This article is sourced from:Astroys
/ Introduction/
The Operating System (OS) is essential for managing all hardware and software based on computer systems, and is a key software platform in the automotive industry.This article focuses on providing tutorial information and some insights regarding automotive OS strategies.
Each OS varies significantly in functionality, program size, complexity, development workload, hardware requirements, as well as lifecycle maintenance, support workload, and costs. An OS can be a simple control program with thousands of lines of code or tens of millions of lines of code used for mainstream OS like Linux, macOS, iOS, and Windows. The size of the Linux kernel code varies by distribution company, with the GitHub version having about 28 million lines of code.
Wikipedia is a great information source for the history, technology, and products of OS. While there is detailed data regarding OS technology, most of the content is focused on traditional computing systems from mainframes and PCs to smartphones and tablets. There is general information about leading automotive OS like Linux and QNX, but little context and information on the usage of automotive OS.
Overview of Operating Systems
The OS is the interface between computer hardware and applications.This limits an application’s use of hardware by following the rules and procedures embedded in the OS. The OS also includes services that simplify application development and execution. These services include managing all hardware resources that applications will use (loading programs into memory), communicating with sensors and actuators, storing results, and many other functions.
Many additional software functions are considered part of the OS,including so-called middleware, libraries, and other system software.
The capabilities and ecosystem of the OS are also critical for developing applications and software platforms required for software-defined vehicles. In other words, the best OS choice needs a large ecosystem and infrastructure to support the growing software-defined vehicle of the future.
The table below summarizes the requirements for automotive OS.
Many features of an OS determine its capabilities. A single-task OS can only run one program at a time, while a multitasking OS can run multiple programs. A single-user OS does not have tools to distinguish users but can allow multiple programs to run simultaneously.
A multi-user OS extends multitasking to run programs from multiple users. This requires tracking the hardware and software resources each user is using. The system allows multiple users to interact with the system simultaneously.
The OS kernel includes all critical functions for managing hardware and software. There are two main ways to organize kernels: monolithic or microkernel OS. A monolithic architecture includes all core OS functions in kernel space, with all system calls and OS services located in one place. Linux is a leading monolithic OS.
Microkernel OS has the minimal amount of software necessary to provide the mechanisms required to implement the OS. Other OS services are organized as layered services that can be activated by the microkernel as needed. This means that microkernel OS has a modular architecture.
The advantage is that the code space of the microkernel is small and is more secure than monolithic OS. The modular OS structure is more suitable for most automotive ECUs. QNX is a leading microkernel OS.
A hypervisor is a small software platform used to manage multiple OS platforms and their applications. It can also be referred to as a virtual machine (VM) monitor, which is software that runs VMs.
Virtualization technology has been applied in the computer industry since the 1960s and is a key technology in IT data centers. Hypervisors are important for combining infotainment and functional safety features.
Many ECUs require OS with functional safety certification. This means passing ISO 26262 certification and obtaining various ASILs (Automotive Safety Integrity Levels). ASILs range from low to high in four levels: ASIL A, B, C, D.
All AUTOSAR-based OS (like Vector’s Microsar OS, ETAS’s RTA-OS, and Elektrobit’s EB Tresos Safety OS) have functional safety ratings. The other three products are also commonly used in automotive ECUs: Green Hills Integrity RTOS, Wind River VxWorks, and BlackBerry QNX.
Functional Safety OS cannot manage large complex software codes of ECUs like infotainment systems and emerging ADAS/AD ECUs. The only exception is QNX, which leads in the infotainment space and is well-positioned for ADAS and AV domain ECUs.
The demand for high-performance OS in infotainment systems has opened the door for Linux versions, making it the most popular infotainment OS globally in the past five years (excluding China). One downside of Linux is the lack of functional safety certification. When functional safety applications need to be part of a Linux-based ECU, hypervisor OS has been the solution for Linux.
It appears that Linux will at least have a functional safety version in the near future. In May 2022, General Motors announced it would use a Red Hat Linux version that is obtaining functional safety certification. General plans to launch products in 2023. It is still unclear whether Red Hat has obtained functional safety certification, but other Linux vendors are likely to try to obtain functional safety certification. Google’s infotainment OS is rapidly evolving and looks like a candidate for functional safety.
The key to OS success is support from a large ecosystem. The more software platforms that support an OS, the more successful it becomes. It is also important that the OS can run on leading microprocessor platforms and specific MCU implementations. However, this requirement is easily met since automotive ECUs are primarily based on Arm microprocessors.
All MCU application software must run through the OS, which means a successful OS must have good software development support.
There are many factors that determine the cost of using an OS. This article assumes that the OS is purchased by the automotive OEM rather than developed.
The first factor is the licensing cost of the OS, which includes the OS kernel, middleware, and library software (such as math, floating point, graphics, etc.). Linux kernel OS is an open-source free software platform. In most cases, Linux middleware and some libraries require licensing fees.
The size of the OS will impact the amount of hardware required to run the software and its applications. The total code size affects the maximum permanent storage size required. In the disk era, this was not a significant factor since most hard drives were large enough. Today, permanent storage is primarily NAND chips or eMMC modules, which often add extra costs to OS size.
The OS footprint is the RAM required to run the OS and its applications. Similarly, the size of the OS footprint will affect the memory costs of the system.
Another factor is hardware costs, where the OS may impact MCU costs. A large OS may increase the required MCU performance, which could raise hardware costs.
The discussion in this article aims to weigh all potential OS cost factors. It is easy to assume that the free OS kernel of Linux will provide enough cost savings to outweigh the potential extra costs incurred by a large OS.
ECU software development is critical to the automotive industry, with its complexity and workload continually increasing.Traditional ECU software development was initially completed through SDKs provided by multiple vendors. SDKs have been replaced by IDEs, which have better functionality and have expanded into web-based IDE systems. Eclipse IDE has become the most popular software development system in the automotive and many other industries. Eclipse is managed by the Eclipse Foundation, a nonprofit organization created by IBM in 2001.
Web-centric software development is rapidly evolving, with Amazon AWS being particularly active.AWS is forming partnerships to meet better software development needs, including SaaS capabilities. Microsoft Azure and other companies are also experiencing similar growth.
Providing software development systems focused on functional safety applications is also a trend. Apex.AI is a typical example of this trend.
The OS also needs to include support for emerging technology demands.Cybersecurity is paramount, and all OS will have security as a core function. Additional hardware, software, and cloud-based cybersecurity are becoming standard for software-defined vehicles, requiring as much support as possible, including support from the OS.
OTA software updates are also becoming increasingly important and can benefit from additional support from OS services. The capabilities of OTA platforms in embedded software and cloud functions are increasing.
ECU data extraction is the third type of functionality for connected vehicles. It can also benefit from OS services and new features.
All automotive ECUs require a control program or OS to manage various programs to control hardware components and applications designed for each ECU. As the complexity of ECUs increases, so does the complexity of the OS. Vehicle manufacturers will need multiple OS to cover a wide range of capabilities and functions of ECUs.
For simple ECUs, OEMs seem to prefer AUTOSAR-based OS.AUTOSAR’s capabilities have improved, but it cannot handle the complexity of high-end ECUs, such as infotainment and most domain controllers. Green Hills and Wind River both have excellent OS, with high safety and security ratings, making them good options.
High-end ECUs primarily use QNX or Linux versions as OS, with QNX being the preferred choice when functional safety is required. Linux has surpassed QNX to become the most popular infotainment operating system. QNX is becoming the preferred choice for domain controllers, at least for ADAS and AV domain controllers.
Many media reports indicate that several automakers, including Volkswagen and Mercedes-Benz, are discussing developing their own OS. Does this mean they are considering developing rather than purchasing? This strategy is not without risks.
Developing an OS is a challenging task, as an OS may have a lifecycle of 30-40 years, requiring regular updates and ongoing technological improvements. Linux has evolved for about 30 years, while QNX has evolved for nearly 40 years.
Developing an automotive OS requires a significant amount of specialized expertise, which is currently limited and requires years of development time.
General’s strategy is to use Red Hat Linux with functional safety certification, which is a better approach than developing an internal OS for complex ECUs.
What is the best long-term OS strategy? Best practice is to start with the safest OS from two ECU categories (low complexity and high complexity). Why? Because cybersecurity issues will be the most challenging problems the automotive industry faces for decades, and the OS will play a vital role.
For low-complexity ECUs, Green Hills has the highest safety and security certifications, including FAA certifications for aircraft use.
For high-end ECUs, QNX has higher safety and security certifications than Linux versions and is likely to maintain this ranking (even if some Linux versions obtain ISO 26262 certification). QNX’s microkernel architecture makes the OS more secure. New standards for AVs (ISO 21448, UL 4600, and IEEE P2851) can use some useful features in the OS, and QNX may be the first to develop these features.
Original article title: “Perspectives on Automotive Operating Systems”
Perspectives on Automotive Operating Systems — Egil Juliussen
Follow our official account for more information
Membership application Please reply “Individual Member” or “Corporate Member” in the official account
Welcome to follow the media matrix of the China Command and Control Society
CICC Official WeChat Account
Official Website of the Journal of Command and Control
Official Website of the International Unmanned Systems Conference
Official Website of the China Command and Control Conference
National Wargame Competition
National Aerial Intelligent Game Competition
