qoriq processors for security and safety in …
TRANSCRIPT
PUBLIC USE
MATTHEW SHORT
ERIC BOST
FTF-INS-N1880
MAY 19, 2016
FTF-INS-N1880
QorIQ PROCESSORS FOR SECURITY AND
SAFETY IN AEROSPACE AND DEFENSE
APPLICATIONS
PUBLIC USE1 #NXPFTF PUBLIC USE1 #NXPFTF
AGENDA• NXP Experience in Aerospace and Defense Applications
• NXP Processors for A&D, Roadmap, Partners
• Snapshot on Key Topics Related to Multicore
• Review of Keys Factors for Using NXP in Aerospace and Defense
− MCFA
− Longevity & In-service Experience
− Techno Related & Soft Errors Metrics
− Collaterals
− Good Practices for Safety and Certification
− Others (export control)
• Summary / Questions
PUBLIC USE2 #NXPFTF
Session Introduction
• Title: QorIQ Processors for Security and Safety in Aerospace and Defense
Applications
• Subtitle: NXP QorIQ advantages for Aerospace and Defense applications
• Abstract: This session will detail the key features and design advantages of QorIQ
processors for safety and security computers in Aerospace and Defense
applications. Target applications for QorIQ and QorIQ LS series solutions include
avionics, airborne electronics, transportation signaling, autonomous vehicles, UAV
and robotics. Get an understanding of certification stakes and learn about the
available design collateral and support resources.
PUBLIC USE3 #NXPFTF
Session Objectives
After completing this session you will be able to:
− Select multicore processors from the NXP portfolio targeting Aerospace and Defense
applications
− Explain the advantages of NXP multicore to support safety.
− Describe the capabilities of the products that will help you meet your design challenges
for Aerospace and Defense applications and how they can provide you a with a
competitive and differentiating advantage
− Locate essential documentation and collateral
PUBLIC USE4 #NXPFTF
NXP EXPERIENCE IN
AEROSPACE AND
DEFENSE
APPLICATIONS
PUBLIC USE5 #NXPFTF
NXP is Part of Aerospace and Defense History
2012
Early portable Defense radio
Supplier of space applications from ground to sky!
A Shuttle main engine in a ground test. The Controller can be seen mounted
on the left side of the combustion chamber. (NASA photo 885338)
The revised computer uses a Motorola 68000 32-bit microprocessor
(credit : http://history.nasa.gov/computers/Ch4-8.html )
PUBLIC USE6 #NXPFTF
NXP Experience in Aerospace and Defense Applications
• Since 1953, Motorola semiconductors, and now NXP Semiconductor has supplied electronics products for Aerospace and Defense applications.
• #1 supplier of 32-bit processors to this industry
• We understand that “time-in-market” is as important as “time-to-market”
• Semiconductor solutions that:
− Deliver performance
− Meet embedded power budgets
− Offer high levels of integration
− Provide extended qualification
− Deliver outstanding technical support
Tactical gear with i.MX
applications processors
Avionic, flight computers and engine
management systems with QorIQ and
Qoriva solutions
PUBLIC USE7 #NXPFTF
Multicore for Avionics (MCFA) Working Group
• In order to better support our avionics customers in evaluating and/or integrating multicore processors into certified airborne systems, NXP has initiated a working group named Multicore for Avionics - (MCFA)
• Goals:
− Define and generate « data package » including necessary data from NXP required in the certification process to be made available (under NDA)(Ap.Notes, IP reuse, test/validation, fault-tolerance, service experience …)
− Behave as a forum for exchange and consolidation of common « Multicore & Certification » issues and guidelines
− Constructive, collaborative and participative approach
• Participants:
− Aero equipment suppliers acting as direct applicants in front of the certification authorities ie. who design complete systems HW+SW+applications.
− Includes Airbus, BAE Systems, Boeing, CMC/Esterline, Dassault, ELBIT, GE Aviation, Hamilton Sunstrand, Honeywell, Rockwell Collins, Sagem, Thales, UTC and more … and NXP
− Group is chaired by NXP, tasked and ruled by Exec. Committee
PUBLIC USE8 #NXPFTF
Focus on Embedded Technologies
• Technology leadership in Safety Certification for Multicore
− Founder of Multicore for Avionics (MCFA) working group
− Trust Architecture Users Group (NXP led)
− Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (STARSS)
• Product Longevity as a value
− Proven commitment to longevity and support
− 15 year life for QorIQ T series and LS series 28nm devices
• Real embedded system design focus
− Deterministic interconnect for multicore SoCs
− Focus on minimizing SER, FIT, AE rates for product quality
− Large temperature ranges for embedded and industrial designs
• Security, Security and even more Security
− Pervasive / Multifaceted
− Balanced Need
PUBLIC USE9 #NXPFTF
Security Is Multifaceted
MEDSystem LoadEXAMPLES
Passwords, PINs
Key exchange
AUTHENTICATION
guaranteeing identity
HIGHSystem Load
PRIVACY
preventing eavesdropping
EXAMPLE
Encryption
MEDSystem Load
ACCESS CONTROL
limiting use and communication
EXAMPLE
Access control lists
LOWSystem Load
SYSTEM INTEGRITY AND AVAILABILITY
ensuring data and code accuracy
preventing service theft and denial, cloning
EXAMPLES
Platform trust
Antivirus
PUBLIC USE10 #NXPFTF
NXP PROCESSOR
SOLUTIONS
PUBLIC USE11 #NXPFTF
NXP Portfolio Applied in Aeronautic and Defense Applications
• The Processors
− NXP delivers both system–on-a-chip (SoC) based on Power Architecture® and ARM® cores.
− Specifically designed for telecom, portable devices, automotive and industrial markets.
− Suitable for the aerospace and defense market, with integrated features that make them suitable for robust applications.
− ECC & parity, safety & security blocks
− Manufactured in large volume, providing confidence for ”in-service experience”
• RF
− NXP is #1 in RF Power
− Broad portfolio of LDMOS, GaAs and GaN transistors, addressing the complete RF line-up
− High ruggedness, efficiency and thermals
− Strong customer support with applications circuits, reference designs and characterization services
• Sensors
− NXP sensors are designed for automotive applications, human interface and portable terminal. They also fulfill industrial needs.
• Analog solution for managing & switching power
− Serve as a companion to processors, addressing complex power-up sequence of multicore. Our solutions offer safety for power supply management
PUBLIC USE12 #NXPFTF
P1010• e500
• 1GHz
• TDM,
FlexCAN
• SATA
• 1.3W-1.6W
P1020/21• 1-2x e500
• 800MHz
• TDM or QE
• eLBC
• 31x31 PBGA
• 1.6W-2.5W
P1025• 1-2x e500
• 667MHz
• TDM or QE
• eLBC
• 23x23 PBGA
• 1.4W-1.7W
P1022• 1-2x e500• 1.1GHz• LCD• SATA• PWR MGMT• 3W
P2020• 1-2x e500
• 1.2GHz
• eLBC
• 4.5-5W
P2040• 4x e500
• 1.5GHz
• 5X GbE
• SATA
• 8.7W
P3041• 4x e500• 1.5GHz• SATA• eLBC• 5X GbE,1X 10GbE • 13W
P4040• 4x e500• 1.5GHz• 2MB L3 Cache • 8X GbE, 2X 10GbE• eLBC• 13W
P4080• 8x e500• 1.5GHz• 2MB L3 Cache • 8X GbE, 2X 10GbE• eLBC• 14W-16W
P5040• 2-4x e5500• 1.5GHz• 2MB L3 Cache • 10X GbE, 2X 10GbE• RAID 5/6, SATA• eLBC• 23W-33W
Terminal
Adapters,
Access Points
Multi-Function
Printers
Pin Compatible
Switches & Routers
SBC, VPN,
Base Band Unit Control
P1020/21 &
P2020
Field Proven Power-based SOC Solutions
PUBLIC USE13 #NXPFTF
• Scaling from single core to 24 heavy threads
• Power <4W to <25W
• Performance 2 to 40GbpsThe industry’s most scalable pin compatible
communication processor family
T1014• e5500
• 1 core
• 1.4GHz
T1024• e5500
• 2 cores
• 1.4GHz
T2080• e6500
• 8 heavy threads
• 1.8GHz
• 4x10GbE
T1042• e5500
• 4 cores
• 1.5GHz
T2081• e6500
• 8 heavy threads
• 1.8Ghz
• 2x10GbE
T1022• e5500
• 2 cores
• 1.5GHz
T4080• e6500
• 8 heavy threads
• 1.8GHz
• 2x10GbE,
12x1GE
T4240• e6500
• 16-24 heavy
threads
• 1.8GHz
• 4x10GbE,
12x1GEBranch Office, Industrial
T1020• e5500
• 2 cores
• 1.5GHz
• 8-port GE switch
Enterprise, Campus,
Line Cards
T1040• e5500
• 4 cores
• 1.5GHz
• 8-port GE
switch
Core Network, Cloud
Networking, Wireless
Pin Compatible
Industry-leading Power-based SOC Solutions
PUBLIC USE14 #NXPFTF
LS1012A• Cortex-A53
• 800MHz
• 2Gbps Packet
• 1Gbps Crypto
• 1-2W
• Lowest power
64-bit ARM
LS1021A• Cortex-A7
• 2 cores
• 1GHz
• 2Gbps Pkt
• 1Gbps Crypto
• 2W
LS2085A• Cortex-A57
• 4-8 cores
• DPAA2
• 40Gbps Pkt
• 20Gbps Crypto
• 20-35W
• 1st 8x A57 ARM
• 1st DPAA2.0LS1043A• Cortex-A53
• 2-4 cores
• 10Gbps Pkt
• 5Gbps Crypto
• 5-10W
• 1st 64-bit ARM
processor for
gateways and
access points
LS1088A• Cortex-A53
• 4-8 cores
• 1.5GHz
• DPAA2
• 20Gbps Pkt
• 10Gbps Crypto
• 15-20W
• 1st 8x A53 ARM
Next gen
programmable
offload
LS1046A• Cortex-A72
• 4 cores
• DPAA1
• 10Gbps Pkt
• 10Gbps Crypto
• 10-12W
• 1st Value Tier A72
ARM for gateways
and routers
LS1024A• Cortex-A9
• 2 cores
• 1.2GHz
• 2Gbps Pkt
• 2Gbps Crypto
• 3-5W
LS2088A• Cortex-A72
• 4-8 cores
• DPAA2
• 40G Pkt
• 20G Crypto
• 20-35W
• 1st 8x A72 ARM
Next gen
programmable
offload
Remote Terminal, PLC,
Low power Nodes
Pin Compatible
Industrial Firewall,
Managed Switches, Gateways,
Access Points
SDN, NFV,
Cloud Networking, Storage
Access Gateway, WLAN,
Intelligent Edge, vCPE
Leading the 64-bit ARM Wave in Networking
PUBLIC USE15 #NXPFTF
QorIQ LS1012A Block Diagram
• Single ARM Cortex-A53 processor
− 1840 DMIPS / 2240 Coremark @ 800MHz
− NEON Co-processor and DP FPU
− 256 KB L2 cache with ECC
• Memory Controller
− DDR3L up to 1000 MHz
− 16-bit data bus, 1 chip select
− High Speed Interconnect
− 1x PCI Express Gen2
− 1x SATA Gen3
− 1x USB 3.0 w/PHY
− 1x USB 2.0 w/ULPI
− Ethernet Packet Accelerator
− 2x GbE (2.5G or 1G)
− Datapath
− Packet Acceleration Engine (PPFE)
− Security acceleration engine (SEC)
− 2x SD 3.0/SDIO/eMMC
− QSPI, 1x SPI, 2x UART, 2x I2C
− 2x I2S, 5x SAI
− Secure Boot, Trust Architecture, ARM TrustZone
− Advanced Power Management
− Package: 10x10mm, routable in 4-layers
CCI-400 Coherent Interconnect
Secure Boot
Trust Zone
Power Management
2x SD 3.0/SDIO/eMMC
2x I2C
2x I2S, 5x SAI
QSPI, 1x SPI
2x UART
64-bit
DDR2/3
Memory
Controller
16-bit
DDR3L
Memory
Controller
64KB
SRAM
GPIO, JTAG
SEC
256KB L2
ARM
Cortex-A53
32KB
L1-D
32KB
L1-I
1x USB3.0 + PHY3-Lane 6GHz SERDES
PC
Ie 2
.0
PPFE
SA
TA
3.0
Gb
E
Gb
E
Samples Production
April-2016 Q4-2016
1x USB2.0
Sec Monitor
NEW
PUBLIC USE16 #NXPFTF
QorIQ LS1012A High Level Features
• Processor Complex
− 64-bit ARM Cortex-A53 up to 800 MHz
>2200 Coremarks under 2W
NEON SimD / DP FPU
32KB/32KB L1 Parity protected Cache & 256KB L2 Cache with ECC
• Data Interfaces (up to 2x 6GHz SerDes Lanes)
− 2x Gb Ethernet (2.5G/1G)
− 1x USB3.0 w/PHY
− 1x USB2.0 w/ULPI
− 1x PCIe Gen2 (5 GHz) (x1)
− 1x SATA-3 (6 GHz)
• Memory Interfaces
− QSPI (NOR flash)
− 1x SPI
− 2x SDIO 3.0
− DDR3L-1000 MHz (16b)
• Control I/Os
− 2x I2C, 1x SPI
− 2x UARTs
− 5x I2S
− Watchdog/Timers
− 16 dedicated GPIOs, 6 PWM Capable
• Packet Acceleration
− Packet Acceleration Engine
2Gbps of PPPoE/NAT routing with 64B packets
RSO/LRO offload
− Hardware Security Engine
400 MB/s block mode encryption
AES256 CBC, ECB, XTS
XOR
• Hardware/Silicon Security
− Secure Boot, JTAG Blocking, 8Kb OTP Memory
− ARM TrustZone + Trust Architecture
− DRM compliance
• Battery Operation
− Dynamic Frequency Scaling (DFS) with integrated power management
− USB charging
PUBLIC USE17 #NXPFTF
48KB
L1-I
32KB
L1-D
48KB
L1-I
2MB Banked L2
ARM A72
32KB
L1-D
48KB
L1-I
ARM A72
32KB
L1-D
48KB
L1-I
1MB Banked L2
ARM A72
32KB
L1-D
48KB
L1-I
ARM A72
32KB
L1-D
48KB
L1-I
Industry’s Leading ARM 64-bit Networking Solution: QorIQ LS2088A
Datapath Acceleration
• SEC- crypto acceleration
• DCE - Data Compression Engine
• PME – Pattern Matching Engine
General Purpose Processing Layer
• 8x ARM A72 CPUs, 64b, 2.0GHz
˗ 4MB Banked L2 cache
• HW L1 & L2 Prefetch Engines
• Neon SIMD in all CPUs
• 1MB L3 platform cache w/ECC
• 2x64b DDR4 up to 2.4GT/s
Accelerated Packet Processing Unit
• 40Gbps Packet Processing
• 20Gbps SEC- crypto acceleration
• 15Gbps Pattern Match/RegEx
• 20Gbps Data Compression Engine
• 4MB Packet Express Buffer
Express Packet IO Layer
• Supports1x8, 4x4, 4x2, 4x1 PCIe Gen3 controllers
• 2 x SATA 3.0, 2 x USB 3.0 with PHY
Network IO
• Wire Rate IO Processor:
˗ 8x1/10GbE + 8x1G
˗ XAUI/XFI/KR and SGMII
˗ MACSec on up to 4x 1/10GbE
Coherency Fabric
IO MMU IO MMU
Secure Boot
Trust Zone
Flash Controller
Power Management
SDXC/eMMC
2x DUART
4x I2C
SPI, GPIO, JTAG
IO MMU
64-bit
DDR2/3
Memory Controller
64-bit
DDR4
Memory Controller
1MB
Platform Cache
2x USB3.0 + PHY
Pre
-fetc
h
Queue
Mgr.
Buffer
Mgr.
SECDCE
8-Lane 10GHz SERDES 8-Lane 10GHz SERDES
8x1/10 + 8x1
PME WRIOP
64-bit
DDR2/3
Memory Controller
64-bit
DDR4
Memory Controller
Accelerated
Packet
Processor
(APP)
Buffer
L2 Switch
PC
Ie
PC
Ie
PC
Ie
PC
Ie
SA
TA
3.0
SA
TA
3.0
32-bit DDR4
Memory Controller
Other Parametrics
• 37.5x37.5 Flipchip
• 1mm Pitch
• 1292pins
48KB
L1-I
32KB
L1-D
48KB
L1-I
2MB Banked L2
ARM A72
32KB
L1-D
48KB
L1-I
ARM A72
32KB
L1-D
48KB
L1-I
1MB Banked L2
ARM A72
32KB
L1-D
48KB
L1-I
ARM A72
32KB
L1-D
48KB
L1-I
NXP Delivers Industry’s Best Performance Efficiency ARM-64bit Networking Solution
PUBLIC USE18 #NXPFTF
S32V230 Family of Processors for ADAS Systems
http://www.NXP.com/webapp/sps/site/prod_summary.jsp?code=S32V230
Features
• Targets ISO 26262 ASIL B applications
• Quad ARM Cortex®-A53 cores running at 1GHz
• Dual APEX-2 image cognition engines enabled by Open CL (optional)
• Hardware security encryption
• 3D GPU (Vivante GC3000) (optional)
• MIPI CSI2 and parallel image sensor interfaces
• 4MB on chip system RAM
• Embedded image signal processing for HDR, color conversion, tone mapping, etc.
• -40C to 125C (junction temperature) operation
• Available in 17 x 17 FC-BGA
PUBLIC USE19 #NXPFTF
Software Products and Services
Visit us in the Tech Lab – #247
Deliver Commercial Software, Support, Services and Solutions
Create Success!
Simplify Software Engagement with NXP
Accelerate Customer Time-to-Market
Linux® Services
Integration
Services
Development Tools
Solutions
Reference
Runtime Products
• Security
Consulting
• Hardened
Linux
• IOT
Gateway
• OpenWRT+
• CodeWarrior• VortiQa Software
Solutions
• Commercial
Support• Performance Tuning
PUBLIC USE20 #NXPFTF
SNAPSHOT ON KEY
TOPICS RELATED TO
MULTICORE
PUBLIC USE21 #NXPFTF
Remarks on High-End Multicore COTS
• Generally speaking .. High-End Multicore CPUs COTS SoCs have NOT been
designed specifically for safety critical applications
− eg. NXP QorIQs first target Networking as short-return high-volume market
• Nevertheless, non-safety critical applications/markets using HE SoCs require very
high level of reliability, in the sense of:
− Error protection
− Determinism (particularly in stressed / loaded conditions)
PUBLIC USE22 #NXPFTF
Common Use-Case for Robust Partitioning of Multicore
• Robust Partitioning refers to both
spatial and temporal aspects (or
resource and Time)
• at HW level, Spatial can be controlled
thru some well defined and quite
straightforward mechanisms (MMU, IO-
MMU, 3-level hierarchy)
• Temporal Partitioning in essence
cannot be addressed just thru
straightforward hardware mechanisms
• Spatial and Temporal partitioning are
not directly linked in the sense one
does not imply the other
HWCORE
AppAppli
I/Os
MMU
OS/Kernel
CORE
MMU
AppAppli
OS/Kernel
Memor
y
Memory
I/OsSys.
Memory
Sys.
I/Os
Config
Hypervisor
SW
IOMMU IOMMU
Partition A Partition B
Shared
Mem
PUBLIC USE23 #NXPFTF
Interferences in a Multicore SoC
• Some sub-domains in the SoC can provide‘’natural’’ determinism
− eg. core to cache/local memory
• Disabling some optimization features canlimit contentions
• (HW coherency/snooping, stashing)
• Usage Domain restriction with SW enforcement to ease temporal analysis
• Tests / measurements
• High-End Multicore SoCs generally providemore means for monitoring (thru supplier & tool partners)
+ when required SoC supplier assistance
Shared
MEM
CORE
MMU
I/O / DMA
Interconnect
IOMMU IOMMUIOMMU
Local
Mem
I/O / DMA
Config &
Control
M
E
M
Ctrlr
CORE
MMU
Local
Mem
PUBLIC USE24 #NXPFTF
REVIEW KEYS
FACTORS FOR USING
NXP MPUS IN
AEROSPACE AND
DEFENSE
PUBLIC USE25 #NXPFTF
Key Factors for Aerospace & Defense
• Quality & Qualification
− Application / Qualification Tiers
− Temperature Range
• Longevity
• In-service experience
• Architecture advantage
− Memory protection (Parity, ECC on caches and SRAM)
− Safety & Security functions
− Support of Power and ARM cores
• Documentation & Technical collateral
• Technical support
• Ecosystem and Partners
− incl. Boards, SW/RTOS, Debug, Packaging and extended. Qualification
• NXP’s commitment to the Aerospace and Defense market
• http://www.NXP.com/files/32bit/doc/brochure/PWRARBYNDBITSSKD.pdf
PUBLIC USE26 #NXPFTF
On Product Specifications
• Once a COTS device has reached qualification, a lot of technical information is
public and available directly from www.nxp.com
− including the Reference Manuals and Data-sheets for all SoCs in full production
• Some technical information are not publicly disclosed
− Errata description (NDA)
− Some technical details provided selectively depending on customers and/or applications
(NDA and in some cases service agreement)
− Some information restricted due to Intellectual Property concerns and/or non-user
applicable purpose.
PUBLIC USE27 #NXPFTF
Quality & Qualification
• At NXP we are committed to provide the highest levels of product quality, delivery and service, as viewed through the eyes of our customers.
• NXP Quality home page
− http://www.NXP.com/webapp/sps/site/homepage.jsp?code=QUALITY_HOME
• Quality Policy handbook
− http://www.NXP.com/files/abstract/misc/CPA_QA_HANDBOOK.pdf
• Quality Excellence as Seen Through the Eyes of the Customers
− http://www.NXP.com/webapp/sps/site/training_information.jsp?code=WBNR_FTF10_F0861
• Building Robust Products: NXP Product Package Mechanical Reliability Testing and Reporting
− http://www.NXP.com/webapp/sps/site/training_information.jsp?code=WBNR_FTF11_ENT_F0557
• Ask for Qualification reports (incl. Test/Validation results)
PUBLIC USE28 #NXPFTF
Summary
• NXP stands by a proven track record in Aerospace and Defense applications
• NXP guarantees long term product supply
• NXP offers technical support and design documentation for a variety of applications
• NXP offers the broadest portfolio of solutions from microcontrollers to super
computer-type processors
• NXP is a “Best in Class” supplier for Aerospace and Defense applications
PUBLIC USE30 #NXPFTF
ATTRIBUTION STATEMENT
NXP, the NXP logo, NXP SECURE CONNECTIONS FOR A SMARTER WORLD, CoolFlux, EMBRACE, GREENCHIP, HITAG, I2C BUS, ICODE, JCOP, LIFE VIBES, MIFARE, MIFARE Classic, MIFARE
DESFire, MIFARE Plus, MIFARE FleX, MANTIS, MIFARE ULTRALIGHT, MIFARE4MOBILE, MIGLO, NTAG, ROADLINK, SMARTLX, SMARTMX, STARPLUG, TOPFET, TrenchMOS, UCODE, Freescale,
the Freescale logo, AltiVec, C 5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C Ware, the Energy Efficient Solutions logo, Kinetis, Layerscape, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert,
QorIQ, QorIQ Qonverge, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid, Airfast, BeeKit, BeeStack, CoreNet, Flexis, MXC, Platform in a Package, QUICC Engine,
SMARTMOS, Tower, TurboLink, and UMEMS are trademarks of NXP B.V. All other product or service names are the property of their respective owners. ARM, AMBA, ARM Powered, Artisan, Cortex,
Jazelle, Keil, SecurCore, Thumb, TrustZone, and μVision are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. ARM7, ARM9, ARM11, big.LITTLE, CoreLink,
CoreSight, DesignStart, Mali, mbed, NEON, POP, Sensinode, Socrates, ULINK and Versatile are trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. Oracle and
Java are registered trademarks of Oracle and/or its affiliates. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks
licensed by Power.org. © 2015–2016 NXP B.V.