312:
applications. An effective implementation of an embedded hypervisor must deal with a number of issues specific to such applications. These issues include the highly integrated nature of embedded systems, the requirement for isolated functional blocks within the system to communicate rapidly, the need for real-time/deterministic performance, the resource-constrained target environment and the wide range of security and reliability requirements.
592:
automatically shut down and restarted on fault detection. This can be particularly important for embedded device drivers, as this is where the highest density of fault conditions is seen to occur, and is thus the most common cause of OS failure and system instability. It also allows the encapsulation of operating systems that were not necessarily built to the reliability standards demanded of the new system design.
610:
configuration may assume exclusive control of all system resources of memory, I/O and processor. This code base can be re-used unchanged on alternative system configurations of I/O and memory through the use of a VM to present a resource map and functionality that is consistent with the original system configuration, effectively de-coupling the legacy code from the specifics of a new or modified hardware design.
66:
216:
25:
546:
task. Such drivers and system services can be implemented just once for the virtualized environment; these services are then available to any hosted OS. This level of abstraction also allows the embedded developer to implement or change a driver or service in either hardware or software at any point, without this being apparent to the hosted OS.
168:
487:(IPC) mechanism can be used to provide these functions, as well as invoking all system services, and implemented in a manner which ensures that the desired level of VM isolation is maintained. Also, due to its significant impact on system performance, such an IPC mechanism should be highly optimised for minimal latency.
600:
Subsystem software or applications can be securely updated and tested for integrity, by downloading to a secure VM before “going live” in an executing system. Even if this process then fails, the system can revert to its former state by restarting the original software subsystem/application, without
470:
With the small TCB of a type 1 embedded hypervisor, the system can be made highly secure & reliable. Standard software-engineering techniques, such as code inspections and systematic testing, can be used to reduce the number of bugs in such a small code base to a tiny fraction of the defects that
452:
Monitor (VMM) would be even smaller and more efficient. This issue is the subject of some ongoing debate. However, the main point at issue is the same on all sides of the discussion – the speed and size of the implementation (for a given level of functionality) are of major importance. For example:
667:
As new processors utilise multi-core architectures to increase performance, the embedded hypervisor can manage the underlying architecture and present a uni-processor environment to legacy applications and operating systems while efficiently using the new multiprocessor system design. In this way a
545:
Designers of embedded systems may have many hardware drivers and system services which are specific to a target platform. If support for more than one OS is required on the platform, either concurrently or consecutively using a common hardware design, an embedded hypervisor can greatly simplify the
527:
ARM processors are notable in that most of their application class processor designs support a technology called ARM TrustZone, which provides essentially hardware support for one privileged and one unprivileged VM. Normally a minimal
Trusted Execution Environment (TEE) OS is run in the Secure World
415:
The size and efficiency of the implementation is also an issue for an embedded hypervisor, as embedded systems are often much more resource constrained than desktop and server platforms. It is also desirable for the hypervisor to maintain, as closely as possible, the native speed, real-time response
391:
An embedded hypervisor typically provides multiple VMs, each of which emulates a hardware platform on which the virtualised software executes. The VM may emulate the underlying native hardware, in which case embedded code that runs on the real machine will run on the virtual machine and vice versa.
461:
Embedded systems are typically highly resource constrained due to cost and technical limitations of the hardware. It is therefore important for an embedded hypervisor to be as efficient as possible. The microkernel and separation kernel based designs allow for small and efficient hypervisors. Thus
479:
One of the most important functions required in an embedded hypervisor is a secure message-passing mechanism, which is needed to support real-time communication between processes. In the embedded environment, a system will typically have a number of closely coupled tasks, some of which may require
658:
Software IP operating under one licensing scheme can be separated from other software IP operating under a different scheme. For example, the embedded hypervisor can provide an isolated execution environment for proprietary software sharing the processor with open source software subject to the
582:
An embedded hypervisor is able to provide secure encapsulation for any subsystem defined by the developer, so that a compromised subsystem cannot interfere with other subsystems. For example, an encryption subsystem needs to be strongly shielded from attack to prevent leaking the information the
311:
Software virtualization has been a major topic in the enterprise space since the late 1960s, but only since the early 2000s has its use appeared in embedded systems. The use of virtualization and its implementation in the form of a hypervisor in embedded systems are very different from enterprise
411:
or use virtualization features of the underlying CPU. Paravirtualization is required in cases where the hardware does not assist, and involves often extensive modifications to core architecture support core of guest kernels. Emulation of hardware at the register level is rarely seen in embedded
295:
The requirements for an embedded hypervisor are distinct from hypervisors targeting server and desktop applications. An embedded hypervisor is designed into the embedded device from the outset, rather than loaded subsequent to device deployment. While desktop and enterprise environments use
591:
The encapsulation of a subsystem components into a VM ensures that failure of any subsystem cannot impact other subsystems. This encapsulation keeps faults from propagating from a subsystem in one VM to a subsystem in another VM, improving reliability. This may also allow a subsystem to be
609:
Virtualization allows legacy embedded code to be used with the OS environment it has been developed and validated with, while freeing the developer to use a different OS environment in a separate VM for new services and applications. Legacy embedded code, written for a particular system
480:
secure isolation from each other. In a virtualized environment, the embedded hypervisor will support and enforce this isolation between multiple VMs. These VMs will therefore require access to a mechanism that provides low-latency communication between the tasks.
351:(TCB). Type 2 hypervisors typically run as an application within a more general purpose operating system, relying on services of the OS to manage system resources. Nowadays kernel extensions are often loaded to take advantage of hardware with virtualization support.
403:
to run in this environment, however since a virtual platform can be defined without reliance on the native hardware, guest software supporting a virtual platform can be run unmodified across various distinct hardware platforms supported by the hypervisor.
466:
from several tens to several hundred kilobytes, depending on the efficiency of the implementation and the level of functionality provided. An implementation requiring several megabytes of memory (or more) is generally not acceptable.
633:
processors with virtualization support. The legacy binary code could run completely unmodified in a VM with all resource mapping handled by the embedded hypervisor, assuming the system hardware provides equivalent functionality.
617:
is commonly used to virtualize the OS’s on processors without hardware virtualization support, and thus the applications supported by the OS can also run unmodified and without re-compilation in new hardware platform designs.
519:
have followed desktop and server chip vendors in adding hardware support for virtualization. There are still a large proportion of embedded processors however which do not provide such support and a hypervisor supporting
755:
737:
296:
hypervisors to consolidate hardware and isolate computing environments from one another, in an embedded system, the various components typically function collectively to provide the device's functionality.
570:, to support user applications, such as a web browser or calendar. The objective might be to upgrade an existing design without the added complexity of a second processor, or simply to minimize the
495:
An embedded hypervisor needs to be in complete control of system resources, including memory accesses, to ensure that software cannot break out of the VM. A hypervisor therefore requires the target
583:
encryption is supposed to protect. As the embedded hypervisor can encapsulate a subsystem in a VM, it can then enforce the required security policies for communication to and from that subsystem.
328:, can run with the appearance of full access to the underlying system hardware, where in fact such access is under the complete control of the hypervisor. These virtual environments are called
412:
hypervisors as this is very complex and slow. The custom nature of embedded systems means that the need to support unmodified binary-only guest software which require these techniques is rare.
824:
650:
customer. An embedded hypervisor makes it possible to restrict access by other system software components to a specific part of the system containing IP that needs to be protected.
686:
OKL4 Hypervisor - Supports ARM based smart connected devices (embedded, mobile). Used in defense and security sensitive applications. Supported commercially by Cog
Systems.
753:
735:
900:
981:
242:
226:
1004:
822:
621:
Even without source access, legacy binary code can be executed in systems running on processors with hardware virtualization support such as the
1387:
883:
719:
38:
646:
may need protection from theft or misuse when an embedded platform is being shipped for further development work by (for example) an
558:(RTOS) for low-level real-time functionality (such as the communication stack) while at the same time running a general purpose OS,
267:
149:
52:
795:
130:
303:
Typical attributes of embedded virtualization include efficiency, security, communication, isolation and real-time capabilities.
347:
Type 1 hypervisors manage key system resources required to maintain control over the virtual machines, and facilitate a minimal
102:
1349:
1304:
1132:
647:
230:
974:
87:
80:
376:
High-bandwidth, low-latency communication between system components, subject to a configurable, system-wide security policy;
109:
1049:
1392:
186:
484:
340:
Hypervisors are generally classed as either type 1 or type 2, depending on whether the hypervisor runs exclusively in
116:
898:
1339:
1309:
689:
INTEGRITY Multivisor - A Type II microkerner virtualization service of the safety/security-certified INTEGRITY RTOS
555:
683:
Cross-OS Hypervisor - Allows applications to run natively on a single OS platform from MapuSoft
Technologies, Inc.
1418:
1294:
1286:
1039:
967:
98:
1319:
1299:
44:
373:
Support for lightweight but secure encapsulation of medium-grain subsystem components that interact strongly;
1423:
1147:
496:
234:
76:
677:
1137:
504:
348:
344:
or privileged mode (type 1) or is itself hosted by an operating system as a regular application (type 2).
382:
Ability to implement a scheduling policy between VMs and provide support for real-time system components;
1069:
1009:
853:
643:
297:
782:
706:
471:
must be expected for a hypervisor and guest OS combination that may be 100,000–300,000 lines in total.
1397:
1331:
1110:
1019:
1195:
1127:
811:
939:
840:
717:
1054:
626:
622:
614:
521:
408:
123:
1344:
1266:
1152:
1044:
1029:
879:
571:
567:
512:
500:
429:
324:
provides one or more software virtualization environments in which other software, including
1233:
1142:
1081:
1059:
630:
559:
508:
463:
453:" ... hypervisors for embedded use must be real-time capable, as well as resource-miserly."
437:
359:
An embedded hypervisor is most often a type 1 hypervisor which supports the requirements of
325:
793:
1117:
1105:
1064:
990:
904:
828:
799:
759:
741:
723:
449:
432:
designs, with virtualization built-in as an integral capability. This was introduced with
360:
341:
329:
289:
424:
Implementations for embedded systems applications have most commonly been based on small
1359:
771:
1241:
1213:
1162:
1024:
190:
1412:
1364:
1276:
916:
332:(VM)s, and a hypervisor will typically support multiple VMs managed simultaneously.
1261:
1074:
668:
change in hardware environment does not require a change to the existing software.
445:
1374:
1314:
1122:
425:
65:
1354:
1180:
1014:
441:
436:
in 2005. Examples of these approaches have been produced by companies such as
321:
285:
392:
An emulation of the native hardware is not always possible or desired, and a
1251:
379:
Minimal impact on system resources and support real-time latency guarantees;
416:
and determinism and power efficiency of the underlying hardware platform.
1208:
1100:
1091:
300:
overlaps with embedded system virtualization, and shares some use cases.
927:
1369:
1256:
1246:
1185:
1172:
516:
400:
1271:
1203:
873:
433:
959:
802:(Response to) Are Virtual-Machine Monitors Microkernels Done Right?
448:
appears to take the position that an approach based on a dedicated
563:
536:
Some of the most common use cases for an embedded hypervisor are:
363:
development. See references and for a more detailed discussion.
1223:
1218:
1157:
663:
9. Migration of applications from uni-core to multi-core systems
399:
When a VM provides a virtual platform, guest software has to be
370:
A small, fast hypervisor with support for multiple isolated VMs;
963:
613:
Where access to the operating system source code is available,
550:
2. Support for multiple operating systems on a single processor
209:
161:
59:
18:
182:
784:
Are
Virtual Machine Monitors Microkernels Done Right?
528:
and a native kernel running in the Non-secure World.
1330:
1285:
1232:
1194:
1171:
1090:
997:
744:Virtualization and hypervisors aid embedded design
440:(microkernel followed by a separation kernel) and
762:Five years of reinventing embedded systems design
878:. Munich: GRIN Publishing GmbH. pp. 11–17.
507:). Many embedded processors including such as
975:
773:Small kernels versus virtual-machine monitors
8:
875:Virtualization for Reliable Embedded Systems
53:Learn how and when to remove these messages
982:
968:
960:
726:Role of Virtualization in Embedded Systems
928:Crucible - Secure Embedded Virtualization
366:These requirements are summarized below.
268:Learn how and when to remove this message
150:Learn how and when to remove this message
229:: vague phrasing that often accompanies
16:Hypervisor designed for embedded systems
699:
86:Please improve this article by adding
7:
596:5. Dynamic update of system software
462:embedded hypervisors usually have a
861:(Technical report). pp. 10–16.
855:Virtualization for Embedded Systems
852:Heiser, Gernot (27 November 2007).
708:Virtualization for Embedded Systems
407:Embedded hypervisors employ either
288:that supports the requirements of
14:
34:This article has multiple issues.
654:8. Software license segregation
554:Typically this is used to run a
214:
166:
64:
23:
1305:Light-weight Linux distribution
1133:Hacking of consumer electronics
42:or discuss these issues on the
842:Improving IPC by Kernel Design
1:
907:ARM Virtualization Extensions
831:Trustworthy Computing Systems
88:secondary or tertiary sources
1393:List of open-source hardware
629:technologies and the latest
503:support (typically using an
485:inter-process communication
1440:
1310:Real-time operating system
601:halting system operation.
556:real-time operating system
241:Such statements should be
1383:
1295:Linux on embedded systems
1300:Linux for mobile devices
396:may be defined instead.
1148:PlayStation 3 Jailbreak
872:Strobl, Marius (2013).
177:is written like a story
1138:Homebrew (video games)
940:"INTEGRITY Multivisor"
813:Is Your System Secure?
349:trusted computing base
75:relies excessively on
1332:Programming languages
1070:Single-board computer
1010:Board support package
642:Valuable proprietary
605:6. Legacy code re-use
587:4. System reliability
491:Hardware requirements
457:Resource requirements
444:(separation kernel).
298:Mobile virtualization
191:neutral point of view
99:"Embedded hypervisor"
1398:Open-source robotics
1388:Lightweight browsers
1111:Proprietary firmware
1020:Consumer electronics
243:clarified or removed
183:rewrite this article
1128:Defective by Design
1035:Embedded hypervisor
672:Commercial products
355:Embedded hypervisor
282:embedded hypervisor
1196:Software libraries
903:2013-05-03 at the
827:2011-09-02 at the
798:2008-05-11 at the
758:2010-11-21 at the
740:2008-10-10 at the
722:2018-04-02 at the
680:by Star Lab Corp.
638:7. IP protection
615:paravirtualization
578:3. System security
540:1. OS independence
522:paravirtualization
409:paravirtualization
187:encyclopedic style
1406:
1405:
1345:Assembly language
1287:Operating systems
1267:Stand-alone shell
1234:Programming tools
1153:Rooting (Android)
1045:Embedded software
1030:Embedded database
885:978-3-656-49071-5
572:bill of materials
501:memory management
430:separation kernel
420:Hypervisor design
326:operating systems
278:
277:
270:
260:
259:
208:
207:
160:
159:
152:
134:
57:
1431:
1419:Embedded systems
1143:iOS jailbreaking
1060:Memory footprint
991:Embedded systems
984:
977:
970:
961:
954:
953:
951:
950:
936:
930:
925:
919:
914:
908:
896:
890:
889:
869:
863:
862:
860:
849:
843:
838:
832:
820:
814:
809:
803:
791:
785:
780:
774:
769:
763:
751:
745:
733:
727:
715:
709:
704:
475:VM communication
464:memory footprint
438:Open Kernel Labs
394:virtual platform
361:embedded systems
330:virtual machines
290:embedded systems
273:
266:
255:
252:
246:
218:
217:
210:
203:
200:
194:
185:to introduce an
170:
169:
162:
155:
148:
144:
141:
135:
133:
92:
68:
60:
49:
27:
26:
19:
1439:
1438:
1434:
1433:
1432:
1430:
1429:
1428:
1409:
1408:
1407:
1402:
1379:
1326:
1281:
1228:
1190:
1167:
1118:Closed platform
1106:Custom firmware
1086:
1065:Microcontroller
993:
988:
958:
957:
948:
946:
938:
937:
933:
926:
922:
915:
911:
905:Wayback Machine
897:
893:
886:
871:
870:
866:
858:
851:
850:
846:
839:
835:
829:Wayback Machine
821:
817:
810:
806:
800:Wayback Machine
792:
788:
781:
777:
770:
766:
760:Wayback Machine
752:
748:
742:Wayback Machine
734:
730:
724:Wayback Machine
716:
712:
705:
701:
696:
674:
544:
534:
493:
477:
459:
450:Virtual Machine
422:
389:
357:
342:supervisor mode
338:
318:
309:
274:
263:
262:
261:
256:
250:
247:
240:
219:
215:
204:
198:
195:
180:
171:
167:
156:
145:
139:
136:
93:
91:
85:
81:primary sources
69:
28:
24:
17:
12:
11:
5:
1437:
1435:
1427:
1426:
1424:Virtualization
1421:
1411:
1410:
1404:
1403:
1401:
1400:
1395:
1390:
1384:
1381:
1380:
1378:
1377:
1372:
1367:
1362:
1357:
1352:
1347:
1342:
1336:
1334:
1328:
1327:
1325:
1324:
1323:
1322:
1312:
1307:
1302:
1297:
1291:
1289:
1283:
1282:
1280:
1279:
1274:
1269:
1264:
1259:
1254:
1249:
1244:
1242:Almquist shell
1238:
1236:
1230:
1229:
1227:
1226:
1221:
1216:
1214:Embedded GLIBC
1211:
1206:
1200:
1198:
1192:
1191:
1189:
1188:
1183:
1177:
1175:
1169:
1168:
1166:
1165:
1163:Vendor lock-in
1160:
1155:
1150:
1145:
1140:
1135:
1130:
1125:
1120:
1115:
1114:
1113:
1108:
1097:
1095:
1088:
1087:
1085:
1084:
1079:
1078:
1077:
1067:
1062:
1057:
1052:
1047:
1042:
1037:
1032:
1027:
1025:Cross compiler
1022:
1017:
1012:
1007:
1001:
999:
995:
994:
989:
987:
986:
979:
972:
964:
956:
955:
931:
920:
909:
891:
884:
864:
844:
833:
815:
804:
786:
775:
764:
746:
728:
710:
698:
697:
695:
692:
691:
690:
687:
684:
681:
673:
670:
533:
530:
492:
489:
476:
473:
458:
455:
421:
418:
388:
387:Implementation
385:
384:
383:
380:
377:
374:
371:
356:
353:
337:
336:Classification
334:
317:
314:
308:
305:
276:
275:
258:
257:
222:
220:
213:
206:
205:
174:
172:
165:
158:
157:
72:
70:
63:
58:
32:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
1436:
1425:
1422:
1420:
1417:
1416:
1414:
1399:
1396:
1394:
1391:
1389:
1386:
1385:
1382:
1376:
1373:
1371:
1368:
1366:
1365:Embedded Java
1363:
1361:
1358:
1356:
1353:
1351:
1348:
1346:
1343:
1341:
1338:
1337:
1335:
1333:
1329:
1321:
1318:
1317:
1316:
1313:
1311:
1308:
1306:
1303:
1301:
1298:
1296:
1293:
1292:
1290:
1288:
1284:
1278:
1277:Yocto Project
1275:
1273:
1270:
1268:
1265:
1263:
1260:
1258:
1255:
1253:
1250:
1248:
1245:
1243:
1240:
1239:
1237:
1235:
1231:
1225:
1222:
1220:
1217:
1215:
1212:
1210:
1207:
1205:
1202:
1201:
1199:
1197:
1193:
1187:
1184:
1182:
1179:
1178:
1176:
1174:
1170:
1164:
1161:
1159:
1156:
1154:
1151:
1149:
1146:
1144:
1141:
1139:
1136:
1134:
1131:
1129:
1126:
1124:
1121:
1119:
1116:
1112:
1109:
1107:
1104:
1103:
1102:
1099:
1098:
1096:
1093:
1089:
1083:
1080:
1076:
1073:
1072:
1071:
1068:
1066:
1063:
1061:
1058:
1056:
1053:
1051:
1048:
1046:
1043:
1041:
1038:
1036:
1033:
1031:
1028:
1026:
1023:
1021:
1018:
1016:
1013:
1011:
1008:
1006:
1003:
1002:
1000:
998:General terms
996:
992:
985:
980:
978:
973:
971:
966:
965:
962:
945:
941:
935:
932:
929:
924:
921:
917:
913:
910:
906:
902:
899:
895:
892:
887:
881:
877:
876:
868:
865:
857:
856:
848:
845:
841:
837:
834:
830:
826:
823:
819:
816:
812:
808:
805:
801:
797:
794:
790:
787:
783:
779:
776:
772:
768:
765:
761:
757:
754:
750:
747:
743:
739:
736:
732:
729:
725:
721:
718:
714:
711:
707:
703:
700:
693:
688:
685:
682:
679:
676:
675:
671:
669:
665:
664:
660:
656:
655:
651:
649:
645:
640:
639:
635:
632:
628:
624:
619:
616:
611:
607:
606:
602:
598:
597:
593:
589:
588:
584:
580:
579:
575:
573:
569:
565:
561:
557:
552:
551:
547:
542:
541:
537:
531:
529:
525:
524:is required.
523:
518:
514:
510:
506:
502:
498:
490:
488:
486:
481:
474:
472:
468:
465:
456:
454:
451:
447:
443:
439:
435:
431:
427:
419:
417:
413:
410:
405:
402:
397:
395:
386:
381:
378:
375:
372:
369:
368:
367:
364:
362:
354:
352:
350:
345:
343:
335:
333:
331:
327:
323:
315:
313:
306:
304:
301:
299:
293:
291:
287:
283:
272:
269:
254:
244:
238:
236:
232:
228:
223:This article
221:
212:
211:
202:
192:
188:
184:
178:
175:This article
173:
164:
163:
154:
151:
143:
132:
129:
125:
122:
118:
115:
111:
108:
104:
101: –
100:
96:
95:Find sources:
89:
83:
82:
78:
73:This article
71:
67:
62:
61:
56:
54:
47:
46:
41:
40:
35:
30:
21:
20:
1360:Embedded C++
1262:OpenEmbedded
1173:Boot loaders
1094:and controls
1075:Raspberry Pi
1034:
947:. Retrieved
943:
934:
923:
912:
894:
874:
867:
854:
847:
836:
818:
807:
789:
778:
767:
749:
731:
713:
702:
666:
662:
661:
657:
653:
652:
641:
637:
636:
620:
612:
608:
604:
603:
599:
595:
594:
590:
586:
585:
581:
577:
576:
553:
549:
548:
543:
539:
538:
535:
526:
494:
482:
478:
469:
460:
446:VirtualLogix
423:
414:
406:
398:
393:
390:
365:
358:
346:
339:
319:
310:
302:
294:
281:
279:
264:
248:
235:unverifiable
227:weasel words
224:
196:
181:Please help
176:
146:
137:
127:
120:
113:
106:
94:
74:
50:
43:
37:
36:Please help
33:
1375:MicroPython
1315:Windows IoT
1123:Crippleware
1040:Embedded OS
944:www.ghs.com
499:to provide
426:microkernel
237:information
1413:Categories
1355:Embedded C
1015:Bootloader
949:2024-06-20
694:References
442:LynuxWorks
322:hypervisor
316:Hypervisor
307:Background
286:hypervisor
110:newspapers
77:references
39:improve it
1252:Buildroot
532:Use cases
251:July 2012
225:contains
199:July 2012
140:July 2012
45:talk page
1209:dietlibc
1101:Firmware
1092:Firmware
901:Archived
825:Archived
796:Archived
756:Archived
738:Archived
720:Archived
678:Crucible
627:Intel VT
1370:MISRA C
1257:BusyBox
1247:BitBake
1186:Barebox
918:GPL FAQ
574:(BoM).
568:Windows
517:PowerPC
124:scholar
1320:Win CE
1272:Toybox
1204:uClibc
1181:U-Boot
882:
560:(GPOS)
434:PikeOS
401:ported
231:biased
189:and a
126:
119:
112:
105:
97:
859:(PDF)
659:GPL.
623:AMD-V
564:Linux
562:like
284:is a
131:JSTOR
117:books
1350:CAPL
1224:musl
1219:lwIP
1158:UEFI
1050:FPGA
1005:ASIC
880:ISBN
515:and
513:MIPS
428:and
103:news
1340:Ada
1082:SoC
1055:IoT
648:OEM
631:ARM
566:or
509:ARM
505:MMU
497:CPU
483:An
280:An
233:or
79:to
1415::
942:.
644:IP
625:,
511:,
320:A
292:.
90:.
48:.
983:e
976:t
969:v
952:.
888:.
271:)
265:(
253:)
249:(
245:.
239:.
201:)
197:(
193:.
179:.
153:)
147:(
142:)
138:(
128:·
121:·
114:·
107:·
84:.
55:)
51:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.