Safety refers to operational safety in terms of the system and the driver. A car is 'safe' if it ensures the physical integrity of the driver, passengers and other road users. This means: Malfunctioning that represents a danger to humans and the environment must be excluded (functional safety). In the automotive sector, this is governed by the standard ISO 26262. In terms of the risk, a system is assigned to a specific safety class (ASIL, Automotive Safety Integrity Level), with the standard defining certain requirements for each level.
The term security refers to the level of protection from external threats. In the automotive sector this applies first and foremost to systems and data. Measures must thus be taken to prevent program code, dynamic data and intellectual property from being copied or manipulated without permission. The European General Data Protection Regulation (GDPR) provides the legal framework for this.
Safe and secure automotive microcontrollers
Microcontrollers play a key role in electronic systems. A microcontroller that meets the safety/security requirements of the automotive industry can also guarantee the safety/security of other components in the system.
With AURIX™ the supplier Infineon offers a family of microcontrollers that is tailored to the needs of car users in terms of security and safety performance. The most important components of the microcontrollers, e.g., the CPU, memory and periphery, support ASIL D, the highest safety level defined in ISO 26262.
Due to the implemented hardware security module (HSM) and the lockstep cores, the AURIX™ microcontroller provides an 'one chip solution'.
The microcontroller is connected to the hardware security module integrated in the chip. The module is the central unit for security and safety. It has its own flash and RAM memory for security applications, as well as an AES accelerator (advanced encryption standard) and a random number generator. As such, it can encrypt data for safe and secure communication and for authentication of the ECU (electronic control unit). The microcontroller can also be booted in a safe and secure manner with the hardware security module to prevent attacks from viruses and Trojan horses. The module is also separated from the rest of the TriCore™ architecture by a firewall.
The second microcontroller generation
The second AURIX™ generation (TC3xx) features up to six independent TriCore™ processor cores with a 300MHz clock frequency. Compared to the previous generation, it boasts twice the computing power, namely up to 4,000DMIPS. Thanks to the high scalability of the derivatives, which differ with regard to flash memory (up to 16MB), RAM (up to 6.9MB), package type, and interface features, the right microcontroller is available for every application.
Further new features:
- In the largest microcontroller (TC39x) four of the six processor cores feature an additional lockstep core. As such, the microcontroller has a computing power of 2,700DMIPS. It therefore now sets new standards in terms of the computing power installed in a chip, e.g., for safety applications as per ISO 26262 through to the highest safety standard ASIL D.
- All second generation AURIXTM microcontrollers come with an implemented hardware security module. Additionally, the functions have been further expanded and improved: New functions support asymmetrical encryption as per the EVITA (E-safety Vehicle Intrusion proTected Application) high requirements. This makes, for example, on-board communication and authentication even safer and hampers hardware manipulation.
- eMMC interface and A/B swap eFlash bank for OTA updates: An external flash interface can be connected vie the e-MMC interface. This enables, for example, local data storage for OTA (over the air) update architectures. Alternatively, A/B swap can be used in eFlash banks. With OTA software updates can be installed via a wireless Internet connection. The car owner no longer needs to go to the auto shop but, rather, can install firmware updates via WLAN if the car is in the garage. In some cases, this means car manufacturers can save money on expensive recall actions.
- A radar component enables all radar applications in the car, from blind spot detection through to the very latest front and corner radar systems. It comes with an arithmetic unit with up to two signal processing units which work with 300MHz. RF (radio frequency) radar chips can be connected directly to the unit via the radar interfaces. This means that fully autonomous lane change and an automatic proximity control can be included in driver assistance systems as standard.
- Further communication interfaces include a Gigabit-Ethernet interface, CAN-FD compliant to ISO 11898-1 and LIN.
With the combination of safety and security, together with Multicore architecture, the second generation of AURIX™ microcontrollers is laying the foundations for numerous automotive applications in the autonomous driving sector. Yet, in order to guarantee security and safety for the complete vehicle, businesses face complex challenges that usually go well beyond their traditional expertise. This is particularly true when it comes to software. For example, ecosystems are gaining momentum in order to pool know-how and accelerate developments. Rutronik already works closely with a network of development service providers, system vendors, and equipping companies. These include the experts for AURIX™ designs, for functional safety and data security in embedded electronic solutions, the system vendor HITEX. This ensures that customers receive the very best support over the entire value-added chain.
Find more components at www.rutronik24.com.
Subscribe to our newsletter to stay updated.