Rockwell Automation 1785-Lx6B,D17856.5.13 MNL. PLC-5 PROTECTED PROCESSOR User Manual
Page 9
Chapter 1
Planning for a Protected System
1-4
Examples of memory areas that you should protect using the DTEP
mechanism might include:
•
security-critical output words
•
certain counter, timer, or BT/MG/PD control structures
•
integer storage registers
•
data-table words used to specify indirect addresses in critical data tables
•
processor status file words that configure the system, such as:
Word(s)
Use
S:9
Maximum scan time
①
S:26
User control bits
S:29
Fault routine number
S:30-31
Selectable timed interrupt (STI) configuration
S:46-50
Processor input interrupt (PII) configuration
S:54
STI maximum scan time
①
S:56
PII maximum scan time
①
S:77
Communication time slice
S:78-123
Main control program (MCP) configuration and individual MCP
maximum scan times
①
①
If you are verifying that performance parameters are not violated, for example.
As system administrator, you can give end users some flexibility in
integrating a system but still maintain control over critical STI, PII, or
fault-routine logic. After securing the above registers with DTEP, you
can define a number of unprotected empty ladder files and include jumps
to subroutines (JSRs) specifying these files at the end of critical routines.
The end user can then add logic to an STI, for example, without opening
the actual STI file for modification.
The DTEP mechanism also provides for certain protections against
unauthorized changes made by an end user using offline programming
software:
•
During downloading of a protected processor image file, the protected
processor screens all end-user ladder-type program files—including
structured-text and SFC files—for operands violating the DTEP ranges.
•
I/O force operations cannot be downloaded; therefore, they must be done
on line.
•
Offline changes made to the values stored in protected data-table
locations can be nullified if you, the system administrator, follow good
programming practices and initialize all data-table locations to
their desired values off of the processor’s first scan flag (S:1/15).
Tip
The status-file location
of the value for the
DTEP file (S:63) is
protected automatically;
therefore, you do not
have to protect it individually.