PCIe IP With Enhanced Security For The Automotive Market

Ensuring that data on the wire is secure from observation, tampering, or replay of packets.

popularity

The automotive industry is undergoing a rapid transformation, with connectivity and automation becoming integral components of modern vehicles. However, this increased connectivity also brings heightened risks. The automotive industry takes many measures to ensure safety for vehicles, but it is crucial to understand that these safety measures are ineffective if the vehicle’s security is compromised. A hacked car can render virtually any safety mechanism useless, posing significant risks to passengers and other road users. Therefore, ensuring both safety and security is paramount in modern automotive design.

As vehicles become more automated with many features and applications delivered through powerful compute platforms, there is a need for more security and higher data bandwidth with low latency, requirements that exceed by far the capability of legacy in-vehicle communication protocols. This has opened the door for Peripheral Component Interconnect Express (PCIe) type technology. Some specific applications driving this are:

  • High-resolution sensing that drives the need for supporting higher data rates between sensors and the centralized processor.
  • Heterogenous computing / AI that needs to allocate different computing tasks to associated compute cores.
  • 360-degree perceptions that needs more automation in order to leverage sensors covering the entire environment in the car.

These are among the requirements fueling the rapidly growing adoption of PCIe as an interface for the automotive industry, based on its ability to meet the high-performance, scalability, and interoperability needs of modern vehicles.

High-level features of PCIe controller with IDE security

The Synopsys PCIe solutions consist of controllers, IDE Security Modules, PHYs and verification IP, enabling real-time secure data connectivity with low-latency and high performance, and a quick integration into SoCs. The PCIe controller supports all required features by the standard and can be configured for Endpoint, Root Port, Dual Mode or Switch Port use cases. The Integrity and Data Encryption (IDE) Security Module provides confidentiality, integrity and replay protection for Transaction Layer Packets (TLP) as defined in the PCIe-SIG IDE specification, ensuring that data on the wire is secure from observation, tampering or replay of packets. It is seamlessly integrated and pre-validated with the controller to provide high bandwidth and low latency solutions, crucial for performance-intensive applications. The IDE Security Module supports maximum throughput in full-duplex and leverages optimized AES-GCM cryptographic cores with 256-bit keys for highly efficient encryption, decryption and authentication of TLP packets, ensuring that data remains secure and unaltered during transit.

PCIe 5.0 IP solutions with IDE Security: A game changer for automotive applications

Synopsys solutions continue to push the boundaries of PCIe technology with standards compliant and feature rich solutions, including integrated IDE security to provide data confidentiality, integrity, and replay protection. Besides the company’s existing IP offerings for leading-edge standards like PCIe 5.0,  PCIe 6.0 and even PCIe 7.0, Synopsys is now also introducing automotive-grade PCIe 5.0 IP solutions with IDE security. PCIe 5.0, which was already available as a robust offering for high-performance computing and data centers, has now been tailored to meet the stringent requirements of the automotive market, focusing on functional safety and cybersecurity in compliance with ISO 26262 and ISO/SAE 21434 standards.

Fig. 1: Overview of Synopsys PCIe 5.0 IP solutions.

The international ISO 26262 standard focuses on the functional safety of electrical and electronic systems in production automobiles. This standard is critical for addressing potential hazards that could arise from the malfunctioning of these systems, thereby ensuring the safety of both drivers and passengers. ISO/SAE 21434 is dedicated to the cybersecurity process of road vehicles. This standard offers a comprehensive framework for managing cybersecurity risks throughout a vehicle’s lifecycle, from design and development to production, operation, and decommissioning.

ASIL B compliant PCIe 5.0 controller with IDE security: Safety mechanisms

Synopsys’ PCIe IP solutions for automotive applications incorporate a range of safety mechanisms to align with the ISO 26262 standard, ASIL B level, to protect against permanent and transient faults that can occur unpredictably during the lifetime of an automotive system. The ISO 26262 safety mechanisms incorporated in Synopsys’ PCIe IP solutions include:

  • Safety AUX – Dual Rail Architecture: Two separate power rails are used to ensure redundancy. The Safety Monitor checks these rails for parity to detect any inconsistencies.
  • Comparators – Self-Checking: Comparators used in the system are designed to perform self-checks to ensure they are functioning correctly, enhancing fault detection capabilities.
  • Safety Monitor Registers – Parity Protected: Registers used by the Safety Monitor are protected with parity bits, allowing for the detection of single-bit errors.
  • Safety State Machines – One-Hot-State Machines: One-hot-state machines are used to ensure that only one state is active at a time, simplifying error detection and improving reliability.
  • Advanced Peripheral Bus (APB) – Parity Protected: The APB is protected with parity bits to detect single-bit errors during data transfers.
  • Diagnostic Error Injection – Supported via Software: The system supports diagnostic error injection through software, allowing for the testing and validation of safety mechanisms by simulating faults.
  • Error Correction Code (ECC) Error Injection – Supported via Software: Error injection for ECC is supported via software, enabling the simulation of errors to test the system’s error correction capabilities.
  • Processing Monitor – for timing events: The Processing Monitor detects additional processing lock-up errors, enhancing the safety fault detectability for any PCIe transfer type.
  • Logic Built-In Self-Test (LBIST) – External, Mandatory at Boot: External LBIST is mandatory to run at boot time to verify the integrity of the logic circuits, ensuring that they are free from faults.

Comprehensive safety documentation

Synopsys provides extensive safety documentation for its PCIe 5.0 controller with IDE security, which is indispensable for achieving ISO 26262 compliance, ASIL D level, to protect against systematic faults that can occur during the development process. The documentation ensures regulatory adherence, enhances traceability, aids in risk management, supports continuous improvement, and facilitates stakeholder communication. Synopsys provides amongst others:

  • Quality Manual
  • Design Failure Mode and Effects Analysis (DFMEA)
  • Failure Modes, Effects, and Diagnostic Analysis (FMEDA)
  • Safety Manual
  • Dependent Fault Analysis (DFA)
  • Safety Case Report
  • ISO 26262 Assessment Report

Deliverables related to the ISO/SAE 21434 standard

Similar to ISO26262, in order to comply with the ISO/SAE 21434 standard, which focuses on cybersecurity for road vehicles, Synopsys has implemented a rigorous and certified cybersecurity process. Synopsys also provides an additional set of comprehensive deliverables designed to ensure robust security throughout the lifecycle of its PCIe IP solutions. Here are the key deliverables related to ISO/SAE 21434:

  • Cybersecurity Interface Report
  • Security Risk Analysis Report, Including Threat Model
  • Cybersecurity Case Report
  • Cybersecurity Assessment Report
  • IP-SIRT (IP Security Incident Response Team) Services

These deliverables ensure that Synopsys’ PCIe IP solutions not only meet the functional safety requirements of ISO 26262 but also adhere to the stringent cybersecurity standards of ISO/SAE 21434. By providing comprehensive documentation and ongoing support, Synopsys helps its customers integrate secure and reliable PCIe IP solutions into their automotive applications.

Conclusion

With more than two decades of experience in PCIe designs, and dozens of customers using Synopsys automotive grade controllers, Synopsys provides designers with IP solutions for the world’s most advanced vehicles. The comprehensive solution, including PHY, Controller with IDE, and verification IP, offers ADAS and IVI SoC designers the seamless integration they need to speed their time to market. Now, the Synopsys PCIe 5.0 IDE automotive solution sets a new benchmark in the automotive industry by integrating functional safety and cybersecurity measures that comply with ISO 26262 and ISO/SAE 21434 standards. This advanced solution not only meets the growing demands for safety and security in automotive applications but also aligns with global legislative trends, ensuring that modern vehicles are both safe and secure. For more information about the PCIe 5.0 IDE solution, please visit its webpage.



Leave a Reply


(Note: This name will be displayed publicly)