Affects Version/s: None
Fix Version/s: None
Dom0 is most important component in a hypervisor system; It is privileged and commonly runs most paravirtualized backends. Therefore, it has implications for security and safety certifications.
Although architecturally any OS could be used as Dom0, in practice only Linux is used. Running a full Linux as Dom0 with a heavy-weight device backend like QEMU is difficult proposition for safety/security critical deployments. The VMM (and the code to get it running) needs to be audited and the larger the stack to get it running the harder that is. Therefore, There is a need for a non-Linux OS to be used as the Dom0. The OS needs to meet the following needs:
- Small footprint (far smaller than the smallest Linux configuration)
- Real-time support
- Safety certification for safety critical applications
An RTOS (eg. Zephyr) can meet these needs. The new RTOS Dom0 should be able to run on:
- The main cluster on top of the hypervisor (eg. Xen)
- The Cortex-R cluster (Safety Island), communicating with the hypervisor over shared memory
- Xen as reference hypervisor
- Zephyr as reference RTOS.
- Run Zephyr on Xen as dom0.
- Run Zephyr on Cortex-Rs with dom0-like functionalities.
- Zephyr on Xen as dom0
- Zephyr running on Xen on Cortex-A
- support for Xen hypercalls in Zephyr
- toolstack functionalities to start/stop and monitor VMs
- Zephyr on Cortex-R with dom0-like functionalities
- support in Xen for having a dom0 on a foreign cluster
- hypercalls over shared memory
- notifications with inter-clusters interrupts
- Zephyr on Cortex-R issuing hypercalls over shared-memory
The following boards were discussed but not decided on:
- MacchiatoBin board
- Qualcomm RB5 Platform
- NXP LX2K board
This initiative will end when XXXX is complete.