SM CODE AES_SM_1
Detailed implementation
Encryption and decryption operations performed by AES module are composed by several
data manipulations and checks, with different level of complexity according to the selected
chaining algorithm. A major part of the hardware random failures affecting AES module leads
to algorithm violations/errors. Leading to decoding errors on the receiver side.
Error reporting Several error conditions can happen, check functional documentation.
Fault detection time Dependency on Device configuration
Addressed fault model Permanent/transient
Dependency on Device configuration AES module available only on specific part numbers
Initialization Dependency on Device configuration
Periodicity Continuous
Test for the diagnostic
Direct test procedure for AES efficiency is not available. AES run-time hardware failures
leading to disabling such protection fall into multiple-fault scenario, from IEC61508
perspective. Related failures are adequately mitigated by the combination of safety
mechanisms reported in this table, field Multiple-fault protection.
Multiple-fault protection
AES_SM_2: Information redundancy techniques on messages, including end-to-end
protection
Recommendations and known limitations
This detection capability can be used to implement software-based tests (by processing
a predefined message and further checking the expected results) which can be executed
periodically to early detect AES failures before its use by application software.
Table 106. AES_SM_2
SM CODE AES_SM_2
Description Information redundancy techniques on messages, including end-to-end protection
Ownership End user
Detailed implementation
This method aim to protect the communication between a peripheral and his external
counterpart. It is used in AES local safety concept to address failures not detected by the
encryption/decryption features.
Refer to UART_SM_3 description for detailed information.
Error reporting Refer to UART_SM_3
Fault detection time Refer to UART_SM_3
Addressed fault model Refer to UART_SM_3
Dependency on Device configuration AES module available only on specific part numbers
Initialization Refer to UART_SM_3
Periodicity Refer to UART_SM_3
Test for the diagnostic Refer to UART_SM_3
Multiple-fault protection Refer to UART_SM_3
Recommendations and known limitations
Important note: it is assumed that the remote counterpart has an equivalent capability of
performing the checks described.
Refer to UART_SM_3 for further notice.
Important:
Hardware random failure consequences on potential violations of Device security feature are
not detailed in this manual.
3.6.31 Advanced, general, and low-power timer (TIM1/2/3/4/5/8/15/16/17 LPTIM1/2)
As the timers have multiple mutually independent channels possibly used for different functions, the safety
mechanism is selected individually for each channel.
UM2305
Hardware and software diagnostics
UM2305 - Rev 10
page 61/110
To Next Page
Loading...
Need help?
General
