504 Gateway Time-out

Archive for Felix Baum

8 December, 2016


How time flies! It seems that just last week we participated in the ARM® TechCon 2016, but now we are already in December and those of us in United States have survived the Presidential election and Thanksgiving! At that event (and I am not talking about the election or Thanksgiving!), I had the privilege of co-presenting with Jon Taylor from ARM Ltd. on the topic of embedded virtualization and how it would be applicable to the new ARM architecture that was announced at that event – ARM Cortex®-R52.

Read the rest of this entry »

, , , , , , , , , , , , , , , ,

12 August, 2016

Oh my, time really does fly this time of year…

Last weekend, when I first noticed the local stores promoting their back-to-school specials, I suddenly realized that we’re in August already!  And while many in this country associate August with the end of summer vacation and kids going back to school, I tend to associate it with the Intel Design Forum (IDF) in the Bay Area.

S10 homepage bannersThis year IDF is a bit different as on the last day it incorporates a co-event – Intel SoC FPGA Developer Forum. Many of you might remember the Altera SoC Developer Forum (ASDF) which, after the acquisition of Altera by Intel, has been renamed and is now called the Intel SoC FPGA Developer Forum (ISDF). Read the rest of this entry »

, , , , , , , , , , ,

11 July, 2016

As powerful and configurable as the Xilinx Zynq UltraScale+ MPSoC device is, it needs software to allow developers to unleash its power and expose the ‘silicony goodness’ inside.

MultiOS_Multicore_Heterogeneous_UltraScale+There is no one type of software or operating environment that accommodates all of the use cases this device supports – which is why Dave Beal from Xilinx has joined me for a webinar entitled Developing Multiple OSes on a Xilinx® Zynq® UltraScale+ MPSoC . We will talk about the Mentor Embedded portfolio of products that allow Xilinx UltraScale+ customers to run multiple instances of RTOS or Linux or bare metal environments, side by side, natively or supervised (on top of a Mentor hypervisor). This is not only for the ARM® Cortex®-A53 complex cores, but the Cortex-R5 cores as well. Read the rest of this entry »

, , , , , , , , , , , , , , , , , , , , , , ,

3 May, 2016

Last week many of us noticed a flurry of articles talking about Intel® and how they are giving up on Atom™ in the mobile space with walking away from their Broxton and SoFIA SoCs. Some of the Heterogeneous_Multicore-02stories went so far as to declare ARM® as a winner in this round and, while I do not put a lot of credibility into conspiracy theories or jumping on the popular bandwagon, I have noticed that for years ARM licensees have consistently produced successful heterogeneous multicore SoCs that are tailored for devices where power consumption, security and safety are important factors.

It reminded me of the findings in the latest VDC paper, Architecting Success with Heterogeneous Systems, where the evolution of the embedded market, from single core to homogeneous multicore to heterogeneous multicore, is discussed and software design challenges are highlighted. As the Technical Advisor on The Multicore Association® OpenAMP™ committee, I found this paper to provide a good summary of the issues. For providing a solution to these heterogeneous challenges, please tune in to upcoming webinars where I will be presenting on this topic with various silicon vendors or join me in 2 weeks at the NXP-FTF Technology Forum.

Related webinars available on-demand:
Heterogeneous Technologies Power Next Generation Embedded Systems
Unleashing the power of the Altera Multicore SoC FPGAs with the OpenAMP standard
Challenges of Debugging Heterogeneous Multicore SoCs

, , , , , , , , , , , , , , , , ,

25 January, 2016

We’re excited about the OpenAMP news today. Back in July 2014, we announced Mentor’s solution for heterogeneous development, bringing to market a comprehensive commercial solution.

Mentor’s integrated development solution spans device configuration, deployment, and system optimization for multi-operation system devices. You can read more about heterogeneous multicore development in this white paper.

The OpenAMP back story

Mentor Graphics Embedded System Division, sometimes known as Mentor Embedded, has stepped up to be on the board with The Multicore Association® (www.mentor.com/embedded-multicore-openamp ). Along with Xilinx, we lobbied for the creation of a subcommittee under the Multicore Association (MCA) – now formed as the OpenAMP working group. I am serving as a technical advisor to the chairperson of OpenAMP, Tomas Evensen, Software CTO from Xilinx.

But the creation of the subcommittee to drive the adoption of heterogeneous multicore and standard is just the beginning. Working with Xilinx, Mentor contributed initial source code to the OpenAMP open source project. Anyone can download it and get started integrating various distributions of Linux, or an RTOS that they’re currently using on a project (and even bare metal environments) on a variety of the hardware platforms from leading silicon vendors.

And get this… if porting and customizing is not for youOpenAMP – Mentor Graphics has the first commercial implementation of the OpenAMP standard – Mentor® Embedded Multicore Framework that allows users to combine and run side-by-side operating environments offered by Mentor out-of-the-box on hardware from NXP (Freescale), Xilinx, and Texas Instruments in a native, trusted (using ARM® TrustZone®) and supervised (using Mentor Hypervisor) configurations. We will have a demo of the Mentor Embedded Multicore Framework and OpenAMP standard at the ERTS just as we had this and other demos at this year’s Embedded World.

Mentor’s broad commercial solution

The Mentor Embedded Multicore Framework based on the OpenAMP™ standard, is the embedded software industry’s first commercial solution for heterogeneous multicore system-on-chip (SoC) development. Our Multicore Framework is an integrated development solution spanning device configuration, deployment, and system optimization for heterogeneous system architectures. Tightly integrated with Sourcery™ CodeBench development tools, it can be used with the Mentor Embedded Linux® platform, the Nucleus® RTOS, bare-metal applications, Mentor® Embedded Hypervisor, and can also support Mentor Automotive Connected OS™, Volcano™ VSTAR AUTOSAR and Android™.

Whew! There’s so much to talk about. I hope to see you at a Mentor booth for your own personal demonstration.

, , , , , , , , , , , , , , , , , , , , , ,

25 January, 2016

I’m writing this blog while sitting on a plane to France, as I cannot wait to share the news with my readers.

I will soon be at the ERTS http://www.erts2016.org/ event in Toulouse, where Mentor will be demonstrating a number of cool demos:

  • AUTOSAR running on Linux
  • NXP i.MX 6SoloX running multiple OSes on multiple cores
  • A safety certifiable instrument cluster

If you’re planning to attend ERTS, please come by our booth – I would love to explain the technology behind these demos. I would be more than happy to give you a personal demonstration.

Oh, and if you don’t see me at the booth, chances are it’s because I’m presenting a paper during the event! The paper is on multicore and multi-OS technology, and the cat is out the bag sort of speak, so I can actually name the technology behind my paper – OpenAMP™. I will be presenting my paper on Friday, January 29th 2016. Please come see me!multicore_AMP-05_cropped

Mentor has the first commercial implementation of the OpenAMP standard. Our Mentor Embedded Multicore Framework technology allows users to combine and run side-by-side operating environments offered by Mentor to run out-of-the-box on hardware from NXP (Freescale), Xilinx, and Texas Instruments in a native, trusted (using ARM® TrustZone®), and supervised (using Mentor Hypervisor) configurations.

In addition to the three demos mentioned above, we will also have a demo of the Mentor Embedded Multicore Framework and OpenAMP standard. Come see the first implementation of the OpenAMP standard at this year’s ERTS event!

Have a great show everyone.

, , , , , , , , , , , , , , , , , , , , , , , , , , , ,

9 April, 2015

Big question on security of embedded devices.

An embedded device is only as good as the firmware/software running on it.  Icon Labs and Mentor Graphics have partnered to develop a security framework for industrial automation systems. Alan Grau (alan.grau@iconlabs.com) of Icon Labs and I hosted a webinar to address this topic: Developing Industrial Control Systems which meet Security and Regulatory Requirements , which is viewable on demand.

We talked about a security framework that provides a number of security features to protect the device from runtime attacks. During the session, a question was raised about the ways a framework could be used to prevent certain type of attacks in which a hacker replaces the firmware on the device with their own malicious firmware. The question is very relevant as this technique was recently experienced in the real world to reprogram point of sale terminals at retail vendor causing a data breach exposing customer account information.

This question brings up a very important point.  If a hacker is able to replace firmware then they can disable security features and all bets are off.  All of the great capabilities of the security framework could be bypassed.  As such, secure boot is a critical security feature to ensure that embedded devices are running valid software from the OEM, and preventing these types of attacks is extremely important.

How does secure boot work?

Secure boot starts by executing a first stage boot loader stored within secure flash memory provided by the TPM hardware.  This boot loader is stored within protected memory so it cannot be replaced by hackers.

Also stored in protected memory along with the first stage boot loader is the signature and crypto key for the second stage boot loader.  The first stage boot loader calculates the signature of the second stage boot loader using the hardware crypto support and crypto key.  If the calculated signature for the second stage boot loader matches the stored signature, we know the second stage boot loader is valid and allowed to run.  The second stage boot loader repeats this verification process before loading the operating system.


Operating systems supporting loadable applications or tasks can repeat this process yet again with each application before it is loaded.  For RTOSes that are downloaded as a single monolithic image containing both the OS and apps in one image, this process does not need to be repeated at the OS level.  This process can be extended to validate libraries or data files stored on the device.

SoC Features with Root of Trust

The good news is that many silicon vendors provide features in their SoCs to enable secure boot and root of trust. The bad news is that implementation varies from vendor to vendor and even from device to device from the same vendor. As such, a turn-key, one way of doing things approach would not work, but we have worked with major silicon vendors to make sure that framework presented in the webinar could be used with their devices and use the hardware capabilities to anchor the software to the hardware while establishing the chain of trust.


, , , , , , , , , , , , ,

6 April, 2015

Driving to work this morning, I heard a story on smart water meters and how they are changing consumer behavior and the actual annual usage.

The Long Beach (Southern California) water utility announced the effectiveness of their water metering projects using an easily installed electronic device. The data collected from the deCapturevice via wireless connection was monitoring water use exceeding 5 minutes in continuous duration. The utility provided consumers with reports that provided insight on the water used, when and how much. With the increasing cost of water, this program along with increasing costs for water has helped incentivize behavior modification, for example Long Beach has seen an annual decrease of 6% in water used.

The widespread use of advanced metering devices in homes and manufacturing facilities that are connected to the infrastructure support various utility resource use intelligence. The smart utility efforts have been funded by private and government resources, and even deployed under mandate in some parts of the world.

More commodities and basic daily living resources are being monitored and our awareness builds while all the details contributes to the big data explosion long discussed in IoT. These deployments also provide a meaningful use of technology to change our world.

The key concern that has risen to the top of mind is security, the connectivity enabled in end-point devices broaches very real issues that can be addressed in the device design and the connected infrastructure to secure the device and their point in the network. Preventing and mitigating potential vulnerabilities requires some extra steps that can offer reliable device operation and data transport. Read more about securing modern devices in this white paper or watch an archived webinar about developing embedded devices for IoT applications.

, , , , ,

27 November, 2013

At Tokyo Embedded Tradeshow last week, the Mentor ESD team was very busy as we had many medical customers stopping by our booth to find out how Mentor Embedded Hypervisor can help them to address regulatory and ethical issues with protecting sensitive patient information and industrial customers to make industrial equipment secure and more reliable.

The explosion in medical devices is due in part to the growing aging population that expects ambient, assisted living to support modern lifestyles mandates that these devices are easy to use and deploy, with similar user experience as consumer electronics. Using embedded virtualization on the latest multi-core silicon parts from ARM, companies can now securely segregate the general purpose operating systems from the real-time systems. Linux or Android running on these medical devices will be allowed to communicate securely using ARM TrustZone APIs with security-sensitive data such as patient records, while the real-time functions such as diagnostics and patient monitoring take place elsewhere on the device, simultaneously. For example, in many such devices we have seen the need to maintain a very precise and deterministic polling task to sample a particular sensor. Any jitter in this sample date would jeopardize the algorithm and invalidate the information computed based on it producing the wrong measurement.  It is prudent to segregate this type of tasks and algorithms to a separate virtual machine instead of wrestling with a problem of making Linux or Android to meet stringent timing requirements.

In a highly competitive manufacturing environment, many companies cultivate a constant focus on cost cutting while maintaining production throughput and employee safety. To lower operating expenses, a large part of which are the purchase and support of industrial systems, they maximize the length of time they can stay on a particular control system platform for two reasons: increase ROI and reduce the amount of disruption to operations. Virtualization is a key technology that can assist in reducing the frequency of hardware refreshes, the cost of each refresh, and the impact to process operations when a refresh occurs, each of which accomplishes the goal of increasing ROI and mitigating operation disruptions. Tasks, in these industrial control systems, that require real-time and deterministic execution can be given priority through the separation provided by the Hypervisor product. All while the Android or Linux based applications responsible for user interface, image or signal processing or communications to a cloud based server could use this connectivity safely and reliably in a separate virtual machine.

Please take a look at my previous blog entries and the webinar on this topic. Feel free to comment and contact me directly if you have additional questions.

, , , , , , , , , , ,

14 November, 2013

A very good turnout at the webinar I have recently hosted on the topic of Enabling Multi-OS Embedded Systems with Hypervisor Technology. During webinar, I talked a bit about trends in the embedded industry, the way hardware and software vendors are dealing with these trends, walked through the most popular Operating Systems configurations – SMP, AMP and sAMP, highlighted the benefits of embedded virtualization, talked about capabilities of Type1 hypervisor and how using it along with ARM TrustZone technology can help developers to build reliable devices.

If you missed it, no worries, you should be able to access it at this link. Due to the interest to that topic, I have attempted to wrap up the presentation in under 40 minutes leaving ample time for the Q&A. Unfortunately, I was not able to answer all of the questions raised during the event and will be using this blog to post answers to the questions that went unaddressed.

During my presentation, I have described a three use more popular use cases for embedded virtualization:

  1. Over-subscription – when a developer needs/wants to run more payloads than cores available. A good example of that would be running Linux and RTOS next to each other on a single core.
  2. Consolidation – when multiple, independent in the past payloads are being brought together to run on a single multi-core part.
  3. Separation – when sensitive information, resource or algorithm needs to be protected from the rest of the system to ensure security, reliability or safety.

I have asked participants to vote on why on their project they would like to use a hypervisor and although only a subset of folks attended have participated, got these answers:

poll results

It was also interesting to me to find out that overwhelmingly folks are considering for the next project to use ARM architecture:

And when asked about numbers of the cores they plan to use, they responded this way:

All in all, I was not surprised by these results as they correspond very well with my own observations of the trends in the embedded industry.

, , , , , , , , , , , , ,