Embedded Systems Academy

NXP and EmSA are inviting you to the one hour seminar “Accelerate Development of Robust Network Communications with CANopen and CANopen FD” on Tuesday April 21st 2020. This webinar is a hands-on session about customized CANopen (FD) development on NXP MCUs.

In the hands-on part, we take the CANopen (FD) device/slave example included with the NXP MCUXpresso SDK and use the free CANopen Architect Mini software utility to modify and configure the CANopen (FD) communication of the device. Code modifications are made using the MCUXpresso SDK to support the custom generated CANopen (FD) object dictionary entries. Click here to register for this webinar.

The webinar requires some basic CANopen (FD) and MCUXpresso knowledge. See our courses at www.em-sa.com/video to learn the basics about these technologies.

February 24, 2020 – Embedded Systems Academy (EmSA) and NXP® Semiconductors announce the integration of the free-to-use EmSA Micro CANopen libraries into the NXP MCUXpresso Software Development Kit (SDK) for developing with NXP’s microcontrollers (MCU) and crossovers based on Arm® Cortex®-M.

For years, many MCUs have been equipped with the Controller Area Network (CAN) interfaces including CAN FD. These interfaces are optimized for embedded communication and make it easy to transmit and receive single messages.

“To take full advantage of the capabilities of such interfaces, middleware communication protocols are required,” says Olaf Pfeiffer, General Manager of EmSA. “One of the most
popular protocols for embedded CAN applications is CANopen, for which EmSA has delivered its Micro CANopen software for more than 20 years, and remains highly used among embedded developers.”

Free-to-use versions of EmSA’s Micro CANopen library are now fully integrated into the MCUXpresso SDK for a selection of NXP LPC MCUs and i.MX RT crossover MCUs.

“This integration further simplifies the process of prototyping and integrating sophisticated and reliable communication into embedded systems.” said Brendon Slade, director of MCU ecosystem for Edge Processing at NXP Semiconductors. “For most systems, the libraries can be used in production without further licensing.”

One of the first adopters is PEAK-System Technik: Their industrial I/O module PCAN-MicroMod FD is based on NXP’s LPC54000 MCU series and uses a variation o

f EmSA’s Micro CANopen libraries. “Using a proven CANopen (FD) protocol implementation for our I/O devices greatly reduced our development time and opens up additional use-cases for our customers.”, says Uwe Wilhelm, General Manager of PEAK-System Technik.

For more information about the NXP microcontrollers currently supported by EmSA’s free to use CANopen libraries and video tutorials, visit www.em-sa.com/nxp

About MCUXpresso SDK
Available in downloads based on user selections of MCU, evaluation board and optional software components, the MCUXpresso SDK merges customization and quality in a suite of production-grade runtime software. Complete with pre-integrated RTOS middleware, stacks and middleware, reference software, and MISRA-compliant drivers analyzed with Coverity® static analysis tools, it’s the ultimate software framework and reference solution for application development with NXP MCUs and crossover MCUs based on ARM® Cortex®-M cores.

About Embedded Systems Academy
Embedded Systems Academy (EmSA) is an NXP gold partner and has locations in Barsinghausen, Germany and San Jose, California. EmSA provides tools, training and services for planning, implementing, debugging, commissioning and testing of embedded networking technologies including CAN, CAN FD, CANopen, CANopen FD, CiA447, J1939 and others. EmSA’s tutors Olaf Pfeiffer, Christian Keydel and Andrew Ayre published two books about CAN, CANopen and security on CAN systems. They regularly publish related articles and papers for various international conferences.

Contact
Embedded Systems Academy GmbH
Olaf Pfeiffer
info@esacademy.de

Over the last years we published more than 50 articles, papers, books, webinars and we also continuously updated our training materials. However, some of the training material and especially scientific papers only reach a small percentage of the embedded community. Therefore we decided to publish more free educational videos to reach more of you. As a start we created several playlists on our EmSA Youtube channel. These include:

• CANopen FD Intro:
  Introductory videos to CANopen FD, also covering some basics like an introduction to the CANopen Object Dictionary concept
• CAN (FD) Security:
  Video collection about CAN and CAN FD security challenges and solutions
• MCUXpresso Middleware:
  Video collection about NXP’s MCUXpresso and CANopen libraries included

We plan to publish more videos in the upcoming month, further focusing on CAN, CAN FD, CANopen, CANopen FD topics including introductory videos as well as in-depth technology classes.

Please subscribe to the channel to stay informed about new videos published.

This year we present multiple papers at the upcoming Embedded World (25th to 27th of February in Nuremberg, Germany) and the international CAN Conference (17th to 18th March in Baden-Baden, Germany). Chris and I will be talking with our partners of NXP Semiconductors, PEAK

-Systemtechnik and the Hochschule Offenburg about CAN (FD) security and CANopen (FD) Smart Bridging. In our security papers, we examine how different existing and CAN capable security methods can best complement each other. With SmartBridgingFD we show how classical CANopen devices or networks can easily and transparently be mixed with newer CANopen FD installations. As classical CANopen and CANopen FD are not compatible on the bitrate level, they can not share the same CAN wiring. However, the SmartBridgeFD allows combining classical CANopen and new CANopen FD networks into one large logical network.

At the Embedded World, you can see the SmartBridgeFD integrated into the CANopen FD demonstrator at the CiA booth (hall 1 booth 630). Another of our CANopen (FD) demos will be displayed at NXP Semiconductors (hall 4A booth 220), as our CANopen software is now part of NXP’s latest SDK. Our CAN hardware partner PEAK Systemtechnik is in hall 1 (booth 483).

The Embedded World conference program is now online, we are in Session 2.1. The program for the international CAN Conference is here, our papers are in Session IV and VII.

Our authors Christian Keydel and Olaf Pfeiffer published an article in the current CAN newsletter, summarizing the current status of CAN security specifications.

Please follow the link above for more details.

Excerpt:

End of June 2019, the CiA association hold a phone conference for safety and security issues. Holger Zeltwanger gave the participants an update regarding “base documents”. When defining security solutions for Classical CAN, CAN FD, or CAN XL systems, it would be preferable to not start from scratch defining security basics for embedded systems or embedded communication systems. Unfortunately, the current draft of ISO 21434 “Road Vehicles – Cybersecurity engineering” does not seem to be suitable, as it is very generic and not yet completed. It is more of a guideline what designers and developers need to keep in mind when designing a “secured” vehicle.

Another document suggested is the “Baseline Security Recommendations for IoT” by the European Union Agency for Cybersecurity. Until the next meeting, CiA will review and report, if that document is suitable to be referred to also by CiA documents. CAN XL is still in an early specification phase and the related special interest group, recognizing the possibility for security features in hardware to be part of future CAN XL controllers, therefore suggested adding security features to CAN XL first. One of the discussed options is a blacklist/whitelist scheme like the one implemented by the NXP secure CAN transceiver family. Such a scheme can eliminate several potential attack vectors at once if all participants in a CAN (XL) network actively support it. Once we see which security features made it into the CAN XL specification (and hardware), we can review if any of these can still be applied to CAN FD, too, for example on the transceiver level.

However, potential CAN controller specific hardware security features will most likely not be suitable to migrate back into CAN FD, so protocol based security solutions are still required.

Darmstadt and Hannover, June 12th, 2019. PEAK-System Technik GmbH (www.peak-system.com) and Embedded Systems Academy GmbH (www.esacademy.de) have deepened their partnership to provide common CANopen, CANopen FD, and J1939 solutions. For more than 15 years, Embedded Systems Academy GmbH (EmSA) has offered numerous CANopen software products including monitors, analyzers, simulators, configurators, and protocol stacks for the CAN (Controller Area Network) hardware of PEAK-System Technik GmbH (PEAK). Building on that partnership, PEAK has now become a shareholder and partner of EmSA.

“By formally joining the PEAK Group of companies, we can now more easily share resources and are better positioned to streamline development processes that involve both CAN hardware and software,” says Olaf Pfeiffer, General Manager of Embedded Systems Academy GmbH.
Current projects of PEAK and EmSA include CANopen (FD) generic input and output devices, CANopen (FD) protocol libraries, security options for CAN and diagnostics and test systems for CANopen (FD) and J1939.

“The deepened partnership with EmSA will provide our hardware customers with a variety of easy-to-use software products for CANopen, CANopen FD, and J1939 applications,” says Uwe Wilhelm, General Manager of PEAK-System Technik GmbH. “We’ll announce our new joint CANopen and CANopen FD solutions on our websites and blogs over the coming months.”

With every start of a new year, those preparing for the Embedded World and its conference in Nuremburg get busy – so do we. This year our tutors and partners present several papers, mostly around CAN (FD), CANopen (FD) and security issues. Over the last year it became clear that in embedded communication there are a variety of attack vectors as illustrated in the figure right. For protection, security is required on multiple levels, preferably at every network layer.

Find some recommended classes below. The full program is available here.

Tuesday 26th, from Communication – CAN

09:30 – 10:00 / Troubleshooting in Embedded Networks Based on CANopen FD
Reiner Zitzmann, CAN in Automation

10:00 – 10:30 / Automated Node ID Assignment in CAN and CAN(FD) Networks
Christian Keydel & Olaf Pfeiffer, Embedded Systems Academy

10:30 – 11:00 / Signal Improvement Concept for CAN FD Networks
Yao Yao, CAN in Automation

Tuesday 26th, from HW-based Security

12:00 – 12:30 / Extend MCU Security Capabilities Beyond Trusted Execution with Hardware Crypto Acceleration and Asset Protection
Saurin Choksi, NXP Semiconductors

15:00 – 15:30 / Methods for Provisioning Security Features in a Cortex-M33 based MCU Using A Physically Unclonable Function
Rob Cosaro, NXP Semiconductors

Wednesday 27th, from Architectures & Hacking

16:30 – 17:00 / Securing all Network Layers of CAN (FD) Communication
Olaf Pfeiffer, Embedded Systems Academy
Andreas Walz, Offenburg Univeristy

Meet us at Embedded World

During the show, you will find our tutors either at the CiA booth (hall 1, booth 630) with the CANopen FD Demonstrator or at the NXP booth (hall 4A, booth 220) featuring a Multi-Layer CANopen FD Security Demonstrator.

At the upcoming CiA cyber security workshop (Nuremberg, May 2nd) our engineers participate with two presentations. We inform participants about the most common attack vectors used on CAN (FD) systems and some of the basic protection mechanisms already available today. In a second part we will outline CANcrypt based mechanisms and how they can easily be used to implement a generic security layer. This layer can be used in between the CAN Data Link Layer and the higher protocol layers like J1939 or CANopen.

The cyber security workshop is free for CiA members. To register, visit the CiA web pages.

Today, EmSA released a software update for both the freely downloadable and the commercial version of CANcrypt. The update implements multiple recommendations from a security assessment.

As part of the NXP secure bootloader project, the experts at MathEmbedded did a security assessment of CANcrypt. The 43-page report examined possible attack vectors and potential weaknesses. Even to the original release the report stated: “We have not identified a straightforward attack that would allow an unauthorized attacker to easily accomplish all the steps [above].” But the latest update now fixes the discovered weaknesses or adds security notes and comments for application-specific configurations that need less security.

Just in time for the Embedded World 2018 in Nuremberg we can now show a first CANcrypt adaptation to CANopen FD. As CANopen FD already provides a direct, flexible communication method with USDO (Universal Service Data Object) supporting both broadcast and point-to-point communication, the easiest way to port the CANcrypt control messages to CANopen FD is to turn them into CANopen FD objects in the Object Dictionary. The CANcrypt control messages thus are “tunneled” through CANopen using dedicated Objects and USDO services. This allows implementing the CANcrypt grouping mechanism (similar to pairing, but for multiple devices). Authenticated messages are then exchanged based on a dynamically changing key. Each data transfer includes a random value that is used to continuously update the dynamic key.

Visit the CiA (CAN in Automation) at the Embedded World 2018 (hall 1, booth 1-630) to see the CANopen FD demonstrator and to learn more about CANcrypt. To download the free evaluation software or learn more about CANcrypt, visit our web pages for download and CANcrypt.net.

It was a lengthy process. Along with other experts we from Embedded Systems Academy participated in the CANopen FD definition group for more than 2 years now. Initially some only wanted a few changes. However as CAN FD is not backward compatible to CAN (classic CAN controllers produce error frames when they see a CAN FD message) the majority saw the chance to “dump complete backward compatibility” and add new and advanced features. The previous SDO communication (request-response scheme between one master and multiple devices) was replaced with the USDO communication – the Universal Service Data Object.

A first version of the definition of CANopen FD (CiA 1301) was released by the CiA in October this year. It is available from the CiA on request (www.can-cia.org/services/publications/). Some of the new features include:

• TPDOs can now have up to 64 bytes of data (previous 8)
• Full USDO mesh definition – every node can send client requests to every other node
• USDO communication may be a broadcast to all nodes

The USDO service allows any device to send service requests to any other device, without the need for a master or manager to be involved. This greatly improves plug-and-play support and self-configuring systems, as now each device independently can analyse its surroundings: which devices are on this network and what kind of communication objects do they have available.

We at Embedded Systems Academy are now adding CANopen FD support to all our CANopen products. The first line of products supporting CANopen FD is our CANopen Magic software for the analysis and test of networks. As of the latest release (V9.0) all CANopen Magic products support both CANopen and CANopen FD. For CANopen FD an appropriate CAN FD interface must be connected. All of our current tests have been made with the PCAN-USB FD and PCAN-USB Pro FD interfaces from PEAK System.

We are currently in the process of contacting all current CANopen Magic users to inform them about their upgrade options. If you are using CANopen Magic and have not yet received an email from us about your upgrade options, please contact us.