As a safety device CROME is subject to strict constraints in order to fulﬁl SIL2 (Safety Integrity Level 2) requirements. The system uses a Xilinx Zynq 7020 SoC, for all computation. CROME uses the FPGA section of the Zynq for all safety critical functions, while the dual ARM cores run a custom made Linux OS that is primarily used for communication with a SCADA supervision system and data logging. The OS is called CROMiX 18 and it runs a user application that lunches three processes:
- A demon that manage the downstream and upstream between the FPGA section (up to 200 x 64bits parameters) and the processors
- A demon to communicate with the Supervision through a custom TCP/IP homemade protocol called ROMULUS
- A demon that manage the non-safety critical calculations or tasks such as the data compression, the data storage, events generation ….
As a safety related system, CROME has several boot modes. It is capable to boot through the SD CARD or a remote TFTP/PXE server. If both first options are not available, the system will boot from a second local backup image stored into the QSPI memory and an eMMC.