Automotive body control applications require the design engineer to consider a number of factors, ranging from safety to development. These factors cover the vehicle from bumper to bumper and span the beginning to the end of vehicle lifecycles. The eight considerations outlined here are shared by all body control applications and include the best designs that employ technologies to satisfy all eight.
Safety
The slogan “Safety First” should apply to all automotive electronics. While safety is not a matter of life-and-death for body control applications, safety should always be the primary consideration for everything automotive.
ISO standard 26262 for Road Vehicles–Functional Safety specifies a methodology for ensuring adequate safety from product development through production. Body control applications should meet, at a minimum, the Automotive Safety Integrity Level (ASIL) “B” standard.
Additional provisions that help ensure safety through operational integrity include the use of Memory Protection and Peripheral Protection Units (MPUs/PPUs), Error-Correcting Code for memories, watchdog(s), and self-testing of both memory and CPUs.
Connectivity
As long ago as the 1980s, Sun Microsystems made the claim, “The computer is the network” to emphasize the importance of network connectivity in all computing applications, including for both businesses and the Internet. Now, vehicles require their own interconnected networks to function. Interoperable connectivity with external sensors, controls and other systems is best assured by supporting industry standards like the Controller Area Network Flexible Data-rate (CAN FD), legacy CAN, the Local Interconnect Network (LIN) and the Clock eXtension Peripheral Interface (CXPI), as well as emerging standards like Ethernet Audio Video Bridging (AVB). Figure 1 shows some of the interfaces required for body control units.
Connectivity is also required internally within embedded control systems using standards like the Serial Peripheral Interface (SPI), Quad SPI and Octal SPI. To prevent both external and internal connectivity from becoming a bottleneck for some applications, it is important to support applicable standards and protocols at sufficiently high data rates; for example, at a minimum of 100 Mbps and, ideally, 1 Gbps for Ethernet.
Security
Security has become its own separate and special consideration for ensuring safety in applications that require extensive connectivity where every system, sensor, control, gateway and network creates a potential vulnerability. Without adequate security, malware infecting a seemingly innocuous system like HVAC could spread to others and threaten safe operation of Advanced Driver Assist Systems or other critical functions.
Threats to security can come via both wired and wireless connections, including On-Board Diagnostic (OBD), other physical ports and all wireless technologies, including Bluetooth, WiFi and cellular. Potential threats also come from both outside and inside the vehicle, including from the driver’s or passenger’s infected mobile phone, tablet or MP3 player.
Given the extent of the attack surface, all solutions should, at a minimum, support eSHE, the enhanced Secure Hardware Extension that is the equivalent of EVITA Light from the E-safety Vehicle Intrusion-protected Applications project. Superior security is afforded by a Hardware Security Module (HSM) that is equivalent to EVITA Medium with its enhanced cryptographic and random number generation features, along with more secure embedded memory.
High Performance
The large and growing variety, volume and velocity of data from an ever-expanding number of connected systems and sensors requires substantially more processing power from Micro Controller and Electronic Control Units.
A common means for measuring processor performance is the Dhrystone benchmark that measures Millions of Instructions Per Second. MCUs and ECUs should deliver a minimum of 500 DMIPS for basic applications and upwards of 1500 DMIPS for more sophisticated applications.
Performance can be further increased by using tightly-coupled memory that provides the low latency and determinism needed to support real-time applications. Storing application software in high-speed NOR flash also helps boost performance. Additionally, it will add faster response with instant-on operation for applications that have been idled to conserve power.
Low Power Consumption
Power consumption is an important consideration for both the embedded automotive electronics and the functions they control. Its importance will become even more critical as adoption of electric vehicles—and their attendant range anxiety—increases.
Substantial reductions in power consumption can be achieved using ECUs that support various “idling” modes of operation, such as Stop, Sleep and Partial Wake-up. MCUs and ECUs capable of being clocked at slower rates can further decrease power consumption when running those applications and/or processes that do not require peak performance.
Fortunately, more sophisticated power management has become easier to implement using purpose-built ICs (PMICs) specially designed to minimize power consumption, while also continuing to comply with all applicable system and safety requirements.
High Reliability
From a vehicle owner’s perspective, every function should work without fail. This is obviously true for body control functions like keyless entry, but the expectation also applies to functions as basic as changing the temperature or volume.
Just as critical is the expectation that a vehicle can be expected to remain in service and continue to run reliably for 20 years—or longer.
The Automotive Electronics Council’s Q100 standard for Failure Mechanism-Based Stress Test Qualification for Integrated Circuits establishes common part qualification and quality system standards for MCUs, ECUs and other ICs. AEC-Q100 specifies four operating temperature Grades, with Grades 3, 2 and 1 being suitable for body control applications requiring operation from -40°C to +85°C, +105°C and +125°C, respectively.
Related to reliability is durability, and this applies mainly to the non-volatile flash memory normally used in automotive electronics. NOR and NAND flash memory cells slightly degrade with each erase/program cycle. NAND flash is especially susceptible to becoming unreliable after decades of use.
Supply Chain Dependability
With vehicles expected to remain in service 20 years or longer, manufacturers must be able to depend on their component suppliers to provide support over the long haul. Therefore, it is essential to partner only with those suppliers that have proven to be reputable, including with demonstrated longevities of supply and support in the automotive industry.
Ease of Development
With automotive applications becoming increasingly interconnected and complex, both development cycles and the potential for design flaws have increased. For the hardware involved, the effort is simplified by advances in technology, especially the smaller geometries that are leading to more IC-level integration, Multi-Chip Packages and even complete System-on-Chip (SoC) solutions. For example, combining NOR flash and DRAM in a single, low pin-count MCP (on a high-speed bus, of course), simplifies the layout of the printed circuit board.
For the software, standards like the AUTomotive Open System Architecture (AUTOSAR) with its Micro-Controller Abstraction Layer (MCAL) can substantially simplify development and testing efforts. AUTOSAR provides a set of specifications describing basic software modules and application programming interfaces, along with a run-time environment and common development methodology that includes acceptance testing.
Modular designs with layered architectures (Figure 2) can dramatically simplify the development of embedded automotive applications. Existing—and proven—software modules from a variety of sources can be used and reused in different applications, often with little or no modification. The better hardware suppliers support such architectures by offering useful software modules and by ensuring compatibility across a family of scalable MCUs at different performance points, memory densities and number of pins. Design of circuit boards is also simplified when each member of the family integrates both memory and connectivity commensurate with the MCU’s performance.
Together, these eight considerations constitute minimum requirements for developing and supporting embedded automotive body control applications. The more fully a supplier satisfies them, the better that supplier is likely to be a worthy partner.