Posted by John McHale
BOSTON, 22, Sept. 2010. LynuxWorks announced at the Embedded Systems Conference in Boston the availability of LynxSecure 4.0 on the Core i7 family from Intel, enabling operating systems to run securely on the multiple cores in embedded systems.
LynxSecure is not an anti-virus software or malware detection program, it essentially "performs malware containment," says Robert Day, vice president of marketing at LynxWorks in San Jose, Calif. In other words if malware affects one operating system (OS) or real-time operating system (RTOS) running on one of the Intel cores, LynxSecure prevents it from infecting the other operating systems, he adds.
For example a potential Core i7 platform could have Windows running one Core, Linux on another, and LynxOS RTOS on the other two, Day continues. If Windows is hit with a virus or other malware as it quite often is, LynxSecure will partition the other operating systems and prevent them from getting infected.
Day says he sees the LynxSecure/Intel Core i7 combination as an ideal application for High Mobility Multipurpose Wheeled Vehicle (HMMWV) command and control units. For example, the most secure, mission critical systems within the HMMWV would run on LynxOS on one or two cores, while Windows or Linux handles lesser critical systems, he continues. The LynxSecure partitions the difference systems so that if the Windows OS gets hit with malware it does not more mission critical operations, Day adds.
Within a multi-core system the performance drain that is often seen when running antivirus software to clean-up after an attack will be mostly negated, Day says. For example, the LynxOS RTOS would be running on one core and an infected Windows system is running on a separate core -- therefore the anti-virus software will only slow the Windows operation, he explains.
The advanced software virtualization in LynxSecure is integrated with the hardware-virtualization technologies, such as vt-x and vt-d, on the Intel processors to give native performance and functionality of all the OSes that are running as guests.
Another key feature that LynxSecure offers is the ability to run guest OSes that have symmetric multi-processing (SMP) capabilities. The new quad-core devices from Intel makes this feature a reality by allowing one of the guest OSes to run across multiple cores. For embedded systems that require a sophisticated user interface coupled with networked connectivity, and also hard real-time data response, the combination of LynxSecure with the quad-core Intel Core i7 processor allows all of this functionality to be easily developed, or migrated from existing systems.
LynxSecure supports a wide range of commercial boards and the initial port to the Intel quad-core Core i7 uses Intel's Customer Reference Board (CRB). The CRB allows embedded customers to evaluate the latest hardware and software technology and begin the porting process for their software systems while either building their own custom hardware or making the selection of commercial hardware platforms.
The tool gives developers the ability to run virtualized guest OSes either para-virtualized, such as Linux or the LynxOS RTOS for ultimate performance, or fully virtualized and unmodified, like the Microsoft Windows OS for complete compatibility. When using multicore processors, these virtualized guest OSes can share a single core, be given dedicated access to a core, or a guest OS can run in SMP mode across multiple cores.
Taking advantage of the hardware virtualization capabilities of the Intel Core i7, LynxSecure offers the ability to run guest OSes at near-native performance. It enables an unmodified OS such as Windows to run at much higher performance than other solutions that rely on the traditional emulation-layer approach. LynxSecure also offers built-in virtual networking, allowing Windows applications to seamlessly communicate via TCP/IP with other virtualized OSes, such as Linux, running in a separate partition. This inter-partition communication is handled entirely by LynxSecure without modifying the applications or the virtualized OS.