Relocating that hardware – specifically
the radio technology – into the
home gateway is relatively straightforward.
More challenging however is the
massive software integration exercise
this creates. Diverse IoT ecosystems,
such as home security, smart lighting
and e-healthcare, must now be combined
within the gateway, each requiring
multiple standards, each with their own
resource requirements, and possibly
even using different operating systems.
And this doesn’t even begin to factor in
the extended development time due to
quality assurance and testing. In summary,
it’s complicated!
But this assumes a single software
environment that maintains essential
core gateway functions alongside smart
home services such as home security,
smart lighting, and e-healthcare solutions.
The challenge is providing a
secure environment in which all these
applications can coexist and run independently
within the home gateway. In
essence, we need a new architecture:
one that is flexible enough to enable all
use-cases, easy to develop software for,
simple to test and validate, extensible so
as to offer new services, and one which
also provides enhanced security. We
need virtualization.
ENTER THE VIRTUALIZED WORLD
Virtualization has been employed in the
enterprise server market for many years
with the notion that a single server can
run multiple software environments and
services simultaneously, and by doing
so reduce the associated running costs
and capital expenditure on the hardware.
Imagination has uniquely integrated the
same technology into its entire line-up
of MIPS processors, from the entry-level
to the high end of embedded systems.
MIPS CPUs offer full hardware virtualization,
where the chip itself provides all
elements necessary to securely boot the
system and maintain several virtualized
environments, each completely isolated
from one another, backed by supremely
fast context-switching – all of which are
essential in the embedded environment.
In a virtualized system a privileged
piece of code called the hypervisor is run
in place of the native operating system.
This is established through the usual
mechanisms of secure boot managed by
hardware-enforced root-of-trust, which
guarantees that the hypervisor is the first
trusted code to execute on the processor.
The hypervisor manages access to
all processor cores and resources in the
system including peripherals, the radio
Wireless Infrastructure
Figure 2: Smart home gateway using virtualization with multiple services running
concurrently sharing the same hardware platform.
communications and external memory; it
enables the creation of virtual machines,
or “containers”, each running an independent
software environment. With such a
system based on the MIPS architecture,
it is possible to create up to 31 virtual environments
on the I-Class cores designed
to target this application. Through the
hypervisor, multiple operating systems
can run concurrently, each in its own isolated
virtual environment; each behaving
as if it had direct access to the underlying
hardware and memory subsystem.
In the context of a home gateway,
this architecture allows for the essential
core gateway software to run in its own
container. The system can then introduce
additional containers for smart home services,
each of which is secure and isolated
from every other service, all of which
believe they are running natively on the
hardware. This means that services can
use disparate operating systems, whichever
are appropriate. They no longer have
to use a common kernel or driver set, so
can be running different versions of Linux
if necessary; alternatively one or more
services might employ a real-time operating
system (RTOS). These can each run
alongside the existing services unaltered
with no requirement to port them to a
common operating system.
In our example, we have the core
gateway software running securely in
its own virtualized environment. Another
container is running concurrently,
managing a home security system
based upon a RTOS. The third container
provides a home control service such
as smart lighting and heating. Access
to the radio resources on the gateway
(be this Wi-Fi, ZigBee, Bluetooth, etc.)
is multiplexed by the hypervisor. This allows
services to use single unified radio
frequencies and improves utilization of
the existing radio spectrum.
The architecture is flexible and extensible,
allowing up to 31 containers to be
created or destroyed as services as added
or removed. Imagination already has
companies building a solution whereby
the broadband side of the gateway is
maintained separately from the home
Wi-Fi and ZigBee networks. This brings
an opportunity for firmware updates on
either side while the gateway remains
operational. New IoT services may be
introduced without detriment to existing
www.mwee.com September 2017 MW 13
