System-on-Chip Architecture For Autonomous Driving Systems In Electric Vehicles

English inventor Thomas Parker introduced the first production electric car in 1884. Slower speeds and shorter ranges limited the electric cars of that era. By the early-to-mid 20^th century, gas-powered cars were cheaper to operate, able to travel further and faster than their electric counterparts, and quickly rose to dominance. Since the early 2000s, Tesla has been a pioneer in reviving the electric car by producing the world’s most visible modern, highway-capable, fully electric vehicles (EVs). They have transformed the automotive industry by building the first modern EV platform based on software and wrapped in a slippery aerodynamic design. Today, established automakers and technology-based EV startups are competing fiercely for the market and mindshare.

Electric vehicles, by their very nature, demand technological innovation. Electric car buyers not only expect a product that can travel long distances – it must also look cooler, perform better, entertain more, be quieter, drive itself, be affordable and be safer than ever before. New electric car makers are technology companies that innovate to build cars. Carmakers, or OEMs, are transitioning from more traditional distributed electronic control units (ECUs) to a more centralized domain architecture with central compute. Powerful electronics run by complex software underpin nearly every system. The system-on-chip (SoC) is the single most powerful electrical component in the car that manages every aspect of its domain while at the same time ensuring safe and secure operation. Several significant trends are influencing its evolution.

Extending vehicle range is an important market driver. Novel electric motors and battery technology improve drivetrain efficiency and performance while reducing cost, size, weight and environmental footprint. Wiring harnesses based on higher voltages require thinner, lighter wires. The shift to a more centralized domain architecture means the number of ECUs, boards and chips is reduced, thus saving weight and power consumption.

The second trend is for over-the-air (OTA) updates in response to the essential role of software to control virtually all aspects of vehicle operation. OTA updates lower costs for both the OEM and the owner and improve car functionality by adding autonomous driving capability, updating battery management to extend range, enhancing the digital cockpit experience and patching safety and security issues.

Finally, the industry is rapidly shifting to advanced driver-assistance systems (ADAS) and autonomous driving with SAE L2+/L3 systems on the road today and with L4/L5 on the horizon. Advanced sensor technology for cameras, LIDAR, RADAR, ultrasonic and more are needed to achieve higher autonomous driving levels. Smaller sensors with dramatically improved resolution and dynamic range reduce cost, power consumption and weight.

The complex sensor array feeds domains such as central compute for ADAS and autonomous driving and the digital cockpit which controls dashboard, heads-up-display (HUD) and in-vehicle-infotainment (IVI). An autonomous driving SoC is based on complex central compute hardware which implies that more sophisticated software systems will be employed. There will be an increase in connectivity and in the quantity of data flowing around the vehicle. The increase in connectivity options brings new opportunities such as value-add services and OTA software updates but introduces new risks regarding cybersecurity. Protecting these new interfaces from unauthorized or malicious usage is critical.

Figure 1 shows an abstraction of the major functional components of an autonomous driving and fusion processing SoC represented in the blue-colored boxes. Sensors are used as input to the SoC. The environment perception and objection detection subsystem use high-performance neural network accelerators for fast, accurate sensor data analysis. High-precision mapping locates the car precisely in its environment. Finally, the path and maneuver planning subsystem determines how the vehicle will respond to the environment. Typically, two ASIL B SoCs are deployed to process sensor data simultaneously to achieve ASIL D compliance. Safety-critical signals from each SoC are routed through the on-chip safety manager. The safety manager utilizes ASIL D CPUs configured in dual-core lockstep (DCLS) in concert with other safety mechanisms to detect random failures and correct or control them. Outputs from the safety manager are used to manage the vehicle’s actuators. An on-chip security manager is deployed to protect from malicious attacks. A hardware root-of-trust forms a secure management system operated as a trusted execution environment for secure boot, secure debug, key management and cryptography, and secure management of the boot loader, including the authentication of OTA deliveries before installation.

Fig. 1: Autonomous driving and fusion processing SoC.

Find more information on functional safety and security with software integrity solutions, virtual ECU and prototyping of hardware before the software is available, automotive-grade IP and a safety-aware verification and design solution certified to ISO 26262 ASIL D here.