How Embedded Hypervisors Work and Improve Embedded Products and Systems
Published Aug 31, 2021 | Updated Oct 17, 2022
By Risto Avila
Risto Avila, Technology Director @ The Qt Company. Risto is specialized in embedded software development and system integration.
Embedded hypervisors help thousands of embedded products work smoothly and more safely. Together with my colleague Miao Luo, we've worked with embedded hypervisors for years. Here are some of our thoughts, and those of experts, on how hypervisors improve embedded systems.
In this Article:
What is an embedded hypervisor?
An embedded hypervisor is a software or hardware layer in an embedded system that allows more than one operating system (OS) to run on a single hardware platform.
The purpose of hypervisors in embedded systems
The purpose of an embedded hypervisor is to allow different operating systems, software, components, and functions of an embedded system to work independently of each other.
This activity occurs while the OSs work on a single hardware platform. The embedded hypervisor segments the different functions, which enhances the security for each one. The hypervisor can also ensure the workings of less time-sensitive system parts don't compromise the parts of the system that need real-time performance.
How hypervisors allow for embedded virtualization
Embedded virtualization segments the elements of a single piece of hardware into "virtual computers," sometimes called "virtual machines." So, different OSs can do varying work as if they were each running on their own computer. Hypervisors are the hardware or software layer below the OSs that allow that to happen.
You can learn more about how embedded operating systems work, including examples. You can find more information about hypervisors and how they fit within embedded systems in Qt's Embedded Product Planning and Requirements Guide.
Types of hypervisors
There are two types of hypervisors. A Type 1 hypervisor runs on the hardware to control it. A Type 2 hypervisor runs as software on top of an OS and coordinates virtual machines above it.
- Type 1 hypervisor: They are sometimes called a "bare metal" hypervisor because you install it directly on the hardware. Type 1 hypervisors are generally faster and more efficient. They do not need to process through an operating system and other layers. They are also more secure than Type 2 hypervisors.
- Type 2 hypervisor: This piece of software runs on an operating system and coordinates the need for hardware resources from various OSs or software. Type 2 hypervisors are easier to set up and manage because they work on top of the underlying OS, making it easier for them to work with a wide range of hardware. They are not as efficient as Type 1 hypervisors, so their performance can sometimes lag. They are also less secure.
Benefits of embedded hypervisors
A benefit of embedded hypervisors is that they help an embedded system or device run more efficiently and increase security. They also segment how the system works so malfunctions in one part don't affect the rest of the system.
Some top embedded hypervisor benefits:
- Efficiency: Embedded systems often include a real-time requirement—a specific process must be completed within a particular time period; Sometimes, that’s to avoid system failure. But the systems also may include other processes that are less urgent and have no real-time requirement. A hypervisor allows different operating systems to perform those processes separately. Any delays or process issues in the non-real-time process don’t affect what needs to happen in real-time.
- Security: A hypervisor provides a strong layer of protection between various operating systems or virtual machines. That layer allows engineers to ensure operating systems or virtual machines that need stringent security to adhere to that level of communication and policies. Other OSs can continue to work with less security if they don't need to meet the same security requirements.
"Embedded hypervisors make a critical difference when building a device with functional safety requirements.”
QT’s Embedded Product Planning and Requirements Guide
- Compartmentalization: A hypervisor allows operating systems to run entirely independently of each other. If one system malfunctions or crashes, it will not affect any other OS running on the hardware.
To illustrate the concept, Burkhard Stubert, an independent software developer and consultant specializing in embedded systems, uses the example of an embedded device using a non-real-time Linux operating system and another real-time OS doing safety-critical work.
"The hypervisor makes sure that the two operating systems are isolated from each other," Stubert says. "You do not want the Linux system, which is non-safety, to influence your safe and secure system—the real-time operating system. So, the hypervisor separates them cleanly, and they cannot influence each other. If your Linux system crashes, it crashes. It has no effect on your real-time OS.”
- Lower certification costs: Certain embedded devices require certifications. Safety certifications are a primary example. Embedded hypervisors can make certification easier and lower certification costs since you can separate and entirely isolate a system component that needs to meet certification standards. That means only that component needs to meet the certification standards. (Embedded engineers can learn more about how to use Qt to help them create separate safety-critical functions to help with certifications in an embedded system.)
- Better handling of complex systems: New products, including traditional and eventually, self-driving cars, will use hugely increasing amounts of complex software to help them operate. It would be much more complicated, or impossible, for that software to work on a system requiring a number of pieces of hardware without technologies like hypervisors.
"The complexity of the software for the future will be more and more complicated," says Miao Luo, Director of Product Management for Qt, who oversees the company’s automotive work. "Today, a single vehicle will come with roughly around 100 million lines of (software) code. And we're talking over a billion lines of code for self-driving cars. Old legacy architecture will not support that. So, we need to come up with more simplified vehicle software and hardware architectures."
- Malware detection: Some hypervisors can detect malware that might have moved into any of the virtual machines or operating systems. The hypervisor can flag that malware and allow engineers to address it.
Features of embedded hypervisors
Beyond some of the main benefits listed above, embedded hypervisors offer features that can help the embedded device work better or run more efficiently.
Some other features of embedded hypervisors include:
- Ability to run on multi-core processors and virtual machines that are different from each other.
- Ability to boot up from virtual machine images.
- Uses all system and hardware resources more efficiently.
Requirements for hypervisors
An embedded hypervisor must meet several primary requirements. Most importantly, it must work well in the embedded system's processor architecture and use minimal computer resources.
Several primary requirements for embedded hypervisors:
- Fits the processor architecture: Traditional computer systems use one of a few common types of processor architecture. But embedded systems and devices use a wider range of processors. You will need to ensure you choose a hypervisor that works well with the processor architecture in your system.
- Consumes few resources: Most embedded systems have stringent limits on resources, including power and computer memory. An embedded hypervisor must work well within those constraints.
- Quick communication: An embedded hypervisor must support low-latency or extremely fast communication among all system components.
Embedded hypervisor vs. conventional or enterprise hypervisor
A conventional or enterprise hypervisor runs on a regular desktop computer or network of desktop computers. This kind of hypervisor allows the computers to use all the hardware better. This type separates different uses of the computer, and you install it after deploying the desktop computers or networks.
An embedded hypervisor is different. Engineers design an embedded hypervisor into the embedded system from the start. And the embedded hypervisor, in essence, coordinates all of the functions of the system. An embedded hypervisor is essential for the device to operate.
When to use an embedded hypervisor
Use an embedded hypervisor anytime your embedded device needs to keep functions separate from each other to work best. You'll especially want to use a hypervisor if your device has certain real-time requirements.
Examples of embedded hypervisors
There are open source and commercial versions of embedded hypervisors. The type of hypervisor you choose will depend on how you will use the embedded device.
Open-source embedded hypervisors:
- Xvisor Hypervisor
The Xvisor hypervisor is an open-source Type 1 option that’s used on ARM processors, among others.
- ACRN Hypervisor
ACRN is an open-source hypervisor especially used in Internet of Things (IoT) devices. The hypervisor supports Linux, Android, and real-time operating systems.
Commercial embedded hypervisors:
- QNX Hypervisor for Safety
The QNX Hypervisor for Safety brings together multiple operating systems on a single system on a chip. This option is popular in and certified for use in vehicles in particular.
- INTEGRITY Multivisor
INTEGRITY Multivisor is also a leading hypervisor in the automotive industry, helping multiple OSs operate on common hardware.
- Nucleus Hypervisor from Siemens
The Nucleus Hypervisor is a Type 1 hypervisor built for embedded devices that need fast startups.
- OKL4 Hypervisor
The OKL4 is a real-time Type 1 hypervisor owned by General Dynamics. The hypervisor supports Linux, VxWorks, and Android operating systems, among others.
Embedded hypervisor use cases
Engineers use embedded hypervisors in a broad array of devices. But they especially use them in three areas: the automotive industry, the medical industry, and large industrial uses like in factories, power plants, and mines.
Use cases for embedded hypervisors
- Medical industry: Medical devices often have a mixture of real-time and non-real-time needs. They also have strict performance and operational requirements. The industry has stringent security issues relating to patient information. Embedded hypervisors help with all of that because they can ensure security requirements are met.
- Automotive industry: Cars and trucks use embedded systems and embedded hypervisors extensively. The instrument cluster and entertainment system run on multiple OSs, and one hardware platform, with the help of hypervisors.
"One of the clear use cases for hypervisors is to separate what's critical and what's not," Luo explains. “An instrument cluster on the dashboard of a car is full of mission-critical information, whether it's speed or the gear, or whether it's in drive mode, or reverse. All of that information is very critical, and it is important to separate that from the non-mission critical information, like the infotainment (like music sources). So even though you're running a single piece of hardware, you still need to maintain two separate operating systems, in order to stay independent. And crashes (in the non-urgent system) don't affect the entire cluster."
Hypervisors help with a range of other unseen OS tasks as well, including vehicle diagnostics. (You can learn more about how Qt has worked with Green Hills Software to build state-of-the-art instrument clusters to allow drivers to understand everything happening with their vehicle as they are driving.)
- Industral uses: Factories, power plants, mines, and similar industrial sites often use embedded systems and devices with real-time requirements. Experts are also increasingly concerned about cyberattacks at many of these facilities. Embedded hypervisors are an important part of meeting these needs because they can also help detect malware.
- Other uses of embedded hypervisors: Many industries and products use embedded hypervisors. Smartphone manufacturers use them to allow people to operate the device for personal and secure business uses. The equipment that allows you to enter a PIN to use your credit or debit card also uses an embedded hypervisor.
Embedded hypervisors improve embedded systems
A large number of embedded devices and systems require safe and secure hypervisors. In fact, many of these systems could not work well—or at all—without embedded hypervisors. They help them operate more efficiently, meet security requirements, and can detect malware.
The safest embedded devices are built with Qt
Functional safety requirements are increasingly relevant in different markets – after all, who wouldn't want safer highways, hospitals, railways, and factories? With Qt you can develop modern embedded systems that are both functionally safe and user-friendly. On top of its already robust C++ foundation, Qt supports not only hypervisors and embedded RTOS, but also provides useful tools like the Qt Safe Renderer certified by TÜV NORD that help bullet-proof your embedded devices.
Learn more about Qt 6 and how to create functionally safe software.
The Embedded Product Planning and Requirements Guide
In this guide for IoT and embedded product planning, we examine the most important criteria to consider at the outset, compare a list of the most used technologies, and rate them in easy-to-compare categories.Download