Attention

You are viewing an older version of the documentation. The latest version is v3.3.

Intel® Elkhart Lake Functional Safety (FuSa) Software Package

Intel® Elkhart Lake Functional Safety (FuSa) Software Package included in this release is for Zephyr* Native configuration.

Attention

ECI is not safety-critical certified and the libraries available in bitbake layers are released for Elkhart Lake FuSa hardware only for development purposes.

System Overview

This section provides a brief overview of components in the Intel® Functional Safety Software Package (Intel® FuSa) Software Package.

Safety Monitoring Integrated Suite (SMIS)

Safety Monitoring Integrated Suite (SMIS) is a generic framework to demonstrate the usage of On-demand Cross Comparison (ODCC) while implementing the safety workloads, executing periodic STLs and interacting with Intel® Safety Island (Intel® SI) through Safety Monitor Communication Library (SMCL) framework. ECI builds CLI variant of SMIS. SMIS is a reference application with certain Systematic Capability 3 (SC3) capable components.

See also

For more information on SMIS and its interaction with other components within the FuSa Software Package, refer to Intel® Functional Safety Demonstrator Software Stack Developer Guide for Elkhart Lake (Intel RDC #643840).

SlimBootLoader (SBL)

Intel® SlimBootLoader (Intel® SBL) is the chosen boot firmware for Elkhart Lake FuSa application. SBL is responsible for the correct Elkhart Lake hardware initialization for FuSa operation and booting the operating system. Intel® SBL is a Quality Managed (QM) component. To achieve the SC3 capability Pre-OS Checker (POSC) is used to verify the safety critical platform configuration done by SBL during boot. POSC is SC3 capable and acts as a STL for Intel® SBL.

FuSa Prerequisites

To function correctly, the Intel® Functional Safety Software Package requires certain hardware, bootloader, and software configurations to be present on the target system. The following are the specific requirements:

• Intel Atom® x6425RE processor, Intel Atom® x6427FE processor (Elkhart Lake FuSa SKU 11 [QWW2/RKLH])

• Compatible Intel® SBL Integrated FirmWare Image (IFWI) to boot the target system. For details, refer to Build Intel® Firmware Image (IFWI)

Build Intel® Firmware Image (IFWI)

The Integrated Firmware Image (IFWI) or ‘BIOS’ is a 32MB binary file written on SPI-NOR of the target system. This image contains various components that are necessary to reliably initialize the Elkhart Lake SoC and successfully boot to an operating system. To enable FuSa,build and flash IFWI on to the target system.

1. To build and stitch a compatible IFWI binary, follow the section Slim Bootloader Stitching in Sbl_Ehl_ReleaseNotes.pdf (part of Intel® Elkhart Lake Slim Bootloader (SBL) (Intel RDC#646837)). Note that this document also lists various firmware components that are used as part of the IFWI binary stitching and their availability in Intel® Resource Design Center.

2. After building the IFWI, refer to Flash an Integrated Firmware Image to flash the IFWI to the target system.

   Note

   SBL boots Zephyr in Container Boot Image format:

   • ECI installation (Boot and Install Image for Zephyr (Legacy)) also installs Container Boot Image appropriately, so that SBL can boot to OS successfully.

   For signing Container Boot Image, ECI uses the example file cert/OS1_TestKey_Pub_RSA2048_priv.pem available in meta-zephyr-eci layer.

   • Signing key is used to sign the Container Boot Image. SBL authenticates the Container Boot Image during boot.

   • You can point to a different key file using the PREGENERATED_SIGNING_KEY_SLIMBOOT_KEY_SHA256 variable in the recipes. Use the same key file instead of cert/OS1_TestKey_Pub_RSA2048_priv.pem in Intel® Elkhart Lake Slim Bootloader (SBL) (Intel RDC#616714) to build SBL and IFWI binary file.

   • For information on the SBL bootable Container Boot Image format, refer to the section Create Container Boot Image in Intel® Elkhart Lake Slim Bootloader (SBL) (Intel RDC#616714).

   • Steps to generate signing keys is not within the scope of this documentation.

FuSa - Resources

For architecture and implementation details of the FuSa Software Package, refer to the following documents:

• Intel Atom® x6000E Series processor Safety Manual (Intel RDC #610115)

• Elkhart Lake Functional Safety User Guide (Intel RDC #610113)

• Intel® Slim Bootloader Firmware Release Notes (Intel RDC #646837)

• Intel® Elkhart Lake Intel® SlimBootLoader (Intel RDC#616714)

• Elkhart Lake Intel® Functional Safety Demonstrator Software Stack Release (Intel RDC #734432)

• DP1 FuSa DSS Getting Started Guide (GSG) Document part of (Intel RDC #734432)

• Intel® Elkhart Lake Intel® for IoT Applications CRB User Guide (Intel RDC#615859)

These documents are available at Intel® Resource Documentation Center (RDC) and you might need to request access.

Build ECI Image with FuSa Feature

The FuSa Software Package provides a variant for Zephyr native. It is built using the Yocto-poky variant of ECI and the legacy-poky-zephyr-ehl target.

FuSa Sanity Checks

Invoke the FuSa Sanity Checks using the SMIS GUI running on an Canonical Ubuntu* Host PC connected to same network as the Elkhart Lake platform.

Note: It is recommended to use a dedicated subnet devoid of other generic network traffic to enable deterministic FuSa workload execution.

SMIS GUI is a QT-based application. Refer to DP1_EHL_FuSA_DSS_Getting_Started_Guide.pdf in the Elkhart Lake FuSa Capable Demonstrator Software Stack PV Release – SW Package for details on how to build and invoke the SMIS GUI.

Sanity Check #1: Boot Elkhart Lake (EHL) Target and Check Ethernet Connection

After installing the Native Zephyr image with FuSa on the target, it is necessary that platform has a cold-reset power cycle. After the power cycle, the platform boots into Zephyr. The serial console will show that Zephyr has the static IP 11.0.0.10 on successful boot.

Sanity Check #2: Establish Communication between EHL Target and Linux Host

On the Linux* Host PC with a dedicated network connection to EHL, set up a static IP address in the same subnet, for example, 11.0.0.150.

As an example, for a network interface named $eth, you can set the IP address using the following commands:

sudo ifconfig $eth 0.0.0.0 down
sudo ifconfig $eth 11.0.0.150
sudo ifconfig $eth up

Ping the EHL target to receive a response. This confirms that the host and the EHL target can communicate with each other.

ping 11.0.0.10

Sanity Check #3: Run SMIS GUI QT Application from Host PC and Establish Communication with Target

Complete Sanity Check #1 and Sanity Check #2 before executing the following steps.

1. Start the SMIS GUI QT application from the host Canonical Ubuntu* host machine. The Safety Monitoring Integrated Suite opens.

   

2. Do the following to configure the deployment device:

   1. Go to Tools > Configure.

   2. In the Configure Deployment Device dialog, click Add and enter the following:

      • IP Address: The IP address of the Elkhart Lake setup to which the connection needs to be established. This is the IP address obtained in Sanity-Check #1.

      • Port: 5052

   3. Click Save. The message Connection with Server Established is displayed in the Connection Logs.

      

On the target the following message is displayed on the serial console confirming the connection with the SMIS GUI.

Sanity Check #4: Establish SMCL Communication

Complete Sanity Check #3 before executing the following steps.

Once the connection is established between the SMIS GUI application and the target, do the following to configure Intel SI, get the Intel SI version from the target, and check the OK/NOK status:

1. From the left pane, click SMCL API View.

2. In the Override Configurations section, change pst to 4000. Click Override Config.

3. Click Read OK NOK Status and note the success message displayed in the Console.

   

4. Click Know ISI Version and note the Intel SI version number and success message displayed in the Console.

   

5. Check the Zephyr console for the following message:

   

Sanity Check #5: Execute STL Manager to Startup STL

Complete Sanity Check #4 before executing the following steps:

1. From the left pane, click STL Manager View.

2. From the Machine drop-down list, select the machine on which the startup STLs will be executed. In this example, startup STLs will be executed on EHL0.

3. Select Core 0 and Core 1 as the Core STL.

4. For ``n_pstl_results``, set a value that matches the duration of the run. For example, for a 60-minute duration, enter a value 900000.

5. Click Startup to configure the Intel SI parameters. On successful completion, the following message is displayed in the Console.

6. Check the Zephyr console for the following message:

7. Click Start STLs to start the STL execution. On successful completion, the following message is displayed in the Console.

   

8. Check the Zephyr console for the STL started message:

   

Sanity Check #6: Execute ODCC Workload

Complete Sanity Check #5 before executing the following steps:

1. From the left pane, click ODCC View.

2. Select the 1oo1 radio button.

3. From the Machine drop-down list, select the machine on which ODCC workload must be executed. In this example, ODCC workload will be executed on EHL0.

4. For Snapshot Share Count, set a value that matches the duration of the run. For example, for a 60-minute duration, enter a value 900000.

Note: For information on the parameters ``sl_time``, ``tmax``, ``tmin``, ``to_ideal``, ``to_max``, and ``cr_ch_drift``, refer to the Sample Timing Calculations section of the Elkhart Lake FuSa Demonstrator Software Stack Developer Guide.

5. Select the cores 0 and 1.

6. Click Start ODCC. On successful completion, the following message is displayed in the Console.

7. Check the Zephyr console for the following message:

   

8. After the duration, notice that STLs and ODCC complete the assigned cycles successfully.