Writer: STMicroelectronics
X-CUBE-STL now helps the STM32MP1, the STM32U5, the STM32L5, the STM32H5, and the STM32WL. In essence, essentially the most in depth household of general-purpose microcontrollers able to working Security Integrity Degree 2 and three licensed techniques continues to develop, and groups needing to meet IEC 61508, ISO 13849, and IEC 61800 necessities can accomplish that on our newest units. Moreover, the Practical Security web page will make discovering the varied ST assets that can help builders striving for industrial or family electrical equipment certifications simpler. It additionally lists the ST Approved Companions offering real-time working techniques, improvement instruments, engineering providers, and coaching to make sure groups can cross the bridge from proof-of-concept to business merchandise.
The Worldwide Electrotechnical Fee defines security because the “freedom from unacceptable threat of bodily damage or of harm to individuals’s well being.” When designing an embedded system, useful security covers the varied facets of security that depend upon that system. As an example, in a producing plant, useful security ensures that in case of an inside failure, the circuit controlling a robotic fails gracefully as an alternative of harming its operators. In a medical utility, requirements assure that customers are conscious of malfunctions by way of an alarm, amongst different issues, to forestall detrimental utilization. And since our STM32 microcontrollers are all over the place, we would have liked to see that all of them had an easy path to IEC 61508 for industrial functions.
Earlier than X-CUBE-STL: The right way to begin engaged on an IEC 61508 certification
The IEC 61508 governs useful security for electrical and digital techniques in all kinds of industries and functions. Nevertheless, many STM32 customers search this certification when working in an industrial setting the place dangers are increased and necessities extra stringent. The primary vital side of the usual is the protection life cycle. Earlier than anything, engineers should doc all of the steps and measures they’ll take to perform useful security, from the primary design operations to the product’s decommissioning. The method contains threat evaluation, security protocols, and validations, upkeep, and many others.
Our Practical Security web page is a good start line for engineers as a result of it offers a “security handbook” for practically all STM32 microcontrollers, thus making certain that groups can start engaged on defining their product’s life cycle. Most documentation focuses on IEC 61508 compliance. Nevertheless, we just lately printed an utility be aware (AN5698) to assist engineers adapt what’s within the X-CUBE-STL package deal to different security certifications, reminiscent of ISO 13849, for security of equipment. We additionally present a failure mode and impact evaluation (FMEA), which lists all of the MCU failure modes and learn how to mitigate them. Equally, the failure mode impact and diagnostic evaluation (FMEDA) extends the previous and computes failure charges for the MCU on the operate degree.
X-CUBE-STL: Self-test libraries to extra quickly acquire SIL 2 or SIL 3 certifications
Understanding Security Integrity Ranges
The second side of IEC 61508 is the task of a Security Integrity Degree (SIL). After a hazard evaluation determines what can go mistaken and the way badly it might harm an individual or the setting, there’s a threat evaluation to find out how typically or how possible a hazard can happen. From these analyses, useful security requirements draw security necessities or SIL.
There are 4 ranges, the primary being the laxest and the fourth representing the strictest normal. SIL 4 is historically for railway or nuclear functions. SIL 1 is looser and tends to use to monitoring/data units like CCTV, whereas SIL 2 and three are rather more frequent in {hardware} designed for industrial functions. The primary distinction is the requirement to carry out redundant measurements in SIL 3.
Understanding learn how to get began
To start out working towards SIL 2 or SIL 3 certifications, groups start by deciding on an STM32 with the {hardware} security options that match their utility’s requirement. As an example, all our MCUs have a twin watchdog, however solely the STM32G0, STM32G4, STM32H5, STM32H7, STM32L4/L4+, STM32L5, STM32U5, STM32WB/A, and STM32WL have ECC Flash reminiscence, and out of them, solely the STM32H7, STM32H5, and STM32U5 have ECC SRAM, which is historically solely a requirement for high-performance functions.
Groups may also use the self-test libraries out there within the X-CUBE-STL to start out implementing failure detection mechanisms. As an example, they can assist spot random failures within the CPU, the SRAM, or the Flash. The diagnostic functionality of X-CUBE-STL is verified by fault injection methodology to enhance the purchasers’ confidence in our options. To make these libraries extra accessible, we provide them as object code, which means that they are often built-in into any utility, and builders can use any compiler.
X-CUBE-STL offers object code to assist builders run self-tests on STM32 MCUs. Consequently, as a result of we ship an object code, builders can combine it into their software program, certify one object, and reuse it a number of instances because it doesn’t depend upon the compiler model or different dependencies. It tremendously facilitates the method when making use of to certification our bodies.
X-CUBE-CLASSB and why an ecosystem issues
Sharing assets
Not too long ago, ST up to date its X-CUBE-CLASSB, which targets electrical family home equipment, to align it with X-CUBE-STL. Put merely, whereas they’ve totally different consumer manuals and totally different functions, the selt-test libraries share the identical code base with X-CUBE-STL. Therefore, it turns into a lot simpler to acquire a couple of certification on the identical {hardware} platform. Moreover, since these certifications are a lot much less stringent than IEC 61508, the power to make use of the identical object code because the X-CUBE-STL offers higher assurance. The software program package deal presently helps the STM32U5, STM32G0, STM32C0, STM32L4, STM32G4, STM32WL, STM32MP1, STM32H5, STM32F7, and STM32H7. Assist for the STM32H7R/S, STM32U0, and STM32F4 will arrive by the top of the yr.
Optimizing useful security
All these packages flip our STM32 general-purpose microcontrollers into nice candidates for essentially the most complicated protocols. Historically, MCUs geared toward these requirements are customized merchandise, which signifies that they’re much dearer and use {hardware} specs which can be typically extra prohibitive in a method or one other. ST’s strategy is thus distinctive as a result of we make these requirements extra accessible and supply an important community of companions. In lots of cases, utilizing two STM32s continues to be more cost effective than utilizing one MCU bought particularly for security.
As nice because the documentation and self-test libraries are, we all know that they signify solely the primary steps in an extended course of. Many groups typically underestimate the difficulties related to getting a certification. Therefore, we even have ST Approved Companions who know our units and may guarantee engineers cross the end line by transport a licensed product.
