most secure, highest reliability, lowest power - actel.com · most secure, highest reliability,...
TRANSCRIPT
Power Matters.
© 2013 Microsemi Corporation. COMPANY PROPRIETARY
Power Matters. Power Matters.
Most Secure, Highest Reliability, Lowest Power
Power Matters. 2 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
About Microsemi
Market Focus • Power Matters
• Security is Non-negotiable
• Reliability is Vital
Semiconductor solutions for high-value markets • Aviation
• Defense & Security
• Communications
• Industrial and Medical
Established in 1960 • Headquartered in Aliso Viejo, CA
• Approximately $1B in revenue
• About 3,000 employees
Power Matters. 3 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
Microsemi SoC Product Roadmap Increasing system features on differentiated flash technology
3
In Production New Product In Production
Up to 3M Gate FPGA
High Performance
High IO count
Up to 500K gate FPGA
100MHz ARM Cortex-M3
10/100Ethernet, SPI/UART/I2C
Integrated analog w/ ADC, DAC, V/I/T monitors
Most secure, highest reliability, lowest power customizable SoC
Integrated DSP processing
Peripheral-rich MCU with higher performance CPU
Expanded connectivity via many high speed serial interfaces
3.6x fabric density
2x fabric performance
Up to 3M Gate FPGA
Power as low as 2uW
Small packages
Featu
res
Power Matters. 4 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
Microsemi SmartFusion2 SoC FPGA
• Leadership in Low Power FPGAs – 100X lower static power with same performance
• Leadership in Secure FPGAs – State of the art security enables root-of-trust applications – Radically transforms the usefulness of FPGAs in security applications
• Leadership in Reliable FPGAs
– Only SoC FPGA with SEU immune fabric and processor – Reliability designed for safety critical and mission critical systems
• Leadership in Real-Time FPGAs
– ARM® Cortex™-M3 real-time microcontroller – Flash*Freeze real-time power management – Instant on real-time availability
SmartFusion2 SoC FPGAs extend our leadership in
security, reliability and low power into
mainstream applications
Power Matters. 5 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
166MHz ARM® Cortex™-M3 w/ on chip eSRAM & eNVM
• Includes ETM and Instruction Cache
• Extensive peripherals CAN, TSE, USB
Most Secure FPGA
• DPA Hardened, AES256, SHA256, Random Number Generator
Most Reliable FPGA
• SEU immune Zero FIT Flash FPGA Configuration
• SEU Protected Memories: eSRAMs, DDR Bridges (MSS, MDDR, FDDR), Instruction Cache, Ethernet, CAN and USB Buffers, PCIe, MMUARTand SPI FIFOs
• Hard 667 mbps DDR2/3 controllers with SECDED (aka ECC or EDAC) protection
• Power-Up and On-Demand NVM Data Integrity Check
Lowest Power FPGA
• 1mW in flash-freeze mode
• 10mW static power during operation
2x Fabric performance
16x 5Gbps SERDES, PCIe, XAUI / XGXS+ Native SERDES
Integrated DSP processing blocks
120K LUT, 5Mbit SRAM, 4Mbit eNVM
SmartFusion2 - Flash SoC FPGA w/ ARM Cortex-M3 Most Secure, Highest Reliability, Lowest Power
5
Differentiated, High Value Features
Mainstream Required Features
Power Matters. 6 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
SmartFusion2 Architecture
Power Matters. 7 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
SmartFusion2 Family
Features M2S005 M2S010 M2S025 M2S050 M2S075 M2S080 M2S120
Logic/DSP
Logic Modules (4-Input LUT) 4,956 9,744 23,988 48,672 75,336 82,232 120,348
Math Blocks (18x18) 11 22 34 72 84 160 240
PLLs and CCCs 2 6 8
Security AES256, SHA256, RNG 1 each 1 each
ECC, PUF - 1 each
MSS
Cortex-M3 + Instruction cache Yes
eNVM (K Bytes) 128 256 512
eSRAM (K Bytes) 64
eSRAM (K Bytes) Non SECDED 80
CAN, 10/100/1000 Ethernet, HS USB 1 each
Multi-Mode UART, SPI, I2C, Timer 2 each
Fabric Memory
LSRAM 18K Blocks 10 21 31 69 109 160 236
uSRAM1K Blocks 11 22 34 72 112 160 240
Total RAM (K bits) 191 400 592 1314 2074 3040 4488
High Speed
DDR Controllers (Count x Width) 1x18 2x36 1x18 2x36
SERDES Lanes 0 4 8 4 8 16
PCIe End Points 0 1 2 4
User I/Os
MSIO (3.3V) 115 123 157 139 306 292 292
MSIOD (2.5V) 28 40 40 62 40 106 106
DDRIO (2.5V) 66 70 70 176 66 176 176
Total User I/O 209 233 267 377 412 574 574
Power Matters. 8 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
Security: Attacks
Anti-tamper Threat Iran says it is building a copy of downed US spy drone
By msnbc.com and news services (4/22/2012)
Hacking Threat Insulin Pumps Vulnerable,
Says security researcher and diabetic Jay Radcliffe
Data Security
Threat
Researchers Hack
Voting Machine From the Argonne National
Laboratory in Illinois
China
Corporate
Espionage
Boom Knocks
Wind Out of
US Companies
Power Matters. 9 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
Security and Reliability: Microsemi FPGA Use
Tactical Missiles Commercial Aircraft Military Aircraft Military Ground Vehicles Military Systems
AIM9X Sidewinder B737 F-35 / JSF Bradley Fighting Vehicle ATACMS Hellfire B747 FA-22 M1 Abrams TACMS Brimstone B757 F-14 AAV TADS / PNVS Patriot B767 F-15 AAAV WCM PAC-3 B777 F-16 Challenger Lantirn GBI B787 (Dreamliner) FA-18 Warrior IFCS THAAD A319 F-117 Chieftain AITG MLRS A320 A-10 AAR47 Longbow A321 B-1B ALQ135 Harpoon A330 B-2 AAQ24 CKEM A340 Apache ATIRCM Meteor A350XWB CH-60/47 IDECM Iris-T A380 NH-90 SIRTF Seasparrow (ESSM) Dash8-400 Comanche MLRS Standard Missile (SM-2, SM-6, SM-3)
Embraer RJ E-2C
Global Express C-130/J KC-135 V-22 Lamps Nimrod A400M Eurofighter Predator B Global Hawk
Power Matters. 10 © 2013 Microsemi Corporation. COMPANY PROPRIETARY
Reliability: Leading Position in Commercial Aviation
>1000 Microsemi FPGAs on Board
• Flight computers
• Cockpit displays
• Engine control and monitoring
• Braking
• Cabin pressurization and AC
• Power control and distribution
• Safety warning systems
Additional Microsemi Content • 30KVA actuation systems
– 12 modules per aircraft
• 600V/300A TRENCH IGBT full bridge TVS
– 2K-5K devices/plane
• Low profile SP6-P package with AlSiC base plate
– 10-15/plane
Ethernet Power Mgmt
Intelligent Seat Computer
FADEC
Landing
gear Clock, Distress, …
Team Fire detection
Door Control
Display
www.HighIntegritySystems.com © WITTENSTEIN 11
WITTENSTEIN high integrity systems
Reducing Risks With
Safety Critical Software Feb 2013
By
Andrew Longhurst
Business Development Manager
WITTENSTEIN high integrity systems
www.HighIntegritySystems.com © WITTENSTEIN 12
WITTENSTEIN high integrity systems
Reducing risks with safety critical software
Topics
• Overview of WITTENSTEIN high integrity systems
• Pre-certified software
• Developing with SAFERTOS on the SmartFusion2
• The SAFERTOS Design Assurance Pack
www.HighIntegritySystems.com © WITTENSTEIN 13
WITTENSTEIN high integrity systems
The WITTENSTEIN group
Global technology company headquartered
in Harthausen, Germany.
WITTENSTEIN high integrity systems
Centre of excellence for high integrity
software, RTOS and middleware products
www.HighIntegritySystems.com © WITTENSTEIN 14
WITTENSTEIN high integrity systems
A safety systems
company that produces
and supplies Real Time
Operating Systems and
software components to
the Medical, Transport
and Industrial sectors.
www.HighIntegritySystems.com © WITTENSTEIN 15
WITTENSTEIN high integrity systems
Reducing risks with safety critical software
Topics
• Overview of WITTENSTEIN high integrity systems
• Pre-certified software
• Developing with SAFERTOS on the SmartFusion2
• The SAFERTOS Design Assurance Pack
www.HighIntegritySystems.com © WITTENSTEIN 16
WITTENSTEIN high integrity systems
Uses for pre-certified software
SAFERTOS
Offers most value for
products that require
certification to
international safety
standards
www.HighIntegritySystems.com © WITTENSTEIN 17
WITTENSTEIN high integrity systems
Characteristics of pre-certified software
Designed and verified to a
recognised development
standard
Well defined scope of
operation
Independently
certified Safety Manual
www.HighIntegritySystems.com © WITTENSTEIN 18
WITTENSTEIN high integrity systems
Advantages of pre-certified software
Value
$ Smooth‟s path to
product
certification
Lowers risk
Quality assurance
www.HighIntegritySystems.com © WITTENSTEIN 19
WITTENSTEIN high integrity systems
Pre-emptive
Micro
Kernel
Design
Assurance
Pack
Middleware Training
Support
Tools
SAFERTOS, a IEC 61508-3 SIL3 pre-certified Software Component
www.HighIntegritySystems.com © WITTENSTEIN 20
WITTENSTEIN high integrity systems
SAFERTOS, safety development life cycle
Functional Requirements
HAZOP
Safety Requirements
SAFERTOS
Implemented by engineers competent in functional safety
www.HighIntegritySystems.com © WITTENSTEIN 21
WITTENSTEIN high integrity systems
SAFERTOS, enhanced safety features
Improved Determinism
Features incompatible with safety and determinism removed, for example Dynamic Memory Allocation
Improved Robustness
Safety designed in from outset, improved API and with increased run time verification
Added Safety Features
API validity checking, stack usage & control parameter verification and MPU modes/privilege checking
Certified Design Assurance Pack
Flexibility of a SIL3 software component.
www.HighIntegritySystems.com © WITTENSTEIN 22
WITTENSTEIN high integrity systems
Reducing risks with safety critical software
Topics
• Overview of WITTENSTEIN high integrity systems
• Pre-certified software
• Developing with SAFERTOS on the SmartFusion2
• The SAFERTOS Design Assurance Pack
www.HighIntegritySystems.com © WITTENSTEIN 23
WITTENSTEIN high integrity systems
Why use a safety critical RTOS on a SmartFusion2 device?
Deterministic
scheduling
Isolation
and
separation
Ease of
development and
maintenance
Board Support
Packages
www.HighIntegritySystems.com © WITTENSTEIN 24
WITTENSTEIN high integrity systems
SAFERTOS functional highlights
• Any number of tasks can be created
• Each task is assigned a priority - any number of priorities
can be used
• The highest priority task able to execute is the task
selected by the scheduler to execute
• Supports time sliced round robin scheduling for tasks of
equal priority
• Inter-task and ISR communication using Queues and
Semaphores
• FPU and MPU support as standard
• No dead code or fat-ware
• See SafeRTOS data sheets for details.
www.HighIntegritySystems.com © WITTENSTEIN 25
WITTENSTEIN high integrity systems
SIL N
SAFERTOS, SmartFusion2 usage models
TCP/IP
stack TASK
1
TASK
2
SAFERTOS
TCP/IP
stack
SIL 3
TASK
1
TASK
2
SIL 0
SAFERTOS
Linear memory map Segmented memory map
www.HighIntegritySystems.com © WITTENSTEIN 26
WITTENSTEIN high integrity systems
SAFERTOS, SmartFusion2 resource usage
Typical FLASH Requirements 6-15 Kbytes
Typical RAM Requirements 500 bytes
Stack Requirements 400 bytes/task
Compact footprint
Must have exclusive access to, the following interrupts
• PendSV interrupt
• SVCall interrupt
• System tick timer interrupt
• MPU peripheral.
www.HighIntegritySystems.com © WITTENSTEIN 27
WITTENSTEIN high integrity systems
SAFERTOS Supported compilers
We are compiler independent
• We use MC-DC testing to provide an approach which is not dependent on
the compiler for correctness
Competency Requirements
Engineers should be competent in
• Developing safety related software
• The operation of SAFERTOS
www.HighIntegritySystems.com © WITTENSTEIN 28
WITTENSTEIN high integrity systems
• Get „buy in‟ from your certification body early in the planning stages
• Keep the safety part of the software as small as possible
• Requirements, ensure requirements are right before you start
• Make sure your safety functions address „real‟ hazards
• Completeness
• Planning, Planning, Planning
Tips for developing SIL rated software
www.HighIntegritySystems.com © WITTENSTEIN 29
WITTENSTEIN high integrity systems
Reducing risks with safety critical software
Topics
• Overview of WITTENSTEIN high integrity systems
• Pre-certified software
• Developing with SAFERTOS on the SmartFusion2
• The SAFERTOS Design Assurance Pack
www.HighIntegritySystems.com © WITTENSTEIN 30
WITTENSTEIN high integrity systems
The value of the Design Assurance Pack
• Fundamental to the development of SAFERTOS
• Completeness of the product
• Evidence your RTOS has been designed and verified using your
specific SmartFusion2 device and tool chain.
• Contains all the certification evidence, should you need to produce it
• Independence, you have freedom from us if you chose.
www.HighIntegritySystems.com © WITTENSTEIN 31
WITTENSTEIN high integrity systems
SAFERTOS DAP overview
• SafeRTOS source code
• “Out of the box” working demonstration application
• Design Assurance Pack (DAP)
• User and Safety Manuals
• All planning documentation
• All Requirements, Design and Test
Documentation
• Verification and Validation results
• Test harness
www.HighIntegritySystems.com © WITTENSTEIN 32
WITTENSTEIN high integrity systems
DAP Documents
Planning Documents
• Software Safety
Management Plan
• Software
Development Plan
• Configuration
Management Plan
• Software Test Plan
Requirements, Design Test
• Customer Requirements
• Software Requirements
• Architecture Design Descriptions
• Software Test Description
• Test Build Procedure
• HAZOP Report
• API Usage Safety Review
Manuals
• Users Manuals
• Safety Manuals
Verification and Validation
Results
• Software Test Report
• Software Test Logs
Delivery documents
• Software Version description
• Evidence supporting IEC 61508
SIL3 claim
www.HighIntegritySystems.com © WITTENSTEIN 33
WITTENSTEIN high integrity systems
DAP key documents
• Easy to integrate, easy to certify
• Safety Manual
• Installation check list
• Integration check list
• Scope of Operation
• Users manual
• API and programmers guide
• The other components of the DAP are
used as evidence during certification
process, if required
www.HighIntegritySystems.com © WITTENSTEIN 34
WITTENSTEIN high integrity systems
SafeRTOS certification
• Originally used IEC61508 SIL3 as a reference or „umbrella‟ standard
• IEC61508 SIL3 is also the reference-standard for other published standards such as:
• EN 50128 for railway (CENELEC)
• IEC 62304 for medical
• IEC 61513 for nuclear
• IEC 61511 for process and industrial
• IEC 26262 for automotive
• Our customers use SafeRTOS in medical, nuclear, power & gas, remote sensor &
detection equipment, industrial control & automation, and transportation projects.
www.HighIntegritySystems.com © WITTENSTEIN 35
WITTENSTEIN high integrity systems
SAFERTOS packages
SAFERTOS
Design History
File
Medical
FDA 510(k)
IEC 62304 Class C
SAFERTOS
Design Assurance
Pack
Industrial
IEC 61508-3 SIL 3
Cross referencing conformance matrixes used to validate against other standards
www.HighIntegritySystems.com © WITTENSTEIN 36
WITTENSTEIN high integrity systems
SafeRTOS license models
• Royalty free perpetual license defined by;
• SmartFusion2 + Tool chain combination
• Single Product
• Multi Product
• Annual Support
• 20% Purchase price
• One re-validation per year
• Comprehensive support
www.HighIntegritySystems.com © WITTENSTEIN 37
WITTENSTEIN high integrity systems
SafeRTOS demos and evaluation packages
• SmartFusion Binary demos downloadable from our web site
• Full featured with 8 hour run time limitation
• Microsemi's SmartFusion™ Evaluation Kit
• Can be supplied as 30 day source code evaluation packages upon request and subject to
NDA
• SmartFusion2 demos available in the very near future.
www.HighIntegritySystems.com © WITTENSTEIN 38
WITTENSTEIN high integrity systems
Resources
• Our web site
www.HighIntegritySystems.com
• Direct
• Or Sales