Cog Systems

OKL4 Microvisor

The OKL4 Microvisor is an advanced secure type-1 hypervisor developed by General Dynamics C4 Systems (formerly Open Kernel Labs). Cog Systems is a licencee and active maintainer of OKL4 technology.

Cog Systems has special expertise in applying the OKL4 Microvisor to embedded systems. As a partnering licensee, we supply, support and enhance the Microvisor for our customers in commercial markets.

The OKL4 Microvisor has been designed from the ground up as a dedicated secure embedded hypervisor. It shares the L4 Microkernel heritage and design principles, building on more than 20 years of research. It is small, fast and keeps policy out of the kernel at all costs.

The OKL4 Microvisor supports all ARM processors with MMU hardware, including:

  • ARMv5 – ARM926ejs
  • ARMv6 – ARM11
  • ARMv7 – Cortex-A5, Cortex-A8, Cortex-A9, Qualcomm Krait
  • ARMv7ve – Cortex-A7, Cortex-A15, Cortex-A17
    supporting both para-virtualization and HW virtualization
  • ARMv8 – 64-bit Cortex-A53, Cortex-A57
    supporting 32-bit and 64-bit modes of operation

Why embedded virtualization?

Virtualization is prolific and essential in cloud and business technology, however the embedded markets have yet to see wide spread use. The internet of things will change that, as more and more devices are connected with their ever increasing capabilities, security is becoming a core issue. Embedded virtualization will play a key security roll. Not simply used to multiplex hardware, embedded virtualization enables secure componentization of systems for a separation of concerns. No longer will your VPN run in the same security domain as third-party downloaded apps.

The OKL4 Microvisor provides a high-performance, highly secure and flexible platform, using capabilities based access control, secure communications and advanced driver sharing.


The OKL4 Microvisor is highly versatile and adaptable and supports a variety of applications including:

  • Componentization of large complex monolithic systems into smaller component pieces is a smart way to save costs and increase security. Componetization encourages Software Reuse resulting in long term savings in shorter time-to-market, reduced development and support costs.
  • Security and Robustness are key benefits of using the Microvisor. The Microvisor’s Secure Cell technology supports lightweight standalone applications, drivers and virtual machines with strong separation using the processor MMU and its capabilities access control model. The XML system specification language allows the developer to fully describe and visualize the security properties of an OKL4 system.
  • Consolidation of multiple independent systems onto a single processor using the OKL4 Microvisor drives cost savings, without compromising reliability, real-time properties or performance. A consolidated system also allows more flexibility across your product range by choosing different processor types, speed and multi-core configurations, without having to change your software architecture.
  • Portability of a software architecture is increased with the Microvisor through the creation of a virtual-platform. With a virtual platform, key hardware specific aspects, such as drivers and interfaces can be abstracted into components. Changing hardware platforms can be greatly simplified and the time-to-market can be greatly reduced. Key components can also be re-used in different products and systems.
  • Flexibility is a key property of the Microvisor. It has few hardware requirements and its microkernel inspired design means that it is flexible enough to support a very wide range of applications. Whether it is running a few small isolated applications, or hosting a dual-Android rich mobile device, you can be sure that the Microvisor will scale to the system demands. The Microvisor is perfectly suited as a base platform for all your product lines.



  • Secure
    Designed from the start with security at the core.
  • High Performance
    Ultra fast messaging, low latency and fast scheduling.
  • Advanced Scheduling
    High performance real-time scheduler allows mixing priorities between VM threads, and concurrent use of real-time and non-real-time OSes.
  • Small Memory Footprint
    Can be configured to use less than 128KB of kernel memory.
  • Advanced Multi-core Support
    Unique multi-core support with fast interrupt distribution, scheduling any VM virtual-CPU on any physical core and will run a multi-core OS on a single core platform.
  • Hardware virtualization and Paravirtualization
    Take advantage of hardware virtualization, or use our high performance para-virtualization, or both!.
  • Advanced Communications Frameworks
    Beyond simple message passing: secure and policy controlled messaging, flexible choice of secure messaging and shared-memory.
  • Advanced Device Virtualization
    The advanced capabilities of our Virtual Services Framework make other solutions like virt-io seem antiquated.
  • Flexible and Customizable
    You specify and design the system, including resource allocation, partitioning, security architecture, sharing and inter-VM links.
  • Powerful SDK Design Tools
    The SDK contains all the documentation and tools you need for designing, building and deploying your products.

Example Applications

  • Embedded system consolidation – many simple embedded systems benefit from consolidation and robustness. Don’t port all your legacy applications from different RTOSes or bare-metal, using the Microvisor to run systems concurrently benefits in reduced development cost, avoids introducing new bugs to existing software and saves you time.
  • IoT security – the internet of things (IoT) is exposing users, OEMs and platform operators to new risks. Malware and exploits lead to new problems, that can have serious consequences. Secure your networked devices with the OKL4 Microvisor.
  • Secure Mobile / Dual Persona – the OKL4 Microvisor is proven technology for the creation of flexible secure mobile devices for commercial and government use.
  • Automotive – the Microvisor has many uses in automotive systems, including consolidation and running critical RTOS systems side-by-side with rich applications such as Android and Automotive Linux software.
  • Smart TV and Set-top Box – OEMs are adding rich operating-systems such as Android to their smart-tvs and need to protect their content and platform from malware and exploits. The OKL4 Microvisor allows Android and other software to be isolated from OEM and other third-party software.
  • Networking Equipment – smart networking equipment can benefit from embedded virtualization. Providing isolated virtual machines for third-party smart applications such as content filtering and IP-TV distribution removed the need for applications to trust other software in the device, and protects the core functionality of the equipment from bugs and intrusions.

The OKL4 Microvisor is available through Cog Systems, and is also a component of the Cog Secure Environment Platform. A low-memory variant, the OKL4 Microvisor Lite is designed for high assurance with a small footprint. It is ideal for use as separation kernel coupled with ARM TrustZone.

Request Trial