2013年10月1日 星期二

Register Protection under main event


Register Protection
There may be modules in the design whose configuration should not change during the run phase of the chip, and in doing so may affect the proper operation of the system. One can disable access to these registers during run phase, or make such registers as write-once.

Redundant critical on-chip modules like processor, ISO, DMA controller, internal clock generator, and communications peripherals can improve reliability should a primary hardware module become non-functional while the vehicle is running. Such a system can have in-built error detection mechanisms and on-the-fly switching to redundant hardware to mitigate threats to passenger safety.
But this kind of redundant hardware architecture comes with the penalty of increased area and higher power management in silicon. Area penalties can be minimized by intelligent selection of which functions need to be duplicated in silicon. Power can be minimized by adopting power and clock gating in the redundant modules. Some  in-vehicle computers can be implemented in lock-step of each other, where primary and redundant modules process the same input. Mismatch in the output of the lock-step modules indicates a defect in either of the modules. The system can switch itself off or take appropriate safety measures to avoid any real-time failure. Redundant hardware should be placed quite far in silicon from the primary embedded systems to avoid tampering of both modules together.

refer to: http://www.edn.com/design/automotive/4421704/Safety---security-architecture-for-automotive-ICs

沒有留言:

張貼留言