RTOS, INTEGRITY, Embedded RTOS, MILS, secure operating systemReal-Time Operating System

▶ GHS INTEGRITY

 

 

 

 

 

▶ Description

The flagship of Green Hills Software operating systems—the INTEGRITY RTOS—is built around a partitioning architecture to provide embedded systems with total reliability,  absolute security, and maximum real-time performance.

With its leadership pedigree underscored by certifications in a range of industries, INTEGRITY sets the standard for real-time operating system safety, security, and reliability.

1. Maximum performance, security, reliability


The INTEGRITY architecture supports multiple protected virtual address spaces, each of which can contain multiple application tasks.

From inception, the INTEGRITY RTOS was designed so that embedded developers could ensure their applications met the highest possible requirements for security, reliability, and performance.

To achieve this, INTEGRITY uses hardware memory protection to isolate and protect embedded applications.

Secure partitions guarantee each task the resources it needs to run correctly and fully protect the operating system and user tasks from errant and malicious code—including denial-of-service attacks, worms, and Trojan horses.

Unlike other memory-protected operating systems, INTEGRITY never sacrifices real-time performance for security and protection.

 

2. Integrated middleware and platforms

To help developers jumpstart product development, Green Hills Software offers an extensive array of middleware integrated and validated for INTEGRITY, including:

  • FFS, FAT, NFS, and journaling file systems
  • IPv4/IPv6 host and routing networking stacks
  • FIPS 140-2 certified Suite B enabled embedded encryption library
  • Advanced Layer 3 routing protocols
  • web services: HTTPS, SOAP, AJAX, JSON, XML
  • Wi-Fi support: WPA2, Bluetooth, 3G
  • USB host stack, device stack and class drivers
  • 2d, 3D, and OpenGL graphics

Each of these middleware packages has been pre- integrated and tested to run seamlessly with and take full advantage of INTEGRITY’s advanced RTOS capabilities.

For selected industries, Green Hills Software offers platforms that provide an completely integrated ecosystem.

Each platform includes the INTEGRITY RTOS as well as development tools, industry-specific middleware, reference hardware, and documentation.

By combining all the core software and documentation into a highly-integrated platform developers can :

 

  • more readily develop and deploy a targeted device
  • accelerate time-to-market
  • reduce development risk
  • focus more on quality and innovation

3. Guaranteed separation

The INTEGRITY RTOS provides all the capabilities embedded designers need to enforce the policies of separation, damage limitation, and information flow control as well as provide secure networking for today’s more complex and connected applications.

 

INTEGRITY’s separation kernel protects against damage from errant or malicious code by preventing processes from writing beyond assigned memory regions.

In addition, INTEGRITY’s partitions prevent unintended access to data from outside the partition where the data resides.

 

 

4. Architected for reliability

Traditional operating systems can crash, lock up, or execute uncontrollably, resulting in costly consequences—a lost satellite, a stalled car, a failing medical monitor.

But the INTEGRITY RTOS protects both critical applications and itself from the malfunctions that can lead to these failures.

To do this, INTEGRITY provides guaranteed system resources that ensure that CPU time and memory resources will always be available to individual processes,

no matter what any other process attempts to do.

 

Malicious or unintended events can deny access to system resources and keep system processes from running as intended.

To prevent these denial-of-service attacks, INTEGRITY can assign fixed budgets of CPU time and memory to each process.

By guaranteeing a time window for a particular process, these fixed budgets also preserve the integrity of other processes by preventing running tasks from executing beyond their window.

 

5. Hard real-time performance

 

To guarantee minimum interrupt latency, the INTEGRITY kernel never blocks or masks interrupts even while manipulating critical data structures.

 

*Based on the Freescale QorIQ P2020 at 1200MHz

As one of the first RTOSes to leverage hardware memory-management units (MMUs), INTEGRITY is a hard real-time operating system that never sacrifices real-time performance for security and protection. INTEGRITY can respond to events in nanoseconds, guaranteed.

 

All INTEGRITY kernel services have been carefully optimized to minimize the overhead of system calls. System calls can be suspended to allow others to execute. INTEGRITY uses a real-time scheduler that supports multiple priority levels and enables complete control over CPU percentage allocation.

The INTEGRITY RTOS always services the highest priority interrupt with absolute minimum latency.

To guarantee this, the kernel never masks or blocks interrupts. The kernel also avoids instructions with long latencies that could temporarily block interrupts on some systems.

 

6. Guaranteed memory resources

The INTEGRITY RTOS protects memory many ways  :

 

  • from exhaustion
  • from damage
  • from unauthorized access

INTEGRITY’s unique memory quota system keeps one address space from exhausting the memory of any other.

To prevent kernel memory exhaustion, INTEGRITY requires that kernel memory not be used for messages, semaphores, or other kernel objects created in response to process requests. Instead, the kernel performs all services requested by a process using the memory resources that the requesting process supplies.

To prevent the risk of user stack overflow, INTEGRITY’s kernel has its own memory stack.

Without this, the kernel would need to access the user process’ stack.

But this can lead to problems because it is impossible for the user process to anticipate the maximum stack size if it is subject to use by unknown code (i.e., the kernel).

7. Advanced multicore support

multicore, INTEGRITY, SMP, AMP, multiprocessing
INTEGRITY’s flexible multicore processor support provides users with a wide range of system architecture possibilities while delivering real-time deterministic performance with secure, reliable separation policies.

The modern architecture of INTEGRITY is well suited for multicore processors targeting embedded systems.

INTEGRITY provides complete Asymmetrical Multiprocessing (AMP) and Symmetrical Multiprocessing (SMP) support that is optimized for embedded and real-time use.

Embedded system designers can select the multiprocessing architecture that is right for the task.

When coupled with the advanced multicore debugging features found in the Green Hills MULTI tool suite, developers will reduce their time-to-market while increasing system performance and reliability.

 

8. INTEGRITY Multivisor secure virtualization architecture

INTEGRITY Multivisor, secure virtualization, hypervisor, embedded 
INTEGRITY Multivisor combines general purpose guest operating systems with a comprehensive ecosystem of real-time applications, middleware, and drivers. 

INTEGRITY­ Multivisor is a robust and portable virtualization infrastructure with an architecture flexible enough to handle the wide variety of hardware capabilities available across today’s microprocessors. ISV maximizes the use of available hardware virtualization facilities while minimizing or eliminating modifications to guest operating systems.

 

Many silicon manufacturers now include hardware assisted virtualization technology—such as ARM Virtualization Extensions (VE), Intel VT-x and VT-d, and virtualization-enabled Power Architecture. For these architectures, INTEGRITY Multivisor supports high performance “full virtualization” where no changes to the guest operating system are needed. Where device access must be shared between guests and/or applications, it’s easy to add applications that coordinate access to the hardware.

On processors lacking hypervisor mode assistance, INTEGRITY Multivisor applies carefully crafted, minimally intrusive modifications to the guest operating system to maximize performance without sacrificing ease of migration and portability.

 

INTEGRITY Multivisor provides flexible and powerful mechanisms for managing cores.

The Multivisor can statically bind guest operating systems to cores, in an Asymmetric Multiprocessing (AMP) model, or dynamically schedule workloads in a Symmetric Multiprocessing (SMP) model, depending on system requirements.