CN111931193B - Method and system for hardware cooperation during software running environment switching - Google Patents
Method and system for hardware cooperation during software running environment switching Download PDFInfo
- Publication number
- CN111931193B CN111931193B CN202011028475.3A CN202011028475A CN111931193B CN 111931193 B CN111931193 B CN 111931193B CN 202011028475 A CN202011028475 A CN 202011028475A CN 111931193 B CN111931193 B CN 111931193B
- Authority
- CN
- China
- Prior art keywords
- hardware
- software
- environment
- software running
- operating environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012546 transfer Methods 0.000 claims abstract description 13
- 238000012790 confirmation Methods 0.000 claims abstract description 11
- 239000003795 chemical substances by application Substances 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 claims description 7
- 230000003111 delayed effect Effects 0.000 claims description 3
- 230000002860 competitive effect Effects 0.000 abstract description 2
- 238000005457 optimization Methods 0.000 description 8
- 238000013461 design Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000002360 preparation method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/26—Power supply means, e.g. regulation thereof
- G06F1/32—Means for saving power
- G06F1/3203—Power management, i.e. event-based initiation of a power-saving mode
- G06F1/3206—Monitoring of events, devices or parameters that trigger a change in power modality
- G06F1/3228—Monitoring task completion, e.g. by use of idle timers, stop commands or wait commands
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/26—Power supply means, e.g. regulation thereof
- G06F1/32—Means for saving power
- G06F1/3203—Power management, i.e. event-based initiation of a power-saving mode
- G06F1/3234—Power saving characterised by the action undertaken
- G06F1/3287—Power saving characterised by the action undertaken by switching off individual functional units in the computer system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/542—Event management; Broadcasting; Multicasting; Notifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/544—Buffers; Shared memory; Pipes
Abstract
The application discloses a method for hardware cooperation during software running environment switching. And starting the first software running environment after the equipment is powered on. And after the first software running environment is started, independently managing the shared hardware, and starting the second software running environment. And after the second software running environment is started, informing the first software running environment. And after receiving the notice, the first software operating environment gives up the control right to the shared hardware and replies to the second software operating environment. And the second software running environment receives the confirmation information and completes the transfer of the control right of the shared hardware. The second software operating environment initializes its own hardware management logic to complete the management of the shared hardware. The first software runtime is implemented via a second software runtime agent, using shared hardware if desired. The method and the system allow the current software operating environment to use the hardware in real time, and overcome competitive access to the hardware; meanwhile, the global management of indexes such as power consumption and the like is realized, and the optimal control is realized.
Description
Technical Field
The application relates to a method for performing hardware cooperation when switching software running environments of an embedded system.
Background
In recent years, as embedded systems have been brought into daily life in a comprehensive manner, people have increasingly demanded security of the embedded systems, and therefore, a secure Execution Environment (TEE, also called Trusted Execution Environment) and a non-secure Execution Environment (REE, Rich Execution Environment) have been introduced into development of the embedded systems. The non-secure operating environment generally has a complex but sophisticated operating system (e.g., Linux), and most software logic runs in the non-secure operating environment to perform normal work. The secure runtime environment runs only a very simple system to protect the core data (e.g., keys) of the user. Simple systems are relatively more controllable, with logic trends that are easier to control. At present, a main stream processor supports a safe operation environment and a non-safe operation environment on hardware, and the safe operation environment and the non-safe operation environment can be switched only through a predefined hardware interface. Because the path switched by the hardware is fixed, as long as the safety control is performed on the switched path, the effective isolation of the safe operation environment and the non-safe operation environment can be ensured, and the safety of the core data of the user can be ensured.
In an embedded system which is divided into a safe operation environment and a non-safe operation environment, the safe operation environment and the non-safe operation environment are isolated, belong to different software operation environments, have respective management systems, and are difficult to coordinate with each other. Particularly, the safe operation environment and the non-safe operation environment are prepared in sequence in the starting process, and the general safe operation environment is prepared before the non-safe operation environment, so that the method is a dynamic process. In this process, there is an intermediate state where the secure operating environment is ready but the non-secure operating environment is not yet able to execute the software logic. This intermediate state is very different from the last operating state of the system (both secure and non-secure operating environments can execute software logic when they are ready at the same time). In the intermediate state, since the software logic cannot be executed yet by a part of the software execution environment, the software logic for collaboration in the different software execution environments cannot be normally used yet, and therefore special processing is required to smoothly pass through this stage.
Specifically, the following two types of problems are encountered in the intermediate state.
The first is debug information. The debugging information is output through a serial port. In the final working state, in order to ensure that different software operating environments do not compete for the serial port hardware resources at the same time, a communication and protection mechanism needs to be added, otherwise, the hardware state is easily disturbed and the debugging information is difficult to continue to be normally output. However, in the intermediate state, because part of the software operating environment is not ready to be completed, such communication and protection mechanisms often cannot be effective, so that the instant output of the debugging information in the intermediate state is difficult.
The second is power and clock management of the hardware system. In an embedded system, general overall power management is handled in an insecure operating environment, because such an environment has rich APIs (application programming interfaces) and powerful functions, a more precise power and clock management scheme can be made, thereby meeting the requirements of power saving and high efficiency of the embedded system. However, from a safety perspective, the safe operating environment is always started before the non-safe operating environment. Then the hardware in the secure execution environment that needs to be accessed must be configured with power and clocks by the secure execution environment itself at the time of the intermediate state. After the non-secure operating environment is prepared, the configuration causes conflict in software management logic, and affects the power-saving and efficient overall design of the embedded system.
In the prior art, the problem encountered in the intermediate state is solved by adopting an independent hardware mode, namely, a safe operation environment and a non-safe operation environment respectively use a set of independent hardware, and the safe operation environment and the non-safe operation environment are not accessed in a cross mode. Therefore, the method can ensure that the modes of the used hardware modules are consistent in the intermediate state and the final state, so that no difference exists, and the problem is solved. However, this solution still has the following disadvantages.
First, in the case of debugging information, such as print error information, the secure operating environment and the non-secure operating environment are each printed by dedicated hardware, and thus the information output by the secure operating environment and the non-secure operating environment cannot be aligned on the time axis, and the precedence relationship between the information output by different software operating environments cannot be distinguished, which is disadvantageous for debugging software logic that needs to span the secure operating environment and the non-secure operating environment.
Secondly, for power supply and clock management, even if different software running environments are mutually isolated in hardware and respectively control own hardware, the mode still depends on communication among the software running environments to acquire the global hardware use condition, so that global power consumption optimization can be completed, otherwise, different software running environments can only achieve the optimization in the running environment and cannot ensure global optimization.
In the prior art, another processing method is to select a software operating environment as the only main control operating environment to independently control the hardware, and when other software operating environments need to access the hardware, the main control operating environment is notified through a special operating environment switching interface, and the agent completes the hardware access. The design can solve the problem that the debugging information time output from different running environments cannot be aligned in the debugging problem, and the timestamps can be uniformly added because all hardware operations are completed by the master control environment; the problem of global information collection in power consumption optimization can be solved, and power consumption optimization can be performed in a master control environment because the master control system grasps all hardware states. However, as mentioned above, the first operation is generally a secure operation environment, but due to security and efficiency considerations, the secure operation environment cannot bear such proxy services, and complicated logic affects the reliability of the secure operation environment. Such designs typically use an unsecure environment (a later prepared software runtime environment) as the master runtime environment. Thus, the need for hardware access by the early-started runtime environment in the intermediate state (when the master runtime environment is not yet started) cannot be resolved. For debugging information, the solution generally stores data temporarily in an early-started operating environment, and outputs the data after waiting for the main control environment to operate. For power supply and clock management, because the early start is generally a safe operation environment, and the related external hardware is relatively simple, the early start is handed to the safe operation environment for self processing, is not included in the power consumption management of the main control operation environment, and obtains suboptimal solution by abandoning a global optimal mode.
Disclosure of Invention
The technical problem to be solved by the present application is to provide a method for performing cooperative processing on hardware of a device in an intermediate state and a final working state.
In order to solve the above technical problem, the present application provides a method for performing hardware coordination when switching software operating environments, including the following steps. Step S10: after the device is powered on, the first software running environment starts to be started. Step S20: after the first software running environment is started, independently managing shared hardware on one hand, and starting a second software running environment on the other hand; the shared hardware refers to hardware which can be accessed by both the first software running environment and the second software running environment. Step S30: and after the second software running environment is started, informing the first software running environment. Step S40: and after receiving the notification, the first software operating environment completes the operation currently on the shared hardware, then gives up the control right of the shared hardware, and replies to the second software operating environment to confirm the receipt of the notification. Step S50: and the second software operating environment receives the confirmation information and completes the transfer of the control right of the shared hardware. Step S60: and the second software running environment initializes the hardware management logic of the second software running environment to complete the management of the shared hardware. Step S70: the first software runtime enables access to the shared hardware via a second software runtime agent.
The design idea of selecting one operation environment to dominate and control hardware in the prior art is adopted, but improvement is made. In the starting process, in the process that two software running environments are prepared one by one, the prepared software running environment automatically controls the required hardware of the software running environment from power management to specific logic management. When the subsequent software running environment is prepared, the management right of the hardware originally controlled by the software running environment is transferred to the subsequent software running environment, so that the actual management right of the hardware is concentrated into the software running environment which is prepared later. Therefore, in each state (including the intermediate state and the final working state), the hardware has a definite controller (namely the software running environment which is prepared at the last time at present), so that the condition that the software in different software running environments competes for the hardware is avoided, the condition that the hardware can be used in real time in each software running environment in each state is also ensured, and the condition that the hardware can be actually used after the preparation of the main control environment such as temporary storage is not needed. Considering the situation of power consumption management, the method and the system can still ensure that all hardware modules are managed in the last ready operating environment, can collect global information and perform global optimal optimization.
Further, the first software operating environment is a secure operating environment or a virtual management mode, and the second software operating environment is a non-secure operating environment, i.e., a normal mode. This is the most common situation.
Further, the first software running environment and the second software running environment are communicated through the environment switching port. In step S30, the second software operating environment notifies the first software operating environment through the environment switching port. In step S40, the first software runtime environment replies to the second software runtime environment through the environment switch port. In step S70, when the first software operating environment needs to use a certain shared hardware, the first software operating environment notifies the second software operating environment to execute the service through the environment switching port; and after the second software running environment finishes the service of the first software running environment on the shared hardware, the second software running environment informs the first software running environment of the service running result again through the environment switching port. The environment switching port is adopted for communication, the hardware design of the embedded system is used, and the realization is simple.
Further, the shared hardware is a serial port. This is a typical example of shared hardware.
Further, in step S20, the first software operating environment initializes the serial port, and then establishes a first local cache region for storing the debugging information of the first software operating environment, and outputs the debugging information by using the serial port. In step S40, after receiving the notification, the first software operating environment outputs the debugging information in the local buffer via the serial port, and then gives up the control right to the serial port, and replies to the second software operating environment to confirm that the notification is received. In step S60, the second software operating environment re-initializes the serial port, and then establishes a second local cache region for storing the debugging information of the second software operating environment, and also establishes a shared cache region for storing the debugging information of the first software operating environment generated by the first software operating environment. In step S70, the first software operating environment stores the received debugging information in the shared buffer; the second software running environment reads the contents in the shared buffer area and the second local buffer area in turn, and outputs the debugging information of the first software running environment and the second software running environment by using the serial port. This gives an explanation that the first software execution environment and the second software execution environment share the use of the serial port.
Further, in step S70, when the first software running environment and the second software running environment use serial ports simultaneously, the shared buffer employs a ring buffer mechanism; setting an information exchange space in a shared cache region which can be accessed by both a first software running environment and a second software running environment; the information exchange space comprises a control area and a data area; recording control information in the control area, wherein the first software running environment and the second software running environment both have read-write permission and are used for managing the read-write mode of the data area; in the data area, the first software operating environment only has write-in authority, and the second software operating environment only has read authority; recording the current written position in the control information when a piece of data is written in the data area by the first software operating environment; recording the currently read position in the control information when the second software operating environment reads a section of data in the data area; the second software running environment calculates how much data to be read in the data area according to the current writing and reading positions; the first software running environment calculates how much free space in the data area can be continuously written according to the current writing and reading positions; when the reading and writing speeds are not consistent, the first software running environment and the second software running environment respectively know that the space of the current data area is full according to the reading and writing positions, and the flow control is realized by adopting a delayed writing mode to avoid data coverage. The preferred implementation mode that the first software running environment and the second software running environment simultaneously use the serial port to output the debugging information is provided.
Further, reading the second software running environment according to the format of the debugging statement; the second software running environment ensures that the subsequent processing is carried out after reading a complete sentence on grammar each time by analyzing the grammar structure of the debugging sentence. Therefore, the condition that the output debugging information is incomplete can be avoided.
Further, when the second software running environment outputs the debugging information of the first software running environment and the second software running environment, the timestamp or the serial number is uniformly added. This facilitates identification and discovery of faults from the debug information.
Further, the shared hardware is hardware one; the hardware comprises a power supply clock module and a functional module; the power supply clock module of the first hardware can be accessed by a first software running environment or a second software running environment; and the functional module of the first hardware can be accessed only by the first software operating environment. This is another typical example of shared hardware.
Further, in step S20, the first software operating environment initializes the first hardware, includes initializing a power clock module and a function module of the first hardware, and operates by using the function module of the first hardware; and after the operation is finished, closing the power supply clock module of the first hardware. In step S40, after receiving the notification, the first software operating environment completes the currently running task on the first hardware functional module, and after turning off the first hardware power clock module, replies to the second software operating environment to confirm that the notification is received. In step S60, the second software operating environment re-initializes the power clock module of the first hardware to ensure that it is in the off state. In step S70, when the first software operating environment needs to use the first hardware, the environment switching port notifies the second software module to turn on the power clock module of the first hardware, and after a reply is obtained, the second software module operates using the functional module of the first hardware; after the task is completed, the second software module is informed to close the power supply clock module of the first hardware module through the environment switching port; and the second software running environment starts or closes the power supply clock module of the first hardware according to the notification of the first software running environment through the environment switching port. The preferred implementation of the first software runtime environment turning on or off the power clock module of hardware one by the second software runtime environment agent is given herein.
Further, in step S70, when the first hardware power clock module is started, the second software operating environment simultaneously starts a bottom layer power clock module that can determine whether the first hardware power clock module is started; and when the second software running environment closes the power supply clock module of the first hardware, closing only the bottom layer power supply clock modules of the bottom layer power supply clock modules for opening the power supply clock module of the first hardware. Therefore, the second software running environment realizes the overall management of all power supply clock modules of the whole system, and is beneficial to realizing the optimization of power consumption.
The application also provides a system for hardware cooperation during software running environment switching, which comprises a starting unit, a first management unit, a notification unit, a confirmation unit, a transfer unit, a second management unit and an agent unit. The starting unit is used for starting the first software running environment after the equipment is powered on. The first management unit is used for independently managing shared hardware on one hand and starting a second software running environment on the other hand after the first software running environment is started; the shared hardware refers to hardware which can be accessed by both the first software running environment and the second software running environment. The notification unit is used for notifying the first software running environment after the second software running environment is started. The confirmation unit is used for completing the operation currently on the shared hardware after the first software running environment receives the notification, then abandoning the control right of the shared hardware and replying the second software running environment to confirm the receipt of the notification. The transfer unit is used for completing the transfer of the control right of the shared hardware after the second software operating environment receives the confirmation information. The second management unit is used for initializing own hardware management logic for the second software running environment and finishing the management of the shared hardware. The agent unit is used for delivering the first software running environment to the second software running environment to realize the agent when the first software running environment needs to use the shared hardware. The system ensures that each software running environment has hardware which can be used in real time in each state, ensures that all hardware modules are managed in the last running environment ready for completion, and can collect global information to perform global optimal optimization.
The method has the technical effects that under the intermediate state and the final working state, the current software running environment is allowed to use hardware in real time, competitive access of different software running environments to the hardware is overcome, and meanwhile, the overall management of indexes such as power consumption and the like is realized to realize optimal control.
Drawings
Fig. 1 is a flowchart of a method for performing hardware coordination during software runtime environment switching according to the present application.
FIG. 2 is a schematic diagram of a shared memory and ring buffer configuration.
Fig. 3 is a schematic structural diagram of a system for performing hardware coordination during software runtime environment switching according to the present application.
The reference numbers in the figures illustrate: 20 is an information exchange space, 21 is a control area, 22 is a data area, 31 is an initiating unit, 32 is a first managing unit, 33 is a notifying unit, 34 is a confirming unit, 35 is a transferring unit, 36 is a second managing unit, and 37 is a proxy unit.
Detailed Description
Referring to fig. 1, the method for performing hardware coordination during software runtime environment switching according to the present application includes the following steps.
Step S10: after the device is powered on, the first software running environment starts to be started.
Step S20: after the first software running environment is started, on one hand, the shared hardware is independently managed, and on the other hand, the second software running environment is started. The first software operating environment is, for example, a secure operating environment TEE (i.e., secure mode) or a virtual management mode. The second software execution environment is for example a non-secure execution environment REE (i.e. normal mode). The shared hardware refers to hardware which can be accessed by both the first software running environment and the second software running environment. Preferably, simple communication is realized between the first software operating environment and the second software operating environment through an environment switching port. For example, on an ARM chip, the context switch port is either of two processor mode switch instructions as follows. The smc instruction is used to switch between normal mode and secure mode, and the hvc instruction is used to switch between normal mode and virtual management mode.
Step S30: and after the second software running environment is started, informing the first software running environment that the preparation is finished. Preferably, the second software execution environment notifies the first software execution environment through the environment switching port.
Step S40: and after receiving the notification, the first software operating environment completes the current operation on the shared hardware, then gives up the control right on the shared hardware, and replies to the second software operating environment to confirm the receipt of the notification. Preferably, the first software runtime environment replies to the second software runtime environment through the context switch port.
Step S50: and the second software running environment receives the confirmation information and completes the transfer of the control right of the shared hardware.
Step S60: the second software operating environment initializes its own hardware management logic to complete the management of the shared hardware.
In this step, the second software operating environment initializes the management logic of all hardware, and completes the management of all hardware.
Step S70: the first software runtime is implemented via a second software runtime agent, using shared hardware if desired. Preferably, when the first software operating environment needs to use a certain shared hardware, the first software operating environment notifies the second software operating environment to execute the service through the environment switching port. And after the second software running environment finishes the service of the first software running environment on the shared hardware, the second software running environment informs the first software running environment of the service running result again through the environment switching port.
As a first example, the shared hardware is a serial port. The serial port is, for example, a UART (Universal Asynchronous Receiver/Transmitter) interface.
The method for realizing the collaboration of the serial port when the two software running environments are switched is as follows. In step S20, the first software operating environment initializes the serial port, and then establishes a first local cache area for storing the debugging information of the first software operating environment, and outputs the debugging information by using the serial port. In step S40, after receiving the notification, the first software operating environment outputs the debugging information in the local buffer via the serial port, and then gives up the control right to the serial port, and replies to the second software operating environment to confirm that the notification is received. In step S60, the second software operating environment re-initializes the serial port, and then establishes a second local cache region for storing the debugging information of the second software operating environment, and also establishes a shared cache region for storing the debugging information of the first software operating environment generated by the first software operating environment. In step S70, the first software operating environment stores the received debugging information in the shared buffer; the second software running environment reads the contents in the shared buffer area and the second local buffer area in turn, and outputs the debugging information of the first software running environment and the second software running environment by using the serial port.
Preferably, in step S70, when the first software operating environment and the second software operating environment use serial ports simultaneously, the shared buffer employs a ring buffer (ring buffer) mechanism.
Referring to fig. 2, the ring buffer refers to: in a storage area accessible to both the first software operating environment and the second software operating environment, for example, an SRAM (static random access memory) or a DDR (double data rate) memory of the device, a segment of information exchange space 20 is predefined for exchanging information. The information exchange space 20 starts at a control area 21 containing control information, and both the first software operating environment and the second software operating environment can be read and written for managing the read and write modes of the subsequent data area 22. The remaining area of the information exchange space 20 is the data area 22, because the first software operating environment transfers data to the second software operating environment, and thus the first software operating environment is in a writing mode and the second software operating environment is in a reading mode. And recording the current written position in the control information every time the first software operating environment writes one piece of data. And after the second software operating environment finishes reading every time, recording the currently read position in the control information. The second software runtime environment can calculate how much data is to be read from the data area 22 based on the current written and read location information, and can then read the data from it for processing. The first software runtime environment can calculate how much free space in the data area 22 to continue writing, based on the current written and read location information, so that new data can be written reasonably. When the read-write speed is inconsistent, the first software running environment and the second software running environment can respectively know that the current space is full according to the read-write position information, so that the flow control can be realized by adopting a delayed write-in mode, and the data is prevented from being covered.
Additionally, the reading mode of the second software execution environment is set to read in the format of a debug statement, not character reading in the conventional sense. The second software running environment ensures that the subsequent processing is carried out after reading a complete sentence on grammar each time by analyzing the grammar structure of the debugging sentence. Therefore, the information finally output from the serial port hardware is ensured to be a complete piece, and the situation that various debugging information of the first software running environment and the second software running environment is mixed in the character processing process is avoided. Meanwhile, all debugging information input by the first software running environment and the second software running environment is output by the serial port hardware under the control of the second software running environment, and a timestamp or a serial number can be uniformly added during output, so that the debugging information from the first software running environment and the debugging information from the second software running environment can be aligned and arranged in sequence according to time, and problems can be analyzed.
Therefore, the method and the device can realize the cooperative work of the serial port hardware when the two software running environments are switched. The general idea is as follows: the first software running environment is started before the second software running environment, and when debugging information needs to be output through the serial port in the first software running environment, the first software running environment directly controls serial port hardware to print. After the second software running environment is started, the first software running environment and the second software running environment have requirements to output respective debugging information through the same serial port, and at the moment, the second software running environment directly controls the serial port hardware to output the own debugging information; the first software running environment outputs debugging information by using a second software running environment agent through the environment switching port. The serial port hardware is used by a first software running environment as a whole, and then is transferred to a second software running environment for use.
In the existing method, if the debugging information is output by calling the serial port hardware by the first software running environment and the second software running environment respectively, because the first software running environment and the second software running environment do not have a good synchronization mechanism, the interleaving of the information can occur, and the reading is not facilitated. For example, if a first software operating environment wants to output ABCD at a serial port and just a second software operating environment wants to output 1234 at the serial port, the last serial port output will become a character like AB123C4D, and the debugger cannot obtain meaningful information at the serial port. Particularly, when the two sides output numbers, the numbers cannot be accurately restored at all, such as 1567348 interweaving 1234 and 5678.
As a second example, the shared hardware is hardware one; the hardware comprises a power supply clock module and a functional module; the power supply clock module of the first hardware can be accessed by a first software running environment or a second software running environment; and the functional module of the first hardware can be accessed only by the first software operating environment.
The method for realizing the cooperation of the first hardware when the two software running environments are switched is as follows. In step S20, the first software operating environment initializes the first hardware, includes a power supply clock module and a function module of the first hardware, and operates by using the function module of the first hardware; and after the operation is finished, closing the power supply clock module of the first hardware. In step S40, after receiving the notification, the first software operating environment completes the currently running task on the first hardware functional module, and after turning off the first hardware power clock module, replies to the second software operating environment to confirm that the notification is received. In step S60, the second software operating environment re-initializes the power clock module of the first hardware to ensure that it is in the off state. In step S70, when the first software operating environment needs to use the first hardware, the environment switching port notifies the second software module to turn on the power clock module of the first hardware, and after a reply is obtained, the second software module operates using the functional module of the first hardware; after the task is completed, the second software module is informed to close the power supply clock module of the first hardware module through the environment switching port; and the second software running environment starts or closes the power supply clock module of the first hardware according to the notification of the first software running environment through the environment switching port.
Additionally, in the step S70, when the first hardware power clock module is started, the second software operating environment simultaneously starts a bottom layer power clock module that can determine whether the first hardware power clock module is started; and when the second software running environment closes the power supply clock module of the first hardware, closing only the bottom layer power supply clock modules of the bottom layer power supply clock modules for opening the power supply clock module of the first hardware.
Therefore, the method and the device can realize the cooperative work of the power supply clock module in the first hardware when the two software operating environments are switched. The general idea is as follows: the first software operating environment needs to use the first hardware functional module and needs to start the first hardware power clock module first. When the first software running environment is prepared but the second software running environment is not prepared, the first software running environment directly starts the power supply clock module of the first hardware, then uses the functional module of the first hardware to complete the service, and closes the power supply clock module of the first hardware after the service is completed. When the second software operating environment is ready, the first software operating environment hands over control of the power clock module of hardware one. When the service of the first hardware is still needed to be used, the first software running environment firstly informs the second software running environment through the environment switching port, the second software running environment starts the power supply clock module of the first hardware, and then starts to start the functional module of the first hardware after receiving the reply. And after the first software running environment is used, the second software running environment is informed through the environment switching port, and the second software running environment agent closes the power supply clock module of the first hardware. And the clock power supply module of the hardware I is managed by the first software running environment at first and then is transferred to the second software running environment. This has the effect that, because the first software runtime environment is relatively simple, it does not manage all of the hardware of the entire system. The second software system manages the hardware of the entire system. In the design of the system, the power supply and the clock are transmitted in a one-level and one-level manner, and a tree structure is formed. The hardware will fall on a certain leaf node of the tree structure as soon as it is. If the first hardware is only managed by the first software operating environment, in order to use the first hardware, the first software operating environment needs to start all power supplies and clocks from a leaf node to a root node of the first hardware, so that the first hardware can work normally. However, after the first use of the hardware is finished, the first software operating environment can only safely turn off the power supply and the clock on the leaf node of the hardware, but cannot turn off the power supply and the clock to the root node upwards, because the node upwards has other branches, and if the upper node is turned off, the hardware on the other branches cannot work. Meanwhile, the first software operating environment does not manage other hardware, and therefore does not know whether the hardware on other branches works, and therefore unused power supplies and clocks cannot be shut down optimally. On the contrary, if the second software operating environment can manage all hardware, it can know whether the hardware of each leaf node on the power supply clock tree needs to work, so it can shut down the unused power supply and clock to the maximum extent, and save the power consumption of the system. Therefore, after the power supply and the clock of the first hardware are managed and transmitted to the second software running environment, the second software running environment can know the information of all hardware, unified management is achieved, and optimal overall control of power consumption is achieved.
Referring to fig. 3, the system for performing hardware coordination during software operating environment switching according to the present application includes a starting unit 31, a first managing unit 32, a notifying unit 33, a confirming unit 34, a transferring unit 35, a second managing unit 36, and an agent unit 37.
The start-up unit 31 is configured to start up the first software runtime environment after the device is powered on.
The first management unit 32 is configured to, after the first software operating environment is started, independently manage the shared hardware on one hand, and start the second software operating environment on the other hand. The shared hardware refers to hardware which can be accessed by both the first software running environment and the second software running environment.
The notification unit 33 is configured to notify the first software execution environment after the second software execution environment is completely started.
The acknowledgement unit 34 is configured to complete the current operation on the shared hardware after the first software operating environment receives the notification, and then relinquish control over the shared hardware in response to the second software operating environment acknowledging receipt of the notification.
The transfer unit 35 is configured to complete transfer of the control right of the shared hardware after the second software operating environment receives the confirmation message.
The second management unit 36 is configured to initialize its own hardware management logic for the second software operating environment, and complete management of shared hardware.
The agent unit 37 is used to deliver the first software runtime environment to the second software runtime environment agent when the shared hardware is needed.
The method and the system for performing hardware cooperation during software operation environment switching have the following beneficial effects.
First, the application solves the real-time problem of using hardware by initializing the hardware needed to be used by the current software running environment, and does not need to temporarily store and delay the hardware to finish the service.
Secondly, according to the method and the device, after the preparation of the software running environment which is started later is completed, the hardware control right is gradually transferred by the software running environment which is started earlier, so that the problem that different software running environments directly compete for access to the hardware is solved, and the condition that only one software running environment has the control right to the hardware at any moment is ensured.
Thirdly, the application combines specific problems, designs a simple scheme (for serial port debugging information output) of unidirectional notification in different operating environments, also provides a bidirectional rapid communication mechanism (power supply time module), and can meet complex requirements in an embedded system. Particularly, in the scheme of the debugging information, the debugging information is intelligently segmented by combining the grammatical structure of the debugging information, and the readability and the integrity of the output information are ensured.
The above are merely preferred embodiments of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A method for carrying out hardware cooperation when switching software operating environment is characterized by comprising the following steps;
step S10: after the equipment is powered on, starting a first software running environment;
step S20: after the first software running environment is started, independently managing shared hardware on one hand, and starting a second software running environment on the other hand; the shared hardware refers to hardware which can be accessed by both the first software running environment and the second software running environment; the shared hardware comprises a serial port for one-way notification among different software running environments and a first hardware for two-way communication among the different software running environments; the hardware comprises a power supply clock module and a functional module; the power supply clock module of the first hardware can be accessed by a first software running environment or a second software running environment; the functional module of the first hardware can only be accessed by the first software operating environment;
step S30: after the second software running environment is started, the first software running environment is informed;
step S40: after receiving the notification, the first software operating environment completes the operation currently on the shared hardware, then gives up the control right to the shared hardware, and replies to the second software operating environment to confirm the receipt of the notification;
step S50: the second software running environment receives the confirmation information and completes the transfer of the control right of the shared hardware;
step S60: the second software running environment initializes the hardware management logic of the second software running environment to complete the management of the shared hardware;
step S70: the first software runtime enables access to the shared hardware via a second software runtime agent.
2. The method for hardware coordination during software operating environment switching according to claim 1, wherein the first software operating environment is a secure operating environment or a virtual management mode, and the second software operating environment is a non-secure operating environment, i.e., a normal mode.
3. The method for hardware coordination during software operating environment switching according to claim 1, wherein the first software operating environment and the second software operating environment communicate with each other through an environment switching port;
in step S30, the second software running environment notifies the first software running environment through the environment switching port;
in step S40, the first software operating environment replies to the second software operating environment through the environment switching port;
in step S70, when the first software operating environment needs to use a certain shared hardware, the first software operating environment notifies the second software operating environment to execute the service through the environment switching port; and after the second software running environment finishes the service of the first software running environment on the shared hardware, the second software running environment informs the first software running environment of the service running result again through the environment switching port.
4. The method for hardware coordination during software operating environment switching according to claim 1, wherein when the shared hardware is a serial port, in step S20, the first software operating environment initializes the serial port, and then establishes a first local cache region for storing debugging information of the first software operating environment, and outputs the debugging information by using the serial port;
in step S40, after receiving the notification, the first software operating environment outputs the debugging information in the local buffer via the serial port, and then gives up control over the serial port and replies to the second software operating environment to confirm that the notification is received;
in step S60, the second software operating environment re-initializes the serial port, and then establishes a second local cache region for storing debugging information of the second software operating environment and a shared cache region for storing debugging information of the first software operating environment generated by the first software operating environment;
in step S70, the first software operating environment stores the received debugging information in the shared buffer; the second software running environment reads the contents in the shared buffer area and the second local buffer area in turn, and outputs the debugging information of the first software running environment and the second software running environment by using the serial port.
5. The method for hardware coordination during software operating environment switching according to claim 4, wherein in step S70, when the first software operating environment and the second software operating environment use serial ports simultaneously, the shared buffer employs a ring buffer mechanism; setting an information exchange space in a shared cache region which can be accessed by both a first software running environment and a second software running environment; the information exchange space comprises a control area and a data area; recording control information in the control area, wherein the first software running environment and the second software running environment both have read-write permission and are used for managing the read-write mode of the data area; in the data area, the first software operating environment only has write-in authority, and the second software operating environment only has read authority; recording the current written position in the control information when a piece of data is written in the data area by the first software operating environment; recording the currently read position in the control information when the second software operating environment reads a section of data in the data area; the second software running environment calculates how much data to be read in the data area according to the current writing and reading positions; the first software running environment calculates how much free space in the data area can be continuously written according to the current writing and reading positions; when the reading and writing speeds are not consistent, the first software running environment and the second software running environment respectively know that the space of the current data area is full according to the reading and writing positions, and the flow control is realized by adopting a delayed writing mode to avoid data coverage.
6. The method for hardware coordination during software operating environment switching according to claim 5, wherein the second software operating environment is read according to a format of a debug statement; the second software running environment ensures that the subsequent processing is carried out after reading a complete sentence on grammar each time by analyzing the grammar structure of the debugging sentence.
7. The method for hardware coordination during software operating environment switching according to claim 4, wherein the second software operating environment uniformly adds a timestamp or a serial number when outputting the debugging information of the first software operating environment and the second software operating environment.
8. The method for hardware coordination during software operating environment switching according to claim 1, wherein when the shared hardware is hardware one, in step S20, the first software operating environment initializes the first hardware, includes initializing a power clock module and a function module of the first hardware, and operates using the function module of the first hardware; after the operation is finished, a power supply clock module of the hardware I is closed;
in step S40, after receiving the notification, the first software operating environment completes the currently running task on the first hardware functional module, and after turning off the first hardware power clock module, replies to the second software operating environment to confirm that the notification is received;
in step S60, the second software operating environment re-initializes the power clock module of the first hardware to ensure that it is in an off state;
in step S70, when the first software operating environment needs to use the first hardware, the environment switching port notifies the second software module to turn on the power clock module of the first hardware, and after a reply is obtained, the second software module operates using the functional module of the first hardware; after the task is completed, the second software module is informed to close the power supply clock module of the first hardware module through the environment switching port; and the second software running environment starts or closes the power supply clock module of the first hardware according to the notification of the first software running environment through the environment switching port.
9. The method for hardware coordination during software operating environment switching according to claim 8, wherein in step S70, when the second software operating environment turns on the power clock module of the first hardware, it turns on the bottom power clock module that can determine whether the power clock module of the first hardware is turned on; and when the second software running environment closes the power supply clock module of the first hardware, closing only the bottom layer power supply clock modules of the bottom layer power supply clock modules for opening the power supply clock module of the first hardware.
10. A system for hardware cooperation during software operation environment switching is characterized by comprising a starting unit, a first management unit, a notification unit, a confirmation unit, a transfer unit, a second management unit and an agent unit;
the starting unit is used for starting a first software running environment after the equipment is powered on;
the first management unit is used for independently managing shared hardware on one hand and starting a second software running environment on the other hand after the first software running environment is started; the shared hardware refers to hardware which can be accessed by both the first software running environment and the second software running environment; the shared hardware comprises a serial port for one-way notification among different software running environments and a first hardware for two-way communication among the different software running environments; the hardware comprises a power supply clock module and a functional module; the power supply clock module of the first hardware can be accessed by a first software running environment or a second software running environment; the functional module of the first hardware can only be accessed by the first software operating environment;
the notification unit is used for notifying the first software running environment after the second software running environment is started;
the confirmation unit is used for completing the operation currently on the shared hardware after the first software running environment receives the notification, then giving up the control right to the shared hardware, and replying the second software running environment to confirm the receipt of the notification;
the transfer unit is used for completing the transfer of the control right of the shared hardware after the second software operating environment receives the confirmation information;
the second management unit is used for initializing own hardware management logic for a second software running environment and finishing the management of the shared hardware;
the agent unit is used for delivering the first software running environment to the second software running environment to realize the agent when the first software running environment needs to use the shared hardware.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011028475.3A CN111931193B (en) | 2020-09-27 | 2020-09-27 | Method and system for hardware cooperation during software running environment switching |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011028475.3A CN111931193B (en) | 2020-09-27 | 2020-09-27 | Method and system for hardware cooperation during software running environment switching |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111931193A CN111931193A (en) | 2020-11-13 |
| CN111931193B true CN111931193B (en) | 2021-03-23 |
Family
ID=73333614
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011028475.3A Active CN111931193B (en) | 2020-09-27 | 2020-09-27 | Method and system for hardware cooperation during software running environment switching |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111931193B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9871821B2 (en) * | 2014-11-11 | 2018-01-16 | Oracle International Corporation | Securely operating a process using user-specific and device-specific security constraints |
| KR20160056749A (en) * | 2014-11-12 | 2016-05-20 | 삼성전자주식회사 | Appratus and method for payment |
| CN106547618B (en) * | 2016-10-19 | 2019-10-29 | 沈阳微可信科技有限公司 | Communication system and electronic equipment |
| CN107220189A (en) * | 2017-03-14 | 2017-09-29 | 晨星半导体股份有限公司 | Memory headroom is managed and memory access control method and device |
| CN111353162B (en) * | 2020-03-26 | 2022-06-07 | 中国人民解放军国防科技大学 | TrustZone kernel-based asynchronous execution active trusted computing method and system |
-
2020
- 2020-09-27 CN CN202011028475.3A patent/CN111931193B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111931193A (en) | 2020-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9864627B2 (en) | Power saving operating system for virtual environment | |
| CN101535962B (en) | Method and system for trusted/untrusted digital signal processor debugging operations | |
| US8443377B2 (en) | Parallel processing system running an OS for single processors and method thereof | |
| CN100565472C (en) | A kind of adjustment method that is applicable to multiprocessor karyonide system chip | |
| CN100371851C (en) | Time synchronizing method and device | |
| KR20080104388A (en) | Inter-port communication in a multi-port memory device | |
| US20070168082A1 (en) | Task-based robot control system for multi-tasking | |
| US6883102B2 (en) | Apparatus and method for performing power management functions | |
| CN101625568B (en) | Synchronous data controller based hot standby system of main control unit and method thereof | |
| WO2016106935A1 (en) | Flash memory controller and control method for flash memory controller | |
| JPH06504389A (en) | fault tolerant computer equipment | |
| JPS5943774B2 (en) | Peripheral subsystem control method | |
| KR20040102335A (en) | Power supply management system in parallel processing system by os for single processors and power supply management program therefor | |
| CN109522087A (en) | Processor-based Imaginary Mechanism construction method and system | |
| JP2009140489A (en) | System and method for preventing user os in vmm system from deenergizing device being used by service os | |
| CN101206614B (en) | Simulator for simulating register with specific function | |
| KR100354932B1 (en) | Methods and data processors for providing show cycles on multiplexing buses | |
| CN111931193B (en) | Method and system for hardware cooperation during software running environment switching | |
| CN102566655A (en) | Dynamic bus frequency modulation method of off-chip memory and system thereof | |
| US6243771B1 (en) | System for operating a communication channel in a mixed master/slave subscriber environmental through a dynamical closing and/or opening operation | |
| CN113886297B (en) | SPI concurrent communication SE device and method based on DMA | |
| TW200523734A (en) | Electronic device, and method for controlling the same | |
| WO2023125635A1 (en) | Vehicle-mounted operating system, debugging system and method, electronic device and storage medium | |
| KR100279830B1 (en) | Server management system utilizing the shared memory interface between a micro controller and PC compatible ISA bus | |
| Vogelgesang et al. | WIP: Towards a Transactional Network Stack for Power-Failure Resilience |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |