Quest-V: A Secure and Predictable System for IoT and Beyond Richard - - PowerPoint PPT Presentation

quest v a secure and predictable system for iot and beyond
SMART_READER_LITE
LIVE PREVIEW

Quest-V: A Secure and Predictable System for IoT and Beyond Richard - - PowerPoint PPT Presentation

Feb 19, 2024 213 likes •497 views

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science Talk Outline Background on embedded single board computers (SBCs) Quest(-V) OS for x86 SBCs Work status Lessons

slide-1
SLIDE 1

Quest-V: A Secure and Predictable System for IoT and Beyond

Richard West richwest@cs.bu.edu

Computer Science

slide-2
SLIDE 2

2

Talk Outline

  • Background on embedded single board computers (SBCs)
  • Quest(-V) OS for x86 SBCs
  • Work status

– Lessons learned – Wish list – Impact, papers, etc

  • Case study: Quest(-V) for web-connected 3D printers
  • Current & future work
  • Final words
slide-3
SLIDE 3

3

Emerging Multicore SBCs

slide-4
SLIDE 4

4

Intel vs ARM SBCs

  • ARM: Raspberry Pi, Nvidia Jetson TX1/TX2 & many others

– Pi 3 Model B: 4 Cortex-A53 cores @ 1.2GHz, 1GB RAM, Broadcom GPU – Nvidia Tegra Xavier (automotive AI): 8 ARM64 CPU & 512 CUDA GPU cores

  • x86: Joule, Aero, Up Squared, etc

– Up Squared: 4 CPU cores (Apollo Lake Atom/Celeron/Pentium), Gen 9 iGPU – Intel Go (automotive): Xeon/Atom CPUs, Arria 10 FPGA hardware accelerators

  • x86 largely standardized according to PC specs

– BIOS/UEFI, ACPI, PCIe – Makes OS development less fragmented for different targets

  • Less standardization amongst ARM SoC vendors

– Bootloader (e.g., U-boot) loads device trees for board-specific configurations – ACPI not common in ARM embedded systems

slide-5
SLIDE 5

5

Potential for Smart Devices

slide-6
SLIDE 6

6

Need New Systems

  • (Embedded) OSes that are:
  • Timing Predictable
  • Safe
  • Fault Tolerant
  • Secure
  • Multicore
  • Mixed-criticality-aware
  • Enter Quest-V
slide-7
SLIDE 7

7

Example Quest-V Automotive System

Real-time Command & Control Real-time Command & Control Real-time Sensor Data Processing Real-time Sensor Data Processing Memory Memory Monitor Monitor ... ... Core(s) Core(s) Core(s) Core(s) Core(s) Core(s) Display & External Comms Display & External Comms Comms Monitor Monitor Monitor Monitor Memory Memory Memory Memory I/O Devices e.g. Motors, Servos I/O Devices e.g. Motors, Servos I/O Devices e.g. Cameras, LIDAR I/O Devices e.g. Cameras, LIDAR I/O Devices e.g. GPU, NIC I/O Devices e.g. GPU, NIC Hardware Kernel VCPU(s) VCPU(s) VCPU(s) VCPU(s) User More Critical Less Critical Sandbox 1 Sandbox 2 Sandbox M ...

V2V, V2I Infotainment

INTERNET Sandboxes on multicore platform replace CAN bus nodes Sandboxes on multicore platform replace CAN bus nodes

slide-8
SLIDE 8

8

Work Status

  • AIM: Insights from Implementing Quest(-V) on Intel SBCs
  • [Done] Quest running on Galileo, Edison, MinnowMax, Joule &

Aero

  • [Near Completion] Quest-V running on Joule & Aero

– [In progress] Quest-V Linux (works on Aero) – [In progress] Drivers for BMM150 (Compass) + BMI160 (IMU) + GPIOs

  • [Version 1 complete] Qduino API

– Includes support for multiple cores – QduinoMC – Tested on 3D printer & now working on UAVs

  • [In progress] Work with automotive partner (Drako Motors)
slide-9
SLIDE 9

9

Lessons Learned

  • Intel SBCs for “smart” devices

– Multiple cores (good for multi-tasking) – VT-x capabilities for security/isolation/fault tolerance – GPIOs for interfacing sensors + actuators – PWMs for motor & servo control – Serial interfaces for device communication – Shared caches + memory bus affects temporal isolation (not good for real-time!)

  • ARINC 653 requires space-time isolation b/w cores
slide-10
SLIDE 10

10

Wish List 1/2

  • Temporal isolation b/w cores

– Support for cache + bus isolation (way partitioning, page coloring, TDMA bus management?) – Cache-allocation technology (CAT/CMT) available on Xeons but not (yet?) Intel SBCs

  • Integrated GPU support

– Joule, Aero, Skull Canyon are a good start – Needed for vision+AI+deep learning tasks – Edge devices where remote (cloud) processing is impractical

slide-11
SLIDE 11

11

Wish List 2/2

  • Simplified VT-x support

– Basic memory partitioning b/w sandboxes

  • Tagged memory regions for confidentiality +

integrity on secure information flows between sandboxes

  • H/W-assisted port-based I/O interposition

– To prevent sandbox discovery/access to unauthorized devices

slide-12
SLIDE 12

12

Impact

  • IEEE RTAS 2017 (QduinoMC)

– Outstanding paper, best student paper

  • ACM TOCS Journal 2016 (Quest-V)
  • IEEE RTSS 2016 (MARACAS)
  • IEEE RTSS 2015 (Qduino)
  • ECRTS 2016 (Quest Mixed-Criticality Scheduling)
  • Quest-V is being adopted by Drako Motors as part of DriveOS
  • Mercury Systems shortlisted Quest-V as the only academic system

to meet their first phase requirements for a separation kernel

  • Quest-V well known in real-time research community
slide-13
SLIDE 13

Web-connected 3D Printer

Remote Job Submission Local Slicing Correctness Verifjcatjon

Case Study: Quest(-V) Web- Connected 3D Printer

Print

slide-14
SLIDE 14

Microprocessor Atmel AVR, 8 bit, 20 MHz SRAM 8 KB I/O UART, SPI, I2C, PWM, GPIO

Controller

Web Server

Extruder Motor Motor Motor

Printrbot Simple Metal

slide-15
SLIDE 15

Custom Controller

RAMPS shield Companion Analog Circuits MinnowMAX

Custom Controller

Opportunity for x86-based 3D printer controller with wireless web server capabilities

slide-16
SLIDE 16

Marlin Firmware

Main loop Read G-code

G-code

Translate to motor rotatjon

Timer1 Interrupt

Interpret Motor Data Stepper Motor

Timer2 Interrupt

Adjust fan & heater

Temperature

Temp Control PID Temperature PID output

Variable Period 8ms Period

Motor Extruder

Marlin Firmware

slide-17
SLIDE 17

Original Marlin Linux Port Main loop + interrupts handlers Multjple threads Timer interrupts Periodic nanosleep AVR I/O instructjons Intel MRAA IoT library lightupd + spooler

Is this bad? Why?

Marlin on Linux

Jituer of the extruder, when submittjng relatjvely large fjles MinnowMAX Linux Marlin lightupd

Spooler

Spooler

Marlin on Linux

slide-18
SLIDE 18

The Timing Problem H L d γ T T T

The Timing problem

slide-19
SLIDE 19

struct timespec period = {.tv_sec = 0, .tv_nsec = 100000}; while (1) { nanosleep(&period, NULL); /* sleep for 100 us */ mraa_gpio_write(GPIO6, HIGH); /* write 1 to gpio6 */ mraa_gpio_write(GPIO6, LOW); /* write 0 to gpio6 */ }

10 kHz Pulse Train Frequency Period Theoretjcal 10 kHz 100000 ns Linux 7.91 kHz 100000 ns + 26422 ns Original PrintrBoard 9.96 kHz 100000 ns + 401 ns Unstable

10kHz Pulse Train

slide-20
SLIDE 20

10 kHz Pulse Train sysfs framework gpiolib framework GPIO Driver 15.7% 3.9% 40.1% Scheduler hrtjmer framework Kernel Crossing 2.2% 9.2% 29.3% Lack of API with low and predictable overheads

struct timespec period = {.tv_sec = 0, .tv_nsec = 100000}; while (1) { nanosleep(&period, NULL); /* sleep for 100 us */ mraa_gpio_write(GPIO6, HIGH); /* write 1 to gpio6 */ mraa_gpio_write(GPIO6, LOW); /* write 0 to gpio6 */ }

10kHz Pulse Train (Linux)

slide-21
SLIDE 21

QduinoMC Goals Design Easy to use Easy to port existjng Arduino programs Leverage multjple cores Multjthread loops Pinning loops to cores Interrupt routjng Allow QoS specifjcatjon Loop budget and period Low I/O access overhead User-level I/O access Simple APIs based on Arduino

loop (loopID, budget, period, [coreID]) noInterrupts (device, coreID) noTimer (coreID) interruptsVcpu (device, budget, period, [coreID]) digitalWrite () / digitalRead ()

QduinoMC

slide-22
SLIDE 22

Marlin on QduinoMC

loop (1, 10, 100, 1), loop (2, 30, 100, 0), loop (3, 1, 80, 0) noTimer (1), noInterrupts (ALL, 1)

interruptsVCPU (I2C, 10ms, 100ms), interruptsVCPU (NIC, 10ms, 100ms)

Added Web server / Spooler

Marlin on QduinoMC

slide-23
SLIDE 23

void setup ( ) { pinMode(GPIO6, OUTPUT); noInterrupts(ALL, 1); noTimer(1); } void loop (1, 100, 100, 1) { delayBusyNanoseconds(100000); digitalWrite(GPIO6, 1); digitalWrite(GPIO6, 0); }

10 kHz Pulse Train Again Frequency Period Theoretjcal 10 kHz 100000 ns QduinoMC 9.569 kHz 100000 ns + 4504 ns Linux 7.91 kHz 100000 ns + 26422 ns Original PrintrBoard 9.96 kHz 100000 ns + 401 ns Stable

10kHz Pulse Train...Again

slide-24
SLIDE 24

Test Object

Higher quality Faster printjng 10% code size reductjon Intuitjve and clear code structure

Test Object

slide-25
SLIDE 25

25

Quest-V DroneOS for Intel Aero

Memory Memory Monitor Monitor ... ... Cores 1-3 Cores 1-3 Core 4 Core 4 Realsense/ROS & Telemetry Services (App missions) Realsense/ROS & Telemetry Services (App missions) Comms Monitor Monitor Memory Memory ESC, Motors, IMU,GPS, Barometer, I2C, SPI ESC, Motors, IMU,GPS, Barometer, I2C, SPI Camera(s), GPU, NIC Camera(s), GPU, NIC Hardware Kernel VCPU(s) VCPU(s) User More Critical Less Critical

INTERNET

... VCPU(s) VCPU(s)

Linux Linux MAVLink Telemetry, Cloud-reactive processing & control (Digital Twinning) MAVLink Telemetry, Cloud-reactive processing & control (Digital Twinning)

Cleanflight/iNav Flight Control: Condition-aware adaptive sensor fusion & PID loop rate Cleanflight/iNav Flight Control: Condition-aware adaptive sensor fusion & PID loop rate

slide-26
SLIDE 26

26

Quest-V DriveOS for Skull Canyon

Core(s) Core(s) Display & External Comms Display & External Comms Monitor Monitor Memory Memory I/O Devices e.g. GPU, NIC I/O Devices e.g. GPU, NIC

V2V, V2I Infotainment

Core(s) Core(s) Real-Time Torque vectoring, Battery Mgmt Real-Time Torque vectoring, Battery Mgmt Monitor Monitor Memory Memory USB I/F, CAN, DAQ USB I/F, CAN, DAQ

CAN Concentrator

Working with Drako Motors to use Quest-V for a vehicle OS

slide-27
SLIDE 27

27

Final Words

  • Drako Motors want to build DriveOS for cars
  • Would like an x86 reference architecture for embedded systems

– PC with iGPU, GPIOs, I2C, SPI, UARTs, ADCs, CAN, etc – There is less standardization with ARM

  • ACPI not common in embedded ARM
  • Need device tree configurations setup and loaded by

bootloader

  • Processing needs of next-gen smart devices requires more

capable processors than current embedded CPUs