Search Results

With the introduction of the ISO26262 automotive safety standard there is a burden of proof to show that the processing elements in embedded microcontroller hardware are capable of supporting a certain diagnostic coverage level, depending on the required Automotive Safety Integrity Level (ASIL). The current mechanisms used to provide actual metrics of the Built-in Self Tests (BIST) and Lock Step comparators use Register Transfer Level (RTL) simulations of the internal processing elements which force faults into individual nodes of the design and collect diagnostic coverage results. Although this mechanism is robust, it can only be performed by semiconductor suppliers and is costly. This paper describes a new solution whereby the microcontroller is synthesized into a large Field Programmable Gate Array (FPGA) with a test controller on the outside.

It is the beginning of a new age: multicore technology from the PC desktop market is now also hitting the automotive domain after several years of maturation. New microcontrollers with two or more main processing cores have been announced to provide the next step change in available computing power while keeping costs and power consumption at a reasonable level. These new multicore devices should not be confused with the specialized safety microcontrollers using two redundant cores to detect possible hardware failures which are already available. Nor should they be confused with the heterogeneous multicore solutions employing an additional support core to offload a single main processing core from real-time tasks (e.g. handling peripherals).

The migration of many vehicle security features from mechanical solutions (lock and key) to electronic-based systems (transponder and RF transceiver) has led to the need for purely electrically operated locking mechanisms. One such example is a steering column lock, which locks and unlocks the steering wheel movement via a reversible electric motor. The safety case for this system (in respect to ISO26262) is highly complex, as there is no single safe state of the steering column lock hardware because there is a wider system-level interlock required. The employed control platform uses ASIL D capable multicore microcontroller hardware, together with the first implementation of AutoSAR® version 4.0 operating system to demonstrate a real-world usage of the newly specified encapsulation and monitoring mechanisms using the multicore extensions of AutoSAR and those of PharOS.

Prototyping of a complete powertrain controller is not generally permissible due to the large number of subsystems involved and the resources required in making the design a reality. The availability of a complete control system reference design at an early stage in the lifecycle can greatly enhance the quality of the system definition and allows early ideas to be prototyped in the application environment. This paper describes the implementation of such a reference design for a gasoline engine and gearbox management control system, integrated into robust housing which can be used for development in a prototype vehicle. The paper also outlines the powertrain subsystems involved, discusses how the system partitioning is achieved, shows the implementation of the partitioning into the physical hardware, and concludes with presenting the system benefits which can be realized.

Recent trends in field bus applications, especially in the automotive section, show a very high demand for data exchange between decentralised, intelligent functional units and modules. These functional units can be grouped together to power train applications or body/convenience applications. In many cases, the coupling of local modules is done with one or more independent bus systems. The actual design and the partitioning of the modules strongly depend on application-specific requirements, such as the total amount of data to be transferred or the maximum of the tolerated latency in data delivery. A very powerful and fast field bus is the CAN bus (Controller Area Network), which supports transfers with data rates up to 1 Mbits/s. Due to the higher transmission speed and the standardized functionality, CAN is a very interesting alternative to and improvement on bus systems based on other protocols.

Currently major investments by Tier1 and vehicle manufacturers are made to implement and optimize safety critical automotive systems according to the ISO standard 26262 “Road vehicles functional safety”. The ISO 26262 standard describes methods to detect the safety critical faults of a system designed according to the rules of functional safety, but it does not describe how an actual implementation shall look like. Development of ISO 26262 standard compliant systems concentrates on optimizing and improving cost and performance in a competitive environment. More competitive and practical implementations use fewer additional hardware and software resources for safety control and error detection and have higher performance with less overhead. Microcontrollers already have implemented many safety related hardware functions, so called safety mechanisms to mitigate safety critical risks.

Cyber security is becoming increasingly critical in the car industry. Not only the entry points to the external world in the car need to be protected against potential attack, but also the on-board communication in the car require to be protected against attackers who may try to send unauthorized CAN messages. However, the current CAN network was not designed with security in mind. As a result, the extra measures have to be taken to address the key security properties of the secure CAN communication, including data integrity, authenticity, confidentiality and freshness. While integrity and authenticity can be achieved by using a relatively straightforward algorithms such as CMAC (Cipher-based Message Authentication Code) and Confidentiality can be handled by a symmetric encryption algorithm like AES128 (128-bit Advanced Encryption Standard), it has been recognized to be more challenging to achieve the freshness of CAN message.