7.3 Logic protection

A Cortex®‑R8 processor that has either one or two cores can have optional logic protection. When the processor is configured with a single core and logic protection, it is implemented as a Lock-Step configuration. When the processor is configured with two cores and logic protection, it is configured as a Split-Lock configuration.

The logic of the primary core is protected by a duplicate core that is the exact copy of the first core. Both cores share the same RAMs protected with ECC and the same input pins. The second core is delayed by two clock cycles so that this redundant system can detect glitches in the inputs.

The outputs of the primary core and the duplicate core are compared on each cycle to detect any error. The outputs of the first core are delayed so they can be synchronized with the second core. This mechanism relies on the fact that any error occurring in the core is eventually visible on the outputs of the core, or is inherently a low-risk failure.

On detection of an error in one core, both cores are reset before executing a code sequence, to put them in the same initial state. They can then restart execution from a previously taken snapshot.

The Cortex‑R8 processor provides a template of the logic required for the comparison of the dual-redundancy cores.

Non-ConfidentialPDF file icon PDF versionARM 100400_0001_03_en
Copyright © 2015–2017 ARM Limited or its affiliates. All rights reserved.