Complex vehicle systems often consist of many highly specialised embedded components with mixed criticality. In automotive system architectures, Signal- and Service-Oriented ECUs exist as equal participants on automotive ethernet bus systems. While Signal-Oriented ECUs are often subject to safety-critical requirements (up to ASIL-D), Service-oriented ECUs, mainly serve non-critical or compute-intensive systems with low criticality. For this purpose, multi-core systems with high computing power are used (e.g., NXP S32G).
As a consequence of their criticality, hard real-time requirements are placed on Signal-Oriented ECUs, but the overall complexity of the special-purpose software is is of a manageable size. Hence, they are often driven by small microcontroller systems (e.g., Cortex-M), together with an OSEK-compliant real-time operating system.
In this project, we focus on fail-operational scenarios. We investigate, how dynamic hardware partitioning (in contrast to the well-known static hatdware partitioning) can be used to create fail-operational architectures: In case of failures of Signal-Oriented ECUs, the Service-Oriented ECUs shall – on-the-fly – migrate mission-critical aspects of the Signal-Oriented ECU. This is realised by dynamic repartitioning of the Service-Oriented ECU during runtime with the Jailhouse hypervisor.