How to be safety ready for an automotive application?
Functional safety is becoming an increasingly common requirement as automotive and industrial systems continue to grow in complexity and automation.
Over the last years, the tendency often called X-by-wire has consisted in replacing functions formerly ensured by mechanical or pneumatic means by electrical means. Since those electronic implementations now also begin to replace even the most critical vehicle functions, a possible malfunction could lead to catastrophic consequences, even threatening human lives.
Consequently, the safety requirements associated to those electronics devices have drastically increased. Thus, ISO 26262 standard addresses the functional safety of electrical and electronic systems in road vehicles with a risk classification system called Automotive Safety Integrity Levels (ASILs). The four ASILs identified by the standard are ASIL A, ASIL B, ASIL C and ASIL D. ASIL D has the highest product integrity requirements and ASIL A the lowest.
The components or systems developed for ASIL D need therefore to comply with the highest safety requirements.
The application of those requirements has been extended to semiconductors in 2018, when the part 11 of the standard was published.
To maintain risk as low as possible, two types of failures must be analyzed and reduced to acceptable levels: systematic failures, when a specific cause will always lead to a failure, and random hardware failures, when unpredictable events can lead to various failure modes.
To prevent systematic failures, the developer needs to undergo cautious development and code analysis to detect as much failure modes as possible, using for example, failure analysis methods.
On the other hand, the prevention of random hardware failures will involve reducing the probability of hardware failures through the use of reinforced hardware and mechanisms that will prevent these failures or their propagation in the system.
Those two safety aspects also come with a need for security. The first required functions being integrity and authenticity insurance, quickly completed by ciphering, secure boot, secure update, and more…
How does Secure-IC help reaching compliance with ASIL B & ASIL D requirements?
SecuryzrTM iSE is an integrated Secure Element, also called HSM in Automotive context. Depending on the requirements, SecuryzrTM iSE may embed a complete set of countermeasures in order to raise the safety level and prevent random hardware failures. For example:
- Memories in the SecuryzrTM iSE may embed error corrections codes (ECC or EDC)
- SecuryzrTM iSE internal IP may support read-after-write functions to detect any writing error
- SecuryzrTMi iSE is protected against failure due to environmental changes and adverse conditions using internal digital sensors
- The CPU in the SecuryzrTM iSE may embed lockstep to avoid random errors or fault injections
- Spatial or temporal redundancy may be implemented
- Watchdogs and timers may be implemented in the SecuryzrTM iSE to prevent abnormal execution times
- Finally, all Secure-IC’s IPs include self-tests to ensure, at startup and/or at regular intervals, that everything is working properly.
The complete integration of all these safety functions simplifies the certification process by allowing independent certification of the security subsystem and the host system.
Do you have questions on this topic and on our protection solutions? We are here to help.