How to achieve functional safety and information security of mainstream chips?

As vehicle networking gradually becomes an important development direction for future vehicles, the information security issues brought about by vehicle networking are becoming increasingly prominent. The importance of functional safety and information security has been brought to the forefront in the current period of technological development and change. Zhicong Technology has invested resources in the development of information security-related software since the end of 2017, and has accumulated rich experience and relevant technical reserves.

With years of rich experience in the field of automotive software security and cooperation experience with well-known chip manufacturers, Zhicong Technology also has deep insights into the functional safety and information security issues of mainstream chips.

Dedicated to the industry for several years, responding to new challenges in automotive safety

The electrification and intelligent development of automotive electronic control systems are becoming increasingly complex, safety requirements are becoming increasingly higher, and automotive functional safety is receiving more and more attention.

In order to achieve engineering safety goals, it is necessary to analyze road vehicle application scenarios through HARA analysis, degrade and decompose safety goals, distinguish between acceptable risks and unacceptable risks, and keep the possibility of hazards below the risk limit.

In this context, Zhicong Muniu launched the SafetyFrame functional safety product, providing a complete basic software platform solution for the development of automotive electronic controller products.

Image source: Zhicong Technology

In 2017, Zhicong began to devote itself to functional safety development and launched its first product SafetyLibrary adapted to MPC chips in 2017. In 2019, Zhicong Muniu launched the SafetyFrame product and has been expanding its product line year by year. So far, it has been adapted to multiple chip models from manufacturers such as NXP and Infineon, and launched the ASIL-D functional safety certification for this product in January this year.

Know about Muniu functional safety products: SafetyFrame

Zhicong SafetyFrame is a chip functional safety library software package that is configured through the interface of the Zhicong Muniu platform host configuration tool. It is based on ISO 26262-10 to develop independent safety units (SEooC) to complete the design of built-in safety mechanisms for key components Module based on AOU diagnostic coverage requirements, and customizes the development of functional safety libraries and software architectures for MCUs and SBCs in automotive controllers.

The functional safety of automobiles embodies the principle of the wooden barrel: the degree of safety depends on the "lowest point". Only when the entire system reaches a certain safety level can a higher functional safety level be achieved in the end.

Zhicong Muniu SafetyFrame includes three major components: SF.SBC, SF.MCU, and SF.Architecture, which are System Basis Chip driver package, MCU Safety Library software package, and hierarchical scheduling and management by component module deployment level. Different functions are deployed at different levels, fully considering the application needs of program flow monitoring and shutdown path design.

MuNiu SafetyFrame software three-layer architecture Image source: Zhicong Technology official website

The product features integration into software engineering as an AUTOSAR Complex Driver component, compatibility with semiconductor supplier MCAL driver packages, and support for ASIL-D functional safety level. Thanks to its strong correlation with the underlying chip, SafetyFrame can be adapted to different chips, and has a certain degree of compatibility with the functional safety levels of different chips, and can meet different functional safety level requirements. According to the ASPICE software development process, traceability is achieved from customer requirements, MCU Safety Manual, safety library code, and test reports.

The EGAS Monitoring Controller monitoring mechanism is combined in the independent design of the Safety Frame safety software architecture. The SwLib self-test library Safety Mechanism implements software program flow monitoring and includes E2E functions. The calling interface is flexible and reduces the customer's redevelopment workload. The chip self-test library TestLib supports customized development of each module and can be tailored as needed, with streamlined code and reduced software capacity.

Zhicong Muniu configuration tool supports AUTOSAR 4.2.2 and AUTOSAR 4.4 standards. SafetyFrame can not only be adapted and integrated into various AUTOSAR solutions, but also has good software integration compatibility for non-AUTOSAR software architectures of some customer ECU products.

Image source: Zhicong Technology

Currently, Muniu SafetyFrame has been adapted to multiple chips. Based on the above product functions and features, this product can be applied to automotive controllers that require functional safety ASIL levels, such as BMS, ADAS, smart gateway controllers, and body domain controllers.

Configuration tools based on the "V model" help efficient development

In the automotive industry, ISO 26262 integrates functional safety development into the well-known "V model" development process. The "V model" can be simply summarized as three steps: determining requirements, implementing requirements, and verifying requirements. Zhicong Technology's software development also follows this process.

In the demand analysis phase, we first take customer input and chip security mechanism as demand input, including demand number, corresponding security mechanism, etc. Then we analyze each demand one by one, including implementation method, verification criteria, potential risks, operation stage and other analysis contents.

The next stage is to confirm the requirements analysis documents and related review records, that is, to confirm the two-way traceability and consistency between system requirements and software requirements. Specifically, the context can be traced by number in the requirements tracking table.

The next process is architecture design. The SafetyFrame software architecture mainly consists of three parts: ESM Driver, SMU Error Handler, and SBC Driver. Among them, the ESM Driver module is used to implement the ESM safety mechanism inside the MCU. The ESM Driver includes the Test Manager module, the TestLib module, and the DriverLib module; the SMU Error Handler module is used to implement fault handling measures; the SBC Driver module is used to implement the driving of external chips and power chips, as well as some functional safety mechanisms.

Generally speaking, the architecture design document includes architecture overview, requirement traceability, software dynamic design, software static design, performance design, etc. Dynamic design includes program flow, data flow, etc., while static design is used to describe the interface design between modules or the interface design between the entire module and the RTE layer. Performance design is used to describe resource utilization, such as space and time utilization.

After completing the architecture design, the next step is detailed design, which includes the following:

First, a functional overview describes the security mechanisms applied by specific modules.

Second, the structural legend is used to describe the relationship between the process and structure of a module and is represented by a legend.

Third, unit design. In embedded software engineering, the smallest unit is usually a function, so the unit design here refers to the structural variables of each function and its corresponding traceability number.

Image source: Zhicong Technology

The right side of the "V model" is the software testing phase. The software testing phase is divided into unit testing, integration testing, and software approval testing. In the integration test, the configuration tool of Muniu SafetyFrame plays an important role.

The Zhicong Muniu configuration tool is developed based on the latest ARTOP architecture and provides a full set of BSW configuration and RTE generation functions. The solution is compatible with the mainstream standards in the industry, and its tool interface is relatively close to the mainstream configuration tool interface on the market, providing a friendly human-machine interface for ECU controller software development. And the configuration code generated by the solution can be integrated into the project to realize custom configuration functions. The tool can configure each module in SafetyFrame to meet different configuration requirements.

Zhicong Muniu information security products: Cybersecurity Lib

As intelligent connected vehicles are booming around the world, vehicle networking has gradually become an important development direction for future vehicles. The information security issues brought about by networking also exist in connected vehicles. Car manufacturers and design and development personnel will have to implement high-demand information security measures on the vehicle's electronic and electrical architecture. Zhicong Technology has invested resources in the development of information security-related software since the end of 2018, and has accumulated rich experience and relevant knowledge reserves.

The static architecture of the Muniu Cybersecurity Lib software. Image source: Zhicong Technology official website

The Muniu Cybersecurity Lib developed by Zhicong Technology for the Infineon TC3xx series includes the kernel firmware (zHSM CORE) and the client application interface function (SHE CD) of the hardware encryption module (HSM). In addition to satisfying the conventional SHE functions such as key injection, symmetric encryption and decryption, message authentication code generation and verification, random number generation and secure boot, the kernel firmware can also expand multiple algorithms such as HASH and ECC256. Muniu Cybersecurity Lib is highly scalable and can be upgraded and redeveloped according to different project requirements to meet diversified information security needs.