

# Secure configuration for the Powering Interlock Controller



J. Blanco AB/CO/MI 29 January 2007



# System Architecture



















#### • Help operations & experts to

- Avoid inversion of configuration data between PLC's
- Assure version integrity between all the software components (PLC, PVSS, Matrix)
- Assure integrity of configuration data between all the system components (PLC, PVSS, Matrix)
- Assure the trust of the files downloaded from the DB server
- Safely change operational parameters without changing hardware configuration
- Does not protect against
  - Manual post-editing of configuration data

## Implementation







## **Specification**



#### Supervision application config file

•The PVSS application is responsible for the consistency of all the configuration data as well as the coherency of the program versions for the CPLD-PLC-PVSS

It contain

•Version number of the config file.

•The CRC's for the PLC and CPLD

•The versions of the PLC and CPLD code.

•The overall coherency will depend on the correctness of the PVSS configuration file.



# Verification process







## Actions



#### • Enable/Disable 'Give Permit' command at PVSS level.

| CIP.UA83.ML8 Powering interlock controller for the matching section, left of IR8                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |                                                                                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |  |  |  |  |  |  |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--|--|
| VO Status Powering Monitoring CFP L                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | CIP.UA83.ML8<br>CFP UA83 CIPML8 DATA Connection OK Diag Info 🔛                                                                                                                                                 |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |  |  |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | CIP.UA83.ML8 Powering interlock controller for the matching sec                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |  |  |  |  |  |  |
| I X X   R   R   R   R   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D   D <th>Versions   PVSS side     PLC side   PVSS side     A38D4091   PLC HW config   A38D4091     178B833A   PLC SW config   178B833A     2   PLC version   2     D2   Matrix config   D2     15   Matrix version   15</th> <th>R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C</th> | Versions   PVSS side     PLC side   PVSS side     A38D4091   PLC HW config   A38D4091     178B833A   PLC SW config   178B833A     2   PLC version   2     D2   Matrix config   D2     15   Matrix version   15 | R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     R     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C     C |  |  |  |  |  |  |
| Circuit OK                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | PIC ID 4E316                                                                                                                                                                                                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |  |  |  |  |  |  |
| G G G<br>Permit I<br>Seq<br>R R R<br>Permit II<br>Seq<br>G G                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | Settings   MATRIX validity period (s.)                                                                                                                                                                         | S G G G G G G G G G G G G G G G G G G G                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |  |  |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Signal Init Forced Mode                                                                                                                                                                                        | Give All Remove All Select                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |  |  |





- Every time a Faceplate of a PIC is opened in the SCADA systems all 5 parameters are verified.
- Before a 'give permit" command is sent, the 3 PLC related parameters (HW CRC, SW CRC, Version) are checked. The 2 CPLD parameters (CRC, Version) are verified only if the last verification is older than a maximum of 1 hour.
- Every time a 'give permit all' is sent all the parameters are verified.

| P.UA83.ML8 Powerin | g interlock controller for th | e matching sec 📃 🔲 |    | P.UA83.ML8 Powering | j interlo | ock controller for th | e matching sec 📃 |
|--------------------|-------------------------------|--------------------|----|---------------------|-----------|-----------------------|------------------|
|                    | CIP.UA83.ML8                  |                    |    |                     | CIF       | P.UA83.ML8            |                  |
| NFIGURATION DA     | та ок 🔲                       | Refresh            | С  | ONFIGURATION DA     | TA BA     | D 📕                   | Refresh          |
| ersions            |                               |                    | ۲  | /ersions            |           |                       |                  |
| PLC side           |                               | PVSS side          |    | PLC side            |           |                       | PVSS side        |
| A38D4091           | PLC HW config                 | A38D4091           |    | A38D4091            | P         | LC HW config (        | BE6A6587         |
| 178B833A           | PLC SW config                 | 178B833A           |    | 178B833A            | Ρ         | LC SW config          | AB404A4A         |
| 2                  | PLC version                   | 2                  |    | 2                   |           | PLC version           | 2                |
| D2                 | Matrix config                 | D2                 |    | D2                  | I         | Matrix config         | D2               |
| 15                 | Matrix version                | 15                 |    | 15                  | ٨         | Matrix version        | 15               |
| nations            |                               |                    | -1 | nformations         |           |                       |                  |
| SS PIC compor      | nent 4                        |                    |    | PVSS PIC compon     | ent       | 4                     |                  |
| D                  | 4F316                         |                    |    | PIC ID              |           | 4F316                 |                  |
| Restarts           | 21                            |                    |    | PLC Restarts        |           | 21                    |                  |
| ttings             |                               |                    | -9 | Settings            |           |                       |                  |
| 1ATRIX validity pe | riod (s.) 3600                | Apply              |    | MATRIX validity per | iod (s.)  | 3600                  | Apply            |
|                    |                               |                    |    |                     |           |                       |                  |
|                    |                               |                    |    |                     |           |                       |                  |



#### CVS repository



- After download from database, all configuration data will be archived in CVS
- Validation during hardware commissioning

|                                         | CERN — European Organization for Nuclear P                                                                                                            | esearch    |                  |               |                                                                                 |  |  |  |  |  |
|-----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------|------------------|---------------|---------------------------------------------------------------------------------|--|--|--|--|--|
| Click on a directory to enter that dire |                                                                                                                                                       |            |                  |               |                                                                                 |  |  |  |  |  |
| Current directory: [pico - PIC Confi    | CIP_Config_Data/CIP.UA83.XL8/                                                                                                                         |            |                  |               |                                                                                 |  |  |  |  |  |
| File                                    | Click on a directory to enter that directory. Click on a file to display its revision history and to get a chance to display diffs between revisions. |            |                  |               |                                                                                 |  |  |  |  |  |
| Parent Directory                        | Current directory: [pico - PIC Configuration Files] / CIP Config Data / CIP.UA83.XL8                                                                  |            |                  |               |                                                                                 |  |  |  |  |  |
| CIP.TZ76.AL7/                           |                                                                                                                                                       |            |                  |               |                                                                                 |  |  |  |  |  |
| CIP.TZ76.AR7/                           | File                                                                                                                                                  | Rev.       | Age              | Author        | Last log entry                                                                  |  |  |  |  |  |
| CIP.UA23.AL2/                           | Parent Directory                                                                                                                                      |            |                  |               |                                                                                 |  |  |  |  |  |
| CIP.UA23.ML2/                           | PIC UA83 XL8.zip                                                                                                                                      | 1.1        | 7 weeks          | jblancos      | PLC program Version 1.7 PLC config Version: 2.0 Remarks: Cryo Comm PLC-PLC spec |  |  |  |  |  |
| CIP.UA23.XL2/                           | PIC UA83 XL8 No PSoff.zip                                                                                                                             | <u>1.1</u> | 7 weeks          | jblancos      | PLC program Version 1.7 PLC config Version: 2.0 Remarks: Cryo Comm PLC-PLC spec |  |  |  |  |  |
| CIP.UA27.AR2/                           | matrixcode CIP UA83 XL8.jed                                                                                                                           | <u>1.1</u> | 8 weeks          | jmarieth      | Add of the matrix compiled code                                                 |  |  |  |  |  |
| CIP.UA27.MR2/                           | matrixmask CIP UA83 XL8.txt                                                                                                                           | <u>1.1</u> | 2 months         | jmarieth      | *** empty log message ***                                                       |  |  |  |  |  |
| CIP.UA27.XR2/                           | plcD CIP UA83 XL8.txt                                                                                                                                 | <u>1.2</u> | 2 months         | jmarieth      | New version number for PLC_SW (2.0) and CPLD (1.5) New URL for [html page]      |  |  |  |  |  |
| CIP.UA43.AL4/                           | plc CIP UA83 XL8.txt                                                                                                                                  | <u>1.2</u> | 2 months         | jmarieth      | New version number for PLC_SW (2.0) and CPLD (1.5) New URL for [html page]      |  |  |  |  |  |
| CIP.UA47.AR4/                           | pvss CIP UA83 XL8.txt                                                                                                                                 | <u>1.4</u> | 5 weeks          | jmarieth      | New header field containing the list of PC connected to the PIC                 |  |  |  |  |  |
| CIP.UA47.MR4/                           |                                                                                                                                                       |            |                  |               |                                                                                 |  |  |  |  |  |
| CIP.UA63.AL6/                           | Show only files with tag: All tags / default branch                                                                                                   | - Mod      | ule path or alia | s: CIP_Config | ]_Data/( Go                                                                     |  |  |  |  |  |
| CIP.UA63.ML6/                           |                                                                                                                                                       |            |                  |               |                                                                                 |  |  |  |  |  |

CERN — European Organization for Nuclear Research





#### • Adding equipment or electrical circuits

- Probability very low.
- Imply changes in the PC, QPS and PIC.
- Imply changes in the Hardware part of the config data → re-commissioning must be done.
- Removing equipment or electrical circuits defined as Auxiliary (corrector circuits)
  - High probability.
  - PC powering that circuit should be switched off and the interlock cable should be disconnected.
  - No config file modifications needed.
- Removing equipment or electrical circuits defined as Essential (main circuits)
  - Low probability.
  - Should be redefined as auxiliary → SW part of PLC config file needs to be modified as well as the MATRIX mask.





- Change the 'POWERING SUBSECTOR OFF' flag
  - Low probability.
  - Update the Software part of the PLC config file.
  - Quick functional test of the modification from the CCC sufficient
- Change the 'BEAM DUMP' FLAG
  - Medium-low probability.
  - Update the Software part of the PLC config file.
  - Change the MATRIX mask of the CPLD.
  - Quick functional test of the modification from the CCC sufficient



#### Conclusions



- ES summarizing the design issues finalized and will soon be distributed for engineering check
- Similar ideas implemented for PLC systems as MCS for VME front-ends to
  - Later integration into MCS?
- Assist operations with configuration management and changes of operational parameters







- Bernard, Frederic.
- Harrison, Robert.
- Zerlauth, Markus.
- (AB/CO) (AB/CO) (AB/CO)