RSS
The flagship of our family of operating systems, the INTEGRITY real-time operating system (RTOS), is built around a microkernel architecture that provides embedded systems the only software foundation with total reliability, absolute security, and certified safety. As the world's most highly certified RTOS for safety and security in numerous industries, INTEGRITY sets the standard for real-time operating systems.
For a project's development phase, INTEGRITY is tightly integrated with the MULTI integrated development environment, giving developers advanced multicore development tools that reduce the time to find and fix difficult bugs and to deploy higher-quality code in production systems.
The INTEGRITY architecture supports multiple protected virtual address spaces, each of which can contain multiple application tasks.
Meeting the highest possible requirements
The INTEGRITY RTOS was designed so that developers could ensure their applications meet the highest possible requirements for security, safety, performance, and reliability on application processors through:
- memory-protected separation
- guaranteed processor resources
- hard real-time determinism
- advanced multicore utilization and determinism
- secure hypervisor for hosting Linux, Android and others
- standards-based support for POSIX and AUTOSAR
To achieve this, INTEGRITY uses hardware memory protection to create secure partitions that isolate and protect embedded applications. Secure partitions guarantee each task the resources it needs to run correctly and fully protect the operating system and user tasks from errant and malicious code—including denial-of-service attacks, worms, and Trojan horses. Unlike other memory-protected operating systems, INTEGRITY never sacrifices real-time performance for security and protection.
Guaranteed security
The INTEGRITY RTOS provides all the capabilities embedded designers need to enforce the policies of separation, damage limitation, and information flow control. INTEGRITY also provides networking and the latest security protocols for today’s connected applications.
The INTEGRITY separation kernel architecture provides a highly robust mechanism to separate security-critical functions. The INTEGRITY-178 RTOS has been certified to EAL 6+ High Robustness, the most rigorous Common Criteria security evaluation achieved for a commercial operating system.
INTEGRITY protects against damage from errant or malicious code by preventing processes from writing beyond assigned memory regions. In addition, the INTEGRITY partitions prevent unintended access to data from outside the partition where the data resides.
Architected for reliability
Traditional operating systems can crash, lock up, or execute uncontrollably, resulting in costly consequences—a lost satellite, a stalled car, a failing medical monitor. But the INTEGRITY RTOS protects both critical applications and itself from the malfunctions that can lead to these failures.
To do this, INTEGRITY provides guaranteed system resources that ensure that CPU time and memory resources will always be available to individual processes, no matter what any other process attempts to do.
Malicious or unintended events can deny access to system resources and keep system processes from running as intended. To prevent these denial-of-service attacks, INTEGRITY can assign fixed budgets of CPU time and memory to each process. By guaranteeing a time window for a particular process, these fixed budgets also preserve the integrity of other processes by preventing running tasks from executing beyond their window.
Hard real-time determinism
INTEGRITY is a true, hard real-time operating system that never sacrifices real-time performance for security and protection. The INTEGRITY RTOS always services the highest priority interrupt with absolute minimum latency.
All INTEGRITY kernel services have been optimized to minimize the overhead of system calls. System calls can be suspended to allow others to execute. INTEGRITY uses a real-time scheduler that supports multiple priority levels and enables complete control over CPU percentage allocation.
Meeting critical deadlines
With the INTEGRITY RTOS, the kernel uses only the CPU time resources the system designer specifies to perform services requested by the application. Another way INTEGRITY guards against unexpected execution times and provides determinism is by bounding kernel service times regardless of any actions performed by the application.
Scheduling by partitions
The INTEGRITY-178 tuMP multicore RTOS provides the system integrator full flexibility in choosing the software multiprocessing architecture, ranging from simple asymmetric multiprocessing (AMP) to modern symmetric multiprocessing (SMP) to bound multiprocessing (BMP) for the highest combination of determinism and utilization. Some form of BMP is required to meet the latest revision of ARINC 653 Part 1 Required Services, Supplements 4 & 5. INTEGRITY-178 tuMP is the only RTOS that provides SMP and BMP capabilities as part of ARINC 653 support at DAL A.
The time-variant capability of INTEGRITY-178 tuMP allows different bindings of applications to cores in different partition time windows.
Guaranteed memory resources
The INTEGRITY RTOS protects memory many ways:
- from exhaustion
- from damage
- from unauthorized access
The INTEGRITY RTOS’ unique memory quota system keeps one address space from exhausting the memory of any other. To prevent kernel memory exhaustion, INTEGRITY requires that kernel memory is not used for messages, semaphores, or other kernel objects created in response to process requests. Instead, the kernel performs all services requested by a process using the memory resources specified by the system designer for that specific application.
Multicore & embedded virtualization
INTEGRITY offers compelling options to the software system designer to extract maximum performance and control of multicore processors. The INTEGRITY RTOS’ flexible deployment models include AMP, SMP, and BMP while integrated INTEGRITY Multivisor virtualization technology enables compelling new software architectures for modern multicore SoCs.
Advanced multicore support
The INTEGRITY microkernel architecture is well-suited for multicore processors targeting embedded systems. INTEGRITY provides complete Asymmetrical Multiprocessing (AMP) and Symmetrical Multiprocessing (SMP) while INTEGRITY-178 tuMP also provides Bound Multiprocessing (BMP) for more control over assigned tasks to cores. The options give the embedded system designer ultimate control over multicore utilization and determinism.
When coupled with the advanced multicore debugging features found in the Green Hills MULTI tool suite, developers will reduce their time-to-market while increasing system performance and reliability.
INTEGRITY AMP support
With AMP, one instance of the INTEGRITY kernel runs on each processor core. User applications are separated and stationary on a given core and each core owns its own area of memory. AMP is well-suited for heterogeneous CPUs and offers a potential for higher performance and efficiency than other multicore architectures. It also provides more deterministic behavior while providing the designer control over the choice of where the process will execute.
INTEGRITY secure virtualization
INTEGRITY Multivisor is an optional virtualization service of INTEGRITY that runs guest OSes while delivering the highest levels of safety, security, and performance. It enables mixed-criticality systems to efficiently run Linux, Android or Windows environments beside critical tasks running as native INTEGRITY tasks.
INTEGRITY Multivisor uses the INTEGRITY kernel to safely and securely isolate critical functions from non-critical functions and leverages processor virtualization features for maximum performance, while efficiently managing virtual machines and shared peripherals.
Virtualization is implemented in a virtual machine monitor running in user space, while isolation is delivered by the INTEGRITY separation microkernel running in privileged mode.
INTEGRITY Multivisor safely and securely runs general-purpose guest operating systems alongside critical applications, thanks to the INTEGRITY partitioning microkernel.
INTEGRITY Multivisor supports a broad range of options for peripheral control and sharing between guest OSes and native INTEGRITY functions.
INTEGRITY Multivisor provides flexible and powerful mechanisms for managing cores to meet system requirements. Guest OSes can be statically assigned to cores in Asymmetric Multiprocessing (AMP) mode, or workloads can be dynamically scheduled in Symmetric Multiprocessing (SMP) mode.
Architecture, Processor, and Board Support
The INTEGRITY Architecture Support Package (ASP) provides CPU initialization, exception handling, and fast context-switching for all leading embedded CPU architectures including Arm, Intel, Power and MIPS. INTEGRITY Board Support Packages (BSP) build upon the ASP and provide board-level support of memory, interrupts, accelerators, peripherals and middleware. We frequently add to our list of INTEGRITY BSPs so please contact your local Green Hills Software office to discuss your board support package requirements.
Green Hills Software works extensively with industry-leading commercial off-the-shelf (COTS) board manufacturers to enable INTEGRITY on their boards. Click here for more details.
Ecosystem and middleware
The INTEGRITY ecosystem is focused on safety, security, reliability and real-time performance, encompassing a wide range of middleware and run-time environments.
