Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, as found on the ARM Cortex A15 and x86 architectures with Intel VT-x or AMD-V support. Hardware virtualization provides a way to partition physical resources, including processor cores, memory, and I/O devices, among guest virtual machines (VMs). Each VM is then able to host tasks of a specific criticality level, as part of a mixed-criticality system with different timing and safety requirements. However, traditional virtual machine systems are inappropriate for mixed-criticality computing. They use hypervisors to schedule separate VMs on physical processor cores. The costs of trapping into hypervisors to multiplex and manage machine physical resources on behalf of separate guests are too expensive for many time-critical tasks. Additionally, traditional hypervisors have memory footprints that are often too large for many embedded computing systems. In this article, we discuss the design of the Quest-V separation kernel, which partitions services of different criticality levels across separate VMs, or sandboxes . Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention from a hypervisor. In Quest-V, a hypervisor is only needed to bootstrap the system, recover from certain faults, and establish communication channels between sandboxes. This not only reduces the memory footprint of the most privileged protection domain but also removes it from the control path during normal system operation, thereby heightening security.

中文翻译：

---

混合临界系统的虚拟化分离内核

多核和众核处理器在嵌入式系统中变得越来越流行。这些处理器中的许多现在都具有硬件虚拟化功能，如支持 Intel VT-x 或 AMD-V 的 ARM Cortex A15 和 x86 架构。硬件虚拟化提供了一种在来宾虚拟机 (VM) 之间划分物理资源（包括处理器内核、内存和 I/O 设备）的方法。然后，每个 VM 都能够托管特定关键级别的任务，作为具有不同时间和安全要求的混合关键系统的一部分。然而，传统的虚拟机系统不适合混合关键性计算。他们使用管理程序在物理处理器内核上调度单独的虚拟机。对于许多时间关键的任务来说，陷入管理程序以代表单独的客户多路复用和管理机器物理资源的成本太高了。此外，传统管理程序的内存占用量对于许多嵌入式计算系统而言通常太大。在本文中，我们讨论了 Quest-V 分离内核的设计，该内核将不同关键级别的服务划分到不同的 VM 中，或者沙盒. 每个沙箱都封装了它管理的机器物理资源的子集，而无需管理程序的干预。在 Quest-V 中，只需要一个管理程序来引导系统、从某些故障中恢复以及在沙箱之间建立通信通道。这不仅减少了最高特权保护域的内存占用，而且在正常系统操作期间将其从控制路径中移除，从而提高了安全性。