As a safety device CROME is subject to strict constraints in order to fullfil Safety Integrity Level (SIL) requirements. The system uses a Xilinx Zynq 7020 SoC, for all computation.
![SoC](/sites/default/files/inline-images/Sans%20titre.jpg)
CROME uses the FPGA section of the Zynq for all safety critical functions, while the dual ARM cores (referred to it as PS) run a custom made Linux OS that is primarily used for communication with a SCADA supervision system and data logging. As shown in the picture bellow, the OS is called CROMiX 18 and it runs a user application that lunches three processes:
- A demon that manage the downstream and upstream between the FPGA section (up to 200 x 64bits parameters) and the processors
- A demon to communicate with the Supervision through a custom TCP/IP homemade protocol called ROMULUS
- A demon that manage the non-safety critical calculations or tasks such as the data compression, the data storage, events generation …
![CROME](/sites/default/files/inline-images/Capture%20d%E2%80%99%C3%A9cran%202021-06-01%20%C3%A0%2001.07.59.png)
The PL (the FPGA section of the SoC) runs all mission critical functions and calculations. Decisions are taken every 100ms based on majority voting mechanism :
![CROME](/sites/default/files/inline-images/Capture%20d%E2%80%99%C3%A9cran%202021-06-01%20%C3%A0%2001.08.20.png)
As a safety related system, CROME has several boot modes. It is capable to boot through the SD CARD or a remote TFTP/PXE server. If both first options are not available, the system will boot from a second local backup image stored into the QSPI memory and an eMMC.
![CROME](/sites/default/files/inline-images/Capture%20d%E2%80%99%C3%A9cran%202021-06-01%20%C3%A0%2001.08.38.png)
All the picture have been extracted from Hamza's presentation as the CERN SoC Working group : https://indico.cern.ch/event/882283/contributions/3736639/attachments/2028905/3398176/CROME_SoC_meeting_2020_7.pdf