Shulou(Shulou.com)06/02 Report--

The hidden danger behind the "core" Xiangrong

The whole world is in the period of traditional automobile to intelligent network automobile transformation. with the rapid development of new generation information technology, such as artificial intelligence, 5G, Internet of things, cloud computing and so on, it will produce huge synergistic effect in the development of intelligent network connection automobile technology. reshape the automobile industry and business model, bring fundamental changes for human travel mode. In the electronic and electrical systems that account for more than 60% of the whole vehicle, the intelligent network-connected vehicle chip can efficiently realize the functions of induction, control, execution, decision-making, communication, navigation and so on. Fig. 1 the main trend of automotive semiconductors: automotive gauge grade IC, which is different from consumer electronics IC, highly emphasizes reliability and functional safety, needs to withstand extreme working environment (- 40 °C to + 150 °C), and meets automotive industry standards such as ISO-26262 and AEC-Q100. For the semiconductor development process, the requirements of the first edition of ISO-26262 are mainly combined with the hardware development of ECU in the content of Part5, hardware development phase. However, considering the great differences in the implementation of semiconductor development and hardware development, a new guide for functional safety development of Part11 semiconductors is proposed on the standard of version 2018 of ISO26262. As a supplement and improvement of Part5, the security life cycle model framework is as follows:

Figure 2 ISO26262 functional security lifecycle model framework takes IP/SoC security development and verification in IC as an example. The functional security development goal of IP/SoC mainly includes two aspects: avoiding systematic failure and avoiding random failure. The mapping relationship between security activities and standards in the development process is as follows: figure 3 IP/SoC and ISO26262 mapping

IC development process that conforms to functional safety standards

There are generally two development modes of semiconductors that meet the functional safety standards: Design in Context Safety Element out of Context (SEooC). At present, chip manufacturers basically adopt the development mode of SEooC. In the SEooC development process, the functional security activities in the security life cycle will be tailored to meet the actual development needs.

Figure 4 based on SEooC semiconductor development process, semiconductor development based on SEooC mode is mainly divided into two processes: SEooC hardware component development related items development core process one, SEooC hardware component development. It includes system-level hypothesis and SEooC design. Chip manufacturers formulate system-level assumptions according to the results of market research and product positioning. The main contents include technical security requirements assumptions and external design assumptions. Chip manufacturers carry out follow-up development and design according to system-level assumptions. Figure 5 the relationship between requirement hypothesis and SEooC development the design of SEooC mainly includes functional security activities: description and verification of hardware security requirements, description and verification of hardware design, DFA analysis, FMEA/FTA analysis, hardware quantitative index evaluation and verification, hardware integration verification and so on. Description and verification of hardware security requirements: hardware security requirements are derived from hypothetical technical security requirements, including functional requirements (expected functions and security mechanisms) and binding requirements (failure rate indicators, FFI, etc.) According to the ASIL level of hardware security requirements, the corresponding verification methods (walk-through, review, semi-formal verification, formal verification) are adopted to verify the correctness, integrity, testability, consistency, realizability and other hardware design description and verification of hardware security requirements: it mainly includes semiconductor architecture design, RTL design, gate-level design, layout and routing, etc. Through inspection, review, security analysis (FTA/FMEA), simulation and other methods to verify DFA analysis: through DFA analysis to ensure that the modules of different ASIL levels meet the requirements of coexistence, and the modules decomposed by ASIL levels meet the independence. Expected functions and security mechanisms meet the independence of FMEA/FTA analysis: mainly for a variety of complex system design and initial sample design phase of reliability and security analysis. Used for system fault analysis, prediction and finding out the weak links of the system, in order to take corresponding improvement measures in the design, manufacture and use of hardware quantitative index evaluation and verification: mainly includes FMEDA and PMHF calculation, through architecture indicators (single point of failure indicators, potential fault indicators) to evaluate the level of hardware architecture design The evaluation of PMHF value shows whether the residual risk of random hardware failure in violation of security objectives is low enough for hardware integration verification: according to the ASIL level, take corresponding verification measures to verify whether the hardware design meets the corresponding hardware security requirements. Its main content is system-level hypothesis verification. When the chip integrator (OEM/Tier1) carries out the system-level design, it is necessary to verify whether the technical security requirements of the chip are consistent with the external design assumptions, the technical security requirements assigned to the chip in the current system and the current system design. If the two are consistent, they can enter the subsequent functional security development stage; if the two are not consistent, they will be changed by the chip developer or the chip integrator according to the actual project.

Security Analysis helps SEooC Development

From the above analysis of the key technologies of the IC process in accordance with the functional safety standards, it is not difficult to see that how to carry out semiconductor safety analysis is very important to SEooC development. Efficient and accurate completion of security requirements management and traceability, FMEA, FMEDA, security mechanism design, fault injection and simulation, FTA, DFA and related change management and impact analysis are the challenges facing SEooC development. The traditional use of Excel and other single-point tools has been difficult to meet the requirements of secure development and design. Fig. 6 challenges faced by semiconductor development in which in FMEDA analysis, the chip design must consider not only permanent faults, but also transient faults caused by circuit interference and electromagnetic interference. Generally speaking, for permanent faults, the failure rate distribution of package Package and wafer Die is generally determined by industry experts, while the specific failure rate of each functional module within the wafer Die, such as digital circuit, analog circuit, CPU, etc., should first be calculated according to SN29500, IEC62380 and other standards and the total failure rate according to the number of transistors, and then the corresponding failure rate should be calculated according to the area of each functional module. For transient faults, the standard recommendation is that the total failure rate is calculated according to the number of gates multiplied by the basic transient failure rate, so the calculation of the internal failure rate of the chip needs to extract the area of the module inside the chip and the number of gates. For the calculation of permanent fault and instantaneous fault failure rate, it is very time-consuming and labor-consuming to extract and analyze the data manually, so special tools are needed to assist.

IC functional Security solution-Medini Analyze

For the functional safety development and verification of semiconductors, Medini Analyze introduces a complete security analysis solution, which supports importing IC design files into the tool, automatically identifying the required data for a series of analysis and calculation. Figure 7 Medini aims at semiconductor FMEDA workflow for the development of semiconductor FMEDA, the main analysis flow based on Medini Analyze platform is as follows: seamless import of STEP1,IP design data and mapping STEP2 with high-level architecture model, supporting design data import including die area/gate counts in IPD-XML format. Through mapping between design data and high-level architecture model, high-level architecture model can automatically summarize distributed STEP3 of failure rate. Failure rate prediction, according to the mapping relationship, automatically distribute the failure rate to each functional module STEP4, execute FMEDA, calculate SPF/LF metrics,safe fault fraction, etc., generate the table of FMEDA directly from the mapped high-level architecture model, and automatically estimate the SPFM/LFM index STEP5 based on the security mechanism DC value, and generate the fault list from FMEDA for fault injection simulation. Support the EDA tool for fault injection testing through the exported fault list in order to obtain a more accurate DC value STEP6, perform fault injection to determine the diagnosis coverage of the security mechanism STEP7, update the diagnosis coverage of the security mechanism and the fault injection safety fault ratio, based on the accurate DC value Medini will automatically update the FMEDA table and calculate the corresponding hardware indicators in addition Medini Analyze also has the functions of security requirements traceability management, FTA analysis, FMEA analysis and DFA analysis. " The "DC Configurator" function can export the security analysis work of chip manufacturers in the form of engineering files, and the tool automatically collects all relevant high-level architecture data, which only contains information related to security analysis, but not the specific design of the chip, so as to realize the information sharing of security analysis and protect intellectual property rights at the same time. Jingwei Hengrun began to study and implement functional safety in 2008, and set up a functional safety team in the same year, from digesting ISO-26262 standards to participating in the formulation of GB/T 34590 functional safety standards in 2017; combined with its own automotive electronic product research and development practice, Jingwei Hengrun's functional safety team has implemented 100 + successful cases at home and abroad in intelligent driving domain, chassis domain, power domain and body domain, and has accumulated rich experience. To meet the needs of the market, combined with the technical difficulties of functional safety implementation of mass production products, Jingwei Hengrun functional safety team, with intelligent driving functional safety as the theme, have issued a series of solution articles, welcome to discuss together!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.