Engineers strive to create a system with 100% fail-safe, but this dream is difficult to achieve at a low cost in actual implementation. Therefore, the industry often uses a probabilistic and risk-based approach to define the level of functional security required for safety-related systems, as is the case in standards such as ISO 26262 and IEC 61508. These standards specify the (Automotive) Safety Integrity Level (ASIL/SIL), which clarifies the attributes of the system that must be considered in order to pass the relevant system certification, as well as the engineering process rigor that must be achieved, including a definition of system safety objectives and The security concept of fault tolerance and a security architecture that assigns security functions to the appropriate hardware and software components to constantly detect if the system is functioning properly. Traditionally, security software, hardware, and tools are separate solutions that each implement some security needs. Today, a comprehensive concept called PRO-SIL provides a complete solution for comprehensive and efficient functional safety, minimizing risk, saving costs and reducing complexity.
This article refers to the address: http://
The fundamental driving force behind the development of a "safe" system is to ensure that the target system operates safely in the prescribed manner in the event of a failure. To this end, the IEC developed the IEC 61508 standard in the mid-1980s, which was subsequently revised several times to propose design specifications for electronic and electrical equipment safety systems. In addition, based on this general standard, IEC/ISO is also aimed at process automation (IEC 61511), mechanical automation (ISO 13849), transmission (IEC 61800-5), nuclear power (IEC 61513) and automotive (ISO 26262 draft). The corresponding standards have been written for specific needs. The level of safety required to address each potential failure in the system will ensure compliance with IEC61508 safety standards (Table 1) (SIL1 to SIL4 for industrial applications; ASIL A to ASIL D for automotive applications)
Functional security has evolved from a system integration task to a component/software level task over the past few years. Both simple electronic components and complex microcontrollers need to support IEC 61508. One of the most important and time-consuming challenges for system designers is the need to ensure system security and pass relevant certifications – not only system certification, but also device hardware and register certification. IEC 61508 provides detailed requirements for hardware monitoring and testing, and in essence it is a standard that focuses on hardware details. Writing core software related to security to achieve the hardware's capabilities is time consuming and expensive, and it is difficult to port between devices.
Multi-CPU solution - high cost and large footprint
With a single-channel architecture and a single-chip microcomputer, it can only reach SIL level two. Engineers typically use multiple CPUs to design SIL Level 3 or ASIL C/D level safety systems and products that not only have self-testing capabilities, but also ensure redundancy. But this is a complex high-cost solution that requires a large amount of board space, and synchronization and communication problems between the two CPUs limit the implementation of its functions. A new approach is to add special external hardware modules and software libraries on standard dual-core 32-bit microcontrollers to break the established media diagnostic coverage (DC) limits. This solution allows designers to reduce development costs, reduce device cost (using only one microcontroller), and employ intelligent security concepts based on IEC 61508/ISO 26262 that can be used with all relevant components of the self-test function. Safety functions can be implemented quickly and reliably in the relevant systems.
Say goodbye to the previous use of a second external core to evaluate the malfunction of the microcontroller. TriCore has two cores built in (Figure 1), one of which is the TriCore CPU (microcontroller and DSP) and the other is the Peripheral Control Processor (PCP). No need to add an external core for security evaluation.
Figure 1: TriCore structure diagram - PCP implements self-test function.
Complete design kit
There are many different solutions for implementing safety-critical applications on the market today. While most leading vendors have introduced solutions for automotive applications, the number of solutions for other applications, including industrial applications, is limited and the development plans for related products are not clear. Based on its extensive experience in meeting the stringent safety requirements of automotive systems, Infineon has developed the PRO-SIL range of safety products to meet the growing security needs of the industrial market with highly integrated safety solutions. Other applications make it easy to take advantage of Infineon's proven automotive solutions, and Infineon has introduced a number of suitable product models. The PRO-SIL family is based on Infineon's 32-bit TRiCore or 16-bit XC2300 microcontrollers, as well as the SafeTcore test software library and the safety monitoring chip CIC61508 (Figure 2). This fully validated product line is fully compliant with IEC 61508.
Figure 2: Safety-related systems using TriCore as the primary controller, security monitoring chip and SafeTcore test software library.
Innovative security concept
There are currently two types of security control architectures that are most commonly used: single-channel (1oo1 or one-to-one) and dual-channel (1oo2 or two-choice) structures, which are based on two separate processors. The 1oo1 structure can be used to design economical solutions with safety integrity levels up to SIL 2. The dual-channel architecture (1oo2) can be used to design a safety solution with SIL 3 safety integrity, but at a higher cost and requires more board space. The PRO-SIL product line uses a 1oo1 architecture (1oo1D) with integrated intelligent diagnostics.
This innovative security concept is based on a challenge-response mechanism in which the PCP on the TriCore chip issues an inquiry and the primary TriCore CPU is responsible for performing the test. Related information is passed through a shared memory structure, and data is always redundant. The PCP implements a self-test function that is monitored by an external intelligent security monitoring chip (CIC61508), which is connected to the TriCore chip via the SPI interface (Figure 3). Equipping a safety monitoring chip is an effective way to minimize common cause failures. The safety monitoring chip communicates with TriCore at regular intervals and checks the clock, voltage and operating status of the TriCore chip according to relevant standards. On the other hand, TriCore monitors the power of the CIC61508 and monitors its operating status with remote diagnostics. The main TriCore CPU and PCP share error detection functions (hardware failure and task monitoring).
Figure 3: The innovative PRO-SIL concept is based on a challenge-response mechanism in which the PCP on the TriCore chip issues an inquiry and the primary TriCore CPU is responsible for performing the test. In addition, the PCP is monitored by an external intelligent security monitoring chip (CIC61508), which is connected to the TriCore chip via the SPI interface.
The PCP software features PCP self-test, C/R (inquiry/response) communication, security monitoring chip communication, test execution monitoring, and task monitoring. The SafeTcore test software library running on TriCore is a configurable framework that provides testing capabilities to verify processor and system integrity (Figure 4). Most tests can be executed either at system startup or in the background while the system is running. A typical diagnostic interval is 6.4ms. The most complicated test is the TriCore CPU self test. Utilizing the innovative safety concept of PRO-SIL, the overall diagnostic coverage of this opcode-based self-test can reach 96.5%, which is much higher than the coverage of other instruction set tests. In addition, it has the advantages of interrupt and low latency. .
The fiberglass cloth winding tube made of alkalifree glass fabric and binded with epoxy resin, in heatrolling and tightening, baking and curing, with high mechanical property and stable electrical property in high humidity, suitable for being used as insulation structural parts of mechanical, electrical and electronic equipment.
The epoxy glass fiber sleeve is made of alkali-free glass fiber impregnated with epoxy resin solution and is wound around the axis at an angle of 50 to 60 degrees. It is formed by uninterrupted fiber wet winding and heated and cured after molding Insulation products. The product has high temperature resistance. Good insulation performance, high electrical performance and mechanical strength are easy to be processed, and can be made into B-class, F-class, H-class heat-resistant insulating products according to user requirements.
Product diameter Φ5mm-Φ5000mm, product length> 20mm or more optional, product wall thickness> 2mm or more optional, product shape cylindrical tube, square tube, hexagonal tube, special-shaped tube, oval tube.
Fiberglass Tube,Fiberglass Winding Tube,Pultrusion Fiberglass Tube,Reinforced Pultrusion Fiberglass Tube
Yingkou Dongyuan Electrical Insulation Board Co.,Ltd , https://www.dy-insulation.com