Fig.1 SafeG architecture
1
2
The following are the main properties of SafeG's architecture:
1. It allows running an RTOS and a GPOS concurrently on top of the same processor.
2. RTOS memory and devices are protected from illegal accesses by the GPOS. This is supported by
configuring resources used by the RTOS to be accessible only from Trust state. The remaining resources are
configured to be accessible both from Trust and Non-Trust state.
3. RTOS real-time requirements are guaranteed. Time isolation of the RTOS activities is supported by carefully
allocating two types of interrupt (i.e.: FIQ and IRQ) to each TrustZone state
• FIQ interrupts are forwarded to the RTOS.
• IRQ interrupts are forwarded to the GPOS.
In Trust state, IRQs are disabled so that the GPOS cannot interrupt the execution of the RTOS. For that
reason, the GPOS only executes upon an explicit request by the RTOS. This is achieved through the Secure
Monitor Call (SMC) instruction. On the other hand, during the GPOS execution, FIQs are enabled so that the
RTOS can recover the control of the processor (e.g.: through the FIQ associated to the system timer).
TrustZone is configured to prevent the Non-Trust side from disabling FIQ interrupts.
4. It takes advantage of hardware extensions to achieve very low execution overhead.
5. The GPOS does not require major code modifications. Except for device and memory usage configuration,
the GPOS can be considered to be executed under full virtualization.
6. SafeG's code footprint is extremely small and it runs with interrupts disabled which can smooth critical
system's certification.
Trademark:
DAVE Embedded Systems is a well-established and constantly growing Italian company, focused on designing,
manufacturing and selling of miniaturized embedded systems solutions. Since its foundation, back in 1998, DAVE
1 http://www.toppers.jp/en/imgs/safeg-arch-english.png
2 http://www.toppers.jp/en/
DAVE Srl, via Talponedo, 29/A, 33080 Porcia (PN), ITALY
Tel. +39.0434921215 - Fax +39.04341994030
E-mail: info@dave.eu