Functional Safety Reinvigorates Security in 24/7/365 Industrial Designs

By Majeed Ahmad

Contributed By Digi-Key's North American Editors

Safety and reliability are paramount concerns in industrial environments where equipment typically runs 24/7/365. That means whether the power is up or not, when the system is shutting down or starting up, it’s imperative that mission-critical industrial designs are always adequately protected.

While the mechanisms for fail-safe embedded systems designs are well documented, what’s new in the industrial realm is the addition of functional safety compliance. What functional safety technology brings to reliability-conscious industrial designs is a new layer of security that’s fully standardized.

The industrial designs that are being influenced by the functional safety technology range from autonomous robots to life-critical medical devices to intelligent transportation. The components featuring functional safety include CPUs, SRAMs, and flash memory chips. The availability of components with a safety certification allows system developers to prove their claims of a particular safety integrity level (SIL).

Functional safety-enabled MCUs

Functional safety is a complex and time-consuming task that developers must often grapple with in industrial designs. One good example comes in the systems that handle interactions between robots and humans. A system designed to the latest functional safety specifications must include the interpretation of difficult standards as well as selection of third parties for software support.

In such an example, the dual MCU configurations can enable simple safety verification while using the diagnostic software. This scenario would eliminate the need for embedded designers to develop MCU-specific functional safety software.

The RX family of microcontrollers from Renesas Electronics is a case in point. The microcontrollers are compatible with the IEC 60730 functional safety standard, and they facilitate fail-safe operations in the industrial devices they serve. On top of that, Renesas recently added the IEC 61508 SIL3 certified functional safety software to its RX family of MCUs. This new safety feature will serve all Renesas MCUs based on the company’s RXv2 core.

The functional safety solution comes with a SIL3 System Software Kit, which includes a mutual diagnostics capability that presupposes a dual MCU structure and enables software isolation between safe and non-safe functions (Figure 1). The dual structure MCU design is built around the RX71M and RX651 microcontrollers.

Image of Renesas performing mutual diagnostics in a dual MCU architectureFigure 1: Renesas claims to achieve the world's first SIL3 certification by performing mutual diagnostics in a dual MCU architecture. (Image source: Renesas Electronics)

Another microcontroller that offers the functional safety capability required for industrial applications is the Hercules RM57Lx from Texas Instruments. The device allows designers to easily and quickly comply with the IEC 61508 standard and offers several safety features for a variety of industrial applications, such as aviation anti-skid, programmable logic controllers (PLCs), motors and drives, and railway signaling.

Building on the Hercules MCU’s safety features, the RM57Lx microcontrollers feature single-bit error correction and double-bit error detection that employs error correction code (ECC) for instruction and data caches and select peripheral RAM buffers.

Flash with functional safety

Functional safety is commonly tied to automotive designs, but as the above MCU examples show, it’s also highly relevant to industrial designs, especially the ones that operate on the 24/7/365 basis. With this in mind, flash memory must be considered, as it is another critical building block in mission-critical industrial systems. It too must comply with applicable functional safety standards. In industrial designs, that pushes flash memory to the front lines in providing secure storage and reliable access to complex system codes and algorithms.

There are flash memory architectures that feature multiple partitions, which are independently optimized for high endurance and long retention. The high endurance and data retention capabilities are crucial in protecting industrial designs against system failures.

For example, the Semper™ NOR flash from Cypress Semiconductor is built around the company’s EnduraFlex architecture (Figure 2). It enables endurance of more than one million program/erase cycles and data retention of at least 25 years at extreme temperatures, ranging from -40°C to +125°C. For frequent data writes, the EnduraFlex architecture facilitates a partition that can be configured to deliver up to 1.28 million program-erase cycles for 512 Mbit density parts and 2.56 million cycles for 1 Gbit parts.

Diagram of block diagram of the Cypress Semiconductor Semper NOR flash architectureFigure 2: The block diagram of the Semper NOR flash architecture highlights the embedded functional safety and reliability building blocks. (Image source: Cypress Semiconductor)

The Semper NOR flash offers SafeBoot and error-checking features to ensure safe and reliable industrial operations. It also supports both single and double ECC by generating an embedded ECC during memory array programming. Note that NXP Semiconductors is one MCU vendor that takes advantage of the Semper NOR flash in its industrial MCU offerings.

Functional safety toolsets

That brings us to the final piece of the puzzle—toolsets for safety-critical industrial systems and devices. The toolsets serving the industrial embedded systems are now catching up with the functional safety bandwagon.

While the number of embedded systems with functional safety requirements is steadily growing, there is an increasing need for safety analysis tools that can run on the functional safety certified components and analyze, for instance, common cause failures.

There are quantitative analysis techniques such as failure mode effects and diagnostic analysis (FMEDA), which helps determine the effectiveness of a component, like an MCU’s safety integration. Then there are diagnostic software tools that fill the gap between hardware safety measures and the defined safety requirements.

For instance, Renesas has been using a certified tool suite from IAR Systems for the development of the diagnostics software for embedded applications. As shown in Figure 3, the IAR Embedded Workbench for RX MCUs includes a high-performance compiler and debugger that are incorporated in an easy-to-use integrated development environment (IDE).

Diagram of IAR Embedded WorkbenchFigure 3: This is how the IAR Embedded Workbench facilitates safety-related software development for Renesas RX microcontrollers. (Image source: IAR Systems Software)

The toolsets employed to validate safety-critical systems can be focused solely on the relevant safety aspects in order to improve the reliability of industrial designs; they usually come with rich graphical content along with warning indicators and text.

The bottom line is that safety must be designed using both hardware and software. Thankfully, both components are now at the developer’s disposal.

Disclaimer: The opinions, beliefs, and viewpoints expressed by the various authors and/or forum participants on this website do not necessarily reflect the opinions, beliefs, and viewpoints of Digi-Key Electronics or official policies of Digi-Key Electronics.

About this author

Majeed Ahmad

Majeed Ahmad is an electronics engineer with more than 20 years of experience in B2B technology media. He is former Editor-in-Chief of EE Times Asia, a sister publication of EE Times.

Majeed has authored six books on electronics. He is also a frequent contributor to electronics design publications, including All About Circuits, Electronic Products and Embedded Computing Design.

About this publisher

Digi-Key's North American Editors