|
A joint collaboration in Yverdon-les-Bains on Linux, AVZ virtualization, SO3 capsules, and safety-oriented LVGL user interfaces. |
EDGEMTech and HEIG-VD are jointly developing an open-source embedded software environment that combines Linux, the AVZ virtualization layer, and SO3 capsules to host modular graphical applications. The objective is to provide a robust execution platform for embedded products where hardware access, application isolation, portability, and long-term maintainability must coexist without compromising user-interface richness.
|
Why this architecture matters • Linux retains the critical services and direct hardware access. • Portainer can remotely orchestrate multiple SO3 capsules through a SO3-enabled agent running in the Linux domain. • Each capsule can host a dedicated LVGL-based application, enabling clean separation between product modes or customer-specific HMIs. • A split graphics architecture isolates application logic from low-level rendering details, improving portability across platforms and display stacks. • LVGL Safe can be combined with capsule isolation for safety-oriented HMI designs. |
Figure 1. High-level view of the software stack: Portainer-driven orchestration in Linux, multiple SO3 capsules hosting LVGL applications, and display front-end/back-end separation over the AVZ hypervisor.
- Architecture overview
At the bottom of the stack, the AVZ hypervisor provides the virtualization layer used to partition the execution environment. Above it, the Linux domain remains the system anchor point: it hosts the services that need direct access to the physical hardware, keeps ownership of the low-level graphics drivers, and exposes the execution and orchestration services required to manage isolated application domains.
On top of this base, SO3 capsules can be instantiated as strongly isolated execution contexts dedicated to user-interface workloads. The diagram illustrates capsules hosting graphical applications written in C, C++, micro-Python and soon Rust, but the same model can be extended to other language bindings when relevant. Each capsule packages its own application logic together with the LVGL user-interface stack and the required runtime components.
- Portainer orchestration and capsule lifecycle
A key part of the approach is the integration of Portainer for orchestration. A Portainer manager communicates with a SO3-enabled agent running in the Linux domain. This agent acts as the control bridge between the orchestration layer and the embedded virtualization environment.
From an operational standpoint, this makes it possible to deploy, update, stop, and supervise several capsules on the same target. Instead of embedding all graphical functions inside a single monolithic application, different LVGL-based apps can be packaged into separate capsules and managed independently. This is especially attractive for products that need distinct operating modes, customer-specific HMIs, service interfaces, or staged feature rollouts.
The same mechanism also opens the door to switching between capsules according to the active application context. In practice, one capsule can implement one HMI profile while another capsule implements a different one, with the orchestrator selecting which capsule is currently active or visible. This preserves a clean separation between applications while simplifying update strategies and fault containment.
- Split graphics architecture and LVGL portability
One of the most interesting technical aspects of the architecture is the split between user-interface logic and graphics implementation. The LVGL application and its UI logic run inside the capsule, while the hardware-facing graphics components remain anchored in the Linux domain.
In the diagram, this split appears through the distinction between the display front-end driver on the capsule side and the display back-end driver on the Linux side, the latter itself relying on the native graphics stack and drivers such as DRM, framebuffer, or other platform-specific implementations. This separation keeps the application layer focused on UI behavior, widgets, layouts, and event handling, while the rendering and display integration can be adapted independently to the target hardware.
This design greatly improves portability. An LVGL application can be kept largely unchanged while the graphics back-end is retargeted to another SoC, another display controller, or another rendering path. The same UI logic can therefore be reused across product families with fewer modifications in the high-level application code. In other words, portability is obtained not by freezing the whole stack, but by isolating the platform-dependent layers where they belong.
- LVGL Pro workflow and LVGL Safe perspective
The workflow can also benefit from the LVGL Pro editor, which provides a practical way to design the user interface and generate the corresponding target code. In this architecture, the generated application can then be packaged into a capsule and deployed through the orchestration layer, preserving a consistent pipeline from UI design to embedded deployment.
The safety-oriented dimension is equally important. LVGL Safe is highly relevant in this context because it complements the architectural isolation already provided by capsules and virtualization. When a UI is placed inside a strongly partitioned execution environment, and when its graphics path is explicitly controlled through front-end/back-end separation, LVGL Safe becomes an especially compelling candidate for applications that have stronger safety, robustness, or certification-driven requirements.
The combination of LVGL Safe and SO3 capsules therefore offers a promising route for highly critical environments in which a graphical interface is still required, but where fault containment, software partitioning, controlled updates, and predictable system behavior are mandatory design constraints.
- Open-source engineering collaboration
Beyond the technical stack itself, this project also reflects the value of a close collaboration between industrial engineering and applied research. EDGEMTech brings product-oriented embedded software expertise, customer-facing constraints, and deployment pragmatism, while HEIG-VD contributes engineering depth, experimentation capacity, and a strong academic environment to structure and validate the approach.
Together, the goal is to consolidate a reusable open-source foundation for Linux-based virtualized embedded systems, capable of hosting advanced and portable HMIs with a clean separation of concerns between orchestration, application logic, and hardware-specific graphics integration.
We are currently preparing several showcases based on Raspberry Pi 4 platforms to illustrate this architecture in practice. More demonstrations and technical details will be shared soon.
This article is intended as a technical introduction to the ongoing collaboration. More implementation details, demonstrations, and feedback from field deployments will be shared as the project evolves.
