How Automotive Chips Help Aerospace Semiconductor Reliability

Ian Land, Ron DiGuiseppe

Jun 07, 2023 / 6 min read

There’s more in common than you may think between the cars that we rely on for our commutes and satellite systems deployed in space. Both must be designed for dependability over a long period of time, yet both also can encounter microelectronic vulnerabilities, especially given their extremely harsh operating environments.

While the aerospace, defense, and government industry has been using microelectronics for a longer period of time, increasingly these application designers are enhancing their projects by applying lessons and technologies learned from the recent investment in microelectronics in the automotive space—especially in the areas of reliability and functional safety. While the aerospace industry certainly has a long history of producing safe and dependable aircraft, the automotive industry has the scale to invest more heavily in reliable, safe, and secure microelectronic design innovations. Tools and IP infrastructure developed to meet automotive requirements can also be applied to aerospace and defense designs, providing an effective path to achieve critical mission outcomes.

In this blog post, we’ll highlight three key pillars of high-reliability semiconductor design that are applicable for automotive, aerospace, defense, and government electronics: reliability and robustness, safety and radiation tolerance, and security. We’ll also discuss important standards and technologies from the automotive space—functionally safe IP, in particular—that can be applied to aerospace and government designs. Read on for insights on developing SoCs that can be trusted to operate safely and securely in a variety of environments throughout their lifecycles.

How Automotive-Grade IP Can Support Aerospace SoC Design

The reality is, faults happen and the impact can be huge—a typical SoC can have multiple faults when you consider the number of transistors and connections inside. Silicon chips can encounter various sources of vulnerabilities, including systematic and random faults, manufacturing defects, and malicious attacks. Whether the device is operating inside a passenger vehicle or an aircraft carrier, faults and defects can cause a safety-critical subsystem to work improperly. This could result in the car failing to brake when it should, or the aircraft carrier navigating in the wrong direction. Worse, a system failure could result in a fatal outcome–imagine a control system failure at speed in a car or an aircraft. In these application areas, the devices must last for many years—at least 15 typically for vehicles and much longer for equipment such as military aircraft. Because of this, the systems must operate safely and securely for long durations.

Automotive-grade IP developed to meet functional safety standards can be applied to enable aerospace and government designs that operate safely and securely for the long haul. As an example, we can look to one Synopsys customer, NASA’s Jet Propulsion Lab (JPL), a unique national research facility that carries out robotic space and Earth science missions, while also operating NASA’s Deep Space Network. As part of NASA’s High-Performance Spaceflight Computing (HPSC) Program, JPL evaluated the radiation beam testing performance of Synopsys High-Speed SerDes IP and Memory IP. The automotive IP was integrated into test chips developed on the GLOBALFOUNDRIES 22FDX (fully depleted silicon-on-insulator) platform as part of this evaluation. The test results suggest to Synopsys that, if the automotive IP is used properly, the total ionizing dose (TID) level has the potential to meet the requirements of most NASA missions. In addition, there did not appear to be any devices that experienced permanent damage from single-event latchup. Any future devices would require mitigation of single-event effects for space operation.

The Synopsys tool flows for space that leverage automotive can also be used to customize automotive IP for space applications. One could envision isolating regions for multiple independent levels of security in a communications satellite or building hardware-based scrubbing onto a space SoC platform.

Keeping Systems Safe and Secure in Every Environment

In addition to IP, there are electronic design automation (EDA) solutions to mitigate the impact of faults. For example:

  • Systematic faults, occurring in the hardware and across software levels, are often deterministic, meaning the cause of the failure can be determined and eliminated by a modification of the design, the manufacturing process, operational procedure, and/or documentation. Robust design and implementation tools and flows, as well as functional verification tools and flows, can help here. Addressing systematic faults also requires a well-defined development lifecycle process, including a safety plan, high-level failure mode and effect analysis (FMEA), and failure modes effects and diagnostic analysis (FMEDA), a verification plan, and the ability to manage software development according to known standards.
  • For manufacturing defects at the hardware level, the goal is to reduce the number of defects (as measured in parts per billion) through design for manufacturability and test solutions. In semiconductors this can happen using robust design methodology that includes technology computer-aided design (TCAD) as well as through high-quality manufacturing processes.
  • Random faults are seen in automotive and aircraft safety and also occur in radiation environments. These faults, both permanent and transient, can occur unpredictably during the product lifetime and cause hardware failures. The same techniques and tools that work for automotive safety–automated redundancy and mitigation, fault management verification, and monitors for manufacturing and operation–will also work for aerospace and defense applications.
  • Mitigating against random faults also requires a safety-aware architecture with reliability mechanisms that can prevent, monitor, detect, and correct faults. EDA flows are available to perform fault injection and verification to model, simulate, and prevent product failures due to random faults. Malicious attacks can take advantage of software and hardware vulnerabilities as well as technology and learnings over time. They can be prevented and mitigated in a similar fashion to systematic and random faults.

Fault injection testing is one of the tools in the fault verification toolbox. Such testing can be applied during the design phase, to measure functional safety operation, to assess soft-error vulnerabilities, and to measure the effects of malicious attacks on silicon. Other proven methodologies leveraged from the automotive space include fault reduction via static and formal analyses and fault simulation using a functional verification testbench. Thus, with modern simulation and emulation tools, fault injection can also be used pre-silicon to support fault verification and prevention.

Standards Can Guide the Way

Like the automotive domain with its OEMs and Tier 1 and Tier 2 suppliers, the aerospace and defense domain also consists of many players, including prime contractors, subcontractors, and the broader defense industrial base ecosystem. Automotive design risk mitigation techniques, flows, and tools can enhance data exchange across the aerospace and government supply chain, while also improving development cycle efficiencies. One of the principal techniques involves functional safety analysis to identify the potential for random hardware faults.

The ISO 26262 standard for automotive functional safety defines the term “functional safety” as “the absence of unreasonable risk due to hazards caused by malfunctioning behavior of E/E (electrical/electronic) systems.” In the automotive world, the level of risk and its corresponding mitigation is denoted by an automotive safety integrity level (ASIL), with ASIL D being the most stringent. A design approach guided by functional safety standards presumes that faults will occur and proposes ways to react to these potential failures to ensure safe operation.

The aerospace and defense industry is no stranger to standards. For example, it has its own design assurance for airborne electronic hardware and software, DO-254 and DO-178. The space industry has standards like MIL-PRF-38535 for silicon devices to operate in space environments. The challenge lies in the breadth of systems that extend across aerospace and defense—satellites have different requirements than tanks, which have different requirements than radar systems, and so on. However, the industry is recognizing that the functional safety guidelines established for the automotive industry can be leveraged for development of fault-tolerant systems.

Aerospace and defense designers have long used safety and reliability mechanisms, including error correction code to identify and fix faults, parity and triple modular redundancy to mitigate faults, logic and memory built-in self-test (BIST) to monitor for faults. Now, they are starting to use ASIL B- and ASIL D-compliant automotive-grade IP to enable SoCs with greater levels of safety, security, quality, and reliability. ASIL strategies, while intended for ISO 26262 compliance, are relevant for aircraft safety as well as addressing radiation effects.

Synopsys has an automotive IP portfolio that is ASIL B- and ASIL D-compliant to protect against systematic and random hardware faults and is available for advanced process technologies. Additionally, Synopsys has a portfolio of IP cores for security, including TRNG, cryptography, trusted processing, and secure interfaces.

Summary

Today’s savvy designers are leveraging technology and methods across automotive, aerospace, and defense applications. While we focused on automotive to aerospace, the leverage goes both ways; for example, technologies that are now heavily used in vehicles—such as LiDAR, LED lighting, and GPS—stem from aerospace. The primary link is that both industries require SoCs and multi-die solutions that are highly reliable, safe, and secure. Automotive designers have established practices and technologies that enable these qualities, and their aerospace and government counterparts are taking notice. By taking a few pages from the automotive design reliability and functional safety playbook, along with secure and functionally safe automotive IP solutions, aerospace and government designers can ensure that their aircraft, rockets, satellites, and more are ready to soar to new heights.

Continue Reading