RTOS, secure virtualization technology for real-time systems, DO-178B and hypervisor for the most demanding embedded operating system applications...

Virtualization Security Technology: LynxSecure Embedded Hypervisor and Separation KernelOperating-system virtualization and embedded virtual machines for real-time systems

For maximum virtualization security, nothing beats LynxSecure. Years after its first release, LynxSecure is still unrivaled. With support for 64-bit multicore (SMP) guest operating systems on Intel®-based hardware, only LynxSecure provides the extraordinary combination of:

  1. A SKPP separation kernel for high security, plus
  2. State-of-the-art virtualization technology via an embedded hypervisor
Secure virtualization
64-bit hypervisorCan address greater than 4 Gigabytes
Supports 64-bit guest operating systemsMost current Intel hardware is 64-bit, becoming the norm for hardware and Windows®/Linux® operating systems
Multi-core hypervisor Difficult to procure single-core blades, limited capabilities
Supports fully virtualized multi-core guest operating systems (ie SMP Linux, SMP Windows) Most large applications require multi-core guest operating systems
Intel-specific hardware support
Native hardware hypervisor virtualization with VT-x capability (does not require QEMU or other software virtualization package) QEMU and layered software virtualization implementations can be up to 50% slower
I/O MMU VT-dAllows direct assignment of hardware device to guest operating systems for maximum performance, allows binary graphics device driver reuse. A must for 3D graphics. VT-d guarantees secure separation of directly assigned devices.
Extended Page Table support Extreme performance benefits for full virtualization, within a few percentage points of native execution. Hypervisors without EPT impose significantly higher overhead
Block device emulationEnables multiple guest OSes to securely share a single block device. The block device marshalling is accommodated via an external trusted subject.
Virtual KVM/device sharingEnables multiple guest OSes to securely share single keyboard/video/mouse. The virtual device marshalling is accommodated via an external trusted subject.
Page attribute tableImportant for full virtualization performance
Advanced vector extensionsBetter support for floating-point intensive operations
Specific Guest Operating System support
Important for legacy applications32-bit uni-processor Linux, 32-bit uni-processor Windows XP/7, 32-bit SMP Linux, 32-bit SMP Windows XP/7
Today's applications64-bit Linux, 64-bit SMP Linux, 64-bit Windows XP/7, 64-bit SMP Windows XP/7
Secure applicationsSolaris 10 with trusted extensions
Safety-critical avionics systemsIntel-based DO-178B certified kernel as guest operating system
Secure guest operating system supportTime- and space-partitioned POSIX® and ARINC 653 LynxOS-SE operating system
System Security
SABI certification pending on Intel multi-core separation kernel with built in hypervisor LynxSecure Intel-based real-time multicore hypervisor is headed for SABI certification process for the Navy CDS program on 8-core hardware with SMP Linux guests. LynxSecure will undergo a follow-up TSABI certification also under the same program.
Secure client virtualization for laptops, medical and dataMilitary-grade virtualization security technology for high-assurance systems
A LynuxWorks embedded OS is featured in this LynxSecure embedded system application:
Who else uses a LynuxWorks embedded operating system?
LynxSecure secure virtualization technology features
  • Optimal security and safety—the only operating system designed to support both CC EAL-7 and DO-178B level A
  • Real time—time-space partitioned separation kernel for superior determinism and performance
  • Hypervisor and virtualization technology— supports multiple heterogeneous, both para-virtualized and fully virtualized, operating system environments on the same physical hardware including Intel® VT
  • Highly scalable—supports Symmetric MultiProcessing (SMP) and 64-bit addressing for high-end scalability
  • Support for open standards—100% binary compatibility for Linux- or POSIX-based software applications allows them to migrate to a highly robust, secure environment
  • Faster time to market—enables developers to begin early development for secure applications
LynxSecure Separation Kernel and Embedded Hypervisor LynxOS-SE Embedded RTOS Luminosity Eclipse-based IDE
LynxOS Embedded RTOS RTOS: LynxOS-178 for software certification


SpyKer Embedded-System Trace Tool

Industry Solutions


Industry Standards

Embedded Systems Technology

RTOS Training for Embedded Systems

Training at LynuxWorks

LynuxWorks Support

Embedded Systems

LynxOS RTOS Support

Embedded System Consulting

Contact Us

About LynuxWorks

Press Room

Newsletter and Announcements



Site Map

Board Support Packages (BSPs)

BSP Device Drivers

BSP Targets by Operating System

BSP Targets by Form Factor

Third-party I/O Devices and Hardware

SynergyWorks: LynuxWorks partners

What is SynergyWorks?

Third-party add-ons for LynuxWorks operating systems

Copyright © LynuxWorks™, Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of LynuxWorks is prohibited.