PSpSys: A time-predictable mixed-criticality system architecture based on ARM TrustZone

Abstract

In mixed-criticality systems, components often have different criticality requirements that must be met. Components with different criticality requirements must be partitioned into independent execution domains with robust inter-domain isolation, in order to prevent interference between domains of different criticality. For the most critical components, timing-predictability and performance/efficiency are key in ensuring the correct execution of critical components. Existing approaches achieve the required inter-domain isolation using either virtualisation technology or a hardware isolation environment. However, these approaches often conflict with the required timing-predictability and performance/efficiency of components with the highest criticality, which originates from (i) the introduction of complicated system architectures; (ii) the neglection of partitioning and multiplexing of I/Os; (iii) the lack of bounded worst-case timing. In this article, we propose a new mixed-criticality system architecture based on ARM TrustZone technology, termed P arallel Sp ace Sys tem ( PSpSys ), which is a timing-predictable system architecture with hardware-level isolation and predictable inter-domain shared I/O management. In addition, an alternative co-processor is also proposed for PSpSys , which significantly improves performance with reduced system complexity. PSpSys therefore can be applied to safety-critical mechatronic systems (e.g. unmanned autonomous systems, field robotics) which perform tasks on different critical levels. Finally, we demonstrate how PSpSys can be exploited to achieve all the required features in real hardware platform (Xilinx ZC706 evaluation board).