CN109522099B - Method and system for improving instantaneity of non-instantaneity operating system - Google Patents
Method and system for improving instantaneity of non-instantaneity operating system Download PDFInfo
- Publication number
- CN109522099B CN109522099B CN201710850598.7A CN201710850598A CN109522099B CN 109522099 B CN109522099 B CN 109522099B CN 201710850598 A CN201710850598 A CN 201710850598A CN 109522099 B CN109522099 B CN 109522099B
- Authority
- CN
- China
- Prior art keywords
- operating system
- real
- rtos
- time
- common
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4812—Task transfer initiation or dispatching by interrupt, e.g. masked
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Hardware Redundancy (AREA)
Abstract
The invention provides a method for improving the real-time performance of a non-real-time operating system and a system thereof, wherein the method comprises the steps of running a Monitor program in a safety area, and initializing and configuring interrupt processing comprising double-system switching; operating an RTOS operating system in a safety area, wherein initialization configuration comprises corresponding peripheral resources, memory resources and a rapid interrupt mode, and a task with the lowest priority can trigger a switching request to a Monitor program only when the RTOS operating system is idle; and running a non-real-time operating system in the common area, and performing initialization configuration on corresponding peripheral resources and memory resources and using a common interrupt mode. The division and cooperation of a real-time system and a non-real-time system are realized based on trustzone, so that the system can meet the requirements of real-time performance and complexity at the same time; meanwhile, the real-time performance of tasks on a real-time system and the interrupt processing speed can be ensured; the method has wide application range, and easily realizes vehicle-specification-level real-time response.
Description
Technical Field
The invention relates to the field of operating system application, in particular to a trustzone-based method and a trustzone-based system for improving the real-time performance of a non-real-time operating system.
Background
The Android/linux system is always subject to the defects that the real-time performance is not good enough when the Android/linux system is applied to a vehicle-mounted end, but rich functional characteristics and development characteristics provided by the Android/linux system are greedy. The existing technology for solving the Android/linux real-time performance generally improves the real-time performance by optimizing a linux inner core and applying a real-time inner core patch to the existing linux inner core, but the improvement of the real-time performance by the optimization is limited or the requirement of the vehicle-mounted end on the real-time performance cannot be met.
In the prior art, for example, a patent application with application number 201610875743.2 discloses a method for improving real-time performance applied to a vehicle-mounted terminal, wherein two systems are realized based on two sets of ECU systems, two sets of hardware systems need to be designed, and obviously, a lot of hardware cost needs to be paid; meanwhile, the communication efficiency between the traditional double systems is lower; further, it is mentioned that communication between two systems using I2C, SPI, UART and corresponding interrupts is bandwidth limited.
Therefore, it is necessary to provide a method and system for improving the real-time performance of a non-real-time operating system to solve the above problems.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the method and the system for improving the real-time performance of the non-real-time operating system are based on the trustzone dual-system work division cooperation, and simultaneously meet the requirements of real-time performance and complexity.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
the method for improving the real-time performance of the non-real-time operating system based on trustzone comprises the following steps:
running a Monitor program in a safety area, and initializing and configuring an interrupt process comprising dual-system switching, wherein the interrupt process setting is switched from an RTOS operating system to a non-real-time operating system according to a switching request, and is switched from the non-real-time operating system to the RTOS operating system according to task scheduling clock interrupt triggered by the RTOS operating system;
running the RTOS operating system in the security area, wherein the initialization configuration comprises corresponding peripheral resources, memory resources and a rapid interrupt mode, and a task with the lowest priority can trigger a switching request to a Monitor program only when the RTOS operating system is idle;
and running a non-real-time operating system in the common area, and performing initialization configuration on corresponding peripheral resources and memory resources and using a common interrupt mode.
The invention provides another technical scheme as follows:
the system for improving the real-time performance of the non-real-time operating system based on trustzone comprises a CPU (central processing unit) kernel, a memory, a peripheral and a connecting bus;
the CPU kernel comprises a secure kernel and a common kernel, the memory comprises a secure memory and a common memory, and the peripheral comprises a secure peripheral and a common peripheral; the common kernel has no right to access the security kernel, the security memory and the security peripheral;
the RTOS operating system and the Monitor program run in a safe area corresponding to the safe kernel, the Monitor program is used for enabling the CPU kernel to run in a Monitor mode, switching from the RTOS operating system to the non-real-time operating system according to a switching request, and switching from the non-real-time operating system to the RTOS operating system according to task scheduling clock interruption triggered by the RTOS operating system; the RTOS operating system corresponds to a secure memory and a secure peripheral;
the non-real-time operating system runs in a common area corresponding to the common kernel; the non-real-time operating system corresponds to a common memory and a common peripheral;
the interruption mode of the RTOS operating system is rapid interruption; the interruption mode of the non-real-time operating system is common interruption;
when the RTOS operating system is idle, the system automatically triggers the task with the lowest priority, and the task correspondingly sends a switching request to the Monitor.
The invention has the beneficial effects that: dividing a processor into a security kernel and a common kernel based on an ARM trustzone hardware architecture, running an RTOS operating system in the security kernel, and running a non-real-time operating system in the common kernel; therefore, tasks with higher real-time requirements are delivered to the RTOS operating system, tasks with higher complexity are delivered to the non-real-time operating system, and the two operating systems run in parallel. The system can meet the requirements of real-time performance and complexity simultaneously through the division and cooperation of the real-time performance and the non-real-time performance of the double systems, further realize the high-efficiency execution of all tasks, and is particularly suitable for systems needing to give consideration to both the real-time performance and the complexity, such as a vehicle-mounted end.
Drawings
FIG. 1 is a schematic flow chart of a method for improving real-time performance of a non-real-time operating system based on trustzone according to the present invention;
FIG. 2 is a schematic diagram of the overall architecture of the system for improving the real-time performance of a non-real-time operating system based on trustzone according to the present invention;
FIG. 3 is a schematic diagram of the system scheduling strategy of the present invention;
fig. 4 is a schematic diagram of a switching path of the dual system according to the present invention.
Detailed Description
In order to explain the technical contents, the objects and the effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
The most key concept of the invention is as follows: based on ARM trustzone, running an RTOS operating system in a security kernel and running a non-real-time operating system in a common kernel; the real-time and non-real-time division cooperation of the dual systems can meet the requirements of real-time performance and complexity at the same time.
The technical terms related to the invention are explained as follows:
referring to fig. 1 and fig. 2, the present invention provides a method for improving real-time performance of a non-real-time operating system based on trustzone, including:
running a Monitor program in a safety area, initializing and configuring an interrupt process comprising double-system switching, wherein the interrupt process setting is switched from an RTOS operating system to a non-real-time operating system according to a switching request, and the interrupt process setting is switched from the non-real-time operating system to the RTOS operating system according to a task scheduling clock interrupt triggered by the RTOS operating system;
running the RTOS operating system in the security area, wherein the initialization configuration comprises corresponding peripheral resources, memory resources and a rapid interrupt mode, and a task with the lowest priority can trigger a switching request to a Monitor program only when the RTOS operating system is idle;
and running a non-real-time operating system in the common area, and performing initialization configuration on corresponding peripheral resources and memory resources and using a common interrupt mode.
It should be noted that Trustzone is a security architecture provided by Arm for security purpose, and belongs to a technology in the security field. The mainstream practice in the market at present is to solve the security problem by using the Android security system, for example, the Android security system is used for building a trusted execution environment to protect sensitive data and information of a user, and compared with a famous knox like samsung, both systems run through the Android system. The invention develops a new method and solves the problem of poor real-time performance of a non-real-time operating system by using the trustzone technology. This problem has not been solved in the existing non-real-time operating system, such as Android/linux, and the linux kernel itself is not designed for real-time performance. The invention utilizes the trustzone technology to combine the RTOS and the non-real-time operating system for design, the monitor program is used for assisting the two systems to switch, and simultaneously, the real-time performance and the leading power of the RTOS are ensured through the design of the aspects of the scheduling strategy of the whole system, the switching strategy of the double systems, the control power recovery strategy of the RTOS and the like, so that the real-time performance problem of the non-real-time operating system is solved, and the original development characteristic of the non-real-time operating system is kept.
Further, the method also comprises the following steps:
when the RTOS operating system is idle, if a request for executing the task is received, a switching request is sent;
after receiving the switching request, the Monitor program saves the current state of the RTOS and restores the saved state of the non-real-time operating system when the non-real-time operating system is swapped out for the previous time;
when the Monitor program receives a task scheduling clock interrupt triggered by the RTOS, the current state of the non-real-time operating system is saved, and the saved current state of the RTOS is recovered.
It can be known from the above description that, through the dual-system switching strategy, only when the RTOS operating system is idle, the switching can be performed to the non-real-time operating system, and the switch-out state is saved, so that the real-time performance of the RTOS operating system is not affected by the non-real-time operating system, the real-time performance of the task executed by the RTOS operating system is ensured, and the switch-in state is restored to the original state again, thereby achieving smooth transition.
Further, before the running the Monitor program in the security area, the method further includes:
after the system is powered on, loading a Monitor program and an RTOS operating system into a secure memory of a secure area;
the running of the RTOS operating system in the secure domain may further include:
and loading the Android/linux program into a common memory of the common area.
It can be known from the above description that when the system is powered on, the program and the system are loaded to the corresponding operating area in time, so as to realize quick start.
Further, the memory resource corresponding to the initialization configuration of the RTOS operating system and the memory resource corresponding to the initialization configuration of the non-real-time operating system include a shared memory, and are used for temporarily storing data during dual-system communication.
As can be seen from the above description, by setting the shared memory accessible to both systems, the shared memory is used for temporarily storing data during communication between both systems, so as to improve data interaction efficiency.
The invention provides another technical scheme as follows:
the system for improving the real-time performance of the non-real-time operating system based on trustzone comprises a CPU (Central processing Unit) kernel, a memory, a peripheral and a connecting bus;
the CPU kernel comprises a secure kernel and a common kernel, the memory comprises a secure memory and a common memory, and the peripheral comprises a secure peripheral and a common peripheral; the common kernel does not have access to the secure kernel, the secure memory and the secure peripheral;
the RTOS operating system and the Monitor program run in a safe area corresponding to the safe kernel, the Monitor program is used for enabling the CPU kernel to run in a Monitor mode, switching from the RTOS operating system to the non-real-time operating system according to a switching request, and switching from the non-real-time operating system to the RTOS operating system according to task scheduling clock interruption triggered by the RTOS operating system; the RTOS operating system corresponds to a secure memory and a secure peripheral;
the non-real-time operating system runs in a common area corresponding to the common kernel; the non-real-time operating system corresponds to a common memory and a common peripheral;
the interruption mode of the RTOS operating system is rapid interruption; the interruption mode of the non-real-time operating system is ordinary interruption;
when the RTOS operating system is idle, the system automatically triggers the task with the lowest priority, and the task correspondingly sends a switching request to the Monitor.
As can be seen from the above description, the beneficial effects of the present invention are: the trustzone-based virtual CPU core has two virtualized CPU cores, correspondingly operates different systems, realizes the real-time and non-real-time division and cooperation of double systems, and can simultaneously meet the requirements of real-time performance and complexity. The method is particularly suitable for running on a system with higher real-time requirement, such as a vehicle-mounted end, and realizes vehicle-scale real-time response.
Further, the Monitor program is specifically configured to: after receiving the switching request, saving the current state of the RTOS operating system, and recovering the state saved when the non-real-time operating system is switched out last time; and when receiving the trigger task scheduling of the RTOS, saving the current state of the non-real-time operating system, and recovering the saved current state of the RTOS.
Further, the memory further comprises a shared memory, and the shared memory is respectively connected with the safe area and the common area through buses and is used for temporarily storing data during dual-system communication.
Furthermore, a main dispatcher corresponding to an RTOS operating system is arranged in the safe area;
a secondary scheduler corresponding to a non-real-time operating system is arranged in the common area;
and the main scheduler is used for switching to a non-real-time operating system and operating the secondary scheduler when the RTOS operating system is idle.
As can be seen from the above description, the scheduling policy of the whole system is implemented by setting the primary scheduler and the secondary scheduler. And the primary scheduler is switched to the Android/linux when the primary scheduler is idle and operates the secondary scheduler to ensure the real-time performance and the interrupt processing speed of the whole system.
Furthermore, a first path and a second path for connecting the secure kernel and the common kernel are also included;
the first path is directed to a common kernel by a security kernel, and the second path is directed to the security kernel by the common kernel;
the first path is used for enabling the CPU kernel to enter a Monitor mode according to triggering SMC interruption of the task when the RTOS operating system is idle, and switching from the RTOS operating system to a non-real-time operating system;
and the second path is used for forcing the CPU kernel to enter a Monitor mode according to the received FIQ signal when the non-real-time operating system runs, and switching the non-real-time operating system back to the RTOS operating system.
According to the description, the dual-system switching corresponding paths are provided, and the accuracy and the rapidity of switching are ensured.
Further, the system is a vehicle-mounted end.
The above description shows that the method is particularly suitable for the vehicle-mounted terminal with high real-time requirement, and can easily realize the real-time response of the vehicle gauge level.
Example one
Referring to fig. 1 and fig. 2, the present embodiment provides a method and a corresponding system for significantly improving the real-time performance of a non-real-time operating system based on a trustzone technology. In this embodiment, a non-real-time operating system is exemplified as an Android/linux operating system.
The trustzone technology is a safe hardware architecture on an ARM architecture chip, a single CPU core of the chip with the architecture can virtualize two cores in a hardware mode, namely the original single core is changed into double cores, the two cores are respectively a Secure VCPU and belong to Secure world and correspond to a safe region with higher grade; and Non-Secure VCPU, which belongs to normal world, is a common region with a relatively low rank. trustzone technology is a security architecture provided for security purposes, and the prior art is used for solving security problems, such as building a trusted execution environment by using a Secure VCPU to process user sensitive data and information. The embodiment changes the idea, and is used for solving the problem that the real-time performance of the Android/linux is poor, which cannot be solved well at present. In the embodiment, the trustzone technology is utilized to combine the RTOS and the Android/linux for design, the monitor program is used for assisting the two systems to switch, and meanwhile, the real-time performance and the dominant right of the RTOS are ensured through the design of the aspects of the scheduling strategy, the switching strategy of the double systems, the RTOS control right recovery strategy and the like of the whole system, so that the real-time performance problem of the Android/linux is solved, and the original development characteristics of the Android/linux are reserved.
And the RTOS operating system (real-time operating system) is used for running tasks with higher real-time requirements, such as processing of vehicle speed pulse signals, and the vehicle speed which is not processed according to the time sequence requirement is wrong.
The Android/linux operating system is based on rich functional characteristics and development characteristics and is used for running tasks with high complexity.
The monitor is one of the main software components of the system, and runs in the monitor mode of ARM trustzone (a working mode in the running state of the ARM CPU, which is mainly used for monitoring). In this embodiment, the switch between the two operating systems is handled by the monitor.
As shown in fig. 2, the system capable of improving the real-time performance of the Android/linux operating system provided by this embodiment has an overall architecture including a CPU core, a memory, peripheral devices, and buses connecting the CPU core, the memory, the peripheral devices, and the buses.
The CPU kernel is divided into a safe kernel and a common kernel based on trustzone, the memory comprises a safe memory and a common memory, and the peripheral comprises a safe peripheral and a common peripheral; the regions are based on trustzone hardware isolation, and the common kernel has no access to the secure kernel, the secure memory and the secure peripheral.
Preferably, the memory further includes a shared memory, and the shared memory is connected to the secure area and the normal area through a bus, and is used for temporarily storing data during dual-system communication. Different from the prior art that the communication between the two systems is limited by communication bandwidth by using I2C, SPI, UART and corresponding interrupts, the communication of a large amount of data between the two systems in this embodiment can be efficiently acquired and transmitted by directly sharing the memory.
The RTOS operating system and the Monitor program run in a security area (secure world) corresponding to the security kernel; the Android/linux operating system runs in a common region (normal world) corresponding to the common kernel.
The RTOS operating system and the Android/linux operating system have respective memory and peripheral areas. Specifically, the RTOS operating system corresponds to a secure memory and a secure peripheral; the Android/linux operating system corresponds to a common memory and a common peripheral. RTOS data in the secure memory area and the RTOS peripheral Android/linux system in the secure peripheral area are not accessed, so that the Android/linux cannot change some corresponding configurations (caused intentionally or by program errors) of the RTOS in operation, and the real-time performance of the whole system is influenced.
The RTOS operating system and the Android/linux operating system also have respective corresponding interrupt modes. Specifically, the interruption mode of the RTOS operating system is Fast Interruption (FIQ), wherein the clock interruption including RTOS task scheduling is also FIQ; the interrupt mode of the Android/linux operating system is a common interrupt (such as IRQ). The FIQ interruption resources are all allocated to the peripheral of the RTOS, the IRQ interruption resources are all allocated to the peripheral of the Android/linux, and meanwhile, the configuration cannot be accessed and changed when the Android/linux operates, so that the interruption response and the priority of the RTOS are higher than those of the Android/linux, and the real-time performance of the RTOS is ensured.
And a Monitor program which is operated in a safe area corresponding to the safe kernel and is used for enabling the CPU kernel to operate in a Monitor mode and processing the switching between two operating systems, namely the switching-in and switching-out between the RTOS and the Android/linux.
The following points are described, which relate to the whole system architecture:
trustzone virtual CPU core: in the whole system architecture, android/linux is allocated to Non-Secure VCPU, and RTOS and monitor are allocated to Secure VCPU.
Android/linux: the android or linux is an open-source operating system and can be easily obtained, the embodiment has no version limitation on a linux kernel, changes a linux kernel part slightly, only needs to use peripheral and memory filtering used by the RTOS to be useless, and simultaneously adds a driver (supporting the use of SMC instructions) for supporting active access to the RTOS.
RTOS: any open source or commercial real-time operating system can be used, no specific version limitation is provided, but a customized part of the trustzone hardware resource needs to be added, including permission configuration of the peripheral resource (which peripherals are only operated in the RTOS and cannot be accessed in the android/linux), configuration of interrupt (FIQ is only configured in the RTOS and RIQ is only configured in the android/linux), configuration of memory (which memories can only be accessed by the RTOS and cannot be accessed in the android/linux, and a shared memory which can be accessed by both systems is used for temporarily storing data when the two systems communicate), configuration of clock interrupt scheduled by the RTOS as FIQ, setting one task priority of the RTOS as the lowest priority (the shared memory can be operated only when other tasks are idle), and only doing one thing to send an instruction (a soft interrupt instruction designed by an ARM and specially used for switching a dual system switching request) to execute the RTOS, and the monitor switches to the operating system/linux after storing the state of the RTOS. And then if the clock scheduled by the RTOS task generates FIQ interruption, the FIQ interruption enters a monitor program, and the monitor stores the android/linux running state and then switches to the RTOS to run. The parallel operation of the two RTOSs and the android/linux is realized in a reciprocating mode.
A Monitor: the Monitor is a software component that runs in ARM Monitor mode, as mentioned above, to handle the switching between two operating systems, i.e., the swapping in and out between RTOS and android/linux. For example, the execution context state of the RTOS system is saved when the android/linux system is swapped in, and the state saved when the android/linux system is swapped out before is restored. Switching into the monitor component to run either triggers an SMC instruction or a FIQ interrupt occurs while running in the android/linux system.
Isolation of address space: configuring a memory and equipment used by an RTOS (real time operating System) as a Secure world resource when the RTOS system is initialized; and configuring the memory and the equipment used by the android/linux as a normalworld resource. By designing the address space of the RTOS in such a way, the RTOS can be prevented from being interfered or attacked by android/linux.
Interrupt isolation: and simultaneously, the configuration cannot be accessed and changed when the android/linux runs, so that the interrupt response and the priority of the RTOS are higher than those of the android/linux, and the real-time performance of the RTOS is ensured.
The method for improving the instantaneity of the Android/linux operating system based on the system architecture comprises the following steps:
the starting process of the whole system comprises the following steps:
after the system is powered on, a first-level loader (generally, an uboot system boot program) is operated in a safe area, and the first-level loader loads a Monitor program and an RTOS program into a safe memory (a memory which can be accessed by securedworld).
And running a Monitor program in the secure memory, initializing the Monitor program, configuring interrupt processing during switching of the dual systems, distributing stacks to the dual systems for use during switching, and the like. Specifically, the interrupt processing is set to: when the RTOS is in the idle state, according to an SMC instruction (a soft interrupt instruction designed by ARM, which is specially used for performing a dual-system switching request in this embodiment) sent by a task with the lowest priority set by the RTOS, switching to a Monitor program to execute, and switching from the RTOS operating system to an Android/linux operating system through the Monitor. Switching from the Android/linux operating system to the RTOS operating system according to task scheduling clock interruption triggered by the RTOS operating system;
the method comprises the steps of running an RTOS operating system in a safety area, initializing some resources related to hardware of the RTOS, configuring a corresponding safety memory and a corresponding safety peripheral, configuring interrupt resources, using a quick interrupt mode, and triggering a switching request to a Monitor program only when the RTOS operating system is idle. And then, initializing relevant resources of RTOS kernel software, including kernel data structures, task scheduling, memory management and the like.
After the RTOS completes initialization, a second level loader (also commonly referred to as an uboot, but somewhat different from the first level loader) is loaded into normal memory (memory accessed in normal world). And running a second-level loader in the common region, finishing initialization of the second-level loader, then loading the Android/linux operating system into the common memory, running the Android/linux operating system in the common region, and performing initialization configuration by corresponding to the common peripheral equipment, the common memory and using a common interrupt mode.
As shown in fig. 3, the operating system switching mode during the operation process:
when the RTOS operating system is idle, if the RTOS operating system needs to be switched to the Android/linux operating system, the task with the lowest priority is executed, an SMC instruction is sent to a Monitor program to be executed, and the Monitor stores the context state of the RTOS system and then switches to the Android/linux operating system to run.
If the clock scheduled by the RTOS task generates FIQ interruption, the Monitor program is entered, and the Monitor performs android/linux running state storage and then switches to the RTOS to run. The parallel operation of the two RTOSs and the android/linux is realized in a reciprocating mode.
Example two
Referring to fig. 3 and fig. 4, the embodiment further expands on the first embodiment, and ensures real-time performance and interrupt processing speed of a task on the RTOS operating system by the following three policies.
Scheduling strategy of the whole system: the present embodiment also uses an idle scheduling policy to ensure real-time performance requirements of the RTOS.
Specifically, the Android/linux has an opportunity to run only when the RTOS is idle. As shown in FIG. 3, the whole system is provided with a two-stage scheduler, the scheduler of RTOS is used as a main scheduler, and the scheduler of android/linux is used as a secondary scheduler. The scheduler of the RTOS is idle and switches to Android/linux and runs the secondary scheduler. Or, the android/linux operation is regarded as a task of the RTOS, and the priority of the task in the RTOS is the lowest, and the task is operated only when the RTOS is idle. This RTOS task is called RTOS SMC task. This task only executes SMC instructions to call the monitor component when the RTOS is in an idle loop, which runs in context switch to android/linux. The monitor component mainly plays a role of system fast switching when the dual system runs so as to ensure that the whole system is real-time. Meanwhile, all tasks in the android/linux comprise common tasks, and the priority of the real-time task or the interrupt processing is lower than that of the common tasks in the RTOS, so that the real-time performance of the RTOS can be guaranteed not to be influenced by the android/linux through the structure of the double systems.
Switching strategy of dual system: as shown in fig. 4, PATH 1 (line 1) is a (cut-in android/linux) PATH used by the RTOS SMC task for context switching when the RTOS is idle. PATH 2 (line 2) is a PATH in which when android/linux in Non-Secure VCPU is running, the FIQ signal is received and switched back to the RTOS. The FIQ interrupt forces the processor into ARM monitor mode, so that the monitor component switches back to the RTOS through FIQ interrupt vector processing.
RTOS control right recovery strategy: this policy involves the RTOS retrieving control of the processor at any time through the use of FIQ interrupts. The IRQ interrupt is disabled while the RTOS is running as shown in FIG. 4. This may ensure that the android/linux cannot interrupt the RTOS's real-time tasks. But FIQ interrupts can be responded to in time when the android/linux is running, because all FIQs are configured in the RTOS, the RTOS can retrieve control of the processor through the FIQ at any time (such as FIQ interrupts through a timer in the RTOS). Meanwhile, the configured interrupt strategy android/linux is inaccessible and cannot be modified when the monitor component is initialized, so that the android/linux system can be prevented from modifying the interrupt strategy, for example, the RTOS cannot retrieve the control right by disabling the FIQ.
In the embodiment, the RTOS and the android/linux are combined to be designed by utilizing the trustzone technology, the two systems are switched through the monitor program, and the real-time performance and the dominant right of the RTOS are ensured through the design of the scheduling strategy of the whole system, the switching strategy of the double systems, the RTOS control right recovery strategy and the like, so that the real-time performance problem of the android/linux is solved, and the original development characteristics of the android/linux are kept.
EXAMPLE III
The embodiment is based on the first embodiment and the second embodiment, and when the method is applied to the vehicle-mounted equipment, the task on the vehicle-mounted equipment can be divided, the task with higher real-time requirement is put into the RTOS to run, and the task with lower real-time requirement is put into the android/linux to run, so that the advantages of various operating systems can be utilized. For example, some entertainment functions on the vehicle-mounted device have low real-time requirements, for example, video playing can be processed by android/linux, many software on the android/linux can play video, but many real-time operating systems do not have the support of third-party developers and need to develop the playing tool again, obviously, the development cost is relatively high, but the accuracy of sensor signals with relatively high time sequence signals on the time sequence is very strict, for example, vehicle speed pulse signals are processed, and vehicle speed obtained by not processing according to the time sequence requirements is wrong, so that the vehicle speed needs to be processed in the RTOS.
In summary, the method and the system for improving the real-time performance of the non-real-time operating system based on the trustzone, provided by the invention, realize the division and cooperation of the real-time system and the non-real-time system based on the trustzone, so that the system can meet the requirements of real-time performance and complexity at the same time; meanwhile, the real-time performance of tasks on a real-time system and the interrupt processing speed can be ensured; the method has wide application range, is particularly suitable for vehicle-mounted terminals, and easily realizes vehicle-scale real-time response.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (8)
1. The method for improving the real-time performance of the non-real-time operating system based on trustzone is characterized by comprising the following steps:
running a Monitor program in a safety area, and initializing and configuring an interrupt process comprising dual-system switching, wherein the interrupt process setting is switched from an RTOS operating system to a non-real-time operating system according to a switching request, and is switched from the non-real-time operating system to the RTOS operating system according to task scheduling clock interrupt triggered by the RTOS operating system;
running the RTOS operating system in the security area, wherein the initialization configuration comprises corresponding peripheral resources, memory resources and a rapid interrupt mode, and a task with the lowest priority can trigger a switching request to a Monitor program only when the RTOS operating system is idle;
operating a non-real-time operating system in a common area, and performing initialization configuration on corresponding peripheral resources and memory resources and using a common interrupt mode;
further comprising:
when the RTOS operating system is idle, if a request for executing the task is received, a switching request is sent;
after receiving the switching request, the Monitor program saves the current state of the RTOS and restores the saved state of the non-real-time operating system when the non-real-time operating system is swapped out for the previous time;
when a Monitor program receives a task scheduling clock interrupt triggered by an RTOS, the current state of a non-real-time operating system is stored, and the stored current state of the RTOS is recovered.
2. The trustzone-based method for improving the real-time performance of a non-real-time operating system, as claimed in claim 1, wherein said running a Monitor program in a secure area, further comprises:
after the system is powered on, loading a Monitor program and an RTOS operating system into a secure memory of a secure area;
the running of the RTOS operating system in the secure domain may further include:
and loading the Android/linux program into a common memory of the common area.
3. The trustzone-based method for improving the real-time performance of a non-real-time operating system according to claim 1, wherein the memory resources corresponding to the initialization configuration of the RTOS operating system and the memory resources corresponding to the initialization configuration of the non-real-time operating system include a shared memory for temporarily storing data during dual-system communication.
4. The system for improving the real-time performance of the non-real-time operating system based on trustzone comprises a CPU (central processing unit) kernel, a memory, a peripheral and a connecting bus; the method is characterized in that:
the CPU kernel comprises a secure kernel and a common kernel, the memory comprises a secure memory and a common memory, and the peripheral comprises a secure peripheral and a common peripheral; the common kernel does not have access to the secure kernel, the secure memory and the secure peripheral;
the RTOS operating system and the Monitor program run in a safe area corresponding to the safe kernel, the Monitor program is used for enabling the CPU kernel to run in a Monitor mode, switching from the RTOS operating system to the non-real-time operating system according to a switching request, and switching from the non-real-time operating system to the RTOS operating system according to task scheduling clock interruption triggered by the RTOS operating system; the RTOS operating system corresponds to a secure memory and a secure peripheral;
the non-real-time operating system runs in a common area corresponding to the common kernel; the non-real-time operating system corresponds to a common memory and a common peripheral;
the interruption mode of the RTOS operating system is rapid interruption; the interruption mode of the non-real-time operating system is common interruption;
when the RTOS operating system is idle, the system automatically triggers the task with the lowest priority, and the task correspondingly sends a switching request to the Monitor;
the Monitor program is specifically used for: after receiving the switching request, saving the current state of the RTOS operating system, and recovering the state saved when the non-real-time operating system is switched out last time; and when receiving the trigger task scheduling of the RTOS, saving the current state of the non-real-time operating system, and recovering the saved current state of the RTOS.
5. The trustzone-based system for improving real-time performance of a non-real-time operating system as recited in claim 4, wherein:
the memory also comprises a shared memory which is respectively connected with the safe area and the common area through a bus and is used for temporarily storing data during dual-system communication.
6. The trustzone-based system for improving real-time performance of a non-real-time operating system as recited in claim 4, wherein:
a main dispatcher corresponding to an RTOS operating system is arranged in the safe area;
a secondary scheduler corresponding to a non-real-time operating system is arranged in the common area;
and the main scheduler is used for switching to a non-real-time operating system and operating the secondary scheduler when the RTOS operating system is idle.
7. The trustzone-based system for improving real-time performance of a non-real-time operating system as recited in claim 4, wherein:
the system also comprises a first path and a second path which are used for connecting the security kernel and the common kernel;
the first path is directed to the common kernel by the security kernel, and the second path is directed to the security kernel by the common kernel;
the first path is used for enabling the CPU kernel to enter a Monitor mode according to triggering SMC interruption of the task when the RTOS operating system is idle, and switching from the RTOS operating system to a non-real-time operating system;
and the second path is used for forcing the CPU kernel to enter a Monitor mode according to the received FIQ signal when the non-real-time operating system runs, and switching the non-real-time operating system back to the RTOS operating system.
8. The trustzone-based system for improving instantaneity of a non-real-time operating system of claim 4, wherein: the system is a vehicle-mounted end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710850598.7A CN109522099B (en) | 2017-09-20 | 2017-09-20 | Method and system for improving instantaneity of non-instantaneity operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710850598.7A CN109522099B (en) | 2017-09-20 | 2017-09-20 | Method and system for improving instantaneity of non-instantaneity operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109522099A CN109522099A (en) | 2019-03-26 |
| CN109522099B true CN109522099B (en) | 2023-03-31 |
Family
ID=65768470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710850598.7A Active CN109522099B (en) | 2017-09-20 | 2017-09-20 | Method and system for improving instantaneity of non-instantaneity operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109522099B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110210214A (en) * | 2019-06-03 | 2019-09-06 | 成都海光集成电路设计有限公司 | Processor core partition method and device |
| CN110727461A (en) * | 2019-10-12 | 2020-01-24 | 深圳市芯智科技有限公司 | Method for transplanting real-time operating system for display |
| CN111414626B (en) * | 2020-04-01 | 2023-09-26 | 中国人民解放军国防科技大学 | Real-time guaranteeing method and system based on TEE expansion |
| CN113268082B (en) * | 2021-06-03 | 2022-09-06 | 一飞(海南)科技有限公司 | Method and system for fast downloading, storing and acquiring dance step waypoints in formation of unmanned aerial vehicles |
| WO2023216250A1 (en) * | 2022-05-13 | 2023-11-16 | 北京小米移动软件有限公司 | Security system and electronic device |
| CN114911539B (en) * | 2022-05-17 | 2024-05-14 | 武汉深之度科技有限公司 | Starting method of running system and computing equipment |
| CN115993996B (en) * | 2023-03-22 | 2023-06-09 | 南京芯驰半导体科技有限公司 | Method and system for realizing sleep mode based on RTOS |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1997966A (en) * | 2004-07-06 | 2007-07-11 | 茵姆拜迪欧有限公司 | Method and system for concurrent excution of mutiple kernels |
| WO2009095812A1 (en) * | 2008-01-28 | 2009-08-06 | Nxp B.V. | Dual operating systems on a single processor |
| CN104252369A (en) * | 2013-06-27 | 2014-12-31 | 上海博泰悦臻电子设备制造有限公司 | On-board equipment and dual-system backup method and device of on-board equipment |
| CN105793821A (en) * | 2014-11-13 | 2016-07-20 | 联发科技股份有限公司 | Dual-system architecture with fast recovery and switching of operating system |
| CN106406991A (en) * | 2016-08-30 | 2017-02-15 | 西安航天华迅科技有限公司 | Operation method of ThreadX operation system on ARM processor |
-
2017
- 2017-09-20 CN CN201710850598.7A patent/CN109522099B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1997966A (en) * | 2004-07-06 | 2007-07-11 | 茵姆拜迪欧有限公司 | Method and system for concurrent excution of mutiple kernels |
| WO2009095812A1 (en) * | 2008-01-28 | 2009-08-06 | Nxp B.V. | Dual operating systems on a single processor |
| CN104252369A (en) * | 2013-06-27 | 2014-12-31 | 上海博泰悦臻电子设备制造有限公司 | On-board equipment and dual-system backup method and device of on-board equipment |
| CN105793821A (en) * | 2014-11-13 | 2016-07-20 | 联发科技股份有限公司 | Dual-system architecture with fast recovery and switching of operating system |
| CN106406991A (en) * | 2016-08-30 | 2017-02-15 | 西安航天华迅科技有限公司 | Operation method of ThreadX operation system on ARM processor |
Non-Patent Citations (1)
| Title |
|---|
| ARM TrustZone的轻量级嵌入式虚拟化架构;王亮;《华侨大学学报(自然科学版)》(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109522099A (en) | 2019-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109522099B (en) | Method and system for improving instantaneity of non-instantaneity operating system | |
| US6587937B1 (en) | Multiple virtual machine system with efficient cache memory design | |
| US7421533B2 (en) | Method to manage memory in a platform with virtual machines | |
| JP5497923B2 (en) | Redirection of interprocessor interrupts in system management mode | |
| US8234430B2 (en) | Apparatus and method with controlled switch method | |
| KR101920980B1 (en) | Access isolation for multi-operating system devices | |
| US10754991B2 (en) | Method to isolate real-time or safety-critical software and operating system from non-critical software and operating system | |
| KR20140038160A (en) | Method for updating ecu in system based on autosar and apparatus for the same | |
| US20210389966A1 (en) | Micro kernel based extensible hypervisor and embedded system | |
| US20230333935A1 (en) | Quick start method | |
| CN110858164B (en) | Inter-process communication method, device and computer readable medium | |
| US9910677B2 (en) | Operating environment switching between a primary and a secondary operating system | |
| CN116521324B (en) | Interrupt virtualization processing method and device and electronic equipment | |
| JP6679419B2 (en) | Memory protection unit, memory management unit, and microcontroller | |
| EP2819023A1 (en) | Computing device, access management method, and access management program | |
| EP4187374A1 (en) | Kernel restarting method | |
| JP2001236237A (en) | Method for constituting multi-os | |
| CN114253681A (en) | Interrupt registration and sharing management method and electronic equipment | |
| Hamayun et al. | Towards hard real-time control and infotainment applications in automotive platforms | |
| KR101334842B1 (en) | Virtual machine manager for platform of terminal having function of virtualization and method thereof | |
| WO2006081094A2 (en) | Deterministic microcontroller | |
| EP4372551A1 (en) | Virtual machine management method and related system, and storage medium | |
| JP7444994B2 (en) | System-on-chip that operates multiple CPUs of different types and its operating method | |
| CN115993996B (en) | Method and system for realizing sleep mode based on RTOS | |
| US20230161600A1 (en) | Kernel reboot method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |