The old adage “may you live in interesting times” is meant to be both a blessing and a curse, and the manufacturers of automotive integrated circuits are indeed living in “interesting times”. In this case, however, the curse (the complexity) is also the blessing (the competitive advantage) as long as you can handle issues like testing, functional safety, and data security. Tessent, part of Siemens Digital Industries Software, offers a solution to manage the new demands of SoCs designed for automotive applications. This is called Tessent Safety Island.
Challenges of automotive integrated circuits
Automotive SoCs are bigger and much more complex than ever before and must also comply with industry standards, like the ISO 26262 functional safety standard, which governs both hardware and software design. Since the point of compliance is to ensure the security of the SoC and the system, it is important to target the correct level of compliance for the target application. These are referred to as Automotive Safety Integrity Level (ASIL), ranging from A through D. When designing for ASIL D certification, on-chip IP subsystems can contain a mix of ASIL support levels. Achieving a global goal requires modularity in security management at the integration level.
In a SoC with mixed security level IP, there must be a way to isolate any subsystem for testing in the system using, for example, Built-in Logic Self-Test (BIST) or BIST memory. Figure 1 shows a potential functional safety IP assignment on an automotive SoC.
Common resources such as memory should be independent between domains as much as possible, so that a failure in one of them cannot corrupt multiple domains and lower the overall ASIL score. Making the components independent for testing and security purposes requires some orchestration. Who is in charge? What mechanism will monitor issues, manage testing, and then communicate issues to the larger system?
This is the function of the Tessent security island (figure 2). It is the mechanism by which the chip can access, manage, and monitor the IP on the SoC that represents a mix of different levels of security support and communicates failures to external systems. For example, raising an indicator that tells the driver to take control in the event of an ADAS system failure. The security island is also adaptable and scalable for future needs and use cases.
It is easy to bring together all the test-based security mechanisms in the system if you use the Tessent MissionMode controller, which allows a single point of control. However, the Tessent MissionMode controller is simply the mechanism by which the configuration and scheduling of the various tests are enabled and the results collected. By adding a safety CPU, the MissionMode controller can become a dedicated safety island. Connected via an AMBA APB interface provided when creating the IP.
Manage more than just a test
Automotive testing is handled by specific security mechanisms such as BIST in a single aspect of automotive integrated circuit requirements. Once the security island is in place, its reach can be further extended. Thanks to the IJTAG interface and the additional bus interconnect, it is also possible to connect a range of other IP addresses that can be used to increase the security of integrated circuits. Figure 3 illustrates the extended connectivity of the Security Island.
Monitoring and triggering of BIST structures to test for structural faults is easily managed through the IJTAG infrastructure which is implemented on chip with BIST IP. The scope of security is extended by the use of Embedded Analytics IP, which enables monitoring and data collection within the SoC structure itself. The integrated analysis IP can meet a wide range of chip activities, even meeting some ISO 21434 requirements. The functional safety IP can be connected, then monitored and controlled, by the security island. Parametric monitoring detects issues that arise due to the effects of voltage, temperature, and process drift that can affect device performance and / or reliability. Data collected using Tessent Safety Island should be analyzed offline, so having a range of different external communication options is critical. The security island enables data preprocessing and conditioning to ensure that bandwidth and data storage are used efficiently.
Siemens EDA provides the components to create a comprehensive and scalable security island solution to manage on-chip testing, security and IP security, and capture data.
Read our new document, Automotive Safety Island: Test, Safety and Security Data Management at the Edge for ISO 26262
Figure 1. Typical assignment of functional safety within an automotive SoC.
Figure 2. Basic architecture of the security island.
Figure 3. Connectivity extended to the security island.
Lee Harrison is Automotive IC Test Solutions Manager at Siemens Digital IndustriSoftware
Tessént group and is responsible for the company’s automotive test solutions. His previous role was in charge of DFT Consulting Services at Mentor Graphics, where he managed a global team of consultants providing DFT and test solutions in many different product areas. He has also held senior engineering positions at 3COM and BAE Systems. He obtained his Beng in Microelectronics and Brunel University, London, UK.