Download - 20140211 critical-electronics-for-aircraft
CISEC 2014 Conferences – Critical Embedded Systems
Electronics for Aircraft – Avionics
Feb. 11, 2014
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Presented by: Philippe PONS
Airbus Avionics & Simulation Products
Electronics Senior Expert
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Electronics for Aircraft – Avionics Summary
• Introduction
• Context
• Some significant aeronautical constraints / requirements – Impacts on
electronics and avionics equipments development
• Design and development processes
• Conclusion
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 2
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Introduction
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 3
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Introduction – Overview of Avionics & Simulation Products
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 4
A330/340
A300/310 A319/20/21
A380
Design of 10 to 15% of Aircraft Electronics to acquire
expertise and support Programmes, Procurement, Engineering regarding the
other 85 to 90%
Focus on domains which are difficult, and/or sensitive & critical, innovative
• Flight Control
• Warnings
• Maintenance
• Communication
6000
equipments /
year
• Avionics & Simulation Products (EYY): AIRBUS Centre of Competences
for on-board Electronics and Software in real time applications
Cover the whole life cycle: development, production, sales & customer support
Avionics
simul
ation
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Context (1/5)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Embedded electronics: high growth since 20 years
Electronics overruns the Aircraft and brings intelligence, control precision,
performance, flexibility, reliability…
Cockpit
commands Flight
computers
Actuators
Aircraft
sensors
Examples: Fly-by-Wire, Cockpit
Page 5
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Context (2/5)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Nevertheless, low percentage of the worldwide electronics industry
o Dominated and ruled by high volume and low cost oriented applications (ex.
consumers, telecom)
Note:
- Aerospace: below 1% of global component market, almost stable
- Automotive: ~8%, growing
oCharacterized by rapide changes (ex. electronic components technologies, component
manufacturers buyout…)
• But high level of contraints & requirements for on-board applications
A300 A340 A380
Page 6
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Context (3/5)
• Markets have drastically different characteristics
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 7
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Context (4/5)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
- Enabling new functions, allowing higher performance and integration with reduced cost
• But
- Often implemented on commercial applications, high volume, low constraints, and not initially adapted to needs & requirements of on-board systems
- Sometimes, limited access for European Actors (growth in US, Asia, access / export limitation)
- Adding higher complexity (IS; EMC; hot spot,...), PCB, assembly vs.comp. packages, certification, maintenance / investigations), obsolescence, potential counterfeiting issues, reliability risks,...
How to proceed to remain competive in development / production of on-
board electronics & equipments?
Adapt to the technologies, components, … market trends & use
appropriate processes
Grasp opportunities offered by advanced & emerging technologies and
propose innovative solutions to keep a competitive advantage
© Freescale Semiconductor, Inc. 2008
Satisfy specific constraints / requirements of Avionics
Page 8
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Context (5/5)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Major drivers:
• Use of COTS components and widely ‘shared’ technologies (avoid “niches”)
• High performances (electrical; functional ex. processing, power efficiency with
increase of the frequency, …; less energy; …)
• High integration for smaller
• size & volume and smaller weight
• High reliability and safety in compliance with the requirements for embedded
electronics
• Performance & compliance with environmental constraints (thermal, EMC,
cosmic radiation,…)
• Regulations: certifications, environmental directives (ex. RoHS, Reach)
• Complexity and development cycles mastering – design maturity
(model based techniques, modeling & simulation , verification,…)
• High industrial maturity (Entry in Service)
• Long term availability High life time (~15 years to > 30 years)
• Lowest costs
• Low and medium manufacturing volume / mass-production
Page 9
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Electronics for Aircraft – Avionics Summary
• Introduction
• Context
• Some significant aeronautical constraints / requirements – Impacts on
electronics and avionics equipments development
• Design and development processes
• Conclusion
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 10
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Some significant aeronautical constraints / requirements – Impacts on electronics and avionics equipments development
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Service life o Electronic components (as example)
Environmental conditions (thermal, mechanical… EMC, atmospheric
radiation, …)
Safety
Reliability
Maintainability and Testability
Certification
Page 11
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Service life
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Service life of equipment is the time at which it is no longer physically feasible
or economically considered as rentable to repair or overhaul the equipment
to acceptable standards
Example: 150 000 flight hours, 30 000 cycles or 25 years
High impacts on:
- Electronic components and technologies (ex. manufacturing technologies) selection
- Electronic providers selection and follow-up
- Manufacturing & test means (industrialization)
- Documentation set volume to preserve product knowledge
201x + 5
EIS
200X + 30
Equipment End of Service Life
200X
Equipment
design
Kick-off
EIS: Entrance In Service Page 12
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Service life – Electronic components management
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Context:
Electronic components is the “raw material” for an electronic equipment: “to make
a good dish, good ingredients are needed”
Ensure >25 years life cycle (service life)
Design
Raw
materials Final product
Page 13
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Service life – Electronic components management
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Need to manage electronic components to ensure:
Right component for the right function: market trends, durability,
reliability (e.g. failure mechanisms vs. new technologies), sensitivity to
atmospheric radiation…
Continuously supply A/C for 25 years: expertise and audit of components
suppliers and manufacturers, obsolescence management and durability
control of components (if stocks), counterfeiting avoidance (supply through
approved network highly recommended)
International Specification IEC/TS 62239-1 “Process management for avionics
– Management plan – Part 1: Preparation and maintenance of an electronic
management plan” defines requirements for selecting and managing
electronic components (COTS and specific) in compliance with the end
application
COTS: Commercial Off-The-Shelf Page 14
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Service life – Electronic components management
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
PREVENT DETECT SOLVE
Obsolescence management
PREVENT Obsolescence
- Select Electronic Components among “golden rules”
- Manage selection for design with a Preferred Parts List
- Define design margin in order to allow easier parts replacements
- Perform BOM analysis in order to validate components choices
- ...
DETECT Obsolescence - Perform technical components suppliers survey : meetings, visits, audits, ...
- Identify availability information within the components database,
- Conduct yearly obsolescence analysis and plan for each product
SOLVE Obsolescence
- Identify replacement solutions & impacts on design (qualification level)
- Decide the mitigation solutions : short / mid / long – term redesign, stock,
- Update obsolescence plan
- ...
Page 15
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: Mechanical & climatic requirements
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Requirement’s magnitude and applicability depend on equipment category
Temperature & Vibration are main constraints for on-board electronic equipments
requiring:
• Cooling analysis & solution (vs. for ex. acceptable components Tj)
• Mechanical analysis & assembly solution
• Performance margin definition
• Component selection & sort
!! Impact on weight
•Temperature (ex. E-bay) o Storage: -55°C / +85°C
o Operation: -40°C / +70°C
ambiant, air forced
o Loss of cooling: 30mn @
+55°C ambiant; 8h @ +40
or +45°C
• Temperature Variation
• Altitude/Pressure (if required)
• Humidity
•Shocks (ex. E-bay) o 6g
• Vibration o Random vibr. 1,68gRms /
10 – 400Hz
• Constant Acceleration •10g
•Fluids
•Sand and Dust
•Fungus Resistance
•Salt Spray
•Icing
•Flammability/Smoke/Toxicity
Typical examples
Page 16
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: Transients and Electromagnetic (EMC) requirements
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Transients
• Lightning strike attachments to the aircraft surface
• On aircraft switching of electrical loads and electrostatic discharges
• Radio Frequency Energy
• Those generated externally (example: high intensity radiated fields and
aircraft on-board transmitters)
• Those generated internally (example: emissions from neighbouring
systems and electronic equipments)
High impact on equipment design:
- Input/Output protections
- Specific filters design
- Strict packaging and electronic design rules/guidelines (vs. EMC
emission, immunity)
EMC: Electro-Magnetic Compatibility Page 17
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: EMC Emission and Immunity (Susceptibility)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Electronic boards are the central issue of the avionic EMC
• Components may be both perturbing (guilty) and perturbed elements
(victim)
Page 18
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: EMC activities within equipment development
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Environmental & Functional
HW assembly Specification
Preliminary Design
Phase 1 Integration / Verification
Qualification Changes
Management
packaging Specifications
Preliminary Design
Packaging Design
implementation Verification
Environmental & Functional Board
Specifications Preliminary Design
Electrical Diagram Design, physical
design, place and route
Implementation (board prototyping)
Verification
Functional FPGA
Specifications
Preliminary Design
Detailed Design, coding,
synthesis, place and route
Implementation (programming)
Verification
System level
Equipment level
Packaging level
Board level
FPGA ASIC level
HW Planning and development
Modification / Configuration management
Certification liaison (airborne HW)
V&V HW process and quality
assurance
Integral processes (applicable at each level)
- Electrical grounding network drawing -Lightning protection and BCI filtering architecture - Mechanical design requirements
- Architecture
and
technological
choices
- EMC Mock-
ups
- Signal
intergrity
Simulations
- Schematic
diagram checks
(Analysis
report)
- Signal
intergrity
Simulations
- PCB Design
checks
- CAD
Contraints
Notes
- Board checks
(signal integrtiy,
...)
- Equipment
checks
(robustness
tests)
Page 19
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: EMC compliance (example)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
EMC compliance in a functional objective
Comply with the EMC standards
Functional improvement at design level
Page 20
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: Atmospheric radiation
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Atmospheric Radiation Requirements
ALTITUDE
1. 106 Ft (330 Kms) Orbit of the space shuttle
~ 39 000 Ft (12 000 m) Aircraft Altitude
INTERACTION WITH ATMOSPHERIC ATOMS
(Oxygen + Nitrogen)
RADIATIVE ENVIRONMENT
AT THE FLIGHT ALTITUDE
PRIMARY PARTICLES ISSSUE FROM
COSMIC RAY
(protons : 87% - helium atoms : 12% - Heavy
Ions : 1%)
For highly integrated electronic, consequences of the radiation impacts may be modifications to
logic states SEU/MBU in memory cells or registers : Safety-Reliability-Availability impacts
Order of Magnitude to consider: with 200MBytes embedded memory, 1 Upset by flight hour
Impact on equipment design:
• Architecture
• Component selection
• Mitigation techniques
Filter (Terrestrial Magnetic Field + Solar Wind)
Page 21 SEU: Single Event Upset
MBU: Multiple Bit Upsets
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: Atmospheric radiation effects
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Neutron
Collisions in
atmosphere
High energy particles
SEU (Single Event Upset) are
concerning sequential logic
(RAM cells and Flip-Flops)
Where bit flip can occur and
remain “stored”
SEU sensitivity depends on many
parameters:
Technology(CMOS, Particle energy,
particule flux (function of altitude,
latitude), type of cell (RAM, flip-flop),
cell design, ...
Sensitive volume: nuclear reaction parasitic currents
SEU cross section:
• Intrinsic parameter of a chip/circuit that specifies its response to a particle species
(e.g. neutron, proton, pion, heavy ion, etc.)
• Measured using a beam of particles produced at an accelerator. The SEU cross-
section depends on the particle type and particle energy
Page 22
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Environmental conditions: Atmospheric radiation management and mitigations
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Atmospheric Radiation effects Risk analysis (part of safety risk analysis)
International Standard IEC 62396-1 “Process management for avionics – Atmospheric radiation effects – Part 1: Accommodation of atmospheric radiation effects via single event effects within avionics electronic equipment” provides a general view of the subject to help designers to assess the impact of cosmic radiation on electronic: SEU/MBU Risk Analysis
• Mitigations Techniques : Examples at component / equipment level
• Hardware protections
• Insensible components (ROM) or with a very low sensitivity
• Parity checks on Memory allow detection of SEU. The computer can generate an auto-reset or can
fail itself => impact on the availability
• Error Correction Code (Hamming Code, Reed Solomon…) : allows the detection and the correction
of the SEU => no impact on the availability (to be analyzed for MBU)
• Scrambling : arrangement of bits of memory to limit MBU,
• FPGA RAM Based : Internal triplication; Scrubbing : periodic refresh
• Software protections
• Many protections Up to 30% of processor load
Page 23
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Safety
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Safety requirement for safe operation in compliance with Authorities
regulations and Customers / Airlines requirements
• Safety activity shall be done in order to keep the hazards associated with the aircraft or
with the environment to a minimum level
Analyze all potential safety hazards and associated hazardous conditions:
o Functional hazards (hazards associated with function/equipment/components)
o Intrinsic hazards (hazards intrinsic to equipment)
o Human activity hazards (maintenance, operational activities)
Example: Flight Control Computer safety requirements
• No single hardware failure shall be able to cause undetected oscillation of inputs / outputs
Failure Modes and Effects Analysis (FMEA) is a systematic method of safety analysis
o Identify potential failure modes of a
system, function, or piece part (i.e.
component)
o Determine the effects on the
respective level as well as on the next
higher levels of the design
Page 24
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Safety: Impacts and mitigations
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Example of common safety mechanisms implemented in hardware and electronics
design
• COM/MON architecture
• Monitoring and test of each function shall be possible
• Watchdog
• Clock monitoring, Power monitoring
• ECC (error-correcting code) protection of RAM
• CRC (cyclic redundancy check) on ROM content
• Etc…
Additional features required by aeronautical
requirements
- Over current protection with filter
- High level disabling capability
- Function status feedback for monitoring
purpose
- Lock mechanism on failure (prevent from
oscillatory behaviour)
- Current inversion protection
Impact on equipment design: Functional architecture solution
Hardware and Software design solutions / techniques
Page 25
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Reliability
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Main Quantitative specifications through:
• MTBUR (Mean Time Between Unscheduled Removals): obtained by dividing the total number of flight
hours logged by population of an equipment over a certain period of time by the number of unscheduled
removals during that same period
• MTBF (Mean Time Between Failures): obtained by dividing the total number of flight hours logged by a
population of an equipment over a certain period of time by the total number of confirmed failures occurring in
flight or on ground within the population during the same time period
• FR (Failure Rate): failures count per flight hour
• FIT (Failure in Time): failures for billion flight hours
Example: Flight Control Computer shall comply with MTBF 15 000FH & MTBUR 12 000FH
Impact on equipment design:
• All domains from architecture, components selection, design rules, thermal – vibration –
EMC … environmental solutions implementation
Probability that an item will perform a required function,
under specified conditions, without failure, for a
specified period of time
Page 26
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Reliability: Design for reliability and reliability prediction approach
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Design for reliability based on FIDES Guide: new predictive reliability methodology based on Physic of Failure, as previous methodology and guides were based only on experience feedback analysis, did not follow the components evolutions, were very pessimistic compared with the current field return (e.g. MIL-HDBK217,… )
• Many COTS families
• Fides methodology for MTBF evaluation
http://www.fides-reliability.org/
Reliability
Technology
Process Use
Parts Electronic boards Sub-assemblies
Good correlation between FIDES
predictions and field return data
Page 27
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Reliability: Mission profile impact
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Medium Range A/C
Computer in avionic bay
Computer in wing
Avionic Bay Wing
A/C Long Range x >>x
A/C Medium Range y >>y
A/C Short Range z >>z
Impact of the Mission Profile on MTBF
using FIDES:
Very important
to know the real
environment
Page 28
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Reliability: Example of reliability assessments and qualification applied to manufacturing technologies (e.g. PCB, assembly)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• How to do?
• Example: How many manufacturing process qualified for series production of this
board?
PCB: Printed Circuit Board
• PCB : 11
• Comp Assembly: 33
• Mech Assembly: 13
Potential failure modes &
mechanisms Reliability
Pass criteria
Key characteristics Monitoring
Technologies & processes
maturity
Page 29
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Reliability: Example of reliability assessments and qualification applied to manufacturing technologies (e.g. PCB, assembly)
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Qualification procedure according to
• Normative standards (ex. IPC)
• Experience
• Procedures and sanction criterias defined to meet Aircraft Worst Case mission
profile
• Typical qualification stress
o 1000 thermal cycles from -40°C to +100°C with ramp +5°C or 10°C/mn
oOr 2000 thermal cycles if Lead-Free technology
oVibration
And analysis
oBoard visual inspection, resistivity measurements between isolated area., continuity
measurements on daisy chained assembly, PCB micro-sections inspection with microscope
Objective: Identify potential failure modes & mechanisms (ex. at solder joints level)
influancing reliability parameters / models (cf. FIDES)
Page 30
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Maintenability and Testability
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Maintainability
Under dedicated use conditions, capacity of an equipment to be
maintained or restored in a state in which it is able to accomplish its
required function, when the maintenance has been accomplished
under the required conditions, using the required procedures and tools
Obtained thanks to a set of principles and directives, which have to be followed throughout the
design of the equipment
• Testability:
Property of a system or Line Replaceable Unit (LRU) allowing rapid confirmation of its own
functional integrity at the most cost effective level
oTestability at system level: prompt integrity check of an operationally critical LRU
oTestability at LRU level: prompt integrity check of an internal board, component or module
Impact on equipment design: design for test
• Electronic and functions observability
• Test coverage techniques …
Page 31
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Time Critical
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Equipment shall meet strict Time Critical performances for a number of applications
(example: Flight Control).
Huge impact on equipment design:
• Equipment architecture to ensure determinism
• Electronic component selection to reach committed performances (ideally: cycle
accurate model)
• Specific custom component’s behavior determinism
• Software partitionning and determinism (including OS)
Page 32
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Certification
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Equipment shall meet Airworthiness Certification standards to be integrated in
Aircraft System (Safety driven)
Need to follow strict Design Assurance Guidelines defined according to equipment
criticity level Design Assurance Levels (DAL)
DAL Description Failure Rate (Hours)
A Catastrophic < 10-9
B Hazardous < 10-7
C Major < 10-5
D Minor > 10-5
E No Effects Don't Care
Impact on equipment design process according to criticity level mainly for
complex COTS components, specific components (e.g. FPGA, ASIC)
•For example for DAL-A: requirements traceability, FPGA separated
design and verification teams…
DAL: Design Assurance Level
FPGA: Field Programmable Gate Array ASIC: Application-Specific Integrated Circuit Page 33
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Typical requirements for Flight Control Computer located in Avionics Bay
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Service Life: 25 years
• MTBF : 15 000 Flight Hours
• DAL A : Catastrophic Failure rate < 10-9
• Environmental constraints compliance (vs. directives and/or normative standards)
o Operating temperature range thermal cycles) from -40°C to +70°C and loss of cooling conditions
o Vibration: (engine fan blade loss
o EMC compliance (radiated and conducted emission and immunity )
o Lightning protections
o Atmospheric radiation
o ….
• Power Supply Line (28VDC): from 18.5V to 32.5V with 46 V exceptionally
• Strict Time Critical Application
Equipment’s function looks quite simple BUT due to Avionics
constraints & requirements, Design and Verification become COMPLEX
Complex balance to meet specifications with regard to weight… and
cost targets
Page 34
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Electronics for Aircraft – Avionics Summary
• Introduction
• Context
• Some significant aeronautical constraints / requirements – Impacts on
electronics and avionics equipments development
• Design and development processes
• Conclusion
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 35
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Product life – End to End process
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Requirements (Customers) Specifications
Design
Development
Manufacturing
Test & Integration
Delivery
Support
Hardware Software
Hardware Software
Avionics
Products
Product
lifecycle
Page 36
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Development process: How to Master the complexity
Certification standards driven
Design and development process / cycle
Page 37
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Civil certification standards
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Part 21 : Certification of Aircraft and related Products, Parts and Appliances
CS25 : Certification Specifications for large Aeroplanes
CS25.1309 : Equipment, Systems and installations
AMC 25.1309 : system Design and analysis
Airworthiness
Standards
Set of requirements to
ensure passengers safety
Regulatory request
Acceptable Means of
compliance
Industrial answer, agreed by
consensus
ARP4754/ED79
System Development Process
DO297/ED124
Integrated Modular Avionics
(IMA)
ARP4761/ED135
Safety Assessment
DO178B/ED12B
Software Development Process
DO254/ED80
Hardware Development Process
DO160E/ED14E
Environmental conditions
and test procedures
Updated : DO178C
System / Equipment
Hardware / electronics
Software
Page 38
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Civil certification - ARP4761, safety approach overview
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Aircraft development based on an overall safety approach
oTake into account different root causes which can affect the behaviour of a
system : random failures, events and errors
• Development errors avoidance: confidence that errors have been
sufficiently removed from a product is based on the quality level of the
development process
oDevelopment Assurance Level (DAL) “drives” the Quality of a development
Page 39
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Civil certification – DO254 / ED80 overview
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
A full methodology handbook for hardware (electronics) design assurance
• No (or few) How
• No guidance about in series production
Derived Requirements
Hardware
Design
Processes
(Section 5)
S
y
s
t
e
m
P
r
o
c
e
s
s
Detailed
Design
.
Supporting Processes
· Validation and Verification Process (Section 6)
· Configuration Management (Section 7)
· Process Assurance (Section 8)
· Certification Liaison (Section 9)
Conceptual
Design
Section 5.2 .
Requirements
Capture
Section 5.1 .
ImplementationProduction
Transition
.
Planning
(Section 4)
M
a
n
u
f
a
c
t
u
r
i
n
g
P
r
o
c
e
s
s
Section 5.3 Section 5.4 Section 5.5
)
(Section
2
Page 40
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Civil certification – DO254 / ED80 overview and content
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Appendix C, D : glossary of terms, acronyms
Chapter 6 : validation and verification process
Chapter 7 : configuration management process
Chapter 8 : process assurance
Chapter 9 : certification liaison process
Chapter 10 : HW life cycle data
Supporting processes
Chapter 11 : additional considerations
Appendix A : modulation of HW life cycle data based on HW design assurance level
Appendix B : design assurance considerations for level A and B functions
Previously developed HW, COTS, tool qualification
Data vs. Design assurance level, independence definition
Additional Verification activities for DAL A &B
Chapter 5 : HW design process Design processes
Chapter 1 : introduction Scope and complexity considerations
Chapter 3 : HW life cycle
Chapter 4 : planning process
Definition of Transition criteria
Supporting process
Chapter 2 : system aspects of HW design assurance Decision making for HW design assurance strategy
Page 41
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Complexity mastery and maturity search
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Ensure electronic complexity mastery and product maturity: implementation of
structured development process as a key factor
• Hardware life cycle (V&V process)
oUsually, 2 main cycles : development prototype & industrial prototype (Note
: development prototype cycle not mandatory according to type / characteristics of the
project)
• Development Prototype
• Validate and firm-up requirements with a physical implementation
• Industrial Prototype
• Verify the requirements with a physical implementation vs. product specification
• Build the industrial dossier
Page 42
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Development life cycle
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Development Prototype Industrial Prototype
Requirements
capture
Preliminary
Design
Detailed
Design
Prototype
manufacturing
Test
HW-HW
integration tests
HW-SW
integration tests
Detailed
Design
Prototype
manufacturing
Test
HW-HW
integration tests Transition to
production
HW Qualification
HW-SW
integration tests
Delivery Works
R
A
T A A
T
T
T
T R
R R
R
R R
R
R
traceability traceability
Req capture
R
DDR
PR
PDR
CDR
LUAR
Development Life cycle : W process example
Page 43
R
A
T
Review
Analysis
Test
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Detailled development life cycle
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
HW assembly level
Test
Detailed
Design
Preliminary
Design
Requirements
capture
Prototype
Implementation
Packaging level
Board level
ASIC level
HW Quality
Assurance
Planning &
Development
Modification &
Configuration
Management
Validation &
Verification
Certification
liaison
(airborne HW)
Supporting
processes
Upper level requirements
Activities at different level
PLD level
Test
Detailed
Design
Preliminary
Design
Requirements
capture
Prototype
Implementation
review
VERIFICATION
review
review
review
test
analysis
analysis
HW-HW
integration tests
review
Transition to
production
HW Qualification
Delivery Works
Page 44
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Board development process example
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Preliminary
design
Detailed
design
Prototype Verification
Board
Spec
Analysis:
- Pre-BoM
- Schematcis
- EMC
- Technology
- Safety
- Func Testability.
- Manuf Testability
- Thermal
Board Architecture Design
Board Pre-Placement
Analysis:
-EMC
-Thermal
V & V Strategy Definition
Review
Develop Board Verification SW.
Develop Enabling products
Develop Programmable component
Analysis:
- BoM
- Schematics
- EMC
- Technology
- Safety
- Func Testability.
- Documentary
- Manuf Testability
- Thermal
- JTAG
Schematic Design
Board Place & Route
Analysis:
-Packaging.
-Thermal
-Test
-Manuf Techno
Design Dossier (design
justification)
Review
Definition and
Manufacturing Dossier
Verification Procedure
Writing
Prototype Integration with
Programmable components
Complete Board
Verification
Board Verif SW Integration
Update Design and
Definition Dossier if
required
Review
Page 45
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Design and development processes: Multi-disciplinary
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
• Many specific jobs around Avionic Equipment and Electronics Development activities
working closely together
Safety &
Reliability
Environment:
• Thermal,
• Mechanical,
• EMC,
• Lightning,
• Radiation
• …
Design:
• Digital,
• Specific components (FPGA,
ASIC),
• Analog,
• Power Supply,
• PCB layout,
• Packaging
Maintenability
& Testability
Integration
Qualification
Certification
Quality
Procurement
Electronic
Components
Manufacturing
Technologies
Manufacturing
Equipment,
Electronics
Development
Page 46
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Electronics for Aircraft – Avionics Summary
• Introduction
• Context
• Some significant aeronautical constraints / requirements – Impacts on
electronics and avionics equipments development
• Design and development processes
• Conclusion
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Page 47
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Conclusion
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
Electronics is a major enabler for Aircraft systems
• Intelligence, performance, smart controls…
• Integration / miniaturization (more perf. in same or lower volume & weight)
• Flexibility
• …
But faced to high levels of constraints & requirements (life time, safety,
reliability, environment, certification…)
Requiring robust design and development processes, multi-diciplinary activities
for assessments, analysis, demonstration leading to safe applications
Electronics technologies are dominated and ruled
by high volume and low cost oriented
applications characterized by rapid change Requiring to survey market & trends, to adapt, to
take advantage of advanced emerging technologies
for proposing opportunities and differentiating
innovations
Requiring to prepare the future
Moore’s Law & More
More than Moore: Diversification
Mo
re M
oo
re:
Min
iatu
rizati
on
Mo
re M
oo
re:
Min
iatu
rizati
on
Combining SoC and SiP: Higher Value System
sBaseli
ne C
MO
S:
CP
U,
Mem
ory
, L
og
ic
BiochipsSensors
Actuators
HV
PowerAnalog/RF Passives
130nm
90nm
65nm
45nm
32nm
22nm...V
130nm
90nm
65nm
45nm
32nm
22nm...V
Information
Processing
Digital content
System-on-chip
(SoC)
Interacting with people
and environment
Non-digital content
System-in-package
(SiP)
Beyond CMOS
Page 48
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
Fbruary 2014 CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs
© AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. This document and all information contained herein is the sole property of AIRBUS Operations S.A.S. No intellectual property rights are granted by the delivery of this document
or the disclosure of its content. This document shall not be reproduced or disclosed to a third party without the express written consent of AIRBUS Operations S.A.S. This document and its content shall not be used for any purpose other than that for which it is
supplied. The statements made herein do not constitute an offer. They are based on the mentioned assumptions and are expressed in good faith. Where the supporting grounds for these statements are not shown, AIRBUS Operations S.A.S will be pleased to
explain the basis thereof. AIRBUS, its logo, A300, A310, A318, A319, A320, A321, A330, A340, A350, A380, A400M are registered trademarks.
Page 49