|
|
Subscribe / Log in / New account

Why Zephyr?

By Nathan Willis
April 6, 2016
ELC

When the Zephyr project was announced in February, many members of the Linux community seemed to find it puzzling. Although Zephyr is hosted by the Linux Foundation, it is an entirely separate operating system that incorporates no Linux code. It also targets small hardware devices—from Arduinos to ARM system-on-chips (SoCs)—even though there are several other open-source OS projects (including Linux for many ARM SoCs) that also address that device class. At the 2016 Embedded Linux Conference in San Diego, the Zephyr team was on hand to make the case for why the new project is necessary and, hopefully, interesting to developers.

OSes of Things

Intel's Anas Nashif presented an overview of Zephyr in his talk, describing both its background within Intel and its capabilities. The bottom-line goal of the project is to provide an open-source, realtime operating system (RTOS) for "sub-Linux devices." Beyond that, however, Intel looked at the [Anas Nashif] existing RTOS offerings on the market and found them lacking in several respects. First, many of them focus only on one architecture, which limits their appeal.

Second, many of them are "roll your own" projects developed for research or maintained by a single person. That seems to correlate with a lack of security work, which is a serious drawback. In addition, some of these smaller RTOS projects use peculiar software licenses, which also inhibits their adoption within the open-source community. Finally, many of the existing projects are too limited in functionality to serve as a general-purpose OS for Internet of Things (IoT) devices, which Intel sees as the primary use case for Zephyr.

Put all of those factors together, and one has the Zephyr product brief: an open-source RTOS that supports multiple architectures, has a broad contributor base, and offers "more than just a scheduler"—specifically, good networking support and a real security framework. Intel happened to acquire the rights to Wind River's microcontroller RTOS, decided it could be developed into a good fit, and set about to clean up the code and prepare it for release. That RTOS is now the open-source Zephyr, although it also serves as the core of Wind River's "Rocket" RTOS product. Intel is currently leading the development effort.

By building on the existing Wind River code base, Nashif said, Zephyr can start with a battle-tested code base used for more than a decade in real-world conditions. Expanding the original code involved several key steps. First, it was restructured to be more modular. At compile time, developers can include or exclude whichever subsystems they need in order to fit the hardware. The hardware in question includes what he called "the very lowest end of the sub-Linux device spectrum", "where the cost of the silicon is minimal." He showed a slide listing the initial hardware products on which Zephyr runs, which includes the Arduino 101 and Intel Quark D2000 at the low end, and goes all the way up to the second-generation Intel Galileo at the high end. But, he added, the Galileo is a development platform only; it is fully capable of running Linux, so he expected no one would use it for a real Zephyr deployment.

[Constanza Heath]

Second, the Zephyr team added networking. It wrote a Bluetooth Low Energy (BLE) implementation from scratch, and ported the IP stack from the open-source Contiki RTOS. IPv6 is supported, include the low-energy 6LoWPAN. The project is still looking at other network stacks; Near-Field Communication (NFC) is likely; ZigBee and WiFi are also possibilities if there is demand.

The third addition to the code base was a cryptographic library based on TinyCrypt. In a separate session, security developer Constanza Heath described TinyCrypt's set of random-number generation (RNG), cipher, and key-exchange primitives, as well as Zephyr's general approach to security. A Zephyr image runs only a single application, which is statically linked in at compile time. There is a single address space and no loadable kernel modules are supported, which reduces the attack surface considerably. In brief, she said, with a single, statically linked process running, if there is malicious code running on your Zephyr hardware, then it was there at compile time. The project thus skips some other security features that larger OSes include to protect against security exploits, though she said the team is still looking into adding some protections like address-space randomization. For most security features, the question at hand is the security-versus-size trade-off.

Features

When it comes to size, Zephyr can run comfortably in 8KB of RAM, and can even run in a minimum of 2KB of RAM, although Nashif said that at that size it provides nothing but a "Hello World" demo. The Zephyr kernel can be configured in either one of two modes. The smallest is "nanokernel" mode, which provides a basic multi-threaded execution environment, inter-thread synchronization services (including semaphores and mutexes), message queues, and interrupt services. Nanokernel mode is expected to be used for the smallest and cheapest devices, he said, such as environmental sensors, which need to do little processing beyond gathering and sending data.

A step up from nanokernel mode is microkernel mode, which offers a superset of nanokernel mode's features, including more sophisticated message queuing, additional memory allocation services, preemptive tasks, and round-robin time slicing. This mode is expected to be used on slightly larger IoT nodes, such as sensor hubs that may need to process and format data collected from sensors before forwarding it on to a remote server. Nashif pointed out that networking was available in both nanokernel and microkernel mode, although configuring a nanokernel build for the full IP networking stack could potentially make it hard to fit Zephyr into a sub-10KB RAM device.

Nashif noted Zephyr also makes use of some tooling from Linux. Configuration is done using the Linux kernel's kconfig, and Zephyr builds are done using kbuild. But the similarities stop with those tools, he said—a Zephyr image is configured and built for a single application. "We're just trying to learn from Linux, not to be Linux." The project offers a software development kit (SDK) that supports five compilers and provides tools for flashing images onto devices and for debugging. In addition to running on Linux, Windows, and Mac OS X, the SDK can run in Docker containers.

Intel sees Zephyr as a strategic investment, Nashif said. It saw gaps in the RTOS market, particularly where IoT devices are concerned, and took the opportunity to try building a project to fill the gap. It hopes to win over the community, and hopes to work with other open-source projects wherever possible. Nashif added that he knows the IoT space is a crowded one; he has seen two new IoT OSes announced since Zephyr was released, and does not expect that trend to slow down.

Whoever establishes dominance in the IoT market will have to overcome quite a bit of competition, both proprietary and open source. It is quite early in Zephyr's lifespan, even though the code base has a longer history through its days at Wind River. Wherever it goes from here, it will be interesting to watch.

[The author would like to thank the Linux Foundation for travel assistance to attend ELC 2016.]

Index entries for this article
ConferenceEmbedded Linux Conference/2016

to post comments

Why Zephyr?

Posted Apr 7, 2016 7:34 UTC (Thu) by abogani (subscriber, #57602) [Link] (4 responses)

Is Linux kernel tinification project made obsolete by Zephyr?

Why Zephyr?

Posted Apr 7, 2016 8:25 UTC (Thu) by tao (subscriber, #17563) [Link] (3 responses)

They're intended for quite different domains. It's hard to believe that the Linux tinification project will ever be able to squeeze down the kernel to fit in 2-10kB.

Why Zephyr?

Posted Apr 7, 2016 10:14 UTC (Thu) by epa (subscriber, #39769) [Link] (2 responses)

What is an example application that's too hardware-constrained for a non-tinified Linux kernel, but requires more features than Zephyr can give? Since Zephyr provides multithreading and a networking stack, it does sound like it could take the place of Linux in many cases.

Why Zephyr?

Posted Apr 7, 2016 11:27 UTC (Thu) by tao (subscriber, #17563) [Link] (1 responses)

I'm not sure I'm interpreting you correctly, but I *think* you're asking what the benefit of a tinified Linux kernel would be over running Zephyr instead?

The major benefit is that even with a tinified Linux kernel you still optionally have access to almost every feature provided by the Linux kernel, an tons and tons and tons of HW support to choose from. Plus a much, much, MUCH larger pool of experts to choose from if you want to subcontract development or maintenance work.

Zephyr might get ported to several platforms and have support for common HW and things that comes with it (some wifi-chipsets, low power bluetooth, NFC, etc.), but there will always be a lot of cases where you'd have to write your own drivers for Zephyr to get support for what you need.

If you're in a situation where your memory budget isn't so small that a Zephyr (or other nanokernel) is the only option -- where a Linux kernel with only your specific requirements enabled would *almost* fit, then a tinified Linux kernel would make sense.

The tinification project has other benefits too -- the effort of going through code to identify candidates for memory bloat means code review, and sometimes even optimisations that can benefit larger scale systems too. Size optimisations can, if they make things fit in a cache line, have quite nice performance benefits.

Why Zephyr?

Posted Apr 7, 2016 12:03 UTC (Thu) by epa (subscriber, #39769) [Link]

Yes, I agree that tinification is certainly a worthwhile project in its own right.

Why Zephyr?

Posted Apr 7, 2016 11:06 UTC (Thu) by dgm (subscriber, #49227) [Link]

If/When WiFi gets added It will be great to see this ported to run on the ESP8266 WiFi module. At 5$ each it makes for a great IoT platform, the only thing missing is an Open Source OS.

Why Zephyr?

Posted Apr 7, 2016 14:33 UTC (Thu) by ken (subscriber, #625) [Link]

Was there any real comparison to the alternatives ?

clearly they know about Contiki as they took the ip stack from that but what was the problem with just using contiki?? or ecos or any of the other. What is it really that makes Zephyr so uniq.

Why Zephyr?

Posted Apr 7, 2016 15:07 UTC (Thu) by karim (subscriber, #114) [Link] (2 responses)

I fail to see how any form of real security can be achieve in a flat address space. There can be various stop-gap measures for sure. But there's only so much you can do without an MMU.

Why Zephyr?

Posted Apr 7, 2016 16:30 UTC (Thu) by paulj (subscriber, #341) [Link]

I'm not sure about Zephyr, but I think at least some of these unikernel OSes also can be compiled to run as Linux processes.

Why Zephyr?

Posted Apr 8, 2016 18:57 UTC (Fri) by lsl (subscriber, #86508) [Link]

Uhm, this is intended for IoT stuff. No one expects there to be any security.

Why Zephyr? (because it isn't GPLed)

Posted Apr 7, 2016 15:54 UTC (Thu) by faramir (subscriber, #2327) [Link] (1 responses)

While that may sound like a conspiracy theory, given the reluctance of many sellers of embedded systems to satisfy the requirements of the GPL, this isn't that farfetched. So maybe this is just icing for the cake; but I'm sure the fact that they didn't have to abide by the GPL wasn't a problem for Intel or the corporations that run the Linux Foundation. When every move by Microsoft to "support" Linux is often met with great suspicion; I'm surprised that people seem to take actions by groups like the Linux Foundation as inherently benevolent towards software freedom. Whether it is one corporation or a consortium of corporations, they all have similar motivations.

Why Zephyr? (because it isn't GPLed)

Posted Apr 16, 2016 6:00 UTC (Sat) by oldtomas (guest, #72579) [Link]

Agreed. By looking at the who's who in the Linux Foundation I was wary from day one.

Had I to choose an RTOS, I'd pick a GPL licensed one. Preferably GPL V3.

Why Zephyr?

Posted Apr 8, 2016 20:58 UTC (Fri) by giraffedata (guest, #1954) [Link] (10 responses)

What is an example of something that has only 8K of memory? And would such a thing have any persistent memory?

Why Zephyr?

Posted Apr 9, 2016 1:44 UTC (Sat) by tao (subscriber, #17563) [Link] (8 responses)

Typically sensors. It's not like your thermometer needs anything else than a few bytes of RAM for the readings (enough to add a median filter), plus whatever is needed for network communication.

Why Zephyr?

Posted Apr 9, 2016 15:47 UTC (Sat) by giraffedata (guest, #1954) [Link] (7 responses)

I can see that some devices don't need more than 8K, but is it cheaper to make a sensor with 8K than with 8M? Consider that if I want a USB flash drive on which to store an 8M file, the smallest one I can buy is 8G. Wouldn't similar economics apply to sensors?

Why Zephyr?

Posted Apr 9, 2016 16:09 UTC (Sat) by pizza (subscriber, #46) [Link] (4 responses)

The sorts of microcontroller SoCs that Zephyr targets cost a couple of dollars or less, even in smallish quantities. You're not going to get something with megabytes of RAM (or flash) for that price.

Why Zephyr?

Posted Apr 9, 2016 16:20 UTC (Sat) by giraffedata (guest, #1954) [Link] (2 responses)

Still struggling to understand how it costs less to make a sensor with kilobytes of memory than to make one with megabytes. Are Chinese laborers constructing the bits one at a time? Do we have to mine the transistors?

Why Zephyr?

Posted Apr 9, 2016 18:50 UTC (Sat) by alonz (subscriber, #815) [Link]

These sensors are usually built around single-chip microcontrollers (which often also include all of the digital parts of the sensor itself, so the components external to this chip are mostly passive parts like resistors, capacitors, and the like). Since these microcontrollers use a single piece of silicon to implement both logic and memory, they end up costing very little (often less than $1, in bulk). Unfortunately, dense memories require a different silicon process than processing components (low-power ones in particular), so the memories on such chips take up significantly more space than you would expect per bit of storage.

(As an aside, most dense memories are of the DRAM variety—Dynamic RAM—which requires continuous refresh from the memory controller, and therefore eat through batteries with unholy glee. On Internet-of-Things devices, which are often expected to last for years on a teeny battery, this option is just plain out.)

Why Zephyr?

Posted Apr 9, 2016 23:22 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

A sensor with 1kB of RAM can be made to work for months on a small battery or even on harvested background energy. It's much more difficult if you have lots of DRAM to keep refreshed.

Why Zephyr?

Posted Apr 9, 2016 23:37 UTC (Sat) by excors (subscriber, #95769) [Link]

I'm not sure exactly what you can get for a couple of dollars, but I expect it's rather a lot. At a slightly higher budget, $5 can get you a quite reasonable tablet SoC with a quad-core 64-bit ARM CPU and 512KB cache and a GPU and a bunch of other stuff, and another maybe $5 can get you 1GB of external DRAM. Or $5 could get you an entire Raspberry Pi Zero.

An RTOS designed for 8KB RAM is targeting a totally different scale, where you're counting in cents rather than dollars, or where you're battery-powered and are counting fractions of a milliwatt.

Why Zephyr?

Posted Apr 9, 2016 22:30 UTC (Sat) by cbaker (guest, #105649) [Link]

Yes, it is *much* cheaper to make a CPU with 8k of ram rather than 8M.
Apart from licensed IP cores (which are artificially expensive), memory is the single most expensive thing you can add to a piece of silicon. It just takes up so much space.

Take this image for example:
http://www.komtech.lt/images/text/upload/filtri/large_cac...
I pulled it from GIS somewhat randomly; I don't know what CPU it is for but it has the cache memory highlighted. I would guess that it has less than 1 MB of memory per core.
This CPU has an extraordinarily large amount of memory on it. It is completely mental -- they could have doubled the number of CPUs if they didn't have so much cache.

And doubling the number of CPUs *means* doubling your profit.

And forget what the other people in this comment thread are saying about CPUs that cost only $1-2. The ultimate target of something like project Zephyr is CPUs that cost 1-2 *cents*. The sort of CPU you can put in a disposable greeting card.
For a CPU to be that cheap, you have to be able to carve thousands (millions?) of them out of a single silicon wafer.

Why Zephyr?

Posted Apr 14, 2016 9:41 UTC (Thu) by farnz (subscriber, #17727) [Link]

Looking at ARM-based microcontrollers on Digikey, I can get an ARM Cortex-M0 with 16 KiB of Flash and 2 KiB of RAM at a unit price of 6.3p each. I have to more than double that price to 14.7p each to get a microcontroller with 256 KiB of Flash and 64 KiB of RAM, and I'm looking at 35.9p per IC for one with 1 MiB of Flash.

On top of that, in this space, you're looking for a single chip with enough I/O to do everything you want - the fewer support chips you need, the better. So, instead of choosing a high capacity external Flash chip (as your USB stick has done), and going for the cheapest discrete Flash that supports the use case, the MCU user picks the cheapest MCU that has as much of the things they need as possible integrated - if you can get away with one MCU talking SPI to a wireless module, that's a big saving compared to having to place down a wireless module, an MCU, a RAM chip, and a Flash chip.

Why Zephyr?

Posted Apr 9, 2016 17:31 UTC (Sat) by cjr (guest, #88606) [Link]

One of the products whose software I maintain (but didn't initially write) is a rack mount control unit with 4K of RAM and 32K of flash [1]. The flash memory is full (of code), so any time I make modifications I have to optimize some unrelated part of the code to reduce its size by a few bytes so I can fit a few new bytes of code.

A different product we make (that I don't maintain) contains 2 even smaller processors, one of them inside a component you wouldn't even imagine has a processor in it. A product that a friend works on uses these types of chips to perform PMIC and watchdog functions as part of a much more powerful board. These things are literally everywhere.

Not that we're going to try to use Zephyr on these, but I can definitely see the appeal.

[1] http://www.microchip.com/wwwproducts/en/PIC18F65J50
[2] http://www.microchip.com/wwwproducts/en/PIC16F688

Choice of Licence

Posted Apr 10, 2016 9:06 UTC (Sun) by remicardona (guest, #99141) [Link] (4 responses)

I see that Zephyr is licensed under the Apache Licence 2.0, which isn't compatible with GPL2.

So it's a *Linux* Foundation project that won't be able to cross-pollinate with Linux itself. On a technical level, that sounds like a lost opportunity, but I can't help but wonder why this choice was made. Am I reading too much into this?

Choice of Licence

Posted Apr 10, 2016 13:54 UTC (Sun) by anselm (subscriber, #2796) [Link] (3 responses)

We're told that for the sort of system envisioned here, the application is usually directly linked to the kernel. Under the popular theory promulgated by the likes of the FSF, that would make the application a “derived work” of the kernel, and bring it under the GPL. While that probably wouldn't be a problem as far as users of the devices in question is concerned, manufacturers won't be too keen on the idea, making GPL'ed Zephyr a non-starter.

It is unlikely that the Linux Foundation would want to spend money and effort on something device manufacturers (including possibly companies that fund the LF) don't have any use for, hence the – more palatable – Apache licence.

Choice of Licence

Posted Apr 11, 2016 8:13 UTC (Mon) by robbe (guest, #16131) [Link] (2 responses)

> [...] manufacturers won't be too keen on the idea [...]

I don’t see this as a given. If I produce, say, an espresso machine, and want to make it WiFi-capable, would I really consider the small application that reports "water tank N % full, beans reservoir M % full" worthy of protection? Would my competitors gain valuable insight from reading its source code? Would copying it give them some advantage?

I suspect the answers are "not really" to both questions for a number of appliances. But maybe I am mistaken ... or enough companies are just paranoid about sharing their code.

I certainly can’t see the big security benefits if the OS gets patches, but not the bespoke application linked to it.

Choice of Licence

Posted Apr 11, 2016 8:43 UTC (Mon) by anselm (subscriber, #2796) [Link] (1 responses)

If I produce, say, an espresso machine, and want to make it WiFi-capable, would I really consider the small application that reports "water tank N % full, beans reservoir M % full" worthy of protection?

Your developers might not, but your lawyers might. Usually in a company, what the lawyers say carries more weight than what the developers say.

Choice of Licence

Posted Apr 11, 2016 15:53 UTC (Mon) by flussence (guest, #85566) [Link]

I think Keurig(?) already did this, to protect their dirty business of DRMed coffee.


Copyright © 2016, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds