Graphic and text explain the car-level safety design requirements behind the car dashboard

“The continuous increase in the number of Electronic components in vehicles not only increases the failure rate, but also brings greater risks to drivers and passengers. This increase in risk forces the automotive industry to incorporate functional safety standards into automotive design.

“

The continuous increase in the number of electronic components in vehicles not only increases the failure rate, but also brings greater risks to drivers and passengers. This increase in risk forces the automotive industry to incorporate functional safety standards into automotive design.

The ISO 26262 standard specifies the functional safety requirements for the entire life cycle of in-vehicle electronic equipment. It provides automotive safety integrity level (ASIL) risk assessment from A to D for automotive systems/components, with D being the highest. The specific requirements of ASIL vary with different applications. The car dashboard must Display key information from various sensors and actuators in the car, and must comply with ASIL B level standards. There are also information displayed on the dashboard, such as brakes, indicators, and transmission gear selector (PRNDL) information, which must also comply with the ISO 26262 functional safety standard.

Advanced automotive dashboard technology

In order to simplify and accelerate development, the new generation of instrument panel technology adopts functional safety key technologies to provide a complete development platform that meets the ISO 26262 standard for automotive applications. For example, the reconfigurable digital dashboard shown in Figure 1 is equipped with a 1280×480 resolution display supported by the automotive MCU. In addition, the dashboard also uses fail-safe NOR flash memory and a graphical human-machine interface (HMI) that meets all functional safety requirements.

Figure 1: Automotive dashboard solutions that meet the ISO 26262 standard

Main system characteristics

The new generation of automotive dashboards must not only have high performance, but also ensure safe and fault-tolerant operation. They need to detect and correct all safety-critical graphics, and then display these graphics on the screen. Graphics storage in these systems plays an important role in supporting key requirements, including supporting a safe and fast startup process.

1. Safe boot

The first requirement is a safe start. In many modern dashboards, automotive MCUs are paired with NOR flash memory devices to store startup codes and graphical content. If a power failure occurs during initialization or configuration, the NOR flash memory device may be damaged or unable to respond in some cases. The use of fail-safe NOR flash memory can prevent operational failures. It can report device initialization failures and configuration failures, and provide methods to recover from failures.

2. Instant start

The second required dashboard function is “instant start.” The dashboard display should be able to display accurate data immediately after power-on or reset, and there should be no delay. By combining the automotive MCU with the high-speed NOR flash memory controller, and designing a high-efficiency graphic display scheme, instant startup can be achieved.

3. Security graphics monitor

As discussed earlier in this article, all displays that comply with ISO 26262 ASIL Class B functional safety requirements need to adopt error-proofing mechanisms for warning lights, signals, and gear indications on the virtual dashboard. The driver must keep track of whether the dashboard is working properly. For example, the dashboard must be able to monitor and detect safety-critical images/symbols (see Figure 2a).

The graphic monitor that meets the safety requirements should be able to display and output for each frame, and check the safety-critical content characteristics in it. If safety-critical content is damaged, the system should generate different characteristic indicator lights for the damaged content and use warning messages to alert the driver (see Figure 2b).

Figure 2a: Correct brake indicator light

Figure 2b: Failure of the brake indicator and safety monitoring alarm

4. Image correction

Another key requirement for the dashboard is to have image correction capabilities. Any practical dashboard should use NOR flash memory devices to store the displayed images and provide error detection and correction functions. Figure 3a and Figure 3b reflect this concept. In this example, we deliberately combined the damaged low beam indicator image with the ECC symptom code of the correct image and stored it in the NOR flash memory device. If we disable the error correction function in the NOR flash memory device, a blurred and damaged low beam indicator image will be displayed (see Figure 3a). If we enable the error correction function in the flash memory device, the corrected icon will be displayed (see Figure 3b).

As shown in the figure, by monitoring and correcting safety-critical display information to ensure accuracy, NOR flash memory technology will further improve the level of safety.

Figure 3a: Indicator image display after disabling NOR flash ECC

Figure 3b: Indicator image display after enabling NOR flash ECC

Figure 4 shows a schematic diagram of a dashboard that uses NOR flash memory to access image data in a way that meets security requirements.

Figure 4: Dashboard system solution

Functional safety in the dashboard MCU

Functional safety dashboard MCUs, such as Cypress Traveo II, are an important part of a dashboard system that meets safety requirements. They combine traditional MCU functions with graphics functions in a single component. The MCU complies with the ISO 26262 standard in terms of functional safety, and provides support for safety-related IP such as watchdog, clock manager, low-voltage detection, CRC engine, timing protection unit, and peripheral protection unit.

In addition, software also plays an important role in functional safety. Dashboard platforms such as Altia ISO 26262 and the Altia Security Monitor (ASM) for automotive embedded images use feature units in the dashboard MCU graphics subsystem to check safety-critical content features. Table 1 shows some of the functional safety functions of the dashboard MCU.

Table 1: Functional safety within Traveo II MCU in the dashboard

Functional safety in NOR flash

NOR flash memory is the most reliable non-volatile memory. Millions of cars driving on the road have confirmed this. Nevertheless, the ISO 26262 standard still requires automakers to detect any failures that may occur to ensure functional safety. NOR flash memory designed for functional safety, such as Semper NOR flash memory provided by Cypress, integrates the key safety features of automotive systems. Taking Semper as an example, it is a device that has reached ASIL B level and is about to meet ASIL D requirements. It has good durability, program/erase cycles up to more than 1 million times, and data retention capacity for up to 25 years, even under extreme temperature conditions. NOR flash memory has a density of up to 4Gb and supports Octal and HyperBus interfaces compatible with QSPI and JEDEC xSPI standards. These two interfaces can provide up to 400MB/s throughput. Table 2 shows all the safety mechanisms and diagnostic functions supported by functional safety NOR flash memory.

Table 2: Functional safety details of Semper NOR flash memory

Functional safety of the software part

HMI software like Altia can confirm the correct display of functional safety content as needed. Its general embedded software application reaches ASIL B level and provides monitoring functions for safety-critical objects in HMI. It is developed according to the ISO 26262 standard and the ASIL B level standard, and ensures that it meets the requirements of the ISO 26262 standard by checking the safety-critical content characteristics in each frame of the display output.

By incorporating functional safety into the dashboard MCU, non-volatile memory, and embedded software, developers can quickly design complex automotive applications that meet safety requirements.