PAC45T Audio Controller PLAN FOR HARDWARE ASPECTS OF … · RTCA/DO-254 DESIGN ASSURANCE GUIDANCE FOR AIRBORNE ELECTRONIC HARDWARE 04/19/ 2000 AC 20-152 Use of RTCA, INC Document

PAC45T

RTCA DO-254

Plan for Hardware

Aspects of Certification

Document: 002-145-2540

Date: 2/26/2018

Revision: 1

This document last printed 3/4/2019 1:27:00 PM

Page 1 of 21 PS Engineering Proprietary Document, Written by Picou, Reviewed and Approved by P Campbell

PAC45T Audio Controller

PLAN FOR HARDWARE ASPECTS OF CERTIFICATION

Prepared by:

Gary Picou

Vice President of Quality Systems

Approved by:

Peter Campbell

Vice President of Engineering

Approval Date:

REVISION HISTORY

Rev. By Date Description of Change

0 Picou 10/12/2018 Initial Draft

1 Picou 2/26/2019 Release for TSO Submittal

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



TABLE OF CONTENTS

1.0 Introduction ......................................................................................................................... 4 1.1 Purpose......................................................................................................................................... 4 1.2 Applicability ................................................................................................................................ 4 1.3 Acronyms and Definitions .......................................................................................................... 4 1.4 Reference Documents ................................................................................................................. 4

1.4.1 Company Documents ............................................................................................................................... 4 1.4.2 Regulatory Documents ............................................................................................................................ 5 1.4.3 Industry Documents ................................................................................................................................. 5

2.0 System Overview .................................................................................................................. 5 2.1 System Functional Description .................................................................................................. 6 2.2 System Safety Considerations .................................................................................................... 8

2.2.1 Failure Probability ................................................................................................................................... 8 2.3 System Architecture .................................................................................................................... 8

2.3.1 Loss of Function (availability) and Loss of Integrity (Incorrect Operation) .......................................... 10 2.4 Allocation of System Functions ................................................................................................ 10

2.4.1 Functions Allocated to Analog circuits .................................................................................................. 11 2.4.1.1 Power Supply ................................................................................................................................ 11

2.4.2 Functions Allocated to CEH .................................................................................................................. 11 2.4.3 Functions allocated to airborne software ............................................................................................... 12

2.5 Option Selectable Features ....................................................................................................... 12 2.6 User Modifiable Components .................................................................................................. 12 2.7 Multiple Version Dissimilar Hardware ................................................................................... 12

3.0 Hardware Overview........................................................................................................... 12 3.1 Hardware Items ........................................................................................................................ 12 3.2 Hardware Circuit Types ........................................................................................................... 12

3.2.1 Simple Electronic Hardware (SEH) ....................................................................................................... 12 3.2.2 Complex Electronic Hardware (CEH) ................................................................................................... 12

3.3 Overview of Applied New Technology .................................................................................... 13 3.4 Hardware Fault Management Techniques ............................................................................. 13

4.0 Certification Considerations ............................................................................................. 14 4.1 Certification Basis and Proposed Means of Compliance ....................................................... 14

4.1.1 Non TSO functions contained in a TSO Article .................................................................................... 14 4.2 Hardware Design Assurance Level C ...................................................................................... 14

5.0 Hardware Design Life Cycle............................................................................................. 15 5.1 Organizational Responsibilities ............................................................................................... 15 5.2 Certification Liaison ................................................................................................................. 16

5.2.1 Hardware Support for Field Loadable Components .............................................................................. 16 5.2.2 Product Service Experience ................................................................................................................... 16

6.0 Hardware Lifecycle Data .................................................................................................. 16 6.1 Process Sequence and Transition ............................................................................................ 16 6.2 Hardware Design Plan .............................................................................................................. 17 6.3 Design Standards ...................................................................................................................... 18 6.4 Design Environment ................................................................................................................. 18

6.4.1 FPGA ..................................................................................................................................................... 18 6.4.2 PIC ......................................................................................................................................................... 18

6.5 Lifecycle Feedback .................................................................................................................... 18

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



6.6 Configuration Management ..................................................................................................... 19 7.0 Additional Considerations ................................................................................................ 20

7.1 Safety Considerations ............................................................................................................... 20 7.2 Previously Developed Hardware ............................................................................................. 21 7.3 Use of Commercial-Off-the-Shelf (COTS) components ........................................................ 21 7.4 Tool Assessment and Qualification ......................................................................................... 21

8.0 Alternative Methods .......................................................................................................... 21 9.0 Certification Schedule....................................................................................................... 21

Table 1 Acronyms ......................................................................................................................................... 4

Table 2 Definitions ....................................................................................................................................... 4

Table 3 Applicable Documents ..................................................................................................................... 4

Figure 2-1 System Block Diagram................................................................................................................ 7

Figure 2-2 HUB45 Internal Block Diagram ................................................................................................. 8

Figure 2-3 Coded device (Software & CEH) Architecture ......................................................................... 10

Figure 2-4 System Allocation, showing hardware (HW) and Software (SW) related functionality ........... 11

Figure 2-5 Power Supply Block Diagram ................................................................................................... 11

Figure 3-1 Fail Safe Block Diagram ........................................................................................................... 13

Figure 5-1 Typical PS Engineering Design Planning Activity ................................................................... 15

Figure 6-1 Code lifecycle sequence and transition ..................................................................................... 17

Figure 6-2 - Configuration Label ................................................................................................................ 20

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



1.0 Introduction

This document details the hardware design assurance for the PS Engineering PAC45T Audio Control System.

1.1 Purpose

The purpose of this document is to establish a basis for the hardware aspects of certification of the PS Engineering

Inc. PAC45T Audio Controller hardware. This document serves as the primary method for communicating the

development methods and design assurance methods to the FAA.

1.2 Applicability

This document applies to the PAC45T Audio Controller, manufactured by PS Engineering as Part Number 050-045-

(5xxx). PS Engineering will be the TSO holder, and is responsible for all certification activities.

1.3 Acronyms and Definitions

Table 1 Acronyms

Word/Phrase Definition

IntelliVOX® Proprietary protocol for controlling a voice-activated intercom system

Fail-Safe Reversionary mode- pilot is connected to communication radio (COM 1)

and can also hear unswitched alert audio.

Table 2 Definitions

1.4 Reference Documents

1.4.1 Company Documents

Table 1 shows a list of applicable documents affecting the Hardware life cycle.

Table 3 Applicable Documents

DOCUMENT NAME PN Revision Date

Plan for Hardware Aspects of Certification 002-145-2540 1 2/26/2019

PAC45T Functional Hazard Analysis 002-145-1309 New 5/12/2017

PAC45T Product Definition 002-145-0000 15 6/12/2017

Hardware Verification Test and Results 002-145-2545 1 2/26/2019

Hardware Accomplishment Summary 002-145-2541 16 Feb. 8, 2019

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



DOCUMENT NAME PN Revision Date

Quality Assurance Manual for TSO 002-422-1105 16 Feb. 27 2016

1.4.2 Regulatory Documents

For new certification programs see “The FAA and Industry Guide to Avionics Approvals”, April 13, 2001,

Partnership for Safety Plan (PSP) and Project Specific Certification Plan (PSCP)

Document Number Document Name Revision Date

RTCA/DO-254 DESIGN ASSURANCE GUIDANCE FOR

AIRBORNE ELECTRONIC HARDWARE

04/19/ 2000

AC 20-152 Use of RTCA, INC Document RTCA/DO-254 06/20/2005

AC 23.1309-1E Systems Safety Analysis and Assessment for Part 23

Airplanes

11/17/2011

Order 8110.105 Simple and Complex Electronic Hardware Approval

Guidance

07/16/2008

FAA TSO-C139A Audio Selector Panels and Amplifiers 08/05/2005

RTCA/DO-160G Environmental Conditions and Test Procedures

for Airborne Equipment

12/08/2010

RTCA/DO-214A Audio Systems Characteristic and Minimum

Operational Performance Standards for Airborne

Audio Systems and Equipment

12/18/2013

1.4.3 Industry Documents

SAE ARP4754 Certification Considerations for Highly-Integrated or Complex Aircraft Systems, dated

November 1996

SAE ARP4761 Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne

Systems and Equipment, December 1996

2.0 System Overview

The PAC45T is an audio control system with integrated automatic voice activated intercom system. The

system requirements are listed in Table 1, below. These include the ability to direct audio information to

the desired aircraft occupant, either from radios, intercom, or both. There is also a requirement to direct

microphone audio for public address.

The system is hardware and software robust in the sense that a failure can be ameliorated by switching the

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



unit off, and continuing to use the primary communications radio. The crew may lose

intercommunications, however this is not a flight critical requirement. Unswitched audio, used for crew

alerting, is also available if connected to Unswitched #1 input.

The airborne hardware can be completely tested deterministically with test cases for all inputs and outputs having

corresponding known end states.

The PAC45T also contains an independent audio alert tone generator with nine available tones.

2.1 System Functional Description

The PAC45T contains audio switching for up to eight communications transceivers. This provides the

means to select the audio and microphone paths for the pilot, copilot and two observer positions. In

addition, the PAC45T allows selection of the navigation receivers, including 2 VHF NAV, 2 ADF, 2

DME, a Marker, and another auxiliary audio input. These are aviation standard levels and impedance

inputs.

The PAC45T also serves as a voice-activated intercom for crew and passenger intercommunications.

Using an automatic voice activated intercom, the aircraft occupants can talk to each other easily while

wearing headsets, and without pushing a separate button. In addition to the intercommunication, the

system provides an input for in-flight entertainment to the audio stream, which will automatically mute

when a radio call or intercom conversation is detected.

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



HUB45R

AUDIO CONTROL HUB

Pilot

VHF/UHF

Copilot 1

Ground

RS422 RS422 RS422RS422

Hand

NAV 1

MKR 1

ADF1

NAV 2

MKR 2

TACAN

DME1-2

UNSW1-4

PA

Pilot

Pilot

O2

Copilot 1

O2Observer RackObserver

O2

Rack

O2

Copilot

Observer

PA

PA

Amp

Amp Amp

Amp

CTL45T

CONTROL

HEADS

(4X)

Figure 2-1 System Block Diagram

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



+

+

P Mix L

P Music L

P Mix R

P Music R

P CVR Mix

P Music

P L

P R

P CVR

PA OUT PA Mix

D0,1,3

i2c

12

2

FPGA0

4Dx

4D0

P Vox

CP Vox

O1 Vox

O2 Vox

P3 Vox

P4 Vox

P5 Vox

H Vox

COM

Relays

Com 1 Mic

Com 2 Mic

Com 3 Mic

Com 4 Mic

Com 5 Mic

Com 6 Mic

Com 7 Mic

Com 8 Mic

P Mic

CP Mic

O1 Mic

O2 Mic

P,CP,O1 H Mic

P Key

CP Key

O1 Key

O2 Key

P,CP,O1 H Key

COM

Key Lines

Com 1 Key

Com 2 Key

Com 3 Key

Com 4 Key

Com 5 Key

Com 6 Key

Com 7 Key

Com 8 Key

2i2c

2i2c

DSP

PIC3

I2C

8SPI

Lighting, Pots6

UART

4SPI

Top Board Bottom Board

ISD

5

IRS

Record

Playback

P4/5 HPL

P4/5 HPR

O2 L

O2 R

Tx/Rx RS422 P6

UART4

BT Tel In

BT L

BT R

P5 Mic

P5 Vox

I2C

SPI

2

P Mic

CP Mic

Power On

30V, 5VA

5V

IRS Record

UART6

Middle Board

Dimmer

CFG

Power On

30V, 5VA, 4VA, -4VA, 5V

PIC

4Alert1-9

SPI

SPI18

FPGA2

4

4

D3

SPI

4D1

C1

C2

4D0

I2CP Mix L

CP Mix R

3

C3

C4

4D0

I2CCP Mix L

P Mix R

3

C5

C6

4D0

I2CO1 Mix L

O2 Mix R

3

C7

C8

4D0

I2CO2 Mix L

O1 Mix R

3

PA SIDE

U1

4D1

I2CPA Mix

SPR P Mix

3U2

U3

U4

U5

4D1

I2C3

A7

A8

4D0

I2CC/S2 Mix

3

A5

A6

4D0

I2CC/S1 Mix

3

A3

A4

4D0

I2CCP CVR Mix

3

N1

N2

4D0

I2CP CVR Mix

3Tel In

BT Tel In

4D1

I2CTEL Mix

3

4D1

I2C3

P5 Mic

H MicIntelliVox

P5 Vox

H Vox

4D3

I2CO2 Music L

O2 Music R

O2 Music

3

4D3

I2CO1 Music L

O1 Music R

O1 Music

3

BT L

BT R

4D3

I2CCP Music L

CP Music R

CP Music

3

Music L

Music R

4D3

I2CP Music L

P Music R

P Music

3

4D1

I2C3

P Mic

P1 MicIntelliVox

P Vox

P1 Vox

4D1

I2C3

CP Mic

P2 MicIntelliVox

CP Vox

P2 Vox

4D1

I2C3

O1 Mic

P3 MicIntelliVox

O1 Vox

P3 Vox

4D1

I2C3

O2 Mic

P4 MicIntelliVox

O2 Vox

P4 Vox

Playback4D2

I2C

IRS Record

BT Tel Out

3

EXP Mix

+

+

CP Mix L

CP Music L

CP Mix R

CP Music R

CP CVR Mix

CP Music

CP L

CP R

CP CVR

+

+

O1 Mix L

O1 Music L

O1 Mix R

O1 Music R

C/S1 Mix

O1 Music

O1 L

O1 R

CVR/SPR1

+

+

O2 Mix L

O2 Music L

O2 Mix R

O2 Music R

C/S2 Mix

O2 Music

O2 L

O2 R

CVR/SPR2

+ +

+ +

SPR P SPR P Mix

EXP OUT EXP Mix

TEL OUT TEL Mix

Tx/Rx RS422 CP4

Tx/Rx RS422 O14

Tx/Rx RS422 O24

Alert ACK

P2/3 HPL

P2/3 HPR

O2/P1 HPL

O2/P1 HPR

GPIO

Radio Mute,

SELCAL, 3rd

Crew,

Control Heads

2i2c

GPIO

SPR/CVR,

Dimmer, SC CFG,

Reversionary

2i2c

GPIO

Mic Sense, Mono,

Swap, Sidetone,

RX Mute, C Swap

2i2c

U1,2

N1,2

Failsafe

O1 HPL

O1 HPR

CP HPL

CP HPR

P HPL

P HPR

P L

P R

CP L

CP R

O1 L

O1 R

O1 Mic

O2 MicP1 Mic

P2 MicP3 Mic

P4 MicH Mic

PlaybackP L/R

CP L/RO1 L/R

O2 L/R

4

GPIOO2, ISO, CALL2

i2c

Lighting

P L/R

CP L/RO1 L/R

O2 L/R

8

4SPI

4Dx

P1 Vox

P2 Vox

P HPL

P HPR

CP HPL

CP HPR

O1 HPL

O1 HPR

O2 HPL

O2 HPR

C1,2

U1,2

N1,2

Playback

P Mic

CP Mic

U1,2

N1,2

GPIOPA Key

TEL Key

2i2c

Lighting

Lighting In

Lighting Low

4D2

2i2c

Figure 2-2 HUB45 Internal Block Diagram

In any case, if the audio panel fails, the flight crew will be connected to the aircraft communication

radios, and receive a priority audio alert (source depends on the specific installation).

2.2 System Safety Considerations

At the system level and malfunction of the unit can be mitigated by turning the unit off (or removing

power via the circuit breaker). This places the system in fail-safe mode which connects the pilot to

communications transceiver #1 and copilot on communications transceiver #2.

System configuration options also allow for navigation receivers #1 and #2, Unswitched inputs #1 and #2,

and the Alert subsystem to be present in the fail-safe condition, further mitigating loss of function.

2.2.1 Failure Probability

The PAC45T Bill of Material was analyzed in accordance with MIL-HDBK-217F. This process evaluates

the reliability of the components and weighs environmental factors to provide an MTBF value when real

data is unknown. The MTBF for the PAC45T (all functions, major and minor) is calculated to be 24, 218

Hours, or 2.4 x 10-5.

2.3 System Architecture

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



DSP

(Radios)

FPGA0

(Radios & Intercom)

CODECs

Host

µcontroller

Transceivers

Control Data I/O

Analog Audio In/Out

Digital

Audio

Digital

Audio

Config

PAC45T

Hub

Status

FPGA1

(Music)

CODECs

Digital

Audio

Alert

µcontroller

Message Storage

Control Data I/O

Control Head

µcontroller

RS422

Transceiver

Control

PAC45T

Control

Head(s)

Hardware

Software

Alert Inputs

Figure 3 - PAC45T System Block Diagram

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



2.3.1 Loss of Function (availability) and Loss of Integrity (Incorrect

Operation)

The PAC45T unit is an audio selection system. The worst-case malfunction will result in unavailability

for the audio sources. It will be obvious to the crew that the functions are not available. There is little

chance that a crew will incorrectly interpret the condition of the unit. When the unit is on, at least one

indicator lamp is on; a complete failure is indicated by a lack of any indication lamps.

The intercom function can fail, in which case the aircraft occupants need to remove their headset, or

shout, to be heard over the aircraft engine and wind noise. Should there be an uncontained audio failure,

the intercom can be turned off to silence it, and the pilot still communicates on COM 1, the copilot on

COM 2.

It is most likely that a failure in the unit will result in loss of function, detected by the flight crew when

they attempt to use that function.

2.4 Allocation of System Functions

DSP

FPGA

CODECs

µcontroller

Transceivers

Control Data I/O

Analog Audio In/Out

Config

Audio

Audio

Config

PAC45T

Status

Status

Config

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



Figure 2-4 Coded device (Software & CEH) Architecture

Figure 2-5 System Allocation, showing hardware (HW) and Software (SW) related functionality

2.4.1 Functions Allocated to Analog circuits

Refer to Figure 2-3. The audio signals at the input of the PAC45T are presented to CODECs, where they

are digitized and presented to the FPGAs for routing to the listener or passing on to the DSP for volume

control, or in the case of IntelliAudio®, application of spatial filters.

Analog circuits are required at the inputs and outputs. This includes microphone inputs (with a

microphone bias supply), summing amplifiers, relays, headphone and speaker amplifiers.

The logic functions are hardware and software allocated, because the front panel controls are polled by

the software, which then will cause the FPGAs to arrange the audio path hardware accordingly.

2.4.1.1 Power Supply

The PAC45T power supply contains several Switching Power Supplies, one of which regulates the

aircraft bus to 11 VDC. This, in turn, is used to generate -12V. +/-12V is used to drive the 200mW

headphone amps while +11V is sub-regulated as needed to provide all the other system voltages. See

figure 2-5.

Conditioning

Buck+11V

1A

Buck-11V

1A

Buck+12V

1A

LDO+9V

1A

Buck+5V

1A

LDO+4V

1A

Buck-5V

1A

LDO-4V

1A

LDO+9V

1A

LDO+3.3V

1A

LDO+1.6V

1A

LDO+3.3V

1A

LDO+3.3V

1A

Filter

LDO+3.3V

1A

LDO+1.8V

1A

LDO+1.5V

1A

LDO+3.3V

1A

LDO+1.8V

1A

LDO+3.3V

1A

LDO+3.3V

1A

+28V In

+11VA: Headphone Amps

-11VA: Headphone Amps

+9VA: IntelliVOX OpAmps,

Mic Bias

+4VA: OpAmps

+3.3VA: CODECs

-4VA: OpAmps

+28V: Pilot Control Head

+12V: Backlight Conditioning

+9VA: PTT, Expansion

+4VA: OpAmps

+3.3VA: CODECs

-4VA: OpAmps

+3.3V: CODECs

+1.8V: CODECs

+3.3V: I/O

+3.3V: CODECs

+1.8V: CODECs

+1.6V: DSP

+1.5V: FPGAs

+3.3V: BT, DSP, FPGAs, PIC

+5V: IntelliVOX PICs

+3.3V: I/O

Analog Digital

Top PCB

Middle PCB

Bottom PCB

Figure 2-6 Power Supply Block Diagram

2.4.2 Functions Allocated to CEH

A Microsemi A3P1000-PQ208 Field Programmable Gate Array (FPGA) is responsible for most audio

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



routing in the PAC45T. Audio is accepted from the CODECs and either routed to the appropriate output

or passed on to the DSP for additional processing. In addition, another A3P250-VQG100 is responsible

for handling the muting function.

The Intercom volume controls are in the FPGA, controlled by rotary pots, via CODECS and SPI interface

from the microcontroller.

A microcontroller is responsible for communication with the DSP, FPGAs, and remote control heads.

2.4.3 Functions allocated to airborne software

The PAC45T contains a Reusable Software Component called IntelliAudio®. This software provides

digital Signal Processing Applications that is common to PS Engineering digital articles.

a. In the PAC45T, this RSC is limited to, spatial audio processing, and volume control.

b. The alert subsystem control head and HUB45T microcontrollers

The Texas Instruments TMS320VC5509A, Digital Signal Processor is used for this purpose.

2.5 Option Selectable Features

There is an installer configurable option for the PAC45T system, selection of backlighting as either

5VDC or 28VDC lighting. Any other options for the PAC45T are configured at the factory.

2.6 User Modifiable Components

There are no features that can be modified by the user.

2.7 Multiple Version Dissimilar Hardware

None/Not applicable.

3.0 Hardware Overview

3.1 Hardware Items

The HUB45R contains three main circuit boards and the CTL45T control panel has four circuit boards

including a front bezel circuit board with LED indications.

3.2 Hardware Circuit Types

3.2.1 Simple Electronic Hardware (SEH)

The PAC45T Simple Electronic Hardware (SEH) hardware can best be categorized as being one of the following:

Power Supply

Audio amplifiers

CODEC audio converters

CEH component support

Passive Filters on the connectors

Serial Data transceivers for system-wide communications

3.2.2 Complex Electronic Hardware (CEH)

There are four Programmable Logic Devices, two FPGAs and two microcontrollers.

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



The Field Programmable Gate Arrays (FPGA) are a flash-based Actel ProASIC3, A3P family.

The main microcontroller is a Microchip dsPIC33FJ256GP506A.

The alert subsystem microcontroller is a Microchip PIC18LF2525.

3.3 Overview of Applied New Technology

Not applicable to CEH, all technology has been used in prior, FAA TSO designs.

All of the component families and hardware types are similar to those used in the PAC45T have been

previously approved under prior TSO approvals.

3.4 Hardware Fault Management Techniques

This subsection summarizes the features, functions, or techniques used to mitigate failure effects.

The PAC45T contains a fail-safe function designed to mitigate any unit fault. If power is removed, or the

unit is turned off, a set of internal relays will close (relax) and allow the pilot headphone and microphone

audio to be connected to the COM 1 I/O.

Communications transceiver #2 is connected to the copilot’s headset in fail safe as well, so crew resource

radio duties can continue to be shared.

In addition, the primary audio warning channel is connected to the pilot headphone in the unpowered

condition, and the audio from the number one navigation receiver, which will allow aural identification of

the navigation aid required for an instrument approach.

The aircraft alerting system within the PAC45T utilizes a separate power supply, and can continue to

operate if the Audio Controller fails. The alert audio output is connected to the pilot through failsafe

relays.

ATC RADIOS

EXTERNAL CONNECTORS

J451-

23

PILOT MIC

FAILSAFE

RELAY

J451-

27

PILOT

MIC IN

COM1

MIC OUT

COM1

INPUT

J452-

27

PILOT COM

FAILSAFE

RELAY

J452-

18

PILOT

HEADSET

EAR (L)PTT

INPUT

J451-

44

J451-

48

COM1

KEY

CREW MICSHEADPHONE

AMPS

POWER NOT APPLIED

2.1 Power and Fail Safe

PSENGINEERING

INCORPORATED

PAC45T – 2.1 Power & Fail Safe

REV 1.0 GPicou

9800 MARTEL ROAD, LENOIR CITY TN 37772

CONFIDENTIAL 10/24/2018

J452-

55

UNSWITCHED1

INPUT

K7K3

COM2

INPUT

J452-

28

J452-

35

COPILOT

HEADSET

EAR (L)

HEADPHONE

AMPS

COPILOT COM

FAILSAFE

RELAY

K1

J4524-

56

PILOT

HEADSET

EAR (R)

J451-

24

COPILOT MIC

FAILSAFE

RELAY

J451-

28

COPILOT

MIC IN

COM2

MIC OUT

CP PTT

INPUT

J451-

45

COM2

KEY

CREW MICS

K2

J451-

49

ALERT

AUDIO

Figure 3-1 Fail Safe Block Diagram

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



4.0 Certification Considerations

The PAC45T certification basis is Technical Standard Order C139a (Audio Amplifiers). The TSO documents have

specific requirements, including performance based on the RTCA MOPS. PS Engineering uses these as the basis for

the requirements to be verified for certification.

4.1 Certification Basis and Proposed Means of Compliance

The system shall be certified in accordance with FAA TSO C139a (AIRCRAFT AUDIO SYSTEMS AND

EQUIPMENT dated 02/25/2014) for the audio control portion.

The article will be tested in accordance with RTCA DO-214A, §2.0, as required by TSO C139A §3.

The article shall be tested in accordance with RTCA DO-160G to meet the environmental qualification

requirements of TSO C139a§3(c), and RTCA DO-214, §2.5.

4.1.1 Non TSO functions contained in a TSO Article

The PAC45T has functions that are non-required non-essential, and Non-TSO Functions, and in

accordance with AC 21 -46 they are declared as:

Alert Audio

These functions are controlled by the logic, but independent of the CEH such that a malfunction in

the subsystem will not affect the remaining functionality.

4.2 Hardware Design Assurance Level C

The Functional Hazard Analysis is contained in document 002-145-1309, and describes the failure paths

possible in the PAC45T. In any case, the failure can be contained by placing the PAC45T in Fail Safe

mode.

This will not significantly reduce aircraft safety, and is easily accomplished by the crew. The only

reduction in capability would be the inability to receive the navigation aid audio if a stereo headset is not

used. The pilot and copilot will have use of communications receiver 1 and 3, respectively.

Based on this failure analysis, the PAC45T Audio Controller can be considered as a Minor failure

classification, and Level D hardware development Assurance Level.

However, the customer desired that the Design assurance be conducted to Level C, for consistency across

the aircraft systems.

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



5.0 Hardware Design Life Cycle

Product Design

Certification

Requirements

Manufacturing

Limitations

Competition

Sales

Experience

Customer

Input

Trade Shows

Dealer Visits

Calls

Customer Calls

Available

Technology

Service History

Revealed

Requirements

Expected

Requirements

Value Added

Requirements

Contract

Requirements

Satisfaction

Surveys

Figure 5-1 Typical PS Engineering Design Planning Activity

Figure 5-1 shows the normal PS Engineering design planning for our products.

In the PAC45T, the system and hardware requirements are flowed down from the product definition, and

become the systems/hardware and software requirements. The hardware is designed and verified against

the requirements document.

5.1 Organizational Responsibilities

PS Engineering’s Engineering Manager, Peter Campbell, has the oversight role, and is the principle

hardware designer.

The design verification is accomplished by PS Engineering’s Test Manager, Greg Ledbetter, or one of the

assigned test technicians at his direction. The test plan is created from the design requirements. In

addition, PAC45T development validation is done in accordance with a PS Engineering test plan.

Configuration management of Hardware is maintained by the Engineering Change Order System in

accordance with PS Engineering’s FAA-approved Quality Manual. See §6.4 in this document for

Configuration Management.

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



5.2 Certification Liaison

PS Engineering as a Partnership for Safety Plan in effect with the FAA Atlanta ACO, document 002-015-

0603, revised June 2003. This document describes the ongoing relationship in the TSO Certification. At

this time, PS Engineering does not use Designated Engineering Representatives for TSO projects of this

scale.

Gary Picou shall be the point of contact on the TSOA process. As the PS Engineering Vice President of

Quality Systems, he has overview of the design process, manufacturing and test areas, supplier

qualification and field support as the FAA CRS Accountable Manager. He has direct access to the

engineering resources responsible for design of the article.

5.2.1 Hardware Support for Field Loadable Components

Not applicable. There are no Field Loadable Components.

5.2.2 Product Service Experience

PS Engineering used data collected in Field Service will validate the hardware design. The Certified

Repairs Station (FAA-CRS P34R133O) collects data on each field repair. Reports of all issues relating to

hardware are maintained and reviewed on a regular basis.

Although the PAC45T is a new product, it is based on products with significant field experience (25,000

units) that have been field deployed since the first Audio Controller TSO was granted in 1996.

No credit is sought for Product Service Experience.

6.0 Hardware Lifecycle Data

6.1 Process Sequence and Transition

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



Planning

§ 4.0

Design

§ 5.0

Validation

&

Verification

§ 6.0

Configuration Management

§ 7.0

Process Quality Assurance

§ 8.0

Certification

§9.0

Product

Definition

050-045-5496

PHAC

002-145-2540

Testing to

MOPS

&

Requirements

Hardware

Accomplishment

Summary

002-145-2542

Requirements

002-145-1783

Test Plans

Test Reports

002-145-0214 DO-214 Test

002-145-0160 DO-160 Test

002-445-0500 Unit Test

002-445-1000 Final Test

Product Definition

Complete

CEH Requirements

complete

Transition

CriteriaRTCA DO-254

§ Section

PS E

Document

KEY

Coding is complete.

Code released for

integration in target

devices

All tests passed.

Code release

documents and

checklists complete

Manufacturing release

documents and

checklists complete

002-145-2140 DO-214A Test Plan

002-145-1600 DO-160G Test Plan

Figure 6-1 Code lifecycle sequence and transition

6.2 Hardware Design Plan

The hardware design plan is based on developing the CEH and associated code in accordance with

company standards (002-002-0000) to meet the PAC45T Product Definition, (050-450-0000),

Requirements (002-450-1783) and associated lower level requirements, in addition to certification

requirements and the safety considerations in 14CFR Part 23.1309(c)(3).

Requirements Capture (DO-254 §5.1) and Conceptual Design (DO-254 §5.2)

o PAC45T Product Definition 002-045-5496

Detailed Design:

o PAC45T Requirements Matrix 002-145-1783

Implementation

Production Transition

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



In addition, the CEH device code shall be reviewed and corrected for compliance with RTCA DO-254

objectives.

6.3 Design Standards

The CEH will be developed in accordance with best practices, and the PS Engineering company standards

contained in document 002-178-0300.

IEEE 1164 standard VHDL logic library is used.

6.4 Design Environment

6.4.1 FPGA

The Field Programmable Gate Arrays are a flash-based Actel ProASIC3, A3P family. FlashPro 9.0 is

used to program the target devices.

VHDL Standard: 1076-87

LIBRARY PROASIC3; Using PROASIC3.ALL;

LIBRARY IEEE; Using IEEE.std_logic_1164.all;

6.4.2 PIC

The main Programmable Controller is a Microchip dsPIC33FJ256GP506A, with the tool chain:

MPLAB IDE V8.89

Microchip C30 Toolsuite

MPLAB ASM30 Assembler (pic30-as.exe)

MPLAB C30 C compiler (pic30-gcc.exe)

MPLAB LINK30 Object Linker (pic30-ld.exe)

LIB30 Archiver (pic30-ar.exe)

The alert subsystem microprocessor is a Microchip PIC18LF2525, with the tool chain:

MPLAB IDE V8.89

Microchip C18 Toolsuite

MPASM Assembler (mpasmwin.exe)

MPLAB C18 C compiler (mcc18.exe)

MPLINK Object Linker (mplink.exe)

MPLIB Librarian (mplib.exe)

6.5 Lifecycle Feedback

After the initial prototype is tested and validated, production technicians have additional opportunity to

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



test using the production test procedures, and are also free to perform any additional testing or exercise of

the UUT they may chose. Any anomalous behavior is passed back to engineering for review.

In addition, feedback from test pilots and eventually customers is reviewed, and changes to the code made

if they are determined to be advantageous.

6.6 Configuration Management

PS Engineering uses a 10-digit part number, with a prefix that indicates the type of, the middle three

indicate either a unit or the target of the part number, and the last four have details of the specific

component value. In addition, some drawings and documents can have a revision number or letter trailing.

In the case of Micro Coded devices, there are several points of configuration control applied, which may

be revised independently.

The code configuration document is 002-145-1000

FPGA PIC µController

Article Part Number Part Number Revision Identification

Manufacturer Part

Number

A3P250-QV100 dsPIC33FJ256GP506A-

IPT

None (discrete part number

Code part number 910-085-0001 910-082-0001 Last 4 digits of part number

Configuration

Management Document

(CMD)

002-085-0000_RevA 002-082-0000_RevA Document remains at 0000,

Revision appended

The unit serial tag contains the CEH and Software configuration

.

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



A

A A A A

DSP

FPGA PIC VOX ALERT

Control head PIC configuration

Figure 6-2 - Configuration Label

7.0 Additional Considerations

7.1 Safety Considerations

The PAC45T was designed using Safety Management Systems (SMS) and Risk Analysis, in accordance

with PS Engineering’s FAA-Approved QA Manual, 002-422-1105, and SMS Policy Document 002-727-

0511.

A

PAC45T

RTCA DO-254

Plan for Hardware


Document: 002-145-2540

Date: 2/26/2018

Revision: 1



7.2 Previously Developed Hardware

The FPGA and PIC electronic hardware and the tools used in the PAC45T has been used and proven in

other designs, with TSO approval in 2014 of the PMA450 and the PAC45 in 2017.

7.3 Use of Commercial-Off-the-Shelf (COTS) components

All of the devices used in the PAC45T are Commercial Off –The– Shelf – the design was created and has

been optimized to use commercial components as a way to minimize costs and achieve an efficient supply

chain.

All the COTS components have been verified during development and tested to demonstrate that they

meet the requirements. In addition, a service history is maintained to validate the use of COTS

components as being robust for the application.

7.4 Tool Assessment and Qualification

PS Engineering does not currently use any tools for the hardware verification. Testing is done manually,

and all tests for the FPGA and PIC can be determined and the outcome produced based on established test

matrixes.

Upon installing the executable object code in the target device, a checksum is created that can be verified

against the source code output, further verifying he successful loading process.

8.0 Alternative Methods

No alternative methods are proposed.

9.0 Certification Schedule

Program-Specific Certification Plan and Plan for Hardware Aspects of Certification delivered

electronically to FAA. Event Date Participants

Integration Review Jan. 24, 1019 PS Engineering

System Verification Testing January 3 – Feb. 22, 2019 PS Engineering

Environmental Qualification Testing Jan. 16- Feb. 14, 2019 PS Engineering

Installed Performance Testing Jan. 23- Feb. 20, 2019 PS Engineering

Conformity Review January 3, 2019 PS Engineering

Final TSO Data to FAA Feb. 28, 2019 FAA, PS Engineering

Initial deliveries begin after receipt of FAA TSOA.