The LynxSecure kernel and hypervisor adds performance increases for virtualized guest operating systems.
Embedded and security software specialist LynuxWorks announced availability
of Version 5.0 of its LynxSecure separation kernel and hypervisor, increasing
performance for fully virtualized guest operating systems by utilizing new
hardware technologies. It also offers 64-bit and Symmetric Multi-processing (SMP)
guest OS virtualization support.
In addition, the LynxSecure 5.0 release has gained a device-sharing facility
for systems with limited physical devices that complements the existing direct
device assignment mechanism that has been available in previous versions of
LynxSecure. By implementing a new secure device virtualization mechanism,
managed from a secure partition on LynxSecure, limited physical devices can now
be virtualized and shared between guest OSes.
Using LynxSecure's policy-driven, interpartition communication mechanism,
the performance and security of the shared devices such as network, USB,
HDD and graphics are optimized, bringing the benefits of security and
virtualization to resource-limited client systems, such as laptop PCs or
A fully virtualized OS runs without any changes required to either the OS or
the applications when housed in their secure enclave on LynxSecure. By
utilizing new processor technologies like the second-generation Intel Core
processors, along with Intel hardware functions such as Extended Page Tables
(EPT), Page Attribute Table (PAT) and Advanced Vector Extensions (AVX),
in-house benchmarks showed an execution speed within a few percentage points of
Another feature added to LynxSecure 5.0 is the ability to run 64-bit fully
virtualized guest OSes with SMP enabled.
This now means that 64-bit OSes such as Windows 7, Linux and Solaris OSes can
run across multiple cores managed by the security of LynxSecure.
This functionality, when combined with the performance enhancements of
LynxSecure 5.0, offers developers the opportunity to securely host off-the-shelf
OSes and applications on the same system as real-time operating systems
(RTOSes) and legacy applications, allowing them to consolidate multiple
physical systems into a single system utilizing the latest multicore processors
such as the quad-core Intel Core processors.
"The Intel Core processors provide a perfect blend of performance and
security features that have allowed us to do some exciting things with
LynxSecure 5.0 that were not possible before," said Arun Subbarao, vice
president of engineering at LynuxWorks. "For example, LynxSecure 5.0 can
now fully virtualize Windows 7 (64 bit) SMP,
Windows XP (32 bit) SMP, and Solaris 10 TX
(64 bit) SMP OSes in secure and isolated
Subbarao said this further blurs the line between embedded and enterprise
computing and makes combinations from both worlds entirely possible. "For
instance, a virtual appliance could be embedded into a desktop computer to
provide maximum security with a minimum overhead," he said. "We are
just beginning to imagine the possibilities of utilizing virtualization in a
LynxSecure 5.0 comes with the latest version of the Luminosity integrated development
environment (IDE). The Luminosity 4.7 IDE
for LynxSecure 5.0 offers development, debug and analysis tools integrated into
an Eclipse-based framework. Luminosity can then download and boot LynxSecure
5.0 and its guest operating systems and then debug applications running on the
Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.