Page 24 - EE Times Europe Magazine

Page 24 - EE Times Europe Magazine | February 2020

P. 24

22 EE|Times EUROPE
Optimized for Success

With the optimized architecture of the
new AURIX generation, availability is further
improved by increasing the independence
between the cores. Each core can now be sep-
arately set to reset, run, or idle status. This
means that a safety mechanism can perform
a reset on one or more cores, while the other
cores continue to run normally.
In addition, SafeTpack, offered by Hitex,
is a comprehensive safety solution that
considerably shortens the safety imple-
mentation for the second generation of the
AURIX microcontroller family. The complex
LBIST functionality and other safety features
of AURIX are managed by SafeTpack, which
also provides additional safety functions
such as program flow monitoring and cyclic
control of peripheral devices. SafeTpack
likewise coordinates the execution of startup
and cycle tests that ensure correct operation
of the CPU and internal buses.

SECURITY
Today’s vehicle architectures, including
those for autonomous driving, require faster
yet highly secure connectivity and com-
munication between critical control units,
such as the central drive computer and the
steering or braking system. Against this
Figure 4: The new AURIX generation enables many high-performance applications in the background, the communication and security
vehicle. For example, a complete chipset for 77-GHz radar is available. functions have been further improved in the
new AURIX generation. For instance, the
controllers offer interfaces for CAN FD, Flex-
encryption mechanisms according to EVITA has developed a chipset architecture that Ray, and, optionally, Gigabit Ethernet. The
“full” requirements. combines a microcontroller with a support HSM (Figure 5) enables both symmetric and
As host controllers in gateway and safety device (TLF35584/TLF30684) — in this asymmetric encryption according to ECC256
telematics applications, the AURIX TC3xx case, a safe power supply. The combination and SHA256, message authentication
controllers support the latest communi- of safety supply device and AURIX micro- between different ECUs, and secure boot-
cation interfaces. This includes up to two controller enables fail-operational systems ing to protect against malware. The HSM is
Gigabit Ethernet interfaces, up to 20 CAN FD with high availability. The advantages of the based on a 32-bit Arm CPU and is separated
channels according to ISO 11898-1, and up to SMU come into play with this approach. The from the rest of the AURI chip by a firewall.
24 LIN channels. An additional eMMC inter- SMU serves as the central collection point The HSM creates a trusted execution envi-
face for an external flash interface enables for all safety-critical alarms. Because such ronment, makes on-board communication
local data storage for software-update over- error handling should not be carried out on a more secure, and renders hardware manipu-
the-air (SOTA) architectures. potentially faulty unit (i.e., processing core), lations, such as motor tuning, more difficult.
Infineon is also one of the first providers the SMU is designed as an independent unit. In addition, the TC3xx microcontrollers
of a multicore architecture with Autosar 4.x. Using the SMU, the internal and external support efficient and secure SOTA and help
For this purpose, MCAL drivers (up to ASIL-D reactions for each error source (interrupt, prevent software hijacking.
level) are offered according to the CMM3 NMI, CPU core reset, CPU core idle, SOC
level and Automotive SPICE (up to ASPICE reset, fault signal protocol) can be config- IDEAL FOR INDUSTRIAL APPLICATIONS
Level 1). ured individually. AURIX microcontrollers were originally
All AURIX microcontrollers utilize the designed for the needs of the automotive
SAFE AND HIGHLY AVAILABLE same concept for functional safety and use industry in which they are widely used. The
The trend toward ever-more sophisticated advanced protection mechanisms including, TriCore architecture combines the advan-
driver-assistance systems and higher levels but not limited to, locksteps, error correction tages of a microcontroller, a RISC core, and
of vehicle automation poses new challenges code (ECC)-protected memory, and the SMU a DSP on one chip. This combination offers
to the robustness, availability, and functional mentioned above. Lockstep technology uses clear advantages when it comes to high-
safety of the systems used. The electronic two cores in a self-test configuration. The performance control. Also important
systems must maintain their functions even same software thread runs on both cores, and for the industry are the long-term availabil-
in the event of a fault (fail-operational). the outputs of the two cores are compared ity and zero-defect quality. Furthermore, the
ISO 26262 is the accepted safety standard for with each other to detect errors. High func- AURIX architecture, with its high functional
vehicle electronics. tional safety is achieved with such extensive safety, offers compatibility according to IEC
High availability plays an essential internal-monitoring safety mechanisms 61508 and the corresponding standards for
role in fail-operational systems. Infineon implemented in hardware. railway technology (EN 50129), agricultural

FEBRUARY 2020 | www.eetimes.eu

19 20 21 22 23 24 25 26 27 28 29