RSU and ASMI Paralel. Safe Update and Reset-Handling

Question

Hi together,I have several questions on our new development containing two Cyclone 4GX devices. One EP4CGX22 and one EP4CGX15 each with its own EPCQ16A. Everything in AS. No dependency between the two devices except that they are connected to the same host PC via PCIe.The Quartus-Version is: 18.1 Quartus-Prime Lite.We are going to use the capability of updating the devices for the first time so the things around that are quiet new to us.The designs don´t contain a NIOS II CPU. Everything is done in State-Machines.  For writing the image into the EPCQ16A we use the ASMI_Paralel Block.	Configured with EPCQ16 (without A) due to Bug-ID: 1408167652.For the Two-Phase-Boot and handling of the configurations we use: Remote Update Intel FPGA IPOur goal is: The Device powers up and configures the device as Factory-Image from Flash address 0x0.The Factory Image resets the RSU Block (Has to be done after Power up?)The Factory Image sets several parameters and starts reconfiguration at address 0x100000 which is the second half of the EPCQ16A. That’s the location of our Application-Image.Both Images have the capability of erasing and rewriting a new Image at start address 0x100000 in the flash. When anything goes wrong (e.g. wrong/corrupt file, power-issue etc.) we want to have the Factory image to work as a backup system. It will be 95%-100% the same as the Application Image at the time of first delivery. When loading of a configuration fails the system shall use the Factory Image and maybe report that to the host. Here we have the first issue/question. Our PCB-Design contains a MAX6390 Reset-Controller with a manual Reset-Input. With the conf_done connected to that input we generate a Reset-Signal for our logic to be sure that everything is fine at startup. How to decide if the Factory-Image is loaded for the first time after Power-On. We have to do a reset of the RSU only at this point. If we do a reset after a reconfig-issue we are going to lose all information where the FPGA comes from. In fact we will have a cyclic rebooting system if the application image is broken.  Our Workaround for now is that we have a second MAX6390 and don’t use the manual reset input. I don´t think that everybody does it that way. And it is a little tricky to handle which one comes first.Is there any best practice for that?Second Question: The documentation of early pof-checking feature is not that deeply. Somewhere is written that it checks a small part of the next image to be used. So there is no full check of the image let’s say a CRC or something like that? Does it only check if the start-address is not empty? May this feature be used by Application-Image too (to have the designs identically) or is it only useful for the Factory-Image?Third Question: The documentation of the registers reconfig_condition and current_state especially in combination with the read_source is not totally clear at all. Will the Factory-Images reported as well? In reconfig_condition register sometimes more than one bit is ‘1’. Is there a guidance or table where one can assume which event causes a combination of bits?Thanks in advanceBR Nils

yuanli_s_intel · Answer

For the first question, you mentioned that you need a external max10 device just to perform reset to internal logic. May i know which internal logic are you refering to? Cyclone IV FPGA?

Second question, yes. Checking will be applied when you are perform remote update say, from factory image to application image and vice and versa. If there is CRC error and etc, it will revert back to factory image.

Third question, apologize i dont understand about this. May i know which document are you refering to? What is the page?

nhuen · Answer

Hello SooY_Intel,thank you for your answers.First question:No, on our Boards are no MAX10 devices. Just one Cyclone IV-GX each. The MAX6390 is a Power-Supervisor from Maxime. But the main Question is: How do I see if have to reset the RSU-Block or not. The first time when the FPGA is in Factory-Image (just after Power-On) the RSU has to be reset. Thats written in the RSU-Documentation. Anytime later the Factory-Image must not reset the RSU since the FPGA can be configured with the Factory-Image due to an Error. By resetting the RSU we lose the Information about this error. To do so I have do differentiate a Power-On event from any other reconfiguration of the FPGA. With an external CPU as a supervisor that would be simple. But our external CPU is connected via PCIe and is not running when the devices are configured.Second question:OK, I will try both designs with the early pof checking. But the check is only applied on a really small part of the image right?Third question:My used documents is  UG-31005 from 2019.12.24The part about read_source is on Page 33. In Hardware I have seen contents in the register 1 and 2  when the FPGA seems to be in Application for the first time after Power-On. The dokument looks like no information about the Factory-Image is stored. Is that right?The Reconfiguration_trigger_register has sometimes more than one bit set. Is there any reference like: reconfiguration via RSU-Reconfig leads to value XY or something?

yuanli_s_intel · Answer

Hi Nils,Please find my response below:1) When you said about reset? Which reset are you referring? If you are saying about "remote system upgrade registers", it will be reset by the IP itself.2) The check is on the application image. I dont think is small part.3) You can choose to boot into factory / application. All you need to do is to set ANF to 1 (application) or 0 (factory)Thank You.Regards,Bruce

Forum Discussion

RSU and ASMI Paralel. Safe Update and Reset-Handling

3 Replies

Recent Discussions

Cyclone-V SCFIFO with M10K/MLAB memory - adding ECC

Agilex3/5 GTS Hard Ethernet IP 10G example design pin loc and io std wanted

Agilex 7 slew rate reconfiguration

Agilex-7 AXI MCDMA for PCIe hang

Constraints not being picked for DCFIFO