Today’s automotive software (SW) development is dealing with software components (SWCs), provided by Tier 1 suppliers, running on more than 100 electronic control units (ECUs) in a typical modern car. These ECUs are interconnected by a complex network of different networking technologies with different message formats. The integration of all these SWCs generates a monolithic block of SW which is difficult and time consuming to maintain. Every change in any SWC requires re-testing of the entire package. Such a package is typically created for a particular car model and cannot take into account customer-specific features. Applications, features and functions can hardly be introduced or modified after the vehicle has left the manufacturing plant.
The solution to this problem consists of a Service Oriented Architecture (SOA) where applications, features and functions are implemented as services that communicate via well-defined message-based interfaces.
GuardKnox‘s Secure SOA Framework is an innovative approach to automotive SW product life cycle management, i.e., the development, maintenance and distribution of software. The framework consists of a number of components that act as middleware between the Operating System (OS) and applications that provide or consume services (functions). GuardKnox’s Secure SOA allows maximum modularity and dynamic management of individual SWCs resulting in a decoupling of the SWCs from the runtime environment and HW. It provides an automotive grade implementation of a Service Oriented Architecture (SOA) which has been introduced initially for enterprise software environments.
GuardKnox’s SOA Framework consists of several core components providing the infrastructure functionality for automated and dynamic software life cycle management. Based on the Framework, GuardKnox is able to tailor customized solutions for single software-driven ECUs, up to a full software-defined E/E architecture that extends into the cloud.
The design is open and extensible and features cross-platform support. ‘Platform’ is defined as consisting of a CPU architecture, hypervisor, and partition OS. Several MPUs, MCUs, and partition OSs are supported. GuardKnox’s SOA framework integrates with AUTOSAR Adaptive in order to reuse existing concepts and implementations and cut down on development time and costs.
The framework supports multiple ESBs concurrently, and it can accommodate middleware implementations based on CORBA, DDS, …
The SW lifecycle within an ECU is managed automatically: SWCs are automatically deployed, initialized, started, stopped, torn down and removed. A deployment decision for a SWC can be automatic, based on a manifest.
GuardKnox’s toolchain allows system architects to utilize multiple components from pre-existing frameworks and automatically create a hypervisor configuration and partition images using a graphical interface resulting in faster time to market and lower development costs.
GuardKnox’s Secure SOA Framework includes the following deliverables based on customer needs:
On top of the hardware there is the Secure Separation Kernel (SSK). A separation kernel is a SW layer which creates an environment that is indistinguishable from that provided by a physically distributed system. The secure separation kernel adds sophisticated security functions to the separation functions.
On top of the SSK is the hypervisor that creates a Virtual Machine (VM) environment. For this purpose it emulates a HW platform on which multiple guest partitions with their respective Operating Systems (OSs) can run. This means that for a Guest OS it is indistinguishable whether it runs on top of a hypervisor or directly on top of a processor HW.
On top of each Guest OS and the common functions SOA Node Manager and SOA Port there are one or several applications that have been developed for this particular OS. The applications, common functions, and their OS form a partition. One particular partition is the Central Management Partition which manages the entire GuardKnox SOA framework.
AUTOSAR Adaptive has been a state-of-the art approach for SW development in the automotive industry for a few years. Many applications have been implemented already and are available to be (re-)used. GuardKnox’s SOA framework, however, is more powerful and provides a much more comprehensive approach to the entire SW lifecycle. Instead of having to re-implement the existing AUTOSAR Adaptive applications they are supported within GuardKnox’s SOA framework. They run on dedicated partitions, with their own specific OS. The SOA Node Manager ensures that AUTOSAR Adaptive messages are properly routed within the system.
A SWC can be manually and automatically relocated, by the SOA framework, into a compatible partition. When the source was compiled using a supported compiler for a compatible OS, it can be seamlessly shifted to a different partition. Otherwise, a POSIX-compliant SWC can be built and activated on top of any OS and hypervisor which is POSIX compliant.
GuardKnox’s SOA Framework is even powerful enough to shift a partition containing an OS and applications between ECUs and even between compatible hypervisors.
Access to the virtualized communication infrastructure is seamlessly mediated through the SOA framework, allowing for virtualized RPC and data exchange.