This DMI (Display Machine Interface) is a HMI platform 10.4’’ which provides SIL2 display, interaction and computation. It is available with an ETCS baseline 3 DMI application on its latest version or as a generic platform for your application. This console is part of a range of consoles that has already sold over 45,000 units since 1997.
Baseline 3.6.0 ETCS DMI
This new console fully meets the requirements of the reference document: SUBSET 091 – Safety Requirements for the Technical Interoperability of ETCS in Levels 1 & 2, version 3.4.0, dated 01.12.2015 (section 7.2.1.5) and also the informative document: the SUBSET 118 Functional Safety Analysis of ETCS DMI for ETCS Auxiliary Hazard, version 1.4.0, dated 20.06.2016 (section 6.8.1.2).
The SIL2 level is also confirmed in an opinion letter by the Europan Railway Agency (ERA) issued on 28 January 2015, confirming the tolerable hazard rate (THR) and asking for updates of the previous version of those SUBSETs.
Innovative SIL2 DMI based on Linux
 |
 |
 |
It provides SIL2 guarantees against:
- Corruption of the applicative program
- Memory corruption
- Clock drift
- Corruption by a Linux kernel fault
- Wrong information display
- Unwanted touch screen inputs
The guarantees obtained by the certificate are as follows:
- the display of icons and text messages are correct
- the display of complex graphical objects (speedometer and brake level indicators for example) is also correct
- the operator’s interactions (human-machine interactions – HMI) with the touchscreen console are secure
These measures reduce the risk that the operator will not see or misinterpret the messages on the screen, and that the commands will not be considered
Document, certification and standards
- Hazardous events: UNISIG Subset 091 3.6.0 “Safety Requirements for the Technical Interoperability of ETCS in Level 1&2”.
- ERA specification v 3.6.0 adapted to display STM information (unified or customisable)
- SUBSET 026 v 3.6.0 chapter 4.7 (DMI depending on modes)
- SUBSET 118 v 1.4.0 (informative only)
Generic SIL2 platform – flexible SIL2 display control – Application free
- Safety (SIL2) is managed by the low layer SW
- Configuration tool to manage the SIL2 constraints (parameter file to be fill)
- Functional Application: delegate SIL2 aspects to a Supervision Module already certified
- Application must be designed to respect exported constraints (detailed in the certificate)
- No mandatory library, you are free to develop your application
Linked to this components
- • Why does the Baseline 3.6.0 ETCS standard require a SIL2 DMI (train display)?
- • CLEARSY will participate to RSSI trade show in Kansas City next May
- • New SIL2 certification for a display screen (DMI)
- • CLEARSY DEVELOPS A KNOW-HOW IN SECURE INTERFACE
- • CLEARSY and Centralp are teaming up for the development of the ETCS DMI.
- • 19th Brazilian Symposium of Formal Methods
Link to this components
