NXP PROCESSEURS POUR ENVIRONNEMENT CONTRAINTS ET …
Transcript of NXP PROCESSEURS POUR ENVIRONNEMENT CONTRAINTS ET …
PUBLIC USE
NOV 2016
NXP
PROCESSEURS POUR ENVIRONNEMENT
CONTRAINTS ET SÉCURISÉS
PUBLIC USE1
Security Ease of UseEnergy Efficient
Automotive AND Industrial Megatrends
• IoT / Big Data
• Sensor Fusion
• Detection
• Encryption
• Authentication
• Perform/Power
• Heat dissipation
• Higher Integration
• Space Constrained
• Proven Quality
• Reliability
• Product Longevity
• High Temperature
• Functional Safety
• Low Cost SW
• Reference Designs
• Trusted Partners
• Strong Support
• Faster Launch
Robust
PUBLIC USE2
Application Overview
Ultra-reliable MCUs are ideal for challenging environments found in industrial, infrastructure,
automation, communications, transportation, medical and A&D applications.
Circular pump for heatingand cooling water circuit
Engine cooling fan
Starter
Alternator, generator
Steering wheel,adjustment
Scavenging pump,high-pressure pump
Headlight rangeadjustment unit
Heating fan
Cooling fan for airconditioning system
Circular pump for stationary heating system
Motor for stationary heating system
Heating and air conditioning system
ABS pump
Window winder
Arial drive
Idle positionadjustment system
Tailgate closing
Rear windscreenwiper
Fuel pumpErgonomic backrest,headrest adjustment
Headlight cleaning
Headlight tilting
Wipers
Sliding roof
Mirror adjustment
Central locking system
Door closing
Belt system
Seat control
Headrest adjustment
Backrest adjustment
Rear seat adjustment
Convertible roof
Active suspension
EPS drive
Lighting
ControlCentral Locking
System
High Pressure
Pump
Alternator,
Generator
Circular Pump for Heating and
Cooling Water Circuit
Air Conditioning
SystemGate Closing
Robot Arm movementFluid Pump
Machinery Positioning
Solar InverterElevator
Medical Pump
Avionics
Signaling System Construction/Harvesting machine
engine management and motor control
Fire Alarm
Oil Rig Sensor
Those MCUs offers best-in-class
quality, reliability and safety for
applications that need to perform in
the harshest environments.
NXP.com/UltraReliableMCUs
PUBLIC USE3
Ultra-Reliable Auto & Industrial MCUs Values
Broadest ultra-reliable MCU portfolio• 8k to 8 MB of embedded flash with 5V supply, -40 to 150 ˚C ambient
temperature
• Safety supporting ISO26262/IEC61508 requirement
• Security (detection & prevention) for connected nodes
Best in class quality, reliability and safety MCUs
• 30 year delivering industrial and automotive grade quality
• Zero defect program, no failure in the field
• Advanced design for manufacturing (DFM) and test (DFT)
Industry’s benchmark product longevity
• 15 years minimum product longevity support
• 20 years service lifetime and 5 years shelf-life
• Below 1ppm defect qualityNXP.com/UltraReliableMCUs
PUBLIC USE4
Functional Safety and Security
PUBLIC USE5
SafeAssure™ Program
• NXP simplifies the process of system compliance for automotive and industrial functional safety standards
• Reduces the time and complexity required to develop safety systems that comply with ISO 26262 and IEC 61508 standards
• Supports the most stringent Safety Integrity Levels (SILs)
• Zero defect methodology from design to manufacturing to help ensure our products meet the stringent demands of safety applications
• Functional safety activities address:
− Safety process (FMEA, FTA, FMEDA) integrated into development process
− Safety hardware (safety manual) BIST, ECC, etc
− Safety software (safety manual) Autosar MCAL, OS, core self tests, etc.
− Safety support – training, documentation and tech support
PUBLIC USE6
Single Point Failure
Immediate potential for hazard
Latent Failure
Danger with second fault
Common Cause Failure
Annul redundancy-based measures
NXP Solution• Structure redundancy [Core, DMA]
• Information redundancy [E2E, ECC,
EDC]
NXP Solution• Hardware self test [memory, logic]
• 90% stuck-at-fault
NXP Solution• Delayed checker core
• Clock, temp, power monitor
• Independent safety clock
Functional Safety Implementation
Key Features:
Lockstep cores, ECC on memories, Redundant function, Monitors, Build-in self-test,
Fault collection and control, Core self test, FMEDA, Safety manual
NXP.com/SafeAssure
PUBLIC USE7
Functional Safety on Automotive and Industrial Ultra-Reliable
MCUs
NXP.com/SafeAssure
Product Target Applications Safety Hardware
MPC577xK Vision/Radar Targets ASIL D
MPC5748G Control Module/Gateway Targets ASIL B
MPC5777M Engine Control Targets ASIL D
MPC5744P Safety Domain Control Targets ASIL D
MPC564xL Input/output Control Targets ASIL D
S32KGeneral Purpose ARM MCU,
Motor ControlTargets ASIL B
S32V Radar, Sensor fusion, Vision Targets ASIL B
S12ZVL LIN NodesTargets ASIL A
S12ZVC CAN Nodes
PUBLIC USE8
Security, What you need to know
Multi-layered approach strengthens overall equipment
security
• Protects against HW and SW theft, tuning, parts cloning, component
age manipulation and personal data theft
Trusted execution against
• Attacks from compromised platform SW
• Violation of confidentiality and integrity of sensitive data
• Access to critical peripherals and memory
• Backdoors using untrusted DMA masters
• Starvation of resources available to critical services
Communications
Applications
HSM/CSE/Trust Zone
Tamper detection module
Encryption
Authentication
Firewall
Audit Trail
Flash
PUBLIC USE9
Security Implementation
CSE HSM TDM
Cryptographic Security
Engine
• Turn-key solution
• SHE Compliant
• AES-128
• Secure Key Storage
Hardware Security
Module
• User programmable
• Secure debug
• Supports CSE functional
requirements
• Secure sensor interface
‒ Voltage, temperature and
clock monitoring
Flash Tamper Detection
Module
• Records all attempts to
modify flash memory
• Detects unauthorized re-
programming of application
code
• Protects manufacturer’s
investment
PUBLIC USE10
AEC Q100
All NXP Automotive
MCU are AEC
Q100 certified
125˚CAll NXP Automotive
MCU support up to
125˚C ambient
temperature
135˚C+Extended temperature
up to 135˚C+ ambient
on several product lines
(S08SG, S12G, S12ZV,
MPC57xx)
Low PPM
Benefit of one of the
lowest PPM level in the
industry targeting zero
defects performance
• Largest portfolio with automotive qualification grade
• High temperature for space constraint applications like fuel, oil, water pumps, sensor and
actuators.
NXP Products: Automotive Grade for Challenging Environments
PUBLIC USE11
Portfolio Overview
PUBLIC USE12
Ultra-Reliable Automotive and Industrial Product Lines
Advanced
Assist
Systems
Dynamics and Connectivity
General Purpose and Integrated Solutions
Vision & Radar
Vehicle IoT
Autonomous System
Engine Management
New Energy
Gateway
Safety
CAN/LIN nodes
Motor control
Sensor/Actuators
Application
Specific
Functional Safety
Multicore Processing
Code Security
Time to Market
Reference Solutions
Hyper-integration
Broad Market
PUBLIC USE14
NXP Automotive General Purpose and Integrated MCU PortfolioA
pp
licati
on
s
Now in production
S08
8bit auto
S12
16bit auto
MPC56xx / MPC57xx
32bit auto
S32K
S12 MagniV
Ramping in 2017+
KEA
PUBLIC USE15
S32K – Fastest Time to Market + Future-Proof Features
Most Scalable Portfolio• 8K to 2M+ Flash• HW and SW compatibility Reduce R&D
Superior Performanceand Features• Cortex M with FPU & DSP• Lowest Stop Current• ASIL-B safety • SHE- Security• CAN-FD, Ethernet• FlexIO, Reduced BOM Cost Future proof designs
Complete Software Solution• S32 Design Studio• Software Devt Kit (SDK)• Autosar MCAL + OS Reduce Time-to-Market
PUBLIC USE16
S32K148 Block Diagram
Crossbar Switch with MPU
RAM
Up To
256KB
System
Periphera
l
Bridge Flash
Up To
2M
NV
IC
Cortex M4F
112 MHz
FPU, DSP, MPU,
4 KB I/D-Cache
EEPROM
Up To
4KB
RTC
PMC2.7 - 5.5V
FLL Clk Mult
Ext Osc (8 - 40MHz)
Fast R/C OSC(48MHz 1%)
LP OSC (128KHz 10%)
SCG
High Performance• ARM Cortex M4F up to 112MHz w FPU
• eDMA from 57xxx family
Software Friendly Architecture• High RAM to Flash ratio
• Independent CPU and peripheral clocking
• 48MHz 1% IRC – no PLL init required in LP
• Registers maintained in all modes
• Programmable triggers for ADC no SW delay counters or extra
interrupts
Functional safety• ISO26262 support for ASIL B or higher
• Memory Protection Unit
• ECC on Flash/Dataflash and RAM
• Independent internal OSC for Watchdog
• Diversity between ADC and ACMP
• Diversity between SPI/SCI and FlexIO
• Core self test libraries
• Scalable LVD protection
• CRC
Low power• Low leakage technology
• Multiple VLP modes and IRC combos
• Wake-up on analog thresholds
Security• CSEc (SHE-spec)
Operating Characteristics• Voltage range: 2.7V to 5.5V
• Temperature (ambient): -40°C to +125°C
Digital
Components
5V Analogue
ComponentsMCU Core
and Memories
Packages & IO• Open-drain for 3.3 V and hi-drive pins
• Powered ESD protection
• Packages: 100 BGA, 144 LQFP, 176 LQFP
secu
rity
Slow R/C OSC(8MHz 3%)
16ch
eDMA
LVD
WDOG EWM
Debug
SWD JTAG
Communications / I/O System
2x A
DC
32
ch 1
2bit
AC
MP
w 8
-bit D
AC
8x F
lexT
ime
r8ch 1
6-B
it
3x F
lex C
AN
2 w
ith
FD
2x P
DB
Qu
ad
SP
I
3x S
PI
2x I
2C
Flex IO
I2S
UA
RT
SP
ILP
IT
CR
C
3x U
AR
T/L
IN
SAI
I2S
AC
97
TD
M
100MBit/s
Ethernet
incl. PTP
PUBLIC USE17
S32K SafeAssure Program
Safety HardwareCommon safe hardware platform for application software:
• Voltage/clocks monitoring
• Memories w/ error correction (ECC)
• Window Watchdog...
Safety Process
• ISO 26262 development processfor all products
• Safety Element out of Context
Product Development
Process
FMEDA Report
Availability
Dependant
Failure Analysis
Safety
Manual
Core Self-Test and User
Guide
S32K ISO 26262 Upon request Yes Yes Yes
Quality Foundation
Safety Support
• FIT rates
• Safety manual
• Technical support as required
Safety SoftwareS32K core self-test available to complement the built-in hardware safety features
PUBLIC USE18
MPC5777M MCU for Automotive & Industrial Engine
Key Features
• Two independent 300 MHz Power
Architecture z7 computational
cores
– Single 300 MHz Power
Architecture z7 lockstep
– Delayed lock-step for ASIL-D
safety
• Single I/O Core 200 MHz Power
Architecture z4 core
• 8M Flash with ECC
• 596k total SRAM with ECC
– 404k of system RAM (incls. 64k
standby)
– 192k of tightly coupled data
RAM
• 10 ΣΔ converters for knock
detection, 12 SAR converters –
84 total ADC channels
• GTM – 248 timer channels
• eDMA controller – 128 channels
Package• 416 PBGA, 512 PBGA
• eCAL emulation device for each package
PUBLIC USE19
Safety Concept Summary
• Measures against single point faults
− Replication only of Cores & attached periphery
− End-2-End protection of data paths (ECC)
− ECC on all RAMs (System, periphery, Cache, TCM) & Flash
• Measures against latent errors (during boot)
− Memory BIST
− LBIST
− Limited BIST of analog components
• Measures against Common Cause errors
− Clock & Power Monitors, Monitors of signal lines (debug, test, …)
− HW-evaluated Temperature Sensors
• Some errors not handled
− External hardware supervision (Watchdog, Supply Voltage)
− Redundant usage of I/O by software
< 50ms
PUBLIC USE20
ADAS and HAD Portfolio
Target Markets Products
Highly Automated
Driving
Surround Vision
Front L/M Range Corner Radar Highly Integrated
Sensor
Mono/Stereo Vision
Vision ADAS & Automated Driving
Radar Based ADAS
S32V
Automotive open platform built on
quality, highly performing, fully
abstracted accelerators,
uncompromised safety and security
S32A
General purpose computing with
MASSIVE performance for
environmental modeling acceleration,
automotive quality, fault tolerance and
security
S32R
Scalable, highly integrated, safe and
secure family driving the digitalization of
radar and sensor data fusion
Technology
Best in Class
Cognitive
Acceleration
Software Dev Kit
& Linux
ARM Cortex Safe
& Secure
Architecture
PUBLIC USE21
256kB Banked L2
ARM A53
32KB
L1-D
32KB
L1-I
ARM A53
32KB
L1-D
32KB
L1-I
S32V234: ADAS Safety Controller
General Purpose Processing
• Two 2x ARM A53 Safe Clusters
• 64 Bit, 1.0 GHz
• 2 x 256 kB L2 cache per cluster
• Neon SIMD
• ~10000 DMIPS
• 2 x 32b DDR3/LPDDR2 at 533MHz
Accelerated Processing
• Image Signal Processing
• 2 x APEX2 – Image cognition
Processing Open CL
• h.264 Codec and MJPEG decoder
• 3D GPU GC3000 (4 Shader)
Coherency Fabric2x CSI2 4ln
2x 16 bit Par I/F
Power Management
SDHC
LinFLex
I2C
GPIO, JTAG
4MB
System RAM
CSE3
M4
32-bit DDR3/LPDDR2
Memory Controller
32-bit DDR3/LPDDR2
Memory Controller
Gb
ET
H
Fle
xR
AY
Zip
wire
PC
Ie
3D
GPUISP
Safe
DMA
Multi
Master
Sram
Ctrl
ADC
FCCU
APEX
2
APEX
2
H.264 MJPEG
Functional SAFETY
• Classic ASIL B capable SoC
• LBIST, MBIST
• Voltage Monitoring, Temperature Monitoring
• Full memory ECC, E2E ECC
• SW Core Self Tests
• SW independent Fault monitoring and reporting
• Safe DMA, CRC processing
• Safe MCAL
High Speed Serial Interfaces
• 1 PCIe controllers
• 1 Dual Channel FlexRay
• 1 Zipwire
• 2 x MIPI CSI2 - 4 lanes 6Gb/s
Low Speed Serial Interfaces
• 2 CAN –FD
• 4 SPI
• 2 LinFLEX
• 4x Timer
• FlexRay
Security
• 1 CSE3 – Flashless
256kB Banked L2
ARM A53
32KB
L1-D
32KB
L1-I
ARM A53
32KB
L1-D
32KB
L1-I
DCU
Vision Surround Fusion
PUBLIC USE22
Introducing Ethernet: NXP Provides Auto-Native Portfolio Flexible, scalable solution
TJA1102
Dual-OABR PHY
TJA1102
Dual-OABR PHY
e.g. MPC574xC/D/G
802.1Q + AVB
802.1Q + AVB + TSN
SJA1105T
SJA1105
AVB SW
AUTOSAR Capability
Host Processor(i.MX, MPC574x, S32x)
• TJA1100 100MBPS PHY − Open Alliance BroadR-Reach Compliant
− Fully automotive qualified
− Robust automotive grade EMC and ESD
− Minimal external component count
− Enhanced Power Management to save battery life
• TJA1102 Dual-PHY − Single chip dual Broad-R-Rach PHY
− Enables better scalability
• SJA1105 FIVE-PORT SWITCH− Layer 2 Store and Forward Switch,
− Supports AVB, TSN and Deterministic Ethernet
− Up to 1-Gb network speed,
− MII/RMII/RGMII Interface
− Port Mirroring and VLAN support (IEEE 802.1Q and IEEE 802.1P)
PUBLIC USE24
ATTRIBUTION STATEMENT
NXP, the NXP logo, NXP SECURE CONNECTIONS FOR A SMARTER WORLD, CoolFlux, EMBRACE, GREENCHIP, HITAG, I2C BUS, ICODE, JCOP, LIFE VIBES, MIFARE, MIFARE Classic, MIFARE
DESFire, MIFARE Plus, MIFARE FleX, MANTIS, MIFARE ULTRALIGHT, MIFARE4MOBILE, MIGLO, NTAG, ROADLINK, SMARTLX, SMARTMX, STARPLUG, TOPFET, TrenchMOS, UCODE, Freescale,
the Freescale logo, AltiVec, C 5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C Ware, the Energy Efficient Solutions logo, Kinetis, Layerscape, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert,
QorIQ, QorIQ Qonverge, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid, Airfast, BeeKit, BeeStack, CoreNet, Flexis, MXC, Platform in a Package, QUICC Engine,
SMARTMOS, Tower, TurboLink, and UMEMS are trademarks of NXP B.V. All other product or service names are the property of their respective owners. ARM, AMBA, ARM Powered, Artisan, Cortex,
Jazelle, Keil, SecurCore, Thumb, TrustZone, and μVision are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. ARM7, ARM9, ARM11, big.LITTLE, CoreLink,
CoreSight, DesignStart, Mali, mbed, NEON, POP, Sensinode, Socrates, ULINK and Versatile are trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. Oracle and
Java are registered trademarks of Oracle and/or its affiliates. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks
licensed by Power.org. © 2015–2016 NXP B.V.