Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
© 2018 Arm Lim ited
Rod WattDirector of Vehicle Architecture
and System Analysis
Challenges and Innovations in
Autonomy
LETI Conference – July 2018
© 2018 Arm Lim ited 2
© 2
018
Arm
Lim
ited
From inceptionto now
1990Joint venture between Acorn Computers and Apple.
Designed into first mobile phones and then smartphones.
1993onwards
TodayNow all electronic devices can use intelligent Arm technology.
© 2018 Arm Lim ited 3
© 2
018
Arm
Lim
ited
Arm: the Industry’s Architecture of Choice Extraordinary growth – from sensors to server
22 years
4 years
4 years
20171991 2013 2021
50 billionchips shipped
50 billionchips shipped
100 billionchips expected to ship
© 2018 Arm Lim ited 4
© 2
018
Arm
Lim
ited
The Most Complex Piece of Electronics You Will Own
© 2018 Arm Lim ited 5
© 2
018
Arm
Lim
ited
Cars Run on Code
Million lines of code
F-35
Windows 10
US Army future combat system
Luxury car in 2010 (IVI)
Luxury car in 2016 (+ADAS)
Luxury car in 2020 (L3 autonomy)
24
60
63
65
100
150
300~
All Google services 2000
~ ~
© 2018 Arm Lim ited 6
© 2
018
Arm
Lim
ited
“Almost 80% of automotive innovation comes from electronics
(semiconductors) and software”
– OEM
© 2018 Arm Lim ited 7
© 2
018
Arm
Lim
ited
Lower emissions
Automotive drivesADAS
Self driving
IVI
Autonomous drive Infotainment
Vehicle electrification Connected car
Increasing complexity in automotive markets
© 2018 Arm Lim ited 8
© 2
018
Arm
Lim
ited
What are the challenges?
Complex and demanding compute requirements
Functional safety requirement
Increasing need for security
© 2018 Arm Lim ited 9
© 2
018
Arm
Lim
ited
What are the challenges?
Complex and demanding compute requirements
Functional safety requirement
Increasing need for security
© 2018 Arm Lim ited 10
© 2
018
Arm
Lim
ited
Levels of autonomy
Level 0Level 1
Level 2
Level 3Level 4
Level 5
Human monitoring Machine monitoring
No automation
Driver assistance
Partial automation
Conditional automation
High automation
Full automation
Full-time human driver for all aspects driving, even with warning systems
Mode-specific driver assistance of either steering or acceleration/deceleration with human driver for remaining task
Mode-specific driver assistance of both steering and acceleration/deceleration with human driver for remaining task
Mode-specific Automated Driving of all dynamic driving task with human driver responding to a request to intervene
Mode-specific Automated Driving of all driving task, even if a human driver does not respond
Full-time Automated Driving under all roadway and environmental conditions
© 2018 Arm Lim ited 11
© 2
018
Arm
Lim
ited
Assessing the compute capabilities for Autonomous Systems
Sense Perceive Decide Actuate
• Multiple sensor technologies required for L3+ autonomy
• Range of sensor types with increasing number of sensing points as autonomy rises
• Sensor fusion will also rely on accurate and consistent V2X data
• High levels of scalable amounts of compute required for perception processing
• Large data set needs multiple stages of processing
• Accelerators aid in deep learning algorithms
• Demand for increased level of functional safety in decision making
• Decision making shared between application processing and real time processing with highest safety level
• Changes to the vehicle’s lateral / longitudinal dynamic response must be at the highest functional safety level and must be real time and deterministic.
© 2018 Arm Lim ited 12
© 2
018
Arm
Lim
ited
Arm Cortex processors offer a range of choices
Arm
Cortex-RArm
Cortex-A
Smallest area and lowest power profile• Standardized memory map, optimized for RTOS • Simple programmer’s model• HW managed interrupts and lowest latency• TrustZone for Armv8-M
Arm
Cortex-M
Highest performance• Sophisticated virtual memory
support for rich OS• Advanced programmer’s
model• SW managed interrupts• Multi-core and multi-cluster• Arm TrustZone technology
support
*Size of bubble indicates increasing System and Software complexity
Highest real-time processing performance• Hard real-time deterministic• SW managed interrupts • Fast interrupts• Multi-core• Hardware virtualization (in
Armv8-R)
© 2018 Arm Lim ited 13
© 2
018
Arm
Lim
ited
What are the challenges?
Complex and demanding compute requirements
Functional safety requirement
Increasing need for security
© 2018 Arm Lim ited 14
© 2
018
Arm
Lim
ited
Safety vs. security
Some languages are great in making the distinction difficult:��, sécurité, Sicherheit, säkerhet, turvallisuus, ……i.e. not all languages differentiate between safety and security in terminology
Environment
System under consideration
Security Safety
SecurityProtecting what’s inside the box
SafetyProtecting what’s outside the box
© 2018 Arm Lim ited 15
© 2
018
Arm
Lim
ited
Requirements: From IP to system
IP integratore.g. MCU designer Tier 1 designer Automotive OEMIP supplier
ISO 26262
-1-2-3-4-5-6-7-8-9
Applicable requirementNot applicable requirements
Requirements, assumptions
Supporting documentation (evidence)
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
ISO 26262
-1-2-3-4-5-6-7-8-9
© 2018 Arm Lim ited 16
© 2
018
Arm
Lim
ited
Arm functional safety package
• Design and verification process
• Fault detection and control
• Verification summary
Safety manual
• Evidence of safety analysis on the Arm IP
• Aids partners with their own SoC level FMEA
• Interworking relationship
• Replaces conventional DIA
• Ambiguity avoidance
FMEA report Development Interface Report
© 2018 Arm Lim ited 17
© 2
018
Arm
Lim
ited
Why Software Test Libraries?
Any safety system relies on multiple error detection mechanisms• ECC
• DCLS
• Parity
Software Test Libraries provide another detection mechanism• Libraries are broken down in to functions that cover specific blocks of
the CPU core to ensure correct behaviour
• Multiple suppliers across the ecosystem
Parity
MBIST LBIST
DCLS
TimingProtection
Error management
© 2018 Arm Lim ited 18
© 2
018
Arm
Lim
ited
The broadest safety CPU portfolio
§ Cache parity / ECC†
§ Exception handling§ MMU
§ Exception handling§ MPU
Cortex-M3/M4Cortex-M0+
Cortex-AArmv8-A
Increasing fault detection and control features
§ Virtualization§ Bus protection§ SW test library§ System error§ Bus ECC§ Error management§ TCM ECC§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ Two-stage MPU
§ TCM ECC interface§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU
§Dual core lockstep†
§ECC interface†
§Exception handling§MPU§Stack limit check
§ Bus ECC§ Error management§ TCM ECC§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU
Cortex-M33Cortex-M23
Cortex-M7
Cortex-R52
Cortex-R5
§ Cache parity / ECC§ Exception handling§ MMU§ RAS features
Cortex-AA55…
SIL3/ASIL D systematic capabilitySIL2/ASIL B systematic capability
© 2018 Arm Lim ited 19
© 2
018
Arm
Lim
ited
What are the challenges?
Complex and demanding compute requirements
Functional safety requirement
Increasing need for security
© 2018 Arm Lim ited 20
© 2
018
Arm
Lim
ited
Communication attacks§ Man in the middle§ Weak RNG§ Code vulnerabilities
Software attacks§ Buffer overflows§ Interrupts§ Malware
Physical attacks§ Fault injection: clock or
power glitch, alpha particles § Side channel analysis§ Probing, FIB
Lifecycle attacks§ Code downgrade§ Excess manufacturing§ Integrity vulnerabilities
Encryption
Isolation
What are we protecting against?
© 2018 Arm Lim ited 21
© 2
018
Arm
Lim
ited
Smart Cardfor payment
Apps processors gain TrustZone
Enablement of premium content
streaming & mobile payment
TrustZone for Armv8-M
2000+ 2005+ 2010+ Today2015+
Platform Security Architecture (PSA) & Security enclave
(CryptoIsland)
Mbed, CryptoCell, Cortex-M33, CryptoIsland
TEE for Cortex-A
TrustZone for Cortex-A
SecurCore
Arm secure IP: Helping to protect billions of devices
© 2018 Arm Lim ited 22
© 2
018
Arm
Lim
ited
Introducing Platform Security Architecture (PSA)A recipe for building secure systems from analysis to implementation
Analyse• Threat
models and security analyses
Architect• Firmware
architecture & hardware specifications
Implement• Source code
& hardware IP
PSA documents
Enabling products & contributions
© 2018 Arm Lim ited 23
© 2
01
8 A
rm L
imit
ed
Architecture incorporating common principles
A recipe for building a secure system
From analysis to architecture Identify key common principles
Device identity
Trusted boot sequence
Secure over-the-air software update
Certificate based authentication
…Common
principles
across
multiple use
cases
© 2018 Arm Lim ited 24
© 2
018
Arm
Lim
ited
PSA deliverables
Security analyses
Firmware specifications
Hardware requirements
ECU ABS TMPS
Firmware framework
Secure update
Boot sequence
RNG Securestorage
Crypto
Security architecture derived from principles
© 2018 Arm Lim ited 25
© 2
018
Arm
Lim
ited
Automotive Compute Opportunity
CabinClusterHUDAudio Visual Maps TrafficRear entertainment Voice recognition Gesture control
ADAS / AutonomousCruise controlCollision avoidance, Pre-crash Lane departure, Park assistRadar / image processingLevel 3 autonomy
BodyHVACLightingDoors, Windows, MirrorsElectric seat, Seat beltCameras Air bag BCM
ConnectivityLTE 5G WiFiBluetoothCAN FD LIN Flexray Ethernet
e-Powertrain Main Motor control TransmissionEngine controlGenerator/E-water pumpBattery management
ChassisEPSABS/EBS Active VDC EPB
2626
Thank You!Danke!Merci!��!�����!Gracias!Kiitos!
© 2018 Arm Lim ited
2727 © 2018 Arm Lim ited
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
www.arm.com/company/policies/trademarks