This article was originally published on newelectronics by Silicon Motion.

Automotive functional safety has long predated autonomous and software-defined vehicles (SDVS).

As vehicles of all types become more digital, increasingly advanced features drive the demand for more memory and storage, which must meet stringent reliability and safety requirements.

These requirements are essential considerations for automotive systems designers as semiconductor content has become more pervasive; they must adapt to architectural shifts within automotive systems, delivering more functionality while also thinking about functional safety, reliability and security.

The evolution of automotive electronics is increasingly being driven by SDVs, which now include more advanced infotainment systems, driver assistance systems (ADAS), electric vehicle (EV) power systems and over-the-air (OTA) capabilities. Vehicle-to-Everything (V2X) capabilities enable the vehicle's software to be upgraded overnight and download more detailed, up-to-date navigation information. Data can also be collected from the vehicle to diagnose a specific problem or gather system performance data over time.

Architecturally, SDVs are taking a more "zonal" approach, which groups functions together and centralises compute, even as more data is collected from sensors and nearby networks. Data growth combined with the addition of new features and services has led to the proliferation of electronic control units (ECUs) linked together with complex networking.

Moving to a zonal architecture makes the vehicle more programmable, but this programmability through software requires more hardware. More computing means more semiconductor content, even as the number of ECUs and other computing devices is consolidated.

Aside from leading to more centralised data storage and increasing demands on internal connectivity, SDVs highlight the need for functional safety, reliability, and security.

Functional safety intersects with security

Functional safety and reliability have long been irrevocably intertwined, but with the emergence of V2X capabilities, so is cybersecurity.

Bad actors can attack a connected car, as every vehicle has potential access points. Each networking, memory and storage device represents an attack surface, and V2X capabilities bring unique security challenges. A vehicular network comprises heterogeneous nodes, various speeds and intermittent connections, and traditional security methods are not always adequate.

Because cybersecurity rides alongside functional safety, there are many mundane ways that an SDV can be vulnerable. Using open-source software in the automotive industry can allow hackers to exploit shared system code that targets multiple vehicle models.

However, as with all computing, software is not the only vector for threat actors who want to wreak havoc within a modern vehicle. Increasingly, hardware is a target for tampering and must be inherently secure to effectively contribute to overall functional safety, which is why designers must consider cybersecurity standards along with those that govern functional safety and reliability.

Digitisation raises safety stakes

As vehicles became more digitised and reliant on electronics, key standards governing automotive functional safety have been introduced. The emergence of autonomous vehicles and the growth of the EV market have required that these standards be refined and expanded.

Functional safety begins at the development phase, covering product specifications, production implementation, integration, verification, validation, and final release. A critical element of any automotive functional safety program is evaluating risk, including potential hazards and hazard scenarios.

Typically, an automotive OEM conducts a Hazard Analysis and Risk Assessment (HARA) on any vehicle-level features to determine the risk reduction level required for each potential hazard identified, including the likelihood and duration of a hazard during specific driving scenarios, and what the consequences might be in the event of a malfunction or failure.

HARAs don't go as deep as the component level, but because semiconductors have become core building blocks of the modern vehicles, memory and storage devices must be automotive grade –they must handle harsh environments ranging from hot to cold, as well as handle vibrations.

The semiconductor industry has its safety standards that must be followed even before applying others related explicitly to automotive through a concept known as Safety Element Out Of Context (SEooC), which is a bottom-up approach for developing software, hardware or system elements – it can span across different items and vehicles.

In addition, a systematic analysis technique known as failure modes, effects, and diagnostic analysis (FMEDA) is used to determine subsystem/device level failure rates, failure modes and diagnostic capability. FMEDA looks at all design components, including their functionality, failure modes of each element, the effect of any component failure mode on the device functionality, and the ability of any automatic diagnostics to detect the failure. The FMEDA technique can predict failure rates per defined failure modes, which can be used to establish compliance with automotive functional safety standards.

Automotive safety standards expand to cover memory, computing

Several standards govern automotive functional safety that relate both to software and hardware.

Key among them is ISO 26262, which outlines guidelines to minimise the risk of accidents and ensure that automotive components perform their intended functions correctly and at the right time. ISO 26262 also lays out Automotive Safety Integrity Level (ASIL) ratings ranging from "A" for low risk to "D" for high risk – failure of a steering control system during driving is considered high risk. ASIL ratings are becoming increasingly important as vehicles become more autonomous – ASIL-D compliance is essential for supporting Level 5 autonomy.

Other standards relevant to functional safety are the AEC-Q100 standard, which ensures the safety of electronic parts by focusing on reliability, including stress testing for integrated circuits in automotive applications.

Because ISO 26262 doesn't account for systematic errors such as software flaws, Automotive SPICE, or ASPICE, has emerged as the current standard for automotive software best practices. However, it has yet to be globally adopted. Software Process Improvement and Capability Determination (also known as ISO/IEC 15504, or SPICE) is a framework for software process assessment, designed to evaluate development factors that allow assessors to determine an organisation's capacity for effectively and reliably delivering software products.

ASPICE applies this framework to the automotive industry and defines best practices for embedded software in automotive development. It differs from functional safety standards such as ISO 26262 in that it covers how design is conducted if safety is not considered. Automotive designers should incorporate ASPICE and ISO 26262 guidelines to ensure effective safety practices.

The introduction of ISO/SAE 21434, meanwhile. Reflects the emerging need to design vehicles that are protected against cybersecurity threats. It can cover hardware such as an automotive System-on-Chip (SoC), software or the design tool used to develop a modern vehicle.

As NAND flash has become the workhorse for automotive applications and shows up in many forms, it must be highly reliably when used for mission-critical applications, which means it must also conform to standards such as AEC-Q100 so it can weather extreme environmental conditions, as well retain data in the event of sudden failure that a collision could cause.

Given the connected nature of SDVs, automotive NAND devices must also be inherently secure, as any tampering can impact safety, which is why AES-256-bit full disk encryption is being implemented for secure storage and over-the-air updates.

NAND flash performance alongside reliability

The functionality, safety, reliability and security of NAND flash devices in automotive applications are dependent on many system elements, including controllers.

Silicon Motion's automotive-grade controllers comply with multiple international functional safety and reliability standards, including AEC-Q100, IATF 16949, ISO 26262, and ASPICE. The adherence to these standards reflects that designers are developing infotainment systems for fully connected, data-driven, and intuitive in-car experiences – immersive entertainment, immersive infotainment, and ADAS supported by V2X capabilities depend on robust, high-performance data storage.

The company's automotive grade eMMC, UFS and SSD controllers share many of the same capabilities as those controllers for other applications, while also supporting extended temperature, exhibiting low Defected Parts Per Million (DPPM), and are designed with the ASPICE standard compliance in mind.

Silicon Motion's controllers undergo rigorous testing, including compliance with AEC-Q100 Grades 2/3, ISO 26262, ISO 21434, and IATF 16949 certifications.

The latest SSD controller, the SM2264XT-AT, is the first in that it was specifically designed for automotive applications with support for Single Root I/O Virtualisation (SR-IOV). The built-in SR-IOV feature makes the SM2264XT-AT an excellent fit for future vehicles that require implementation within a centralised architecture.

The SM2264XT-AT also supports up to eight virtual functions, significantly reducing the CPU's burden by efficiently managing multiple virtual machines that access the SSD simultaneously. This feature is critical for software-defined vehicles, where reducing latency and ensuring fast response times for various applications is paramount.

Like all of Silicon Motion's automotive-grade offerings, the SM2264XT-AT undergoes rigorous testing and adheres to various automotive processes and certifications, including AEC-Q100, ISO 26262 ASIL-B ready certification, IATF 16949 certification for supplier chain compliance, and ASPICE CL3.

As connected cars become more complex with V2X capabilities that support onboard intelligence and full autonomy, demands on memory and storage will only increase, which means designers need solutions including storage and controllers that are architected with a functional safety mindset.