Trust Is a Key Attribute for Automotive Developers
September 14, 2022
The theoretical definition of functional safety can be taken from the ISO 26262 specification which ensures that a high level of safety is built into an automobile and its components right from the start of the design. The standard provides guidance for the entire automotive safety lifecycle, from overall risk management to individual component development, production, operation, service, and decommissioning.
ISO 26262 is actually an automotive adaptation of IEC 61508, a broader standard that encompasses more standards than just automotive applications. IEC 61508 defines what’s required to avoid unreasonable risk due to hazards caused by malfunctioning electrical systems.
Goal: Reduce/Minimize Harm
In a more practical sense, functional safety for automotive is the practice of ensuring that no one is harmed in a car should an electronic system fail to operate as intended. Note that the definition also extends to people outside the car, such as pedestrians, bicyclists, etc.
If you dissect a modern automobile, the amount of electronics content is massive, particularly when compared to cars from say a decade ago. The number of microcontrollers easily tops 100 and the amount of code that’s written for and resides in the automobile is in the millions of lines. So, the potential for failure is there—hence the need for ISO 26262.
We're aware of the many dangers associated with modern vehicles, however we’re here to tell you that they really are safe, both for passengers and people external to the vehicle, assuming the automakers comply with the standards, which they generally do. The key is that the car must have a safe “fallback” in the event of a failure. For “driver assistance” systems such as adaptive cruise control or lane centering, the human driver is the fallback. But, for higher levels of automated driving such as driverless taxicabs, the machine (vehicle) must provide the fallback as well.
Three Categories of Functional Safety Products
Infineon, one of the leaders in the area of functional safety, broadly characterizes functional safety in the following three “buckets” that closely follow industry trends:
- Quality management (QM) standard (IATF 16949)
- PRO-SIL™ ISO 26262-ready
- PRO-SIL™ ISO 26262-compliant
IATF 16949 is the recognized global quality management systems standard for the automotive industry. It incorporates the latest automotive standards. By adopting the standard, OEMs demonstrate their dedication to quality excellence. It defines the requirements for design and development, production, assembly, and installation of automotive-related products, as well as relevant services associated with the automotive industry. Specific to Infineon, QM means that the products have been manufactured according to the company’s mature automotive development processes. And to be clear, it’s ok to use a QM part in a safety system, with the right system-level analyses to support the safety case.
To support using such products in safety-relevant systems, component manufacturers may perform some additional safety analyses at the component-level, to ease the task of the system integrator. In this case, the system integrator would use ISO 26262 clauses 8-13 and 8-14 to ensure that the component adheres to the allocated system safety requirements. Infineon’s PRO-SIL™ ISO 26262-ready products generally support ISO 26262 clause 8-13 class II hardware evaluation, reducing the system integrator’s efforts and speeding time-to-market.
Finally, semiconductor components may be designed from the ground up according to the ISO 26262 standard, further reducing the system integrator’s workload. Infineon’s PRO-SIL™ ISO 26262-compliant products are all provided with a Safety Manual and Safety Analysis Summary Report to further streamline the integration and system-level safety argumentation.
Compliant Product Set
Infineon's functional safety protocols, together with its innovative technologies and commitment to high product quality, enables its customers to quickly develop dependable systems with the lowest possible development effort. Such products in the portfolio that fit this bill include the PRO-SIL™ ISO 26262-compliant AURIX™ TC3xx MCUs, the SLS37 vehicle-to-everything (V2X) hardware security module (HSM) which includes a hardware trust anchor, and the SEMPER™ flash-memory devices that support ISO 26262 up to ASIL-D. These components help comprise the “Infineon Superstore” approach, meaning that just about all your needs can be met by a single supplier.
The AURIX™ TC3xx microcontroller family, with its up to hexa-core architecture and advanced security and connectivity features, was designed specifically for automotive use. Fully ISO compliant, there are variants optimized for dedicated applications such as powertrain (either internal-combustion or electric), steering/braking, or driver assistance.
Infineon’s SLS37 V2X HSM safeguards automotive V2X communication using a tamper-resistant security controller. The solution, based on a 32-bit Arm SecurCore SC300 CPU, stores private keys and handles V2X security operations, including ECC private key management (generation, derivation, deletion), ECDSA signature generation, ECIES encryption and decryption, and storage of generic data. Secure firmware updates can occur in the field thanks to the part’s end-to-end protection.
The SEMPER™ NOR flash memory family integrates critical safety features for automotive applications. It supports a read bandwidth of up to 400 Mbytes/s. And Infineon guarantees availability for at least ten years, a typical requirement in the automotive sector.
A key benefit of working with Infineon is what the company calls its ensured compliance development process, which was certified by an external third party, the SGS-TÜV Saar. The certification followed a review of Infineon’s development procedures, stating that the process is compliant with the latest version of the ISO 26262 functional safety standard.
The bottom line is that you must have trust in your supplier and its products. And not only get to market faster, but get there with the right components.