Leading the Embedded World


The modern vehicle is becoming not just a rolling computer, but a rolling network. Software complexity and the number of vehicle networks—internal and external—are growing far beyond the traditional closed network, exposing life-critical vehicle domains to safety and security risks.

modern automotive gateway must separate networking protocols

The modern gateway must route, separate, and translate a growing number of networking protocols—some directly influencing life-critical vehicle functions.

More networks—more vulnerability

In recent years, the explosive growth of automotive electronics has fueled a revolution in the electrical networks within the vehicle. What started out as a closed CAN network on simple MCUs has become a complex system of operating systems and heterogeneous networks—some with IP addresses connected to the internet.

vehicle gateway controller is responsible for the fast and deterministic data routing and translation over networks between various vehicle domains such as ADAS or IVI. With the advent of the connected car, the modern gateway is now also responsible for acting as an intelligent gatekeeper for all data entering the vehicle and for secure over-the-air (OTA) software updates.

All in all, the gateway oversees internal networks (CAN, LIN, Ethernet, Ethernet AVB/TSN, DoIP, SOME/IP, RTP/RTCP, gPTP, FlexRay, MOST, HDMI, USB, DDS) and external networks (DSRC, cellular, satellite, WiFi, Bluetooth, Remote Keyless Entry) spanning all vehicle domains. Because some of this data is used by life-critical systems, the gateway must possess the highest security levels.

gateway defense-in-depth security

At the nexus of a vehicle’s networks, the modern gateway must employ defense-in-depth security to protect both network data and domain controllers.

Security through separation

The gateway run-time software architecture must be safe, secure and scalable. The Green Hills Platform for Secure Gateway is built on INTEGRITY® real-time operating system (RTOS) technology, certified at the world’s highest safety and security levels. The certified INTEGRITY separation kernel isolates critical networking and security tasks from each other and from guest operating systems such as Linux and Android, running on the same core or multiple cores. In addition, AUTOSAR applications can be run in their own partitions, giving system designers more flexibility to build scalable systems.

  • INTEGRITY RTOS—provides proven reliability and separation with unmatched Common Criteria EAL 6+ security credentials, ISO 26262 ASIL D safety certification and is incorporating the latest automotive cybersecurity standards as defined by ISO/SAE 21434 CAL 4 and UNECE WP.29 CSMS. INTEGRITY provides guaranteed system resources to assure CPU time and memory resources will always be available to tasks, even when faced with malicious or unintended events.
INTEGRITY RTOS gateway architecture

The INTEGRITY RTOS and Multivisor secure virtualization service isolates critical networking and security tasks from other tasks, guest operating systems, and AUTOSAR applications, providing a secure, safe, and scalable architecture ideal for ASIL-certified systems.

  • INTEGRITY Multivisor 64-bit secure virtualization and separation technology—allows ISO 26262-certified applications to concurrently run alongside general-purpose applications or guest operating systems (Linux, Android, others) with freedom-from-interference and guaranteed system resources. As a lightweight secure virtualization service of INTEGRITY, it inherits the safety and security advantages of the INTEGRITY architecture: separation, determinism, fast-boot and multicore control.
    • Safely share peripherals, such as GPUs, between critical tasks and guest operating systems
    • Highly configurable virtualization platform allows users to seamlessly configure peripheral routing and utilization between INTEGRITY RTOS and guest operating systems
    • Maximum virtualization performance by utilizing Arm Architecture virtualization extension (VE) and Intel Virtualization Technologies (Intel VT-x and VT-d), for both 32- and 64-bit processors from all leading automotive processor manufacturers
  • Advanced Software Development Tools—including MULTI IDE, Optimizing C/C++ compilers, ISO 26262 ASIL C/D qualification, MISRA C Adherence Checker and other integrated tools to produce automotive-grade code that runs at the highest possible execution speed. The MULTI multicore debugger enables a single debugger instance to simultaneously debug Linux and INTEGRITY RTOS kernel code, apps and device drivers. The Green Hills connects MULTI to the target for board bring-up, reverse-execution trace debugging and multicore run control.

Secure boot, storage, transmissions and OTA

The Platform for Secure Gateway is integrated and tested with the Embedded Cryptographic Toolkit and network stacks from INTEGRITY Security Services (ISS) to protect device software, data, and communication. ISS offers a complete set of standards-based, platform-agnostic security protocols with FIPS 140-2 compliant, Suite B, cryptographic services for securing the modern gateway ECU:/p>

  • secure boot, including trust anchor provisioning and software signing
  • secure data-at-rest with encrypted key storage, integrated and optimized to the gateway processor
  • secure network communication with SSL, TSL, IPSec, SSH
  • secure OTA for digitally signed updates for gateway firmware
ISS Device Lifecycle Management

The ISS Device Lifecycle Management System is a high-assurance infrastructure for real-time generation of gateway keys and credentials to protect digital assets across all lifecycle phases.

For manufacturers of gateway ECUs, the Device Lifecycle Management System (DLM), is a cloud-based key management infrastructure enabling the secure generation, distribution and tracking of keys and secure credentials through the supply chain.

Simple and scalable high-performance AUTOSAR support

As new features and demands for safety, security, and efficiency challenge traditional vehicle electronic architectures, the AUTOSAR software framework plays a key role in managing the growing complexity of ECUs and their software. As a Premium Partner of AUTOSAR since 2005, Green Hills provides both development tools and run-time environments for the safe and secure use of AUTOSAR Classic and AUTOSAR Adaptive.

Advanced AUTOSAR-aware multicore software development

Green Hills has developed and optimized the next generation of tools and techniques for customers who are developing, debugging, optimizing, integrating, testing and delivering complex AUTOSAR-based solutions. The advanced MULTI IDE offers:

  • ISO 26262 safety-certified development tools and C/C++ run-time libraries
  • advanced debugging of multiple software components running on multiple AUTOSAR Classic and/or Adaptive environments from various vendors, even across heterogenous cores on complex multicore SoCs
  • advanced time-synchronized system viewing that is OS and trace log agnostic with minimal intrusion
  • run forward and backward in time to find the most difficult bugs

Safe and secure execution

The INTEGRITY RTOS and its Multivisor secure virtualization provide the certified separation and guaranteed hardware resources to applications and their AUTOSAR components, including safety and security tasks, drivers, middleware, guest operating systems and AUTOSAR operating systems. The resulting freedom-from-interference is a vital feature to safely and securely run these complex mixed-ASIL software components with determinism, across multicore heterogenous SoCs.

For AUTOSAR Classic, the INTEGRITY RTOS executes one or more AUTOSAR Classic environments in virtual address spaces/containers across one or more cores on a high-performance multicore application processor. No virtualization is required. This means customers have the flexibility to incorporate and run their own AUTOSAR Classic asset, an OEM’s AUTOSAR Classic asset or a third-party asset without compromising the platform’s performance, safety architecture or security.

INTEGRITY architecture for AUTOSAR Classic

AUTOSAR Classic run-time environments execute natively on INTEGRITY without requiring virtualization support.
Click for a larger view.

For AUTOSAR Adaptive, Green Hills again leverages the INTEGRITY RTOS’ certified separation architecture and policies to natively run AUTOSAR Adaptive, as compared to other vendors that must rely on less secure virtualization for system separation. As a result, customers eliminate the significant complexities, performance overhead, security impacts, and development and debug challenges that come with using a hypervisor platform approach to AUTOSAR Adaptive in vehicle electronics designs.

INTEGRITY architecture for AUTOSAR Adaptive

With its separation architecture, the INTEGRITY RTOS also natively executes AUTOSAR Adaptive. Click for a larger view.

Platform components

Scalable Family of Real-Time Operating Systems and Secure Virtualization

  • Safe — The safety certified INTEGRITY RTOS technology is certified to the highest safety levels for ISO 26262 (ASIL D) and IEC 61508 (SIL 4)
  • Secure —INTEGRITY RTOS technology is certified to the highest security level ever achieved for any software product—Common Criteria SKPP, EAL 6+ High Robustness—and is incorporating the latest automotive cybersecurity standards as defined by ISO/SAE DIS 21434 CAL 4 and UNECEVR EZP.29 CSMS
  • FlexibleINTEGRITY Multivisor securely and safely runs guest operating sWems alongside critical applications
  • Deeply embeddedµ-velOSity microkernel offers a tiny footprint and simple programming model for microcontroller architectures.
    The µ-visor virtualization solution for microcontrollers features robust hardware-enforced software separation, multi-OS support, and real-time efficientcy to safely and securely consolidate critical workloads on resource-constrained processors
  • Open — Automotive application programming interfaces to OSEK, AUTOSAR and POSIX

Middleware components

  • Automotive connectivity including CAN, Ethernet AVB/TSN, DoIP, SOME/IP, RTP/RTCP, gPTP Slave/Bridging, Wireless, USB, Bluetooth, and IPv4/v6 TCP/IP stack
  • Graphics and UI Kits for 2D, 3D, OpenGL, Qt Commercial, Rightware Kanzi, Altia Design, DiSTI GL Studio, Crank Storyboard, CGI Studio, HTML5
  • Internet application offerings including web servers, HTML5, email and HTTP clients
  • File systems featuring partition journaling, wear leveling flash storage and more
  • Embedded firewall
  • Secure communications protocols—SSL, SSH, IPSec, IKEv2, HTTPS, FIPS 140-2, Suite B crypto

Software Development tools

  • MULTI IDE and Green Hills toolchain are qualified to the highest functional safety levels, including ISO 26262 (ASIL D) and IEC 61508 (SIL 4) and EN 50128 (SIL 4)
  • Green Hills Optimizing Compilers for C, C++, and Embedded C++ generate the fastest and smallest production-quality code on a broad range of automotive processor architectures
  • MULTI IDE includes multicore debugger, profiler, simulator, run-time error checking, project builder, editor and much more
  • TimeMachine revolutionary debugging suite. Run and step an application back in time to find even the most difficult bugs in minutes
  • MISRA C Adherence Wizard for building in code quality at the time of compilation
  • DoubleCheck integrated static source code analyzer
  • Integration with MathWorks' Embedded Coder and Simulink for modeling, simulation and PIL testing

Hardware Development tools

  • Green Hills Probe V4 for multicore hardware bring-up, low-level debugging and trace-powered analysis tools


  • Embedded Cryptographic Toolkit provides FIPS 140-2 compliant services for securing embedded devices through secure boot, secure data storage, secure networks (SSL, TSL, IPSec, SSH) and digitally signed secure OTA firmware updates

Device Lifecycle Management (DLM)


Rich ecosystems for secure gateway

Green Hills understands the value of providing integrated, total solutions directly to its gateway customers. Besides offering the industry’s most comprehensive solutions, we have partnered with best-in-class technology providers to integrate their complementary products, including:

  • accelerated 2D and 3D graphics and UI kits
  • automotive connectivity
  • operating systems and frameworks including Linux, Android, AUTOSAR and ROS
  • applications development and services
  • co-simulation and co-verification
  • databases and storage including embedded databases and flash devices
  • code quality, test and management including automated testing & code coverage analysis tools
  • application modeling & simulation for building and evaluating applications early in the software lifecycle
  • network protocols and security for communication within the vehicle network and to the external world
  • intrusion detection and prevention systems (IDPS)
  • automotive processors from leading semiconductor manufacturers

For a complete list of ecosystem partners for Green Hills Platforms for Automotive click here.

Green Hills Software Automotive Gateway Partners