© 2018 Arm Lim ited

Rod WattDirector of Vehicle Architecture

and System Analysis

Challenges and Innovations in

Autonomy

LETI Conference – July 2018

© 2018 Arm Lim ited 2

© 2

018

Arm

Lim

ited

From inceptionto now

1990Joint venture between Acorn Computers and Apple.

Designed into first mobile phones and then smartphones.

1993onwards

TodayNow all electronic devices can use intelligent Arm technology.

© 2018 Arm Lim ited 3

© 2

018

Arm

Lim

ited

Arm: the Industry’s Architecture of Choice Extraordinary growth – from sensors to server

22 years

4 years

4 years

20171991 2013 2021

50 billionchips shipped

50 billionchips shipped

100 billionchips expected to ship

© 2018 Arm Lim ited 4

© 2

018

Arm

Lim

ited

The Most Complex Piece of Electronics You Will Own

© 2018 Arm Lim ited 5

© 2

018

Arm

Lim

ited

Cars Run on Code

Million lines of code

F-35

Windows 10

US Army future combat system

Facebook

Luxury car in 2010 (IVI)

Luxury car in 2016 (+ADAS)

Luxury car in 2020 (L3 autonomy)

24

60

63

65

100

150

300~

All Google services 2000

~ ~

© 2018 Arm Lim ited 6

© 2

018

Arm

Lim

ited

“Almost 80% of automotive innovation comes from electronics

(semiconductors) and software”

– OEM

© 2018 Arm Lim ited 7

© 2

018

Arm

Lim

ited

Lower emissions

Automotive drivesADAS

Self driving

IVI

Autonomous drive Infotainment

Vehicle electrification Connected car

Increasing complexity in automotive markets

© 2018 Arm Lim ited 8

© 2

018

Arm

Lim

ited

What are the challenges?

Complex and demanding compute requirements

Functional safety requirement

Increasing need for security

© 2018 Arm Lim ited 9

© 2

018

Arm

Lim

ited

What are the challenges?

Complex and demanding compute requirements

Functional safety requirement

Increasing need for security

© 2018 Arm Lim ited 10

© 2

018

Arm

Lim

ited

Levels of autonomy

Level 0Level 1

Level 2

Level 3Level 4

Level 5

Human monitoring Machine monitoring

No automation

Driver assistance

Partial automation

Conditional automation

High automation

Full automation

Full-time human driver for all aspects driving, even with warning systems

Mode-specific driver assistance of either steering or acceleration/deceleration with human driver for remaining task

Mode-specific driver assistance of both steering and acceleration/deceleration with human driver for remaining task

Mode-specific Automated Driving of all dynamic driving task with human driver responding to a request to intervene

Mode-specific Automated Driving of all driving task, even if a human driver does not respond

Full-time Automated Driving under all roadway and environmental conditions

© 2018 Arm Lim ited 11

© 2

018

Arm

Lim

ited

Assessing the compute capabilities for Autonomous Systems

Sense Perceive Decide Actuate

• Multiple sensor technologies required for L3+ autonomy

• Range of sensor types with increasing number of sensing points as autonomy rises

• Sensor fusion will also rely on accurate and consistent V2X data

• High levels of scalable amounts of compute required for perception processing

• Large data set needs multiple stages of processing

• Accelerators aid in deep learning algorithms

• Demand for increased level of functional safety in decision making

• Decision making shared between application processing and real time processing with highest safety level

• Changes to the vehicle’s lateral / longitudinal dynamic response must be at the highest functional safety level and must be real time and deterministic.

© 2018 Arm Lim ited 12

© 2

018

Arm

Lim

ited

Arm Cortex processors offer a range of choices

Arm

Cortex-RArm

Cortex-A

Smallest area and lowest power profile• Standardized memory map, optimized for RTOS • Simple programmer’s model• HW managed interrupts and lowest latency• TrustZone for Armv8-M

Arm

Cortex-M

Highest performance• Sophisticated virtual memory

support for rich OS• Advanced programmer’s

model• SW managed interrupts• Multi-core and multi-cluster• Arm TrustZone technology

support

*Size of bubble indicates increasing System and Software complexity

Highest real-time processing performance• Hard real-time deterministic• SW managed interrupts • Fast interrupts• Multi-core• Hardware virtualization (in

Armv8-R)

© 2018 Arm Lim ited 13

© 2

018

Arm

Lim

ited

What are the challenges?

Complex and demanding compute requirements

Functional safety requirement

Increasing need for security

© 2018 Arm Lim ited 14

© 2

018

Arm

Lim

ited

Safety vs. security

Some languages are great in making the distinction difficult:��, sécurité, Sicherheit, säkerhet, turvallisuus, ……i.e. not all languages differentiate between safety and security in terminology

Environment

System under consideration

Security Safety

SecurityProtecting what’s inside the box

SafetyProtecting what’s outside the box

© 2018 Arm Lim ited 15

© 2

018

Arm

Lim

ited

Requirements: From IP to system

IP integratore.g. MCU designer Tier 1 designer Automotive OEMIP supplier

ISO 26262

-1-2-3-4-5-6-7-8-9

Applicable requirementNot applicable requirements

Requirements, assumptions

Supporting documentation (evidence)

ISO 26262

-1-2-3-4-5-6-7-8-9

ISO 26262

-1-2-3-4-5-6-7-8-9

ISO 26262

-1-2-3-4-5-6-7-8-9

© 2018 Arm Lim ited 16

© 2

018

Arm

Lim

ited

Arm functional safety package

• Design and verification process

• Fault detection and control

• Verification summary

Safety manual

• Evidence of safety analysis on the Arm IP

• Aids partners with their own SoC level FMEA

• Interworking relationship

• Replaces conventional DIA

• Ambiguity avoidance

FMEA report Development Interface Report

© 2018 Arm Lim ited 17

© 2

018

Arm

Lim

ited

Why Software Test Libraries?

Any safety system relies on multiple error detection mechanisms• ECC

• DCLS

• Parity

Software Test Libraries provide another detection mechanism• Libraries are broken down in to functions that cover specific blocks of

the CPU core to ensure correct behaviour

• Multiple suppliers across the ecosystem

Parity

MBIST LBIST

DCLS

TimingProtection

Error management

© 2018 Arm Lim ited 18

© 2

018

Arm

Lim

ited

The broadest safety CPU portfolio

§ Cache parity / ECC†

§ Exception handling§ MMU

§ Exception handling§ MPU

Cortex-M3/M4Cortex-M0+

Cortex-AArmv8-A

Increasing fault detection and control features

§ Virtualization§ Bus protection§ SW test library§ System error§ Bus ECC§ Error management§ TCM ECC§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ Two-stage MPU

§ TCM ECC interface§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU

§Dual core lockstep†

§ECC interface†

§Exception handling§MPU§Stack limit check

§ Bus ECC§ Error management§ TCM ECC§ MBIST interface§ Dual core lockstep§ Cache ECC§ Exception handling§ MPU

Cortex-M33Cortex-M23

Cortex-M7

Cortex-R52

Cortex-R5

§ Cache parity / ECC§ Exception handling§ MMU§ RAS features

Cortex-AA55…

SIL3/ASIL D systematic capabilitySIL2/ASIL B systematic capability

© 2018 Arm Lim ited 19

© 2

018

Arm

Lim

ited

What are the challenges?

Complex and demanding compute requirements

Functional safety requirement

Increasing need for security

© 2018 Arm Lim ited 20

© 2

018

Arm

Lim

ited

Communication attacks§ Man in the middle§ Weak RNG§ Code vulnerabilities

Software attacks§ Buffer overflows§ Interrupts§ Malware

Physical attacks§ Fault injection: clock or

power glitch, alpha particles § Side channel analysis§ Probing, FIB

Lifecycle attacks§ Code downgrade§ Excess manufacturing§ Integrity vulnerabilities

Encryption

Isolation

What are we protecting against?

© 2018 Arm Lim ited 21

© 2

018

Arm

Lim

ited

Smart Cardfor payment

Apps processors gain TrustZone

Enablement of premium content

streaming & mobile payment

TrustZone for Armv8-M

2000+ 2005+ 2010+ Today2015+

Platform Security Architecture (PSA) & Security enclave

(CryptoIsland)

Mbed, CryptoCell, Cortex-M33, CryptoIsland

TEE for Cortex-A

TrustZone for Cortex-A

SecurCore

Arm secure IP: Helping to protect billions of devices

© 2018 Arm Lim ited 22

© 2

018

Arm

Lim

ited

Introducing Platform Security Architecture (PSA)A recipe for building secure systems from analysis to implementation

Analyse• Threat

models and security analyses

Architect• Firmware

architecture & hardware specifications

Implement• Source code

& hardware IP

PSA documents

Enabling products & contributions

© 2018 Arm Lim ited 23

© 2

01

8 A

rm L

imit

ed

Architecture incorporating common principles

A recipe for building a secure system

From analysis to architecture Identify key common principles

Device identity

Trusted boot sequence

Secure over-the-air software update

Certificate based authentication

…Common

principles

across

multiple use

cases

© 2018 Arm Lim ited 24

© 2

018

Arm

Lim

ited

PSA deliverables

Security analyses

Firmware specifications

Hardware requirements

ECU ABS TMPS

Firmware framework

Secure update

Boot sequence

RNG Securestorage

Crypto

Security architecture derived from principles

© 2018 Arm Lim ited 25

© 2

018

Arm

Lim

ited

Automotive Compute Opportunity

CabinClusterHUDAudio Visual Maps TrafficRear entertainment Voice recognition Gesture control

ADAS / AutonomousCruise controlCollision avoidance, Pre-crash Lane departure, Park assistRadar / image processingLevel 3 autonomy

BodyHVACLightingDoors, Windows, MirrorsElectric seat, Seat beltCameras Air bag BCM

ConnectivityLTE 5G WiFiBluetoothCAN FD LIN Flexray Ethernet

e-Powertrain Main Motor control TransmissionEngine controlGenerator/E-water pumpBattery management

ChassisEPSABS/EBS Active VDC EPB

2626

Thank You!Danke!Merci!��!�����!Gracias!Kiitos!

© 2018 Arm Lim ited

2727 © 2018 Arm Lim ited

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

www.arm.com/company/policies/trademarks