Safe, Secure, Reliable


The INTEGRITY architecture supports multiple protected virtual address spaces, each of which can contain multiple application tasks.

The flagship of Green Hills Software operating systems—the INTEGRITY RTOS—is built around a partitioning architecture that enables embedded developers to ensure their applications meet the highest possible requirements for security, reliability, and performance. With its leadership pedigree underscored by a range of certifications, INTEGRITY sets the standard for RTOS safety, security, and reliability.

INTEGRITY uses hardware memory protection to isolate and protect embedded applications. Secure partitions guarantee each task the resources it needs to run correctly and fully protect the operating system and user tasks from errant and malicious code—including denial-of-service attacks, worms, and Trojan horses.

Unlike other memory-protected operating systems, INTEGRITY never sacrifices real-time performance for security and protection.

Platforms & Middleware

To help developers jumpstart product development, Green Hills Software offers an extensive array of middleware integrated and validated for INTEGRITY, including:

  • FFS, FAT, NFS, and journaling file systems
  • IPv4/IPv6 host and routing networking stacks
  • FIPS 140-2 certified Suite B enabled embedded encryption library
  • Advanced Layer 3 routing protocols
  • web services: HTTPS, SOAP, AJAX, JSON, XML
  • Wi-Fi support: WPA2, Bluetooth, 3G
  • USB host stack, device stack and class drivers
  • 2d, 3D, and OpenGL graphics

Each of these middleware packages has been pre- integrated and tested to run seamlessly with and take full advantage of INTEGRITY’s advanced RTOS capabilities. For selected industries, Green Hills Software offers platforms that provide an completely integrated ecosystem. Each platform includes the INTEGRITY RTOS as well as development tools, industry-specific middleware, reference hardware, and documentation.

Reliability Archtiecture

The INTEGRITY RTOS separation kernel protects against damage from errant or malicious code by preventing processes from writing beyond assigned memory regions. In addition, INTEGRITY’s partitions prevent unintended access to data from outside the partition where the data resides.

Traditional operating systems can crash, lock up, or execute uncontrollably, resulting in costly consequences—a lost satellite, a stalled car, a failing medical monitor. INTEGRITY protects both critical applications and itself from the malfunctions that can lead to failures by providing guaranteed system resources that ensure CPU time and memory resources will always be available to individual processes, no matter what any other process attempts to do.

Malicious or unintended events can deny access to system resources and keep system processes from running as intended. To prevent these denial-of-service attacks, INTEGRITY can assign fixed budgets of CPU time and memory to each process. By guaranteeing a time window for a particular process, these fixed budgets also preserve the integrity of other processes by preventing running tasks from executing beyond their window.

Performance & Memory

Hard, real-time performance

INTEGRITY is a hard real-time operating system that never sacrifices real-time performance for security and protection. INTEGRITY can respond to events in nanoseconds, guaranteed.

All INTEGRITY kernel services have been carefully optimized to minimize the overhead of system calls so they can be suspended to allow other calls to execute. INTEGRITY uses a real-time scheduler that supports multiple priority levels and enables complete control over CPU percentage allocation. In addition, INTEGRITY always services the highest priority interrupt with absolute minimum latency.

Guaranteed memory resoures

The INTEGRITY RTOS protects memory:

  • from exhaustion
  • from damage
  • from unauthorized access

INTEGRITY’s unique memory quota system keeps one address space from exhausting the memory of any other.

To prevent the risk of user stack overflow, INTEGRITY’s kernel has its own memory stack. Without this, the kernel would need to access the user process’ stack. But this can lead to problems because it is impossible for the user process to anticipate the maximum stack size if it is subject to use by unknown code (i.e., the kernel).

Advanced Multicore Support

INTEGRITY's flexible multicore processor support provides users with a wide range of system architecture possibilities while delivering real-time deterministic performance with secure, reliable separation policies.

The modern architecture of INTEGRITY is well suited for multicore processors targeting embedded systems. INTEGRITY provides complete Asymmetrical Multiprocessing (AMP) and Symmetrical Multiprocessing (SMP) support that is optimized for embedded and real-time use. Embedded system designers can select the multiprocessing architecture that is right for the task. When coupled with the advanced multicore debugging features found in the Green Hills MULTI tool suite, developers will reduce their time-to-market while increasing system performance and reliability.

INTEGRITY Multivisor Secure Virtualization Architecture

INTEGRITY Multivisor, secure virtualization, hypervisor, embedded INTEGRITY Multivisor combines general purpose guest operating systems with a comprehensive ecosystem of real-time applications, middleware, and drivers. Click for larger view.

INTEGRITY­ Multivisor is a robust and portable virtualization infrastructure with an architecture flexible enough to handle the wide variety of hardware capabilities available across today’s microprocessors. ISV maximizes the use of available hardware virtualization facilities while minimizing or eliminating modifications to guest operating systems.

Many silicon manufacturers now include hardware assisted virtualization technology—such as ARM Virtualization Extensions (VE), Intel VT-x and VT-d, and virtualization-enabled Power Architecture. For these architectures, INTEGRITY Multivisor supports high performance “full virtualization” where no changes to the guest operating system are needed. Where device access must be shared between guests and/or applications, it’s easy to add applications that coordinate access to the hardware.

On processors lacking hypervisor mode assistance, INTEGRITY Multivisor applies carefully crafted, minimally intrusive modifications to the guest operating system to maximize performance without sacrificing ease of migration and portability.

INTEGRITY Multivisor provides flexible and powerful mechanisms for managing cores. The Multivisor can statically bind guest operating systems to cores, in an Asymmetric Multiprocessing (AMP) model, or dynamically schedule workloads in a Symmetric Multiprocessing (SMP) model, depending on system requirements.

Architecture, Processor, and Board Support

The INTEGRITY Architecture Support Package (ASP) provides CPU initialization, exception handling, and fast context-switching for all leading embedded CPU architectures including Arm, Intel, Power and MIPS. INTEGRITY Board Support Packages (BSP) build upon the ASP and provide board-level support of memory, interrupts, accelerators, peripherals and middleware. We frequently add to our list of INTEGRITY BSPs so please contact your local Green Hills Software office to discuss your board support package requirements.

Green Hills Software works extensively with industry-leading commercial off-the-shelf (COTS) board manufacturers to enable INTEGRITY on their boards. Click here for more details.