Skip to the main content.

LynxElement_White-1

LynxElement: THE INDUSTRY'S FIRST UNIKERNEL

LynxElement is the industry’s first unikernel to be POSIX compatible and available for commercial use. LynxElement is offered as part of the LYNX MOSA.ic software framework, focused on addressing the needs of next-generation of mission-critical systems.

VIEW BENEFITS

LynxElement-Venn-Diagramv2-2-3

 

LynxElement-Banner-1

WHAT IS A UNIKERNEL?

In a unikernel architecture, applications link to the operating system features needed and the compiler will naturally omit unused features. Because unikernels are no longer context switching and subject to being blocked by competing processes, unikernel execution behavior is much easier to observe and characterize. This attribute reduces the burden of multicore timing analysis and makes the safety-certification process more manageable. The intrinsic independence and timing properties of a unikernel make it a better unit of integration to compose systems where the integrity and predictability of a system is simple to verify. 

LynxElement_White-1

LynxElement: THE INDUSTRY'S FIRST UNIKERNEL

LynxElement is the industry’s first unikernel to be POSIX compatible and available for commercial use. LynxElement is offered as part of the LYNX MOSA.ic portfolio of products for a diverse set of mission-critical use cases.

VIEW BENEFITS
LynxElement-Banner-1

THE LYNX UNIKERNEL

Lynx has taken the approach of basing its unikernel product, LynxElement, on its commercially proven LynxOS-178 real time operating system. There is a focus on maintaining compatibility wherever possible between the unikernel and the standalone LynxOS-178 product to enable customers to freely transport applications between each environment. More specifically FACE and POSIX APIs are supported. 

LynxElement runs inside a LynxSecure partition. Multiple unikernels can share a CPU core. Lynx is introducing a new “Unikernel mode”, in addition to Development and Production modes. This allows Lynx to build the full-blown LynxOS-178 and the unikernel product from the same codebase. For the unikernel mode, some partitioning components such as CINIT, HM, VMOS driver, and ARINC are removed. The network stack is optional, with support for PVNET and FIFO. 

The Lynx filesystem, LynxFS, is supported. It also includes a thread-based scheduler, more specifically a priority-preemptive scheduler with POSIX semantics. LynxElement supports two types of drivers:
  • Drivers for physical devices (Serial, Ethernet)
  • Virtual drivers (PVUART, PVNET) 
There is no dynamic device driver support. This eliminates it as an attack vector. Instead, all drivers are linked statically. LynxElement is initially offered for Intel and Arm architectures.
 

Supervisor-Mode

UNIKERNEL PLATFORM DETAILS

The initial offering of LynxElement is centered on Intel and Arm architectures. As an example, a unikernel can run security components like Intrusion Detection Systems (IDS) and Virtual Private Networks (VPN). In the diagram to the right, which shows how this could be implemented on a Xilinx development board, Statistical Anomaly Detectors monitor IP and 1553 traffic. Implementing a data diode and filter on LynxElement enables customers to replace a Linux VM, saving memory space and drastically reducing the attack space.

LEARN MORE

ZCU102-Dev-Board-2

CREATING REUSABLE SOFTWARE ACROSS PLATFORMS

A container is a virtualization unit that contains an application packaged alongside its dependencies. Containers certainly show the way, but for deterministic systems, their reliance on other pieces of the system is a challenge. 

We believe the path is to combine the strengths of two technologies, hypervisors and unikernels, to improve the mechanics and feasibility of real-time composability.
  • Hypervisors, which are used to partition resources and allocate components as individual virtual machines
  • Unikernels, which can be used as the runtime environment for each individual component instead of traditional guest operating systems to improve resource utilization and timing properties

As an analogy, when hardware designers create circuits, there is a timeline associated with how signals propagate through gates, interact with registers, memory and IO, and deliver results that are always consistent. That circuit is characterized by temperature, voltage, and other variables so its exact behavior is predictable in all situations. We see unikernels as being able to offer a similar type of characterizable software unit of composition.

 

BUSINESS BENEFITS

  • Defined software packaged accelerates time to deployment ​

  • Allows for software application reuse into other programs​

  • Improved resiliency to cyber attack

military-personnel

 

aerospace engineer

 

DEVELOPMENT BENEFITS

  • Unikernels allow programs to link in all operating system services in a single address space ​
  • No context switching and not subject to being blocked by competing processes means Unikernel execution behavior is much easier to observe and characterize ​
  • Aligned to industry standard interfaces including ARINC, FACE, and POSIX ​

BUILD CUSTOM SOLUTION

LET'S CONNECT