Engaged in a variety of consumer equipment design team faced with the challenge to meet the relevant safety standards, including the European IEC 60730 norms. Most companies want to design products for the global market, so the design team is usually responsible for meeting the most stringent worldwide standards for all equipment design. You can of course use any microcontroller (MCU) and the corresponding support IC development compatible products. However, an increasing number of MCU includes hardware specific functions without the need for external components to achieve compliance. Let's see if you need security compliance, as well as some designed to pave the way for the compliance of the MCU.
Specifically, the IEC 60730-1 standards solves the use of MCU-based control systems based in Appendix H of this specification. Most consumer electrical appliances such as washing machines, refrigerators and similar products belong to Class B. The purpose of this standard is to ensure that the system failure will not cause the device's unsafe operation. For example, the system failure should not cause unsafe temperature, which may harm the operator or cause a fire.
Also note that the concept behind the IEC 60730 and technology will be discussed here can be applied outside the consumer device applications. In fact, many types of embedded systems (not necessarily subject to regulatory standards management) need to guard against system failure.
Usually in MCU-based systems, IEC-60730 compliance depends on your application code added to the firmware. However, in order to secure the center of MCU hardware functions can be simplified by eliminating external components firmware development, improve performance and reduce costs.
Compliance Methods
There are three main ways to design MCU-based systems in line with IEC 60730 standards. Most complex architecture using a so-called dual-channel, dual MCU in parallel and a control circuit, and having a comparison function, ensures that the two channels produce the same results. However, this method is generally considered too expensive for the consumer market. Then, we chose to limit the cost of the two single-channel methods. You can test the system at the time of manufacture of the product in order to prevent the failure to achieve compliance. In the past, manufacturing test method is usually chosen, it is the simplest and lowest-cost alternative. Today, a growing number of product manufacturers choose to add regular self-test function to ensure that the product does not fail in the field, this is the approach we will focus on here.
The actual security authentication is performed on the terminal apparatus, but the potential failures in Appendix H applied to MCU. In fact, the accessories include a detailed list of MCU internal elements and the associated failure must be tested on a regular self-test, and the ease in some way. For example, the self-test register must be detected in the card or the program counter (PC) value of the fault, single-bit memory error detection, and detects incorrect interrupt operation - including interruption does not occur, the interruption occurs too frequently. Additional elements to solve the communication failure and correct timing clock operation, the operation sequence.
Examples of washing machine
Now let's look at the MCU (in particular, commonly referred to as digital signal controller (DSC) is supported by the DSP MCU) Some examples of how to simplify compliance. Figure 1 depicts a block diagram of a design based on the Texas Instruments (TI) DSC washing machine. This diagram applies to fixed-point DSC TMS320C24x series, TMS320F282x designated Series DSC and TMS320F2802x / 2806x Piccolo series of fixed and floating point DSC. All rely on the DSC 32 TI C2000 cores, which can be processed in a single DSP processor design (mainly motor control) and system control tasks. It may be, but in any case, IEC-60730 C2000 DSC element are captured on a separate MCU in combination with the system controller in the DSC.
Figure 1: DSC TI C2000 series achieve independent clock and other functions, to simplify the system design conforms to the IEC-60730 standard.
TI DSC provides several elements to support compliance. For example, IC chip oscillator comprises a double. Driving a main MCU and operating systems. The second time may be used as a control group periodically performed independently of the self-test implemented. IC further comprises a monitor circuit monitors the supply voltage, which may cause malfunction described in the standard. In addition, DSC also includes write protection register.
Of course, many applications do not require 32-bit device processing capabilities provided by DSC. Fortunately, MCU vendors are offering in line with IEC-60730 standard feature on the traditional 8-bit and 16-bit MCU families.
Freescale real-time interrupt
For example, Freescale supports these functions on their MC9S08AWx MCU, the MCU is part of a wide range of MC9S08 8-bit family. 9S08AW MCU contains a real-time interrupt (RTI) function, you can achieve a lot of self-test function. Figure 2 depicts RTI function. In the top of the figure, and the real-time interrupt status control register (The SRTISC) comprises 3 - Real-time interrupt delay selection (the RTIS) - Set CPU periodically interrupt interval. Spacing may vary between 8 ms to 1.04 seconds. Integrated interrupt from 1-KHz RC oscillator, independent of the CPU clock.
Figure 2: Use Freescale called real-time interrupt function (RTI) as an interrupt service program starts, a system for checking whether a failure defined by IEC-60730 is present.
Self-test function is implemented in RTI-generated interrupt service routine (ISR) in. For example, ISR can check the value of the PC during each iteration. If the PC remains unchanged at three successive iterations, the ISR can assume MCU card and take precautions in the software cycle.
RTI also lets ISR monitoring clock frequency. ISR just use an integration time to take a time stamp on each interrupt service, and verify that each successive readings are valid. Further, implemented on-chip with built-in functionality internal clock generator, the test can be slow or fast, or loss of clock CPU clock. ISR activated RTI lock and can monitor the clock loss detection function registers.
Freescale supports a number of different security-oriented features, including the method to check the accuracy of memory. In addition, the company also supports the 16-bit DSC MC56Fx series with IEC-60730-centric features.
Across MCU architecture IEC 60730
At the same time, Renesas MCU in the field may have the most extensive of different architectures, mainly because the company sells is a former Hitachi, Mitsubishi and NEC traditional MCU. Microelectronics business. However, the company has a very consistent security compliance features across the product portfolio.
The watchdog timer (WDT) is a key component in most cases the use of the safety standards are met. Renesas mature 8 and 16 R8C, M16C, 8 and 16 bits 32-bit H8 family and SuperH MCU achieved independent of the CPU clock source WDT.
Renesas continues to maintain solid WDT support the newer 16-bit and 32-bit RL78 MCU family RX series. In addition, the company has over time added other functions in hardware. For example, the introduction of the M16C CRC (Cyclic Redundancy Check) calculation block, which is independent of the CPU operation. CRC can be used to detect communication errors and memory.
RL78 and RX series also supports the CRC and add other features. For example, the RL78 including RAM parity detection, the memory access control function sets the clock frequency and monitoring functions. RX includes a similar series of self-diagnostic function and the function of the data converter.
Security Design
If your next design requirements to ensure a safe exit fault condition method, be sure to consider how the MCU suppliers to comply with IEC-60730 standard. In fact, all MCU vendors have adopted the IEC-60730 policy, select the MCU with a hardware security compliance function can reduce the system bill of materials, resulting in cost, power and performance advantages. In addition, MCU vendors typically provide sample code to meet the requirements of IEC-60730, the code will greatly accelerate your end product designed to safely withstand the fault code or system hardware. Read more
Our other product:
