LynxElement: THE INDUSTRY'S FIRST UNIKERNEL

LynxElement is the industry’s first unikernel to be POSIX compatible and available for commercial use. LynxElement is offered as part of the LYNX MOSA.ic portfolio of products for a diverse set of mission-critical use cases.

LynxElement-Venn-Diagramv2-2-3

WHAT IS A UNIKERNEL?

In a unikernel architecture, applications link to the operating system features needed and the compiler will naturally omit unused features. Because unikernels are no longer context switching and subject to being blocked by competing processes, unikernel execution behavior is much easier to observe and characterize. This attribute reduces the burden of multicore timing analysis and makes the safety-certification process more manageable. The intrinsic independence and timing properties of a unikernel simply make it a better unit of integration to compose systems where the integrity and predictability of a system is simpler to verify.

THE LYNX UNIKERNEL

Lynx has taken the approach of basing its unikernel product, LynxElement, on its commercially proven LynxOS-178 real time operating system. There is a focus on maintaining compatibility wherever possible between the unikernel and the standalone LynxOS-178 product to enable customers to freely transport applications between each environment. More specifically FACE and POSIX APIs are supported.

LynxElement runs inside a LynxSecure partition. Multiple unikernels can share a CPU core. Lynx is introducing a new “Unikernel mode”, in addition to Development and Production modes. This allows Lynx to build the full-blown LynxOS-178 and the unikernel product from the same codebase. For the unikernel mode, some partitioning components such as CINIT, HM, VMOS driver, and ARINC are removed. The network stack is optional, with support for PVNET and FIFO.

The Lynx filesystem, LynxFS, is supported. It also includes a thread-based scheduler, more specifically a priority-preemptive scheduler with POSIX semantics. LynxElement supports two types of drivers:

Drivers for physical devices (Serial, Ethernet)
Virtual drivers (PVUART, PVNET)

There is no dynamic device driver support. This eliminates it as an attack vector. Instead, all drivers are linked statically. LynxElement is initially offered for Intel and Arm architectures.

UNIKERNEL PLATFORM DETAILS

The initial offering of LynxElement is centered on Intel and Arm architectures. As an example, a unikernel can be used to run security components like Intrusion Detection Systems (IDS) and Virtual Private Networks (VPN). In the diagram to the right, which shows how this could be implemented on a Xilinx development board, Statistical Anomaly Detectors monitor IP and 1553 traffic. Use of a data diode and filter on LynxElement enables customers to replace a Linux VM, saving memory space and drastically reducing the attack space.

ZCU102-Dev-Board-2

CREATING REUSABLE SOFTWARE ACROSS PLATFORMS

A container is a virtualization unit that contains an application packaged alongside its dependencies. Containers certainly show the way, but for deterministic systems, their reliance on other pieces of the system are a challenge.

We believe the path is to combine the strengths of two technologies, hypervisors and unikernels, to improve the mechanics and feasibility of real-time composability.

Hypervisors, which are used to partition resources and allocate components as individual virtual machines
Unikernels, which can be used as the runtime environment for each individual component instead of traditional guest operating systems to improve resource utilization and timing properties

As an analogy, when hardware designers create circuits, there is a timeline associated with how signals propagate through gates, interact with registers, memory and IO, and deliver results that are always consistent. That circuit is characterized by temperature, voltage, and other variables so its exact behavior is predictable in all situations. We see unikernels as being able to offer a similar type of characterizable software unit of composition.

BUSINESS BENEFITS

Defined software packaged accelerates time to deployment
Allows for software application reuse into other programs
Improved resiliency to cyber attack

military-personnel

aerospace engineer

DEVELOPMENT BENEFITS

Unikernels allow programs to link in all operating system services in a single address space
No context switching and not subject to being blocked by competing processes means Unikernel execution behavior is much easier to observe and characterize
Aligned to industry standard interfaces including ARINC, FACE, and POSIX