM API and internal operations resemble the ARINC 653 standard. XtratuM is not an ARINC 653 compliant system. The standard relies on the idea of a separation kernel defining both the API and operations of the partitions and also how the threads or processes are managed inside each partition.
XtratuM hypervisor supports the LEON 2/LEON 3/LEON 4 (SPARCv8) and Cortex R4/Cortex R5/Cortex A9 (ARMv7) architectures.
XtratuM support as execution environments:
uLITHOS
runtime