Abstract: In the development trend of integrated, intelligent and low power consumption of mechanical missile equipment, ARM series processors have been widely used in embedded system design in recent years. Among them, ARMv7's VMSA (Virtual Storage System Architecture) supports virtualization expansion, security extension and large physical address expansion, enabling multi-virtual machine operation or partitioned operating system implementation with hardware system support. Complex embedded devices can be embedded in a new generation. The processor completes system integration and miniaturization. This paper mainly studies the application structure changes of the extended VMSA memory management in the ARMv7-A architecture, and analyzes its application on the airborne equipment, which provides technical support for the ARM processor in the application of airborne equipment. .
0 Preface
With the development of microelectronics and computer technology, the performance of embedded devices is getting higher and higher, the functions are more and more complex, the complexity of onboard electronic devices is getting higher and higher, more sensors are needed, and more integration is needed. Signal processing modules and various other application modules. The integration of electronic devices integrates multiple functional units onto a single circuit board to reduce the size and weight of the device, achieving low power consumption, small size, low cost, and high integration [1].
The new embedded device uses a high-performance general-purpose processor, and the integrated airborne device supports applications of different security-critical levels to share the same set of hardware resources, and provides a security mechanism to ensure that applications are isolated from each other. The system should not only have high-performance computing power and scalability, but also features security, reliability, low cost and low power consumption. In general, embedded devices in the aerospace industry often use microprocessors such as PowerPC series processors or DSPs. However, with the upgrade of the ARM processor architecture, in addition to the increasingly powerful performance, some additional increases are realized in the kernel. The extension, in which security extension, virtualization extension technology meets the technical requirements of embedded devices for security and reliability, and with its powerful computing power and highly integrated hardware design, brings more development to avionics electronic products. possibility.
This paper takes the virtual storage system architecture (VMSA) in ARMV7A as the research object, and analyzes the implementation of MMU technology that introduces the security extension, virtualization extension, and large physical address extension (LPAE) VMSA architecture, and based on the processor. Virtualization applications for research and outlook.
1 Introduction to VMSA
1.1 Introduction to VMSA Storage Management
The address at which the ARM processor performs a memory access is converted to a process of mapping one address to another, such as mapping VA to IPA, or mapping VA to PA. In the ARMv7 architecture, two storage management architectures are defined, including the VMSA storage architecture for the ARMv7-A architecture series and the PMSA (Protected Memory System Architecture) for the ARMv7-R series [2].
ARMv7 defines the mechanism of address translation through a conversion table. The conversion table base address register indicates the starting position of the conversion table [3]. Use the system control coprocessor for storage management, realize the mapping of virtual storage space to physical storage space, and the allocation of storage space access rights and buffer characteristics. The implementation method is mainly through the page table descriptor in memory, in the system control association. The base address of the page table is saved in the processor. When the MMU is enabled, all access operations initiated by the processor need to pass through the MMU. The address translation process is as shown in FIG. 1 .
In VMSAv7, extensions such as security extensions, multiprocessor extensions, large physical address extensions, and virtualization extensions are included. In the introduction of these extended VMSA, the processor mode is divided into two parts: Secure State and Non-Secure State. The processor core can execute code in common area and security area, and In the safe mode, a processor state is added: Monitor Mode, which can be switched between safe mode and non-safe mode in the monitor mode. In implementations that include virtualization extensions, the processor's privileges are divided into three levels, PL0, PL1, and PL2, as shown in Figure 2. This embedded virtual machine technology is required for electronic systems that require security, stability, and high configurability in complex systems. Avionics also needs to use virtual machine monitoring programs to isolate and improve reliability.
1.2 Extending VMSA Address Translation Mechanism
In the extended VMSAv7, the inclusion of virtualization extensions must include Large Physical Address Extension (LPAE) to support 40-bit physical addresses, which supports two-phase address translation. In the secure state or non-secure PL2, only one-stage address translation is supported. In the non-secure state, when the program is executed in PL1 or PL0, two stages of address translation can be achieved. As shown in Figure 3, the address translation mechanism is different. And the registers used to complete the conversion. The guest operating system uses the virtual address to convert the virtual address to the intermediate physical address (IPA) through the page table provided by the operating system to complete the first phase of conversion, and then use the second stage page table to convert the IPA address into a real physical address. The second stage address translation process and page table are invisible to the guest operating system and are controlled by the virtual machine manager.
2 VMSA extended function research
2.1 Large physical address extended address translation
In the ARMv7 VMSA implementation with large physical address extensions, there are two formats of descriptors, a 32-bit short descriptor table format and a 64-bit long descriptor table format, as shown in Table 1.
2.2 Virtualization extended address translation
Virtualization technology is one of the latest development directions of embedded systems. Through virtualization technology, the same processor can execute multiple virtual machines (VMs), allowing multiple operating systems to be stored on the same hardware platform and having system security. Protective characteristics [4]. ARMv7 and ARMv8 architectures for ARM processors introduce hardware virtualization extensions, and hardware-assisted, fully virtualized solutions enable significant improvements in virtual machine performance on the ARM platform, with limited interfaces available through hypervisors Implement isolation, control system behavior, and set security policies to protect critical data objects and kernel execution processes. The permissions are higher than the privileges of the guest operating system and can effectively detect malicious behavior in the kernel of the guest operating system.
In the ARMv7A architecture, a hyp mode has been added that has higher privileges than the operating system's svc mode. Therefore, all privileged instructions executed in the management mode are automatically captured and control is transferred to the virtual machine monitor in the virtualization mode. At the same time, the state of the registers in the management mode is saved so that it can be read when it is returned.
The Fast Context Switching Mechanism (FCSE) is no longer used in ARMv7-A, which is not suitable for storage management of multi-core processors. Based on the ASID, the VMSA adds a virtual machine ID (VMID) to ensure that the Cache is consistent during virtual machine switching or thread switching. Therefore, each context switching processor only needs to save certain Mode-specific registers are also more flexible on the basis of guaranteed performance.
To better support virtualized applications, a two-stage address translation mechanism is provided in an MMU implementation that includes virtualization extensions. The first phase of the transformation is implemented by the virtual machine operating system, which defines the conversion of its virtual address to the internal physical address (IPA). The second phase of address translation is implemented by the virtual machine manager, which sets the internal physical address of the virtual machine. Converted to a physical address, you can also implement the access control of the guest operating system to the memory by configuring the attribute control bits in the Stage 2 conversion page table entry. Through this mechanism, the virtual machine manager can remap the address mapping of the virtual machine, map the physical address of the client to the physical address of the machine, and the conversion of the second phase is invisible to the virtual machine operating system. In VMSA with virtualization extensions, storage management has the following characteristics:
(1) In order to reduce the maintenance operation of the TLB, the VMSA distinguishes the global page and the thread related page, the ASID represents the page related to the specific thread, and the TLB maintenance operation is not required when the thread switches;
(2) The VMID is associated with a specific virtual machine. The TLB entry contains VMID information, that is, the virtual machine does not need to refresh the TLB. For the phase 2 conversion, all conversions are related to the VMID without the concept of a global page.
2.3 Secure Mode Extended Address Translation
The integrated on-board embedded device only needs to process some key data in some applications, and needs to consider the security of the device. ARM has proposed a corresponding solution, that is, TrustZone technology, which can resist many specific attacks and improve the security and reliability of the system. [5]. In an implementation that includes a security extension, the address space is divided into a secure or non-secure address space, and the processor operating mode is also divided into a secure environment (Secure world) and a normal environment (Normal). Avionics uses trusted computing technology in mission-critical systems, making critical tasks in the security environment inaccessible to components of the general environment.
After introducing security extensions into the processor, VMSA's security extension provides two physical address spaces: a secure physical address space and a non-secure physical address space. For the address translation of PL1&0 Phase 1, the conversion table base address registers TTBR0, TTBR1 and TTBCR are grouped in the secure and non-secure states. When the processor is in a secure state, it stores a register that accesses the corresponding state, uses a version of the independent secure and non-secure conversion table, and the conversion table searches for the translation table address space corresponding to the security state.
3 Extended VMSA Application Research
With the upgrade of the ARM processor hardware architecture, the extended VMSA provides virtualization extensions, security extensions, and large physical address extensions, providing different applications for hardware-based virtualization, mainly for the following applications.
3.1 Standard virtual processing module for multiple virtual machines
Based on the support of ARM virtualization extension and security extension, the hardware virtualization technology and system security issues are combined. The virtual machine management program can effectively manage multiple virtual operating systems, and implement multiple hardware modules in standard processing. The virtual operating system's shared access to the standard underlying hardware facilitates the functional integration of multiple different devices, reduces overall power consumption, and provides system reliability.
Virtualization enables the following applications:
(1) Manage multiple virtual machines on a common processor platform, and run multiple operating systems at the same time to achieve rapid integration of multiple modules [6];
(2) Transplanting multiple systems with smaller loads to other unified hardware platforms through virtualization;
(3) Based on security considerations, isolate the services and kernels that are vulnerable to security attacks and provide protection;
(4) Run different operating systems of different functions, and provide different services by different operating systems.
3.2 Based on the standard general processing module partition operating system
With the application and development of the integrated modular avionics architecture, its software architecture adopts a partitioned software architecture concept that conforms to the ARINC 653 standard, which requires that each partition of the operating system be spatially isolated from each other, when a partition has problems. When it does not affect other partitions.
On the standard universal module that extends the VMSA architecture, the virtualization and partition operating systems are combined, and the unified hardware platform is used to implement the partition operating system. The virtualization mechanism provided by VMSA is fully utilized to map the ARINC 653 partition to a virtualization-based system. The virtual machine running in the processor module can guarantee the performance of the partition switching and the Cache consistency, and reduce the coupling degree of the application software [7].
4 Conclusion
The need for integrated development of embedded devices requires the use of extended functions added to the MMU in the ARMv7-A architecture to achieve device integration and security isolation. In this paper, the address translation mechanism of VMSA is studied firstly. Based on this, the address translation mechanism including security extension, virtualization extension and large physical address extension is analyzed. Finally, the application of VMSA is analyzed in the application of device integration. . It has certain application value for the design and development of embedded devices based on ARM platform.
Single point load cells are a type of weight sensor, also know as parallel beam Load Cell, It will offer high accuracy and high reliability, they are widely used in small bench scales,platform scales, medical scales, light capacity filling machines packaging machines and other weighing devices.
Single Point Load Cell,high accuracy load cell,High Precision Load Cell,Load Cell Meter,Planer beam load cell
GALOCE (XI'AN) M&C TECHNOLOGY CO., LTD. , https://www.galoce-meas.com