F75P - Vital Embedded Single Board Computer, 3 Intel Atom E6xx

MH50C duagon SAFE CONTROL System (d-SC) Controller for Rolling Stock, with F75P Safe CPU, RT Ethernet and I/O Boards

MA50C AAR IP65 duagon SAFE CONTROL System (d-SC) Controller for Rolling Stock, with F75P Safe CPU, RT Ethernet and I/O Boards

SIL 4 certificate from TÜV SÜD for F75P/QNX bundle (included in 23F075P40)

SIL 4 certificate from TÜV SÜD for F75P/3U Safe Computer (included in 23F075P00)

SIL 4 certificate from Tüv MEN Y-COM SafeAPI for QNX OS for Safety (included in 23F075P40)

The F75P is a COTS safe computer with onboard functional safety that unites three CPUs on one 3U CompactPCI PlusIO card. It makes Intel Atom E6xx ("E600") performance with dual redundancy extremely compact, mainly targeting railway applications. Two independent Control Processors (CP) with independent DDR2 RAM and Flash and a supervision structure provide safety: For SIL 3 / SIL 4: With redundant software running on F75P and, e.g., with the software instances on the two CPs comparing their output. This way the board becomes a fail-silent subsystem, i.e. it can shut down in case of a fatal fault.

For up to SIL 2: Using just one of the two CPs or using both CPs independently for different applications. This way on each CP a 1oo1D safety application up to SIL 2 can be realized.

Its I/O Processor (IOP) is built up like a classic CompactPCI CPU board, including DDR2 RAM, front and rear I/O. The front connectors include VGA, two USB 2.0, and two 100-Mbit Ethernet channels. At the rear, the board provides another four USB 2.0, two Fast Ethernet ports, one 3-Gbit SATA and one PCI Express x1 link. These interfaces comply with the standardized pinout of CompactPCI PlusIO (PICMG 2.30). An onboard mSATA slot makes for scalable, robust mass storage. The intelligent board management controller of the IOP logs events such as reset, overvoltage or undervoltage in a non-volatile FRAM.

The Control (CP) and I/O Processors (IOP) communicate via internal links provided by an FPGA. The CPs are designed to run a deterministic real-time operating system such as the QNX Neutrino RTOS Safe Kernel. It is also possible to implement diversitary software on both kernels. All three CPUs support Linux and QNX.

The F75P can replace multiprocessing systems with CPU redundancy and I/O by a small-footprint, low-power solution that is flexible for different types of application scenarios. It uses a single +5 V supply voltage to allow operation with external power supplies that do not generate +3.3 V.

F75P-based systems are generally certifiable up to SIL 4. Since the card has no voter of its own, the software implements and controls functional safety behavior. The customer can either add the software himself or purchase it from duagon. The safety features such as the CP supervisors are designed to SIL 4 according to [EN50129]. A railway certification package including the "safety case" document and a certificate from TÜV SÜD is available.

Its rugged set-up also make the F75P rail-ready: with assets like conformal coating and an operating temperature of -40 °C to +70 °C (10 min @ +85 °C) with qualified components, it is fully EN 50155 compliant. A 4-HP version is available with RJ45 Ethernet connectors and a reduced temperature range for system design, while a 6 HP version with RJ45 Ethernet connectors and another standard card with 8 HP width with M12 front connectors have a larger heat sink.

2x Intel Atom E6xx, up to 1 GB DDR2 RAM (each) for onboard dual redundancy
1x Intel Atom E6xx, up to 2 GB DDR2 for I/O
Independent supervisors for each block
Fail-safe board architecture
Event logging
SIL 4 certification packages available for hardware and software (QNX)
TÜV Süd certified according to EN 50129 (SIL 4), EN 50128 (SIL 4) and IEC 61508 (SIL3)
Full EN 50155 compliance
-40 °C to +70 °C (+85 °C)
Conformal coating

Functional Safety

With redundant CP usage: Certified to SIL 4 according to EN 50129 ("safety case" document and certificate from TÜV SÜD available)
- Tolerable functional failure rate per hour (TFFR) for safety functions: <= 1E-9 / h
Without redundant CP usage: Certified to SIL 2 according to EN 50129 ("safety case" document and certificate from TÜV SÜD available)
- Tolerable functional failure rate per hour (TFFR) for safety functions: <= 1E-7 / h
Control Processors configured for deterministic behavior, e.g., Hyper-Threading disabled, speed-step disabled, BIOS interrupts disabled
Board maintains safe state after a failure (factory configuration)
Option: Board can be configured to restart automatically after entering safe state (by factory configuration)

CPU Architecture

Three onboard processors
- Two Control Processors (CP)
- One I/O Processor (IOP)
- Inter-communication between all three processors via onboard Ethernet or Shared RAM
Three identical processor types
The following CPU types are supported:
- Intel Atom E680T, 1.6 GHz, 400 MHz graphics frequency, 4.5 W TDP
Main function of CPs
- Provide a "Safe Domain" on the board, including processors, memory, supervisors and power control
- Provide flexible implementation options for functional safety requirements
- Provide support for advanced, certified operating systems up to SIL 4
Main function of IOP
- Provide common I/O and memory facilities
- Provide a user-friendly software interface and GUI

Memory (connected to CPs)

512 KB L2 cache integrated in E6xx for each processor
System RAM
- Soldered DDR2
- 512 MB
- 1 GB (model 02F075P04)
Boot Flash
- 2 MB

Chipset (connected to IOP)

Intel EG20T Platform Controller Hub (PCH)

Memory (connected to IOP)

512 KB L2 cache integrated in E6xx
System RAM
- Soldered DDR2
- 1 GB
- 2 GB (model 02F075P04)
BIOS Flash
- 2 MB
8 KB non-volatile FRAM for event logging

Mass Storage (connected to IOP)

The following mass storage devices can be assembled:

mSATA disk (for IOP boot image and file system)

Graphics (connected to IOP)

Processor graphics

320 or 400 MHz graphics base frequency, depending on processor type
Maximum resolution: 1280 × 1024 pixels

Front Interfaces (controlled by IOP)

Video
- 1x VGA
USB
- 2x USB 2.0, Type A, host
Ethernet
- 2x 10/100BASE-T, RJ45 (model 02F075P00 / 02F075P02 / 02F075P04)
- 2x 10/100BASE-T, M12, D-coded, receptacle (model 02F075P01)
- 1x 10/100BASE-T, M12, D-coded, receptacle (model 02F075P03)
- 1x 10/100BASE-T, M12, A-coded, receptacle (model 02F075P03)
LED
- Status: power status, board status (BMC)
- Ethernet: activity, link
Reset button

Onboard Interfaces

Ethernet

Four channels, 100BASE-T, via Inter-Communication FPGA

Rear Interfaces (controlled by IOP)

SATA
- One channel, SATA Revision 2.x
USB
- Four channels, USB 2.0
Ethernet
- Two channels, 100BASE-T
PCI Express
- One x1 link, PCIe 1.0a
Compatible with PICMG 2.30 CompactPCI PlusIO
- 1PCI33/1PCIE2.5/1SATA3/4USB2/2ETH100
- Some pins are used for signals differing from the PICMG 2.30 specification. However, these signals do not destroy or cause any malfunction of a connected I/O board based on this standard.

Supervision and Control

Three independent supervisors for Control Processors and Inter-Communication FPGA
- Check for overvoltage, undervoltage, excess temperature, internal errors of FPGA and CPUs, CPU and FPGA clock
- Watchdog, configurable as a window or timeout watchdog
Board Management Controller for I/O Processor
Event logging
- Event history logged in non-volatile FRAM, e.g., reset, overvoltage, undervoltage, excess temperature
- 256 entries possible
- Events are generated by board hardware or user application
Real-time clock with supercapacitor backup connected to I/O Processor
- Data retention of supercapacitor: 56 hours when fully loaded, after 3 years runtime @ 40°C, 24h operation

Product Standard

CompactPCI: CompactPCI Core Specification PICMG 2.0 R3.0
- System slot
- 32-bit/33-MHz CompactPCI bus
- V(I/O): +3.3 V (+5 V tolerant)
Hot insertion and removal without damage

Busless Operation

Board can be supplied with +5 V only, all other voltages are generated on the board
Backplane connectors used only for power supply

Electrical Specifications

Supply voltage
- +5 V (-3%/+5%)
Power consumption
- 4.75 A typ.
- 5.25 A max.

Mechanical Specifications

Dimensions
- 3U, 4 HP, or
- 3U, 6 HP, or
- 3U, 8 HP
Weight
- 402 g (model 02F075P00, 4 HP, RJ45 connectors)
- 508 g (model 02F075P02/02F075P04, 6 HP, RJ45 connectors)
- 626 g (model 02F075P01/02F075P03, 8 HP, M12 connectors)

Environmental Specifications

Temperature range (operation):
- -40 °C to +70 °C, +85 °C for 10 min (EN 50155:2017, class OT4, ST1 (model 02F075P01/02F075P02/02F075P03)
- -40 °C to +55 °C, +70 °C for 10 min (EN 50155:2017, class OT2, ST1) (model 02F075P00/02F075P04)
- Conditions: airflow 1.5 m/s, typical power dissipation: 22.5 W
Cooling concept
- Air-cooled (with tailored heat sink), or
- Conduction-cooled in duagon CCA frame
Temperature range (storage): -40°C to +85°C
Relative humidity (operation): max. 95% non-condensing
Relative humidity (storage): max. 95% non-condensing
Altitude: -300 m to +3000 m
Vibration (function): 1 m/s², 5 Hz - 150 Hz (EN 50155 (12.2.11) / EN 61373)
Vibration (lifetime): 7.9 m/s², 5 Hz - 150 Hz (EN 50155 (12.2.11) / EN 61373)
Shock: 50 m/s², 30 ms (EN 50155 (12.2.11) / EN 61373)
Pollution degree: PD 2
Fire protection: EN 45545-2, hazard level HL3
Useful life: 20 years

Reliability

MTBF: 278 049 h @ 40°C according to IEC/TR 62380 (RDF 2000)

EMC

When integrated into an EMC protected rack
EN 50121-3-2 / EN 55016-2-1 (conducted emission)
EN 50121-3-2 / EN 61000-4-2 (ESD immunity)
EN 50121-4 / EN 61000-4-2
EN 50121-3-2 / EN 61000-4-3 (electromagnetic field immunity)
EN 50121-4 / EN 61000-4-3
EN 50121-3-2 / EN 61000-4-4 (burst immunity)
EN 50121-4 / EN 61000-4-4
EN 50121-3-2 / EN 61000-4-6 (immunity to conducted disturbances)
EN 50121-4 / EN 61000-4-6

BIOS/Boot Loader

InsydeH2O UEFI Framework

Software Support

I/O Processor
- Linux
- QNX
- VxWorks (on request)
Control Processors
- QNX (with or without Safe Kernel)
- PikeOS (on request)
- Linux (on request)
- VxWorks (on request)
- VxWorks/Cert (on request)
See also Application Note Recommendations for a Robust Software Setup
For more information on supported operating system versions and drivers see Software.

F75P - Vital Embedded Single Board Computer, 3 Intel Atom E6xx

Features

MA50Cduagon SAFE CONTROL Vital AAR System Controller Concept

MH50Cduagon SAFE CONTROL Vital System Controller

Specifications

Standard Models

Systems & Card Cages

Software

Linux

QNX

Documentation

Applications

Products

Company