Key elements

Several elements play a vital role in the multicore startup process of the PXROS-HR operating system. Their combination determines the startup flow together with a selection of optional Init utility library providing the corresponding implementation.

AURIX MPU compatibility mode (MPU-COMPAT)

AURIX architecture introduces additional protection against an unintended modification of selected critical registers through a so-called Safety Watchdog EndInit protection where the write access to these registers requires a particular Unlock-Modify-Lock sequence in the hardware Safety Watchdog module. This sequence represents a potential issue in a multicore environment. The AURIX architecture contains the COMPAT register, allowing to disable the Safety Watchdog EndInit Protection of critical registers to keep backward compatibility with older TriCore architectures. The compatibility mode has an impact on multicore PXROS-HR operating system because it controls the protection level for the core’s MPU enable-disable bit in SYSCON register that belongs among such critical registers. It is the safety strategy of the PXROS-HR that only the master core controls the safety WDG.

MPU Compatibility ON (MPU-COMPAT=ON)

  • The MPU enable/disable operation in SYSCON register is not under Safety Watchdog EndInit Protection

  • The PXROS-HR startup does not need to access Safety Watchdog module

  • Each PXROS-HR kernel instance enables its core MPU system independently

MPU Compatibility OFF (MPU-COMPAT=OFF)

  • Core’s MPU enable/disable in SYSCON register needs Safety Watchdog EndInit Protection handling

  • Only one core shall control the Safety Watchdog module

  • Only one core shall enable MPU system on all other cores

AURIX Core Execution state

The core in AURIX architecture can be in different states during the microcontroller runtime.

  • By default, there is one active core after the hardware reset, the other inactive cores are in the HALT mode. Once the core leaves HALT mode, it cannot enter it again until the next reset.

  • Active cores are in the RUN state where they execute the code.

  • Due to various reasons, the active state can be switched to the IDLE state in which the core does not execute any code and waits for its activation.

PXROS-HR Master Core

The PXROS-HR configuration requires a definition of _MASTER_CORE_ symbol controlling:

  • which core starts other inactive cores

  • which core handles Safety Watchdog module

  • which core configures and enables MPU protection of inactive cores before starting them in case of disabled MPU compatibility (MPU-COMPAT = OFF).

PXROS-HR kernel startup routines

The PXROS-HR kernel supports only a limited startup variant:

  • The kernel supports only _MASTER_CORE_ = 0, which is the reset core in AURIX architecture.

  • The kernel can activate another core only from the HALT state.

  • The kernel supports both MPU Compatibility modes

Other startup scenarios, like starting the PXROS-HR initialization from a different _MASTER_CORE_ or activating inactive cores being in IDLE mode, require user-specific implementation proposed in the Init utility.