The functional safety of automotive electronics is governed by ISO 26262 with a hierarchy of requirements specified by the Automotive Safety Integrity Levels (ASIL) with level “A” being the lowest and “D” being the highest (subject to the most stringent requirements). It is possible to have components certified as “ASIL Ready.” For ASIL Ready, the solution must be architected to meet the requirements of the appropriate ASIL grade, but it does not require an actual hardware implementation. An authorized certification lab reviews the solution vendor’s good faith representations of meeting the ASIL requirements and issues an ASIL Ready certificate.
On the other hand, achieving ASIL certification, as we announced for the RT-640 embedded Hardware Security Module (Root of Trust), requires implementing the architected solution in hardware with all the safety mechanisms needed to satisfy the technical safety requirements. For an IP solution, the result is a complete RTL design inclusive of verification test bench. The solution must then undergo rigorous testing to ensure it meets the ASIL requirements.
For the RT-640, Rambus used the Siemens SafetyScope™ analysis tool. The SafetyScope tool provides an accurate indication of a design’s safeness through analysis using structural building blocks in the netlist or RTL design before validation via fault simulation. Using the SafetyScope tool, we were able to analyze the RT-640 design and determine the Diagnostic Coverage based on the safety mechanisms implemented. The Diagnostic Coverage determines to which extent all the faults related to safety are addressed by the design. After SafetyScope analysis, Rambus used the Siemens KaleidoScope™ tool for fault simulation.
The results of all these simulations were sent to the TÜV-SGS certification lab where they were rigorously analyzed. Upon successful completion of this analysis, TÜV-SGS certified the RT-640 as satisfying the requirements of ISO-26262 ASIL-B. You can read more about the safety and security requirements for automotive electronics, and how Rambus collaborated with Siemens to reach this important milestone in the white paper, Navigating the Intersection of Safety and Security.
If ASIL Ready certification is an option, why did Rambus go through the time and expense of getting the RT-640 ASIL-B Certified? The reason is that with ASIL certification, customers save time and effort. Customers can incorporate the RT-640 into their automotive chip designs with the assurance that the subcomponent has already passed ASIL requirements. This reduces customer risk, shortens the implementation timeline, and speeds time to market.
Leave a Reply