Communications and Security Service

NVIDIA DRIVE AGX Communications and Security Services

Developer Guide

5.1.6.0 Release

Definition of Terms

Communications Service

Security Service

Enabling Communication and Security Services

The Configuration Tool

Networking

Using PTP Virtualization

Security Logging

Over The Air Update of Security Files

Configuration Tool Appendix

The NVIDIA DRIVE™ OS includes the Foundation Services runtime software stack that provides the infrastructure for the DRIVE™ OS Platform components. With this infrastructure, multiple guest operating systems can run on the NVIDIA hardware with the NVIDIA DRIVE™ Hyperion Developer Kit to manage the hardware resources.

The Foundation Services runtime architecture stack is as follows:

A screenshot of a cell phone Description automatically generated

The focus of this Development Guide is on the Communications and the Security services components. For each component, a separate QNX virtual machine is running.

Component	Description
Communications Services	The Communications Service manages the communications of the hardware peripherals. • Guest VMs can access the peripherals as if they were exclusively allocated to that VM. The Communications Service uses the Security Service to manage the routing of traffic to and from the peripherals, and to and from the guest VM.
Security Services	The Security Service monitors the communications for potential threats and enacts the appropriate policy once a threat is detected. • The guest VM is not aware of the Security Service. • The guest VM has virtualized drivers that appear, to higher layers, like normal hardware drivers. • Multiple guest VMs can access the same peripheral without knowledge of each other.

Definition of Terms

The following terms are used throughout this document:

Term	Definition
CAN	Control Area Network
Comms	Communications Services
DDOS	Distributed Denial of Service
DHCP	Dynamic Host Configuration Protocol
DNS	Domain Name System
DoS	Denial of Service
ICMP	Inter Control Message Protocol
IDPS	Intrusion Detection and Prevention System
IP	Internet Protocol
IVC	Inter-Virtual Machine Communication
MAC	Media Access Control
NAT	Network Address Translation
OS	Operating System
PTP	Precision Time Protocol
SSL	Secure Sockets Layer
SoC	System on a Chip
TCP	Transmit Control Protocol
TCU	Transmit Control Unit
TLS	Transport Layer Security
UDP	User Datagram Protocol
VLAN	Virtual Local Area Network
VM	Virtual Machine

A Typical Communication Configuration

The following illustration provides a reference example of networking on IP communication. A similar model applies to other communication interfaces such as CAN.

• The HV0 IP interfaces between each Guest OS VM.

• The Communications Services are assigned with a static IP address.

• Each VM is on a different subnet, and each VM is connected to the eth0 physical Ethernet device on the Communications Service.

• The Communications Service implements the para-virtualization of the physical interface, which is Ethernet in this case.

In this way, each Guest OS operates as if it has exclusive and direct access to the Ethernet device.

• The link between each Guest OS and the Communications is implemented by leveraging the Hypervisor IVC API.

• The Security Services acts as the bridge for the data transfers.

In this example, the Security Service routes the traffic to and from the peripheral, and to and from the Guest VM using the nvsec_engine. One instance is required per VM Communications channel.