FS Work Package: Booty (new bootloader)

Functional Safety Work Package: Booty (new bootloader) FSWP0001
status: DONE
tags: fswp
date: 2025-05-21

Date

2025-05-21

Project

Simplifier V2 (PRJ_M100).

Redmine main issue

https://redmine.sspn.app/issues/240

Responsible

JR, WF

Background

To save flash memory, we urgently needed to change the bootloader architecture. We also have several other improvements planned, so we incoporate these too. This includes cyber security protection when update FW, better separation between FW and bootloader, and cleaned up code.

Affected components

Source Code

  • SRC002-017

  • SRC002-021

  • SRC002-018

  • SRC002-022

  • SRC200-001 (Simplifier Manager)

  • SRC200-002 (MemmapRead)

  • SRC200-003 (SSPTool)

Hardware designs

Mechanical designs

Manuals/Documentation

Approvals

Products

Safety Simplifier

Impact analysis (non safety)

PC software needs to be updated. Migration from v06 and v07 needs to be considered. Due to migration requirements, it is difficult to secure the keys 100%.

Impact analysis (functional safety)

The new architecture will in general only improve functional safety. The only increased risk is that a new code base needs to be tested and verified. As the new code is much better separated, this will be easier. Ie, it is by design guaranteed that the bootloader does not affect the build of the firmware, as these are now two separate build processes.

Also, the encryption of code (and its verification), means that detection of bit errors or bugs resulting in wrong data is much better than the already strong 32 bit CRC. The mitigate the risk of new bugs, SWREQs are added and tested/verified to cover quality assurance.

Affected requirements

Guideline

  • For every approved/decided change, this document shall be filled in.

  • To minimize the number of document types, this document is also used for new products, as the Functional Safety aspects are very similar.

  • Affected components are the different parts in the technical file that needs to be updated. This includes both Functional Safety parts and non-safety parts.

  • Project should be the one project where the work is logged.

  • Redmine main issue is the top level issue in redmine that covers the change. It should be within the project.

  • Impact Analysis is divided into two parts. The Safety parts need to link to testable verification and follow up in this document.

  • Affected requirements are the sphinx requirements that are modified/added/removed.