What architecture is used at the bottom of Hongmeng system?

The bottom layer of Hongmeng system uses os architecture, which can be expanded according to needs to achieve system and extensive security; this architecture is mainly used for the Internet of Things, and has the characteristics of low latency to give you the best shopping experience; it can be used at any time It can be used on mobile phones, leading Android and compatible with all Android applications and games.

The operating environment of this tutorial: Magic UI 4.0.0 system, Magic UI 4.0.0 mobile phone.

Hongmeng system is a full-scenario distributed os based on microkernel. The system and extensive security can be expanded according to needs. This architecture is mainly used for the Internet of Things and has the characteristics of low latency to give you the best shopping experience. It can be used on mobile phones at any time, is ahead of Android and is compatible with all Android applications and games.

Introduction to HarmonyOS

First, let’s take a look at the official definition of HarmonyOS. According to the official definition, HarmonyOS is a "future-oriented" distributed operating system for all scenarios (mobile office, sports and health, social communication, media entertainment, etc.). On the basis of the traditional single-device system capabilities, HarmonyOS proposes a distributed concept based on the same system capabilities and adapted to multiple terminal forms, and can support the capabilities of multiple terminal devices.

For consumers, HarmonyOS can integrate the capabilities of various terminals in life scenarios to form a "super virtual terminal", which can achieve rapid connection, mutual assistance, and resources between different terminal devices. Share, match appropriate equipment, and provide a smooth full-scenario experience.

For application developers, HarmonyOS uses a variety of distributed technologies, making the development and implementation of applications independent of the differences in the form of different terminal devices, reducing development difficulty and costs. This allows developers to focus on upper-level business logic and develop applications more conveniently and efficiently.

For device developers, HarmonyOS adopts a componentized design solution that can be flexibly tailored according to the resource capabilities and business characteristics of the device to meet the operating system requirements of different forms of terminal devices.

Technical features

Hardware mutual assistance, resource sharing

1, distributed soft bus

The distributed soft bus is a unified base for a variety of terminal devices , provides unified distributed communication capabilities for the interconnection between devices, can quickly discover and connect devices, and efficiently distribute tasks and transmit data. The schematic diagram of the distributed soft bus is shown in the figure below.

2, Distributed device virtualization

The distributed device virtualization platform can realize resource integration, device management, data processing, etc. of different devices. The devices together form a super virtual terminal. For different types of tasks, we match and select execution hardware with appropriate capabilities for users, allowing services to flow continuously between different devices and giving full play to the resource advantages of different devices. The schematic diagram of distributed device virtualization is shown in the figure below.

3, Distributed data management

Distributed data management is based on the ability of distributed soft bus to realize distributed management of application data and user data. . User data is no longer bound to a single physical device, business logic is separated from data storage, and data is seamlessly connected when applications run across devices, creating basic conditions for creating a consistent and smooth user experience. The schematic diagram of distributed data management is shown in the figure below.

4, Distributed task scheduling

Distributed task scheduling is built based on technical features such as distributed soft bus, distributed data management, and distributed Profile. The unified distributed service management (discovery, synchronization, registration, invocation) mechanism supports operations such as remote start, remote invocation, remote connection, and migration of cross-device applications, and can be based on the capabilities, locations, business operating status, etc. of different devices. Resource usage, as well as user habits and intentions, select appropriate devices to run distributed tasks. The application migration in the figure below is taken as an example to briefly demonstrate the distributed task scheduling capabilities.

One development, multi-terminal deployment

HarmonyOS provides user program framework, Ability framework and UI framework to support multi-terminal business logic and Interface logic is reused, enabling one-time development and multi-deployment of applications, improving the development efficiency of cross-device applications. The schematic diagram of one-time development and multi-terminal deployment is shown in the figure below.

Unified OS, flexible deployment

HarmonyOS supports flexible deployment of a variety of terminal devices on demand through design methods such as componentization and miniaturization, and can adapt to different types of hardware resources and functional requirements. It supports the automatic generation of component dependencies through compilation chain relationships, forming a component tree dependency graph, supporting the convenient development of product systems and lowering the development threshold of hardware devices.

Supports the selection of each component (components are optional): According to the form and requirements of the hardware, you can select the required components.

Supports the configuration of function sets within components (components can be large or small): According to the hardware resources and functional requirements, you can choose to configure the function sets in the components. For example, choose to configure some controls in the Graphics Frame component.

Support dependencies between components (the platform can be large or small): Based on the compilation chain relationship, componentized dependencies can be automatically generated. For example, selecting a graphics framework component will automatically select dependent graphics engine components, etc.

Technical Architecture

HarmonyOS overall follows a layered design, from bottom to top: kernel layer, system service layer, framework layer and application layer. System functions are expanded step by step according to "System > Subsystem > Function/Module". In a multi-device deployment scenario, some non-essential subsystems or functions/modules are supported according to actual needs. The technical architecture of HarmonyOS is shown in the figure below.

Kernel layer

The HarmonyOS system is divided into a kernel subsystem and a driver subsystem.

Kernel subsystem: HarmonyOS adopts a multi-core design to support the selection of appropriate OS kernels for different resource-constrained devices. The Kernel Abstract Layer (KAL, KernelAbstract Layer) provides basic kernel capabilities to the upper layer by shielding multi-core differences, including process/thread management, memory management, file system, network management, and peripheral management.

Driver subsystem: HarmonyOS Driver Framework (HDF) is the basis for the openness of the HarmonyOS hardware ecosystem, providing unified peripheral access capabilities and driver development and management frameworks.

System Service Layer

The system service layer is the core capability set of HarmonyOS, which provides services to applications through the framework layer. This layer includes the following parts:

System basic capability subsystem set: Provides basic capabilities for the operation, scheduling, migration and other operations of distributed applications on HarmonyOS multiple devices. It is composed of distributed soft bus, distribution It is composed of subsystems such as formal data management, distributed task scheduling, Ark multi-language runtime, public basic library, multi-mode input, graphics, security, and AI. Among them, the Ark runtime provides C/C/JS multi-language runtime and basic system class libraries, and also provides static Java programs using the Ark compiler (that is, the parts of the application or framework layer developed using the Java language). Runtime.

Basic software service subsystem set: Provides public and general software services for HarmonyOS, consisting of event notification, telephone, multimedia, DFX, MSDP&DV and other subsystems.

Enhanced software service subsystem set: Provides HarmonyOS with differentiated capability-enhanced software services for different devices, consisting of smart screen proprietary business, wearable proprietary business, IoT proprietary business and other subsystems .

Hardware service subsystem set: Provides hardware services for HarmonyOS, consisting of subsystems such as location services, biometric identification, wearable proprietary hardware services, and IoT proprietary hardware services.

According to the deployment environment of different device forms, the basic software service subsystem set, enhanced software service subsystem set, and hardware service subsystem set can be tailored according to subsystem granularity, and each subsystem can be tailored according to functional granularity. Crop.

Framework layer

The framework layer provides multi-language user program frameworks and Ability frameworks such as Java/C/C/JS for HarmonyOS applications, as well as various software and hardware services that are open to the outside world. Multi-language framework API; at the same time, multi-language framework API such as C/C/JS is provided for devices using HarmonyOS. The APIs supported by different devices are related to the degree of component tailoring of the system.

Application layer

The application layer includes system applications and third-party non-system applications. HarmonyOS applications consist of one or more FA (Feature Ability) or PA (Particle Ability). Among them, FA has a UI interface and provides the ability to interact with users; while PA has no UI interface and provides the ability to run tasks in the background and a unified data access abstraction. Applications developed based on FA/PA can implement specific business functions, support cross-device scheduling and distribution, and provide users with a consistent and efficient application experience.

System Security

On distributed terminals equipped with HarmonyOS, it can be guaranteed that "the right people, through the right devices, use the data correctly."

Use "distributed multi-terminal collaborative identity authentication" to ensure the "correct person".

Ensure "correct equipment" by "building a trusted operating environment on distributed terminals".

Ensure "correct use of data" through "classification and hierarchical management of data in the process of distributed data flowing across terminals".

Correct equipment

In a distributed terminal scenario, only by ensuring that the equipment used by users is safe and reliable can user data be effectively protected on the virtual terminal and user privacy leaked.

Secure Boot ensures that the system firmware and applications running on each virtual device at the source are complete and untampered. Through secure boot, image packages from various device manufacturers are less likely to be illegally replaced with malicious programs, thereby protecting user data and privacy.

The Trusted Execution Environment provides a hardware-based Trusted Execution Environment (TEE, Trusted Execution Environment) to protect the storage and processing of users' personal sensitive data and ensure that data is not leaked. Due to the different security capabilities of distributed terminal hardware, users' sensitive personal data needs to be stored and processed using high-security devices. HarmonyOS uses a TEE microkernel based on mathematically provable formal development and verification, and has obtained a certification rating of CC EAL5 for commercial OS kernels.

Device certificate authentication supports presetting device certificates for devices with trusted execution environments to prove their security capabilities to other virtual terminals. For devices with a TEE environment, pre-configured PKI (Public Key Infrastructure) device certificates are provided to prove the identity of the device to ensure that the device is legally manufactured.

The device certificate is preset on the production line. The private key of the device certificate is written and safely stored in the TEE environment of the device, and is only used within the TEE. When the user's sensitive data (such as keys, encrypted biometrics, etc.) must be transmitted, a secure channel is established from the TEE of one device to the TEE of another device after using the device certificate for security environment verification. Achieve secure transmission, as shown in the figure below.

Use data correctly

In a distributed terminal scenario, it is necessary to ensure that users can use data correctly. HarmonyOS implements full life cycle protection around the generation, storage, use, transmission and destruction of data, thereby ensuring that personal data and privacy, as well as system confidential data (such as keys) are not leaked.

Data generation: Classify the data according to the laws, regulations and standards of the country or organization where the data is located, and set the corresponding protection level according to the classification. From the moment data is generated, data of each protection level needs to be provided with different strengths of security protection according to the corresponding security policies throughout its entire life cycle of storage, use, and transmission. The access control system of virtual hyperterminal supports tag-based access control policies to ensure that data can only be stored, used and transmitted between virtual terminals that can provide sufficient security protection.

Data storage: HarmonyOS differentiates the security level of data and stores it in partitions with different security protection capabilities to securely protect data and provide seamless cross-device flow and cross-device keys throughout the key life cycle. Access control capabilities support distributed identity authentication collaboration, distributed data sharing and other services.

Data usage: HarmonyOS provides a trusted execution environment for devices through hardware. Users' personal sensitive data are only used in the trusted execution environment of distributed virtual terminals to ensure that the security and privacy of user data are not leaked.

Data transmission: In order to ensure the safe flow of data between virtual hyper terminals, each device needs to be correct and trustworthy, establish a trust relationship (multiple devices establish a pairing relationship through Huawei accounts), and be able to verify After the trust relationship is established, a secure connection channel is established and data is transmitted securely according to the rules of data flow. When communicating between devices, the device needs to be authenticated based on its identity credentials, and based on this, a secure encrypted transmission channel is established.

Data destruction: Destroying the key means destroying the data. The storage of data in virtual terminals is based on keys. When destroying data, only the corresponding key needs to be destroyed to complete the data destruction.

For more computer-related knowledge, please visit the FAQ column!

The above is the detailed content of What architecture is used at the bottom of Hongmeng system?. For more information, please follow other related articles on the PHP Chinese website!