CANopen Safety Certified Expansion Board

CANopen Saftey

The primary objective was to develop a CANopen Safety, SIL2 / PLd, Cat 3, expansion board for the customers remote control product. The aim of the first part of the project was to allow our customer and its clients to assess the functionality in prototype environments.

CANopen Safety Protocol

The expansion board was designed as a proof of concept to test the safety architecture and the CANopen Safety protocol connection while leaving out the work intensive safety related development process. This allows the customer to evaluate the functionality and compatibility of the system before investing a lot of resources to complete the SIL2 / PLd safety certification of the product.

Qualitative Features

The prototype achieved CANopen Safety transmit functionality with SRDO send, with a range of important features including split SRDO send functionality between two CPUs (CPU4 and CPU5). A safety configuration with CRC check and an implementation of standard CANopen services (NMT, Heartbeat, Object Dictionary, SDO Expedited Transfer).

Additionally, adoption of a modular architecture with a Hardware Abstraction Layer (HAL), Windows environment testing with Kvaser CAN hardware, and seamless integration within the customer’s development environment.

Environmental Reliability and Functional Safety Features

The environmental specifications of the product ensure its reliability in a wide range of conditions. With an operating temperature range of -40° to +85°. The functional safety elements include the implementation of CANopen Safety services to secure safe data transmission, in accordance with industry standards such as EN 50325-5, CiA 301 v4.2.0, ISO11898-1 and ISO11898-2.

The expansion board is equipped with two independent 32bit processors that creates two redundant data channels. Each processor has 128k of Flash memory, a custom safety bus connecting both processors to the main system, a serial bus that lets the two processors monitor each other and exchange configuration data, and a CAN controller that connects the system to the CANopen Safety bus.

Safety Certification and Product Enhancement

The projects final objective is to make a product with safety certification according to SIL2 / PLd, Cat 3 in accordance with IEC 61508. The software will be developed according to Safety Capability 3 (SC3) processes to allow the product to be used to build SIL3 systems by combining components.

Fully Certified

Moving from a proof of concept system with a safety architecture to a fully certified safety product requires a fair amount of work. A safety related development process according to IEC 61508 must be created for the project, and the software must be re-created from scratch using this development process. The safety related development process includes detailed specifications, comprehensive tests, tools for structured development, reviews on every level and the configuration and cross-processor monitoring functionality needs to be improved to comply with the safety requirements.

Meeting Industry Demands

In addition a number of additional functions are required for the final product, like serial number management, configurable node-id and bitrate, storing parameters in non-volatile memory, SRDO reception, as well as CANopen EMCY and LSS protocols

The CANopen Safety Expansion Board will be a robust and certified solution, providing a seamless interface between the CATS radio remote control receiver and the CANopen Safety fieldbus while meeting stringent safety and environmental requirements.

Sales and Support

Guy Hammer
Head of Sales USA
guy.hammer@tke-usa.com

Head Office

TK Engineering Oy
Hovioikeudenpuistikko 13 as 3
65100 Vaasa, Finland

© Copyright - TK Engineering Oy, Finland