Vol 17 / No 6 / JUNE 2016
THE RACE TO DEVELOP SELF-DRIVING CARS HOW TECHNOLOGIES CHANGE FUTURE CAR DESIGN Real World Connected Systems Magazine. Produced by Intelligent Systems Source
2021: An Automakers Odyssey
CAN CARS TALK TO EACH OTHER? MODERN CARS DEMAND EFFICIENT POWER DESIGN
An RTC Group Publication
Embedded/IoT Solutions Connecting the Intelligent World from Devices to the Cloud Long Life Cycle · High-Efficiency · Compact Form Factor · High Performance · Global Services · IoT
IoT Gateway Solutions
Compact Embedded Server Appliance
Network, Security Appliances
High Performance / IPC Solution
E100-8Q
SYS-5028A-TN4
SYS-5018A-FTN4 (Front I/O)
SYS-6018R-TD (Rear I/O)
Cold Storage
4U Top-Loading 60-Bay Server and 90-Bay Dual Expander JBODs
Front and Rear Views SYS-5018A-AR12L
SC946ED (shown) SC846S
• Low Power Intel® Quark™, Intel® Core™ processor family, and High Performance Intel® Xeon® processors • Standard Form Factor and High Performance Motherboards • Optimized Short-Depth Industrial Rackmount Platforms • Energy Efficient Titanium - Gold Level Power Supplies • Fully Optimized SuperServers Ready to Deploy Solutions • Remote Management by IPMI or Intel® AMT • Worldwide Service with Extended Product Life Cycle Support • Optimized for Embedded Applications
Learn more at www.supermicro.com/embedded © Super Micro Computer, Inc. Specifications subject to change without notice. Intel, the Intel logo, Intel Core, Intel Quark, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. All other brands and names are the property of their respective owners.
CONTENTS
Real World Connected Systems Magazine. Produced by Intelligent Systems Source
HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN 14
3.0: Can Vehicles Talk to Each Other: V2V Makes Driving Safer by Gregory Rudy, Green Hills Software
20
3.1: Automotive Security Is Available Today
by Nicolas Schieli, Microchip Technology, Inc
24
3.2: Modern Vehicles Demand Efficient Power Design by Toshifumi Sago, Cypress
20 Automotive Security Is Available Today EDITORIAL 05
What Will Future Cars Look Like?
28
3.3: Embedded Hypervisor Enhances Virtualization Ecosystem by Chris Ault, QNX Software Systems
32
3.4: Smart Home Growth Provides Connected Car Opportunities by Jennifer Kent, Parks Associates
34
3.5: Effective Test Solutions for MOST Streaming Devices by Matthias Karcher, K2L
38
by John Koon, Editor-in-Chief
3.6: New In-vehicle Infotainment (IVI) Architecture Provides 3D View Around the Car by Alistair Adams, The Qt Company
1.0 ROUND TABLE 06
Andreas Mai Cisco
Tim Evavold Covisint
Manuela Papadopol Elektrobit
2.0 FUTURE CARS WILL BE MORE CONNECTED AND DRIVE THEMSELVES 10
2021: An Automakers Odyssey by John Koon, Editor-in-Chief
34 New In-vehicle Infotainment (IVI) Architecture Provides 3D View Around the Car
RTC Magazine JUNE 2016 | 3
RTC MAGAZINE
WHY CHOOSE NOVASOM? NOVAsom Industries provides the added value of design creativity, offering tailormade solutions to both industrial and multimedia markets. We specialize in proposing innovative options to improve productivity, time to market, and reach a truly competitive advantage.
PUBLISHER President John Reardon, johnr@rtcgroup.com Vice President Aaron Foellmi, aaronf@rtcgroup.com
EDITORIAL
In addition to the embedded computing industry, NOVAsom is involved in the newest high level video technologies, including 4K displays. The 2 key differences that make us stand out are our 32/64 bit full architecture and the ability to provide interface to ANY display/sensor combination.
5
single board computer
Editor-In-Chief John Koon, johnk@rtcgroup.com
ART/PRODUCTION Art Director Jim Bell, jimb@rtcgroup.com Graphic Designer Hugo Ricardo, hugor@rtcgroup.com
8
ADVERTISING/WEB ADVERTISING
Z
Eastern U.S. and EMEA Sales Manager Ruby Brower, rubyb@rtcgroup.com (949) 226-2004
single board computer
6
single board computer
Western Regional Sales Manager John Reardon, johnr@rtcgroup.com (949) 226-2000
single board computer
BILLING
7
single board computer
Controller Cindy Muir, cindym@rtcgroup.com (949) 226-2021
7b
smart delivery
5
8
full development kit
full development kit
NOVAsom8© is a module card designed with a System On Module (SOM) architecture full development kit full development kit based on quad core ARM Cortex-A9 from 512MB to 4GB of 64 bit DDR3 Memory.
6
Z
• Processor CortexA9 Freescale • IMX6 Quad Core full development kit • 4GB RAM Memory • 32GB FLASH Memory (eMMC) • USD memory slot • SATA II • Ethernet 10/100/1000 • USB host/device and OTG • HDMI (High-Definition Multimedia Interface)
7
TO CONTACT RTC MAGAZINE: Home Office The RTC Group, 905 Calle Amanecer, Suite 150, San Clemente, CA 92673 Phone: (949) 226-2000 Fax: (949) 226-2050 Web: www.rtcgroup.com Published by The RTC Group Copyright 2016, The RTC Group. Printed in the United States. All rights reserved. All related graphics are trademarks of The RTC Group. All other brand and product names are the property of their holders.
www.novasomindustries.com
5
single board computer
4 | RTC Magazine JUNE 2016
6
single board computer
8
single board computer
Z
single board computer
EDITORIAL
What Will Future Cars Look Like? by John Koon, Editor-In-Chief
Future Cars will have better user-interface (UI), figure 1, more connected and drive themselves. I have an opportunity to talk to a lot of companies directly or indirectly involved with car making: Ford, General Motor, Cisco, Qualcomm, QNX, NXP, Atmel, Cypress, Green Hills, NVIDIA, Micron, to name a few. For some of them, you won’t think they have anything to do with cars. But they do. These companies are makers of super computers, wireless chips, memory, software, security and IC. Automotive industry has become more and more dependent on technologies. You hear terms like connected cars, vehicle-to-vehicle, radar, autonomous, LIDAR and so on. Topics getting most attention these days include Connected and Self-driving cars. To have cars drive themselves is more complex than the autopilot in the cockpit of an airplane. In the sky the space is wide open and there are no traffic lights, no cars in the next lane and no pedestrians to watch out for. Think about what you do when you drive. You keep your eyes open and pay attention to your environment at all time; who is around you, follow the traffic flow, slow down when you see a “Yield” or “Stop” sign. When you approach an intersection, you see who is in front of you and adjust your speed accordingly then wait for the light to turn green and pick up speed accordingly. When you hear a siren, you look around and listen to find out what direction it comes from and react accordingly. When you go on a trip, if a deer suddenly jump in front of your moving car attempting to cross the road, you will need to make a quick decision to brake, turn to the left or to the right. Worse, if a
The Porsche Digital GmbH division, based in Ludwigsburg, Germany, will continue to develop more futuristic, digital and user-friendly dash boards for its fleet of sports cars. Image courtesy of Porsche Cars North America, Inc.
dog runs in front of your moving car and the owner is chasing after the runway dog without thinking about the traffic, what would you do? The self-driving cars don’t have the knowledge and common sense that you have. They will need to rely on artificial intelligence, decision algorithm and have a lot of learning to do. I asked my banker recently, if you can hire a self-driving taxi without a human being inside, will you be willing to try it? “No!” was the answer. Google was the first company tested self-driving or autonomous cars. While they had a lot of successes, one time, it ran into a bus. Tester’s “autopilot” was blamed for the fatal accident while the vehicle was self-driving, first of its kind. Self-driving technology is
both fascinating and challenging. Almost every carmaker in the world is working on it: Audi, Benz, Ford, General Motors, Volvo, Tesler, Fiat, Toyota and more. This edition’s focus is Future Cars. We will take a look at how companies are doing it. Additionally we will have a round-table of expert opinions and a series of articles on How Technologies Will Change Future Car Design.
RTC Magazine JUNE 2016 | 5
1.0 ROUND TABLE: EXPERT OPINIONS ON FUTURE CARS
Round Table: Expert Opinions on Future Cars
Andreas Mai
Tim Evavold
Manuela Papadopol
Director, Smart Connected Vehicles
Executive Director Automotive
Cisco
Covisint
Director, Business Development and Communications
Southfield, Michigan www.cisco.com
Andreas Mai is expert in business and technology architectures for ‘The Internet of Everything’ for automotive and insurance companies, service providers, and governments. During his career, Mai has advised automotive OEMs and suppliers, industrial equipment and aerospace suppliers, and private equity investors in North America and Europe. Mai holds a Diplom-Kaufmann in European Business from the universities of Osnabrück, Germany; ESTE Universidad de Deusto, Spain; and Buckinghamshire, United Kingdom. He serves on multiple task forces of the World Economic Forum, and the board of the Connected Vehicle Trade Association and The Connected Car Council.
6 | RTC Magazine JUNE 2016
Detroit, MI www.covisint.com
Evavold is responsible for boarding, management, and governance of third-party delivery partners for Covisint’s automotive engagement platform. He also serves as the Technical Director for Covisint’s global Connected Car program and solution set. Evavold has over 25 years of experience in implementing and managing strategic process and technology, delivering process re-engineering, cost reduction and revenue growth for competitive advantage and profit improvement. Prior to Covisint, Evavold was VP of Operations and CTO at SCI Ltd., a SaaS enterprise lead management and marketing platform, and CIO of OnStar, provider of communications, in-vehicle security, hands-free calling, turn-by-turn navigation, and remote diagnostics systems.
Elektrobit
Bothell, Washington www.elektrobit.com
Manuela is responsible for business development and global communications for Elektrobit (EB). She serves as an advisory board member for the Connected Car Expo (affiliated with Automobility LA) and is an active member of Women in Automotive Technology. Manuela also holds a patent in voice-activated acquisition of non-local content. Prior to joining EB to head global marketing, Manuela held marketing and PR positions at Microsoft, the Tweddle Group, BMW and Mercedes. She holds a degree in communications from the Romanian-American University in Bucharest and a post-graduate degree in public relations from the University of Washington.
1. What is your vision of self-driving cars and when will they be available commercially? Andreas: Connected and self-driven vehicles are getting a lot of attention, but the resulting transformation of road transportation is what will ultimately create a net present economic value of $5 Trillion globally, according to a recent Cisco study. One of the key value drivers is mobility-as-a-service (e.g., Uber, Lyft, Didi, Ola). Just to give one example, at a global car penetration rate of 10%, mobility-as-a-service has the potential to make 1.7 Billion more people mobile, particularly in the poorer regions of Asia and Africa, where people who cannot afford to own a car get access to more affordable mobility options. Eliminating the cost of drivers and factoring in fuel and maintenance cost savings from electrification, mobility-as-a-service can be offered at 25% of the cost of conventional taxi services. At this price point, taxis and many often less convenient public transportation are uncompetitive and owning, leasing or renting a car becomes even more of a luxury. Field tests for autonomous transportation are spreading around the world, e.g., WePod, 2gethere, Lutz Pathfinder, CityMobile2 in Europe, NuTonomy in Singapore, Lyft’s GM taxis in North America and EasyMile/ Omnix in the Middle East, just to name a few. Looking at the speed of technology advancement, I will have to adjust the initial estimates on commercially availability of self-driven vehicles in a 2014 blog to about three to four years earlier, namely 2019 to 2021 for fully autonomous vehicles. In October 2015, Tesla launched its “AutoPilot” with limited self-driving capabilities, and comparable advanced driver assistance systems from Volvo and Mercedes became available shortly after. This month, BMW announced to launch fully autonomous vehicles by 2021, and there is reason to believe that traditional and emerging competitors have ambitions to beat BMW’s timeline. Tim: Cars with self-driving capabilities are already available today. These capabilities range from basic lane departure warnings, to actually going hands free under certain conditions. The fully autonomous vehicle will be coming sooner than later, but likely in the 10-year time frame. Manuela: Elektrobit has been heavily invested in highly-automated driving (HAD) for many years, having provided software and services for automakers for over two decades. We recently launched a new product called EB robinos, a software architecture that enables carmakers to develop HAD features and functionalities. Our vision for self-driving is that it will enable a highly personalized experience, based on the interests and needs of the driver. Some drivers will want to take back control—and drive—more often than others; some drivers will let the car do all the work. For both of these scenarios to be possible, the way we interact with the car must be safe, intuitive, and
easy and the car must be infused with self-learning capabilities. Not surprisingly, these are the areas that Elektrobit is focused on in all of our software and service offerings. We believe we’ll start seeing the first commercially available self-driving (Level 4 automation) in premium vehicles by 2019. 2. What hurdles need to be overcome before fully autonomous vehicles can be achieved? Andreas: Autonomous technology is maturing fast and the cost of the technology is becoming commercially viable. The first fatal crash of semi-autonomous Tesla illustrates some of the remaining limitations, in terms of the prevention of human misuse, reliability in more extreme traffic or weather conditions, and liability in the unlikely event of a crash. Ironically, the technology needs to be hardened to protect it and those who use it against human abuse. It starts with disallowing or intervening when riders are trying to ‘stress test’ technology in ways it has never been designed to operate in. In addition, connected and self-driven vehicles need to be protected against attacks of hackers with malicious intent. Technologically, the reliability in more extreme traffic situations with difficult to detect stationary, fast moving or nonline of sight objects or extreme rain, snow or fog conditions has to be improved, but recent advancements of Ford and others are rather promising. The “big” liability question is actually much more manageable than the many superficial and polemic discussions imply. A fact based analysis of the automotive task force of the World Economic Forum on autonomous vehicles concluded, that the residual risk of an autonomous vehicle that would need to be insured in the US would range between $2 and $112 per vehicle per year, after excluding mistakes a self-driven vehicle would never make, e.g., ignoring right of way (19% of crashes), speeding (18%), tailgating (17%), wrong behavior towards pedestrians (6%), drunk driving (5%). This appears to be manageable in comparison to average liability accruals of $400 to $1,300 automakers are putting aside for each vehicle they sell. It actually represents an upside for car insurance companies that will have an opportunity to insure both, drivers and vehicles. Tim: There are three hurdles that need to be resolved before they can be fully viable. The first is resolving who will bear the liability of the autonomous vehicle and the associated updated insurance models. The second is the detailed safety algorithms – “How does the vehicle make the right decision under complex multi-vehicle and pedestrian situations?” The last is the determination of the ownership and use models for the autonomous vehicle (e.g., fleet, on-demand, route based, etc.)
RTC Magazine JUNE 2016 7
1.0 ROUND TABLE: EXPERT OPINIONS ON FUTURE CARS Manuela: Every automaker Elektrobit is working with is racing toward the development of increasingly automated driving features in their cars. It is a complex undertaking, requiring the integration of myriad hardware and software elements. Above all, it is important to ensure that driving is a safe experience. Software is what ties everything together. Our EB robinos software is simplifying and accelerating the process of developing these complex systems. It has open interfaces that enable its use with all types of hardware and software plus pre-developed software application modules to deliver specific functionality (such as automated valet parking). In addition to the technological hurdles, consumers (drivers and passengers) need to be educated on understanding and using these features; municipalities must revisit and update their infrastructure, including roads and signs; and appropriate legislation must be in place.. 3. In your opinion, what technologies will be used in self-driving vehicles? Examples include: radar, machine vision, deep learning, smart sensor, IoT and big data analytics. How does vehicle-to-vehicle technology fit in? Andreas: Autonomous and automated vehicles will rely on a combination of on-board sensors and actuators and network technology that establishes ubiquitous connectivity to other vehicles, the roadside and the cloud. Advanced Driver Assistance Systems and autonomous functions require communication between major subsystems of vehicles and fusion of multiple sensor data in real time. This is one reason why we see IP based network technology play a more prominent role inside of modern vehicles. By definition, “autonomous” vehicles need to work solely with on-board technology (at least temporarily) and independent of ubiquitous connectivity to the outside world. However, the fusion of data from short and long range radar, solid state lidar, 360 video, and inputs from vehicle-to-vehicle and vehicle to infrastructure communication, cellular, satellite and Wi-Fi will provide more comprehensive and reliable impulses for the artificial intelligence brains of self-driven vehicles. Information on traffic situations, weather conditions, dangerous maneuvers of surrounding vehicles, non-line-of sight vehicles, vehicle health, driver fitness and risk levels of roads and intersections provided via short or long range wireless communication can provide important additional context and adds another layer of safety to autonomous vehicles. As to the reliance of autonomous vehicles on connections to external networks, we see a need for a communication gateway that can access and seamlessly switch between 3G, LTE, Wi-Fi, and DSRC, is highly reliable, leverages network performance optimization tools, and is very secure. Beyond the operation of the autonomous vehicle, we regard ubiqui-
8 | RTC Magazine JUNE 2016
tous, high performing and secure connectivity as a must have feature, as people will want to connect to their workspace and their digital lives on the road. Tim: Self-driving vehicles will require a broad based set of technologies. Within the vehicle will require sensors, LIDAR, etc. The vehicle will require communication to other vehicles (V2V), and infrastructure (V2I) requiring short range communication, access management, processing, etc. The vehicle will also have to be a connected vehicle requiring multiple communication access points such as embedded cellular, tethered cellular, Wi-Fi, etc. Lastly, the successful self-driving car will require integration to cloud services requiring identity, security, data orchestration, etc. Manuela: Elektrobit offers a cloud-based, remote diagnostics service, called EB cadian, that provides automakers with analytics-based insights about their vehicles, enabling them to predict vehicle breakdowns, optimize service station management and scheduling, and deliver faster, more convenient service for customers. Deep learning technologies—such as those enabled by Elektrobit partner NVIDIA with its DrivePX platform—and data analytics will be critical to ensuring the vehicle navigates in a safe and appropriate manner. In terms of vehicle-to-vehicle communications, local ad hoc networks of cars can be useful to share information about a sudden change in traffic patterns, road conditions and other environmental hazards. Information can travel faster car to car than via the cloud, and this will be an extremely valuable and necessary addition to the car’s sensor and map data, especially in time-critical situations. 4. What contribution does your company make to the field of self-driving cars? Andreas: Cisco provides network software and services for secure, seamless, reliable and fast network connections of vehicles. In addition, Cisco provides platforms to manage networked vehicles and other devices, to connect processes, data and people of connected vehicle value chain partners to deliver a seamless customer experience across enterprises and cloud boundaries, tools to manage and monetize data and APIs, and end-to-end solutions to protect connected autonomous vehicles and their backend operation centers against cyber attacks. A connected vehicle is expected to produce between one and four GB of data per trip, autonomous vehicles up to one TB. Cisco provides the scalable network infrastructure to manage this data avalanche. We see the emergence of “infomediaries” that manage the market place between data sources and data value creators. This requires a secure data exchange platform that provides access to four data planes, the public Internet, enterprise networks, the Internet of Things, and the network inside of machines or vehicles. Collecting and analyzing this data and triggering the appropriate actions will require smart,
secure, fast, and scalable enterprise grade network technology, and this is one of Cisco’s core competencies. Tim: Covisint enables the complex entity relationship management of the diverse set of vehicles, drivers, fleets, infrastructure, and 3rd party solutions. Through capturing and managing these complex relationships, Covisint enables increased security, usability, and personalization. The business rules and policies are entered in a central location to manage how these entities interact with each other. This simplifies the implementation, as well as allows for the changing of policies (legal changes, regional/localization, etc.) without having to force massive amounts of software updates to each vehicle. We also enable the autonomous vehicle to safely and securely interact with a multitude of 3rd party cloud services. This will allow drivers to bring their preferences and content with them as they use an autonomous vehicle, but fully wipe any of that information when they leave the vehicle.
automotive OEM customers. This ranges from initial software architecture, development and integration to the managing and testing of applications. We are an extension of our customers’ teams. Elektrobit software tools and services helps automakers to more easily build features and functions that set them apart from the competition. Our solutions help automakers build sophisticated in-car systems in a variety of areas from the electronic control unit to driver assistance features to HMI and the cloud. Our new EB robinos reference architecture allows automakers to jump-start the process. Instead of focusing on nutsand-bolts infrastructure, they can focus on creating unique, branded experiences.
Manuela: Automated driving systems are incredibly complex, and software is essentially the “glue” that is bringing it all together. Elektrobit is involved with every crucial step in the development of highly automated and self-driving cars for our
RTC Magazine JUNE 2016 | 9
2.0 FUTURE CARS WILL BE MORE CONNECTED AND DRIVE THEMSELVES
2021: An Automakers Odyssey
The automotive industry has been known to be slow in innovation. Remember the days you could not start your engine because you forgot to turn off your headlights. How long did it take the industry to come up with the idea of adding one simple alarm system to alert the drivers to turn off the headlights …..10 years? But that trend is changing. The whole industry has wakened up to the fact that they need to come out with new innovations every two to three years instead of ten. What will future car innovations look like? Future cars will be more connected in many ways and they will drive themselves. Automakers and technology companies collaborate on innovation racing to be the first to introduce self-driving cars. by John Koon, Editor-In-Chief
Most new cars sold, today, are equipped with the Bluetooth-enabled microphones and speakers to allow drivers to talk on the phone hands free. But more features will be added. According to BI Intelligence (www.businessinsider.com) , there will be 380 million connected cars on the road worldwide with built-in hardware enable people to stream music, be alerted of the traffic and the weather conditions. Figure 1. Additionally, auto makers will be able to access data on cars’ performance and allow cars to download software updates without going through a recall process. We start to see these connected car technologies being implemented already. For example, Covisint, a company provides a secure platform to help automakers like Ford, GM, Daimler and Hyundai to connect their ecosystems, enables Hyundai owners to remotely control certain functions of the car via a Smartphone. Hyundai’s recent video promotion features a couple relaxing on the beach in 10 | RTC Magazine JUNE 2016
a hot day. When it is time to go home, the owners simply turn on the air conditioner remotely and when they get to the car, it is already nice and cool inside! Connected cars offer drivers additional convenience such as navigation, remote roadside assistance and mobile internet hot spots. But there is a downside. Connections also open up new opportunities for hackers. Experts warn that more attacks will occur and it has been shown how easy for a car to be hacked with someone who is not the owner takes over the control. Security companies such as Symantec Corp. offer solutions to counter hacking. Symantec recently introduced a product called Symantec Anomaly Detection for Automotive which uses machine learning to provide passive in-vehicle security analytics of the commonly used Controller Area Network (CAN) bus traffic. It will learn what a normal pattern should be and take action if abnormality is detected.
Figure 1: A total of 380 million cars shipped will be connected one way or the other. This allows people to stream music, be alerted of traffic and weather conditions. Source: BI Intelligence.
Another future connected car technology being investigated and researched by the National Highway Traffic Safety Administration (NHTSA) is vehicle-to-vehicle (V2V) communication. This is done with partnership of United States Department of Transportation (DOT), the automotive industry and academic institutions. Cars equipped with V2V technology will be able to comununicate with cars nearby to alert drivers of dangerous condition to avoid crashes. For example, a driver will be warned that another car at the intersection is approaching quickly even though it has not yet been seen. V2V makes use of a protocol called Dedicated Short-range communication (DSRC), a two-way, wireless communication with a range of 300 meters depends of the surrounding environment. It operates at the 75MHz band of the 5.9 GHz spectrum allocated by the FCC. V2V technology has the potential of reducing car crashes and costs.
The Race is On to Develop Self-driving Cars
To catch the wave of self-driving car development, technology companies and automakers are rushing to either acquire other companies with autonomous driving capabilities or form new partnership. In July of 2016, Intel, the world’s largest semiconductor company, along with BMW Group and Mobileye N.V. jointly made the announcement to produce “highly and fully autonomous vehicles” by 2021. Additionally, Intel acquired a Russian based machine vision company, Itseez, to support the self-driving effort and Italian based Yotitech to help prevent car chips and systems from failing. In March this year, General Motor purchased Cruise Automation to accelerate the development of self-driving capability. Ford teamed up with MIT and Stanford to focus on the automated driving research. They are also the first company to test self-driving car in a snowing condition. Last year, Ford opened a brand new research center in Silicon Valley to develop innovation relating to connectivity, mobility and autonomous driving. Early this year, Ford tripled its self-driving car fleet making it the largest of all automakers. Google has teamed up with Fiat to further its
self-driving efforts. The list goes on. According to the 2014 forecast done by Lux Research, Inc. (www.luxresearchinc.com) the global driver assist market will grow to $102 billion in 2030. Figure 2. It is interesting to note that very small percentage of the revenue would come from fully-autonomous cars. Executives of various automakers, however, are much more optimistic about setting goals to deliver self-driving by the 2020 time frame. Both Ford and BMW have made public statements of their projection. General Motors, on the other hand, does not want to provide a time frame of when self-driving cars will be available. For consumers, it is very easy to get the wrong impression that self-driving cars will be coming soon because video clips shown in prime time news featuring drivers checking emails, drinking coffee or even watching TV in self-driving cars as if they are watching a TV advertisement. The National Highway Traffic Safety Administration (NHTSA) defines vehicle automation as having five levels. Here is the summary.
• No-Automation (Level 0): The driver is in complete control at all times. • Function-specific Automation (Level 1): Provides one or more specific control functions such as auto-braking. • Combined Function Automation (Level 2): Provides at least two primary control functions cruise control in combination with lane centering. • Limited Self-Driving Automation (Level 3): Vehicles will have full control of all safety-critical functions under certain traffic conditions. The driver is expected to be available for occasional control. • Full Self-Driving Automation (Level 4): Fully autonomous; vehicles can be driver occupied and unoccupied. The development of self-driving technology is a progressive process. Without a double, we will see Level 1 and 2 driver-assist technologies to be available in a few years. When will a level 4, fully-autonomous, driverless cars be commercially available is anyone’s guess.
How Does Self-driving technology Work?
The concept of self-driving cars are both fascinating and challenging. Think about what you do when you drive. There is lots of information to be processed while driving. Self-driving cars have to simulate what human do. They rely on machines to process information received and decide what to do. First, machine vision has to know what to look for. Then all the sensors installed on the car have to function well to detect what objects are around the car. Theoretically, a self-driving car uses sensors such as radar, sonic, LIDAR and other means to detect its environment and drive the car according to the traffic rules. Machine learning or deep learning is an important part of self-driving technology development. That is why companies like NVIDIA, IBM, Google and
RTC Magazine JUNE 2016 | 11
2.0 FUTURE CARS WILL BE MORE CONNECTED AND DRIVE THEMSELVES
Figure 2: The global driver assist market will grow to $102 billion by 2030. This forecast includes all level of autonomous driving. Source: Lux research, Inc.
Baidu are so eager to get involved. “Deep learning powered by the GPU is transforming every industry from health care to finance to automotive. In the very near future, an in-vehicle supercomputer designed for artificial intelligence applications will be the safest path forward to enabling autonomous vehicles on our roads, “commented Danny Shapiro, Senior Director of Automotive of NVIDIA, a leader in supercomputing and deep learning. Roborace will host a race of self-driving sports cars in the upcoming months in multiple cities including Long Beach, California, London, Beijing, Berlin, Paris, Mexico City and more. These futuristic, high-performance, electric cars will be driving themselves. Figure 3. NVIDIA and Roborace collaborated on the design of these self-driving race cars which are powered by the NVIDIA DRIVE PX 2. The different teams will compete by developing AI software for the cars. This will be a historical milestone on self-driving technology in general. The race track is a well-defined infrastructure in which deep-learning should perform well.
Yes, computer-assist brakes can sense what is in front and stop the car better than you can. The question is when a DUI driver coming from behind at a much greater speed than your vehicle and there is another car in front of you, what would happen? Will your vehicle move to the left, to the right or simply brake as hard as possible. If it decides to move over to the left lane, will the sensors be smart enough to detect if there are cars coming from behind in that lane? No doubt designers will be thinking about how to overcome all the major challenges in front of us. • How to perfect the self-driving technology? • What sensor and V2V technologies would work best?
•H ow to overcome the public fear and prevent another fatal crash relating to “autopilot” in the self-driving mode? • How safe is safe enough? The automotive market is wide open with opportunities for everyone and to be the first to come out with commercially available self-driving cars will make history. As self-driving cars need a lot of computing power, software and electronics, technology companies will thrive in the self-driving car growth. Micron, a leader in memory chips, is already projecting a 30%-40% annual growth from the automotive segment. QNX, with its software already running in some 60 million vehicles today, will enjoy additional growth. Expect to see innovative start-ups to change the landscape of self-driving industry. We will continue reporting on the progress of the development of self-driving technologies when we see significant new milestones.
The Future
While there are great benefits, there are still a lot of technological challenges to overcome.
Figure 3: NVIDIA and Roborace collaborated on the design of these futuristic, high-performance, electric self-driving race cars powered by the NVIDIA DRIVE PX 2. The different teams will compete by developing AI software for the cars.
12 | RTC Magazine JUNE 2016
3.0 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Can Vehicles Talk to Each Other: V2V Makes Driving Safer In the pursuit of safer driving, vehicle-to-vehicle (V2V) communication is ready to begin saving lives. However, what’s to keep hackers from disrupting traffic and causing more accidents? V2V design protects car and driver with best practice security and largest public key infrastructure in history - driving technology advances that will benefit all Internet of Things (IoT) industries with high performance, cost effective security solutions. By: Gregory Rudy, Green Hills Software, INTEGRITY Security Services
Long before the Infotainment system, preparing for our family road trips included “building the nest” — with pillows and blankets strewn across the suitcases for the kids to lie down. I still remember the day when riding in the back, or anywhere but the buckled seat, all came to an end. It came to an end for good reason. Enactment of vehicle safety and seatbelt standards by the National Highway Traffic Safety Administration (NHTSA) reduced the risk of vehicle fatalities by 50% between 1982 and 2012. Despite significant improvement,
14 | RTC Magazine JUNE 2016
the price tag for crashes still hit a staggering $871 billion in economic loss and societal harm in 2014. A fundamental shift in thinking occurred during this time, from minimizing injury during an accident to preventing the accident altogether. Latest advanced driver assistance systems (ADAS) and vehicle-to-vehicle (V2V) communication initiatives use technology to extend necessary driver reaction time from milliseconds to several seconds. Fueling the investment, a NHTSA study concluded that V2V communication has the
REDUCE PER-UNIT PRODUCTION COSTS WITH GREEN HILLS AUTOMOTIVE SOFTWARE PLATFORMS In-Vehicle Infotainment Secure virtualization framework for Linux and Android built on the INTEGRITY RTOS enables virtualized and real-time safety components to run concurrently.
Instrument Clusters Support diverse safety levels, ‘instanton’ boot, and 2D/3D graphics. Reduce costs by consolidating AUTOSAR software on INTEGRITY.
V2X Communication
Advanced Driver Assist Systems and Safety
Secure communication and assure trusted operation with IEEE 1609.2 toolkits, V2X certificates, manufacturing key injection, and cryptographic modules.
Manage the increased complexity of multiple sensors feeding multiple applications and outputs, at diverse safety levels on the INTEGRITY RTOS.
Powertrain, Chassis and Body Electronics ISO 26262 ASIL D qualified compilers and tool suite. Essential for any project with ISO 26262 requirements.
Green Hills Software provides the world’s leading automotive companies with software platforms. To reduce the production costs of your next project, call 805.965.6044 or visit www.ghs.com/p4a Copyright © 2016 Green Hills Software. Green Hills Software and the Green Hills logo are registered trademarks of Green Hills Software. All other product names are trademarks of their respective holders.
3.0 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Figure 1: V2V communication extends ADAS to avoid accidents up to 100 meters
potential to prevent up to 75% of all roadway crashes. That’s over 24,000 lives saved annually. The organization leading this deployment in the United States is the Crash Avoidance Metrics Partnership (CAMP), a consortium of automotive manufacturers and vendors in collaboration with US Department of Transportation (DOT) and NHTSA. The CAMP team is developing the specifications and prototype systems to make V2V a reality. Spearheading the deployment, General Motors (GM) announced that the 2017 Cadillac will be the first vehicle equipped with V2V technology. With GM trailblazing and NHTSA expressing its intention to mandate V2V in all new vehicles, automotive technology providers are working hard to meet this demand. As a result of this effort, security is undergoing a major overhaul, which promises to benefit all devices across the Internet of Things (IoT).
and verify safety messages, which are trusted based on certificates created by the Security Credential Management System (SCMS). The SCMS is a public key infrastructure being developed for the entire automotive industry to generate and revoke certificates. In order to protect privacy and keep vehicles from being tracked, the SCMS generates over 3,120 pseudonym certificates per OBE, which can be cycled through during operation at a rate of 20 per week. This complex security feature creates a virtual shell game of constantly changing certificates to protect driver identity. The result is a robust end-to-end messaging solution, addressing both device security and public key infrastructure at the largest scale. As we transition to deployment, there are several technical challenges being overcome. While in the past, embedded developers had to choose between security and performance, V2V requires both, providing the impetus for transformative advances in security technology. These advances will benefit not only automotive, but secure networks of sensors and devices in all IoT industries.
Performance
Anyone stuck in Los Angeles freeway traffic at 5 o’clock on a Friday can imagine the number of messages a vehicle needs to process. While generating only ten digital signatures per second, the OBE must receive and verify many more. Assuming there are 20 cars in front and 20 behind (within the 100-meter range, across ten lanes of endless freeway traffic) the message protocol must authenticate upwards of 4,000 messages per second. The problem is that software-based cryptographic libraries are capable of only 100-200 ECDSA verifies per second. Few commercial processors support elliptic core cryptography (ECC) acceleration, which has chip vendors seeking creative ways to offload the processing to any available specialized core. Using
What is V2V?
V2V-enabled vehicles utilize an on-board electronics (OBE) unit to transmit ten messages per second over a radio link. The data within these basic safety messages includes latitude, longitude, heading angle, speed, acceleration, and more. Messages from other vehicles are received and processed to predict the real-time movement of nearby vehicles up to 100 meters away. Based on this information, vehicles can detect collision events and notify the driver or even take independent action. Skidding on ice, pile-ups, sudden lane change crashes, and blind intersection accidents become intelligently avoidable. Figure 1. However, what’s to keep hackers from sending fake messages to disrupt traffic, ruining the many benefits of V2V? How are driver identities protected to keep them from being tracked and used for automated speeding tickets and target advertising? IEEE 1609.2 of the Wireless Access in Vehicular Environments (WAVE) specification addresses message security and privacy. The protocol uses the Elliptic Curve digital signatures to sign
16 | RTC Magazine JUNE 2016
Figure 2: INTEGRITY Security Services infrastructures include SCMS and PKI services to develop secure electronic control units for the most complex supply chains
the digital signal processor, a 3-5x improvement is attainable, but still forces developers to pick and choose which messages to authenticate, opening doors for denial-of-service attacks. ECC hardware acceleration can be used to meet this high performance. Products such as the cryptographic cores available with INTEGRITY Security Services’ V2X 1609.2 Toolkits, perform 2,500 ECC verifies per second and above. Traditionally, ECC hardware acceleration has been limited to high end ASICs and FPGA-based designs. This is changing thanks to V2V, where ECC in commercial processors will hopefully soon be as common as AES.
Memory
One of the reasons ECC was selected for V2V is the strength of the algorithm, relative to key size. ECC-224 is cryptographically equivalent to RSA 2048, but key and signature sizes are substantially smaller. The RSA-2048 key pair is around 1,200 bytes, plus another 750 bytes per certificate. Since privacy requires over 3,000 keys and certificates, RSA is not feasible because key storage alone is over 4MBs. ECC-224 key sizes are vastly smaller. With an ECC-224 key size of only 28 bytes and certificates at 125 bytes, this is the optimal choice for V2V and other memory constrained embedded
devices. The 1609.2 specification goes a step further and uses implicit ECQV (Elliptic Curve Qu-Vanstone) certificates to sign messages, saving up to 64 bytes per certificate. Privacy is therefore attainable through certificate shuffling because the total memory required is less than 500KBs.
Infrastructure
The V2V SCMS is the massive public key infrastructure responsible for provisioning and revocation of vehicle certificates. The largest public key infrastructure (PKI) to-date is deployed by the US Department of Defense, issuing 10 million certificates annually. Including vehicles and infrastructure, the entire V2V system must support approximately 300 billion certificates per year. SCMS design uses an intermediate certificate authority (CA) and other specialized components for each provisioning system. Vendors must decide whether they want to develop and operate their own or partner with a SCMS system provider. The overall PKI system enables message authentication to bridge multiple manufacturers across the entire industry. Figure 2. The adoption of PKI into embedded devices benefits industries where multiple products and vendors must communicate securely without knowing the identities beforehand. Networking equipment, medical devices, and industrial controls rely on
COTS Technology with a Custom Twist. Many companies choose to focus on what they offer to the customer by way of solutions and skills. System providers and niche market OEMs often sub-contract their computer hardware design. If your application has unusual requirements, Sundance has the skills and resources to specify, design, manufacture and test a custom solution for you. Our design engineers will help you to develop a specification that meets your requirements, whilst making every effort to ensure that your product conforms to appropriate industry standards. By doing so, your product will be re-useable in future system-building applications. As a result, you will enjoy the benefits of both compatibility and an optimised solution, along with a fast, cost-effective route to market. For more information on any of these products, or assistance please contact us and we will help you the best we can.
Sundance Multiprocessor Technology Ltd. cots@sundance.com • www.sundance.com Photo: U.S. Air Force / Sr. Airman Nathanael Callon
RTC Magazine JUNE 2016 | 17
3.0 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN standards-based communication across multiple manufacturers. Strong security is limited without industry root CAs. Following the V2V example, further government support will promote the standardization of security infrastructures so secure communication may occur between vendors. As the implementers of CAMP’s prototype SCMS and the first commercially deployed V2V provisioning system, INTEGRITY Security Services understands complex supply chains and secure sharing of digital trust assets worldwide. Certificate generation, key injection, and software digital signing are common infrastructure functions and available to meet the needs of today’s global product developers.
Security Platform
Accompanying 1609.2 discussions are additional requirements for the overall cryptographic platform and protection of OBE software and keys. Fundamental questions being asked are: “How are secrets being protected?” “Can the system detect if its software is tampered?” “How are remote endpoints, users, and messages authenticated?” While 1609.2 addresses message authentication, the chain of trust is broken if either the ECC keys or software are compromised. Hacked OBEs are still usable as long as the certificates are not revoked. As a result, developers are also responding to requirements for secure boot and separation. While certificate revocation mitigates the impact of a compromise, secure boot, cryptographic hardware, and separation aim to prevent these incidents from occurring. Figure 3. Beginning with an immutable root-of-trust, software is authenticated during startup to ensure it has not been modified prior to execution. The verification builds assurance that keys and critical data are not mishandled due to malware. However, all software contains defects and a bug anywhere in the software stack could cause vulnerability. Therefore, good separation design assumes software connected to external interfaces is already compromised and isolates keys and critical data appropriately into protected memory, partitions, or physical modules. This limits corruption to only one area without knocking out the whole system.
Riding On
They say it’s about the journey and not the destination. On this journey, the road to V2V reality is paved with technical advancements such as faster cryptographic processing, smaller key sizes, and the largest scale public key infrastructure in US history. Implementing these standards using best practice cryptographic design will secure messages and prevent cybersecurity attacks — much the same way V2V is preventing accidents. In this effort, Green Hills Software and INTEGRITY Security Services are building the end-to-end security and safety platforms to get there. Perhaps one day, we’ll go back to building nests for our kids before the long car trips. The notable difference being that it will actually be safe. As the technology advances, maybe we’ll even get to sit in the back with them. 18 | RTC Magazine JUNE 2016
Figure 3: The OBE security platform protects messages, software, and keys for trustworthy operation
About the author: Gregory Rudy, Director of Business Development, joined Green Hills Software - INTEGRITY Security Services in 2014 through the acquisition of Valicore Technologies. Mr. Rudy has over 15 years of experience in the development of commercial and government technology. As systems architect at SafeNet Mykotronx, he lead the development of several cryptographic solutions, including the first Type 1 certified tactical handheld and tablet computers. Mr. Rudy holds a Bachelor of Science in Computer Engineering from Cal Poly, San Luis Obispo and Masters in Business from Johns Hopkins University. www.ghs.com
“It looks like the drone industry has chosen their go-to event!” —Robert Rodriquez, President of the Society of Aerial Cinematography
September 7-9, 2016 Paris Hotel, Las Vegas www.InterDrone.com
The Largest Commercial Drone Show in the World! InterDrone is Three Awesome Conferences:
For Drone Builders Content will focus on advanced flying dynamics, chips and boards, airframe considerations, hardware/software integration, sensors, power issues, and software development.
For Flyers, Buyers and Drone Service Businesses
For Flyers Engaged in Aerial Photography and Videography
Classes focus on enterprise applications such as precision agriculture, surveying, mapping, infrastructure inspection, law enforcement, package delivery, and search and rescue.
Class content includes drone use for real estate and resort marketing, action sports and movie filming, newsgathering — any professional activity where the quality of the image is paramount.
135+ Exhibitors • 120+ Classes and Panels • InterDrone Film Festival • Women In Drones Luncheon
Demos • Keynotes • 100+ Industry Expert Speakers
Register Today! A BZ Media Event
3.1 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Automotive Security Is Available Today by Nicolas Schieli, Sr. Director of Marketing and Applications, Secure Products Group Atmel, a wholly owned subsidiary of Microchip Technology Inc.
The automotive industry has a substantial challenge on their hands. Car makers are putting more and more electronics into our automobiles, and at the same time, they’re increasingly connecting their cars to the Internet. This opens up the vehicle to security threats – and security is not a part of the automotive architecture. That’s changing in the long term, but developers need a security solution today, since we have several years of transition during which cars and drivers could be at risk if they simply wait around for the new standards to materialize. Secure microcontrollers, Trust Anchor Devices (TAD), and border security devices provide this intermediate step. They are straightforward to implement and dramatically strengthen a car’s ability to reject intrusions and activity by anyone that isn’t authorized to be there.
20 | RTC Magazine JUNE 2016
An Insecure Legacy
Automobiles have been going electronic for many years. Because the consequences of failure can mean loss of life, automobiles are designed differently from other vehicles in the interest of safety. Each electronic function gets its own independent computing resources, bundled into what’s called an Electronic Control Unit, or ECU. These ECUs are interconnected by the CAN bus, which was developed for this specific purpose. Originally, only drive-oriented functions were built and attached to the bus. But new electronic automobile content – specifically, advanced driver assistance systems (ADAS) and the so-called “center
“The problem is that the CAN bus architecture has no security. And CAN bus performance is too slow to support adding security on an ad-hoc basis” stack,” the center of infotainment – has gone far beyond making sure the car runs efficiently. Some components are more safety critical than others, but they’re all connected to the same CAN bus. The infotainment portion in particular has created a demand for an Internet connection, and with that connection, others can attempt to access the bus, and thereby, access all of the electronic modules – critical and not – in the car, making security an important consideration. While it might be tempting to place all of the blame on this non-mission-critical set of modules, a cellular Internet connection isn’t the only possible entry point. Cars will have Wi-Fi and Bluetooth as alternative ways to gain entry, and even the keyless lock systems and the onboard diagnostic systems provide possible entryways into the core of the vehicle. Meanwhile, ADAS software creates complex relationships between various sensors in the car and other actuators. If the car detects a possible collision with the car ahead, it may apply the brakes automatically to slow down faster than the driver can react, avoiding a disaster. The ADAS system must therefore have access to critical parts of the drive and safety systems. Because the Internet connection exposes all of this, we’re again faced with a security challenge. The problem is that the CAN bus architecture has no security. And CAN bus performance is too slow to support adding security on an ad-hoc basis. So, at this point, automobile manufacturers and their suppliers have no guiding principles on how to implement system-wide security without either inventing a massive system themselves or just plugging security leaks one by one as they’re found.
Figure 1: CAN 2.0 has no notion of security, and mission-critical ECUs share the same unprotected bus with infotainment and other functions, with numerous ways to access that bus. CAN FD will allow domains, with domain controllers acting as firewalls to restrict access. Shown above is one way to group the different functions into domains.
While the amount of basic ECU software may grow at a nominal pace, the amount of ADAS and infotainment code is exploding. This creates an ongoing challenge for developers: how can they be sure that they’re not creating opportunities for someone to break in and begin toying with the vehicle’s critical components? And it’s not just a consideration within the vehicle. Car-to-car communication, which is critical for ADAS systems to sort out what else is happening on the road and how to respond to challenges, means that, technically, all cars within listening range of each other are also on the same network, potentially putting each other at risk.
Help is coming – eventually
Change is difficult in industries where it can take five years for a new concept to go from idea to the dealership. Even the very need for security has seen pushback, since it represents a fair amount of work to retool operations with a secure mindset. It’s taken dramatic demonstrations like the Jeep hack to show that this really matters. Fortunately, CAN FD, the next generation of the CAN bus standard, has the performance required to support security. It is 4 times
RTC Magazine JUNE 2016 | 21
3.1 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN faster than CAN 2.0 and has a 64-byte payload instead of the 8 bytes that CAN 2.0 provides. It hasn’t been formally approved yet, but a solid draft exists, and it is expected to be adopted in due time. The new architecture moves from the highly distributed nature of things today towards a more centralized, controllable structure. ECUs can be merged within domains, with domain controllers acting as firewalls protecting their domain. Ultimately, these domain controllers themselves can be merged, providing a central locus of authentication and access authorization. Carefully selected secure microprocessors can manage a secure boot process and enforce isolation and trusted zones to protect against rogue software gaining access to critical resources. CAN FD is a major change from the current CAN architecture, so the rollout will involve five to eight years of checkout and evaluation (and resistance), followed by eventual adoption. This is good news for security – in the long term. In the meantime, something must be done to protect the cars being launched before CAN FD becomes the standard way to do things.
Holding down the fort
Even though CAN FD is awaiting formal approval, CAN FD transceivers are available today. This provides an opportunity to add security now, in advance of formal adoption. Security can be added in a number of ways. Secure microcontrollers exist, although they’re typically higher-end processors, and so they might be out of range of an ECU cost target.
Instead, TADs, which provide crypto functionality, or border security devices, which combine a TAD with a CAN FD transceiver, can be used to ensure that each ECU is protected. They can be placed between a processor with a CAN 2.0 transceiver and a CAN FD bus, providing added security with a minimal amount of ECU design change. The crypto functionality supports strong authentication of anyone trying to access the ECU. It will also encrypt communications, favoring elliptical curve cryptography for newer chips; this either gives stronger protection or allows shorter keys than older RSA encryption. However, existing modules may have RSA encryption as part of an ad-hoc security scheme, so the devices will provide RSA functionality as well. Critically, all of the cryptographic functions will be executed in hardware, making it impossible to examine cryptography code as its running. This also improves performance, reducing any additional overhead needed for security. In addition, the border security device will protect any keys in a manner that makes it impossible for anyone – authorized or not – to see any of the keys. Tamper-proof features mean that a determined snooper will not be able to crack open the border security device in an attempt to extract its secrets by brute force or through side-channel attacks.
Security is available today
TADs and border security devices are available now from companies like Atmel. This makes it possible to start immediately to address the serious problem that faces the automotive industry today. While awaiting the improvements that CAN FD will bring in five or more years, lines of code are being added at a furious pace without waiting for CAN FD approval. Automobile modules designed today with TADs or border security devices can go a long way towards eliminating the serious vulnerabilities that are riding around our roads.
About the author: Nicolas Schieli has nearly 20 years of high-tech embedded experience. He is currently responsible for the product strategy, marketing and application engineering for the Secure Products Group at Atmel, a wholly-owned subsidiary of Microchip Technology Inc. Formerly, he was the marketing director for the microcontroller business line in the Automotive Business Unit. He’s also led the Automotive RF Product Marketing Team at Atmel. Prior to Atmel, he co-founded Quelis Id Systems and served in technical systems engineering positions at PSI Electronics. Schieli has an MSEE in Electronics, Computer Science and Signal Processing from the Ecole supérieure de Chimie Physique Electronique de Lyon. www.atmel.com
Figure 2: Replacing the CAN Trx chip with a TAD or a border security device will fortify an existing electronic module even if no other changes are made to the module.
22 | RTC Magazine JUNE 2016
New OS81118 MOST® INICs Lead Automotive Networking into the Future
The OS81118AF with integrated coaxial physical layer (cPHY) cuts MOST150 system costs in half compared to MOST150 optical systems. Both OS81118AF and OS81118BF offer a USB 2.0 high-speed port, an I2C port, a streaming port, a GPIO port and MediaLB® and SPI application interfaces which seamlessly connect to an abundant range of SOCs. The USB 2.0 high-speed port comes as a standard application interface that supports control, audio, video and packet data, which helps you to simplify your application. Furthermore the MOST Linux® driver that is available from Microchip accelerates time to market and helps enhance the software quality. It is available starting with Linux Mainline Kernel Version 4.3. The OS81118AF comes with integrated coaxial physical layer (cPHY) and supports optical physical layer (oPHY) as well. The OS81118BF supports oPHY only.
www.microchip.com/OS81118 The Microchip name and logo, the Microchip logo, MediaLB and MOST are registered trademarks of Microchip Technology Incorporated in the U.S.A. and other countries. All other trademarks are the property of their registered owners. © 2016 Microchip Technology Inc. All rights reserved. 5/16 DS0002151A
3.2 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Modern Vehicles Demand Efficient Power Design by Toshifumi Sago, Cypress
As the electronic capabilities of the modern automobile increases, developers must address issues such as power drain on the vehicle battery and greater power fluctuation while complying with safety requirements.
Modern vehicles have an increasing number of comfort, safety, and performance features introduced each year. These features are managed by Electronic Control Units (ECUs) in combination with a powerful and stable automotive Power Management IC (PMIC) to effectively reduce power consumption without compromising performance. While ECUs add value and help differentiate vehicles from competing models, they introduce various power issues. For example, OEMs now need to address unstable battery voltage, support “always on” functions, meet stringent safety requirements, and fit the subsystem within limited spaces. Of course, designers are expected to do this without increasing the design cycle or system cost. By shifting to an architecture built around buckboost convertor technology, OEMs can meet increasing automotive power requirements while improving system reliability, accelerating design, and lowering cost.
24 | RTC Magazine JUNE 2016
Stable Battery Voltage
The increased sophistication of today’s high-performance vehicles requires more processing power for each ECU. Each new feature puts additional strain on the vehicle’s battery. In turn, battery voltage fluctuation becomes greater when a vehicle is turned on. “Cold cranking” refers to when a vehicle is first started and the temperature is cold; a cold battery is less efficient, so the vehicle may have trouble starting if all of the electrical systems require more power on startup than the battery can supply. By 2020, over 50% of the world’s automobiles are expected to have Stop-Start systems that first become popular in hybrid cars. These Stop-Smart systems put additional strain on the battery, furthering increasing the voltage fluctuation vehicles must be able to handle at startup. In both cold cranking and Stop-Start conditions, the battery volt-
regulators is caused by a stepwise input voltage variation.
Always-On Efficiency
Another challenge facing automotive designers is the support of Always-On functions that operate when the engine isn’t running. Today’s vehicles support an increasing number of Always-On features. For example, some cars automatically unlock the doors when the driver approaches the car with the key fob and put a hand in the door handle. The vehicle must always be listening via a wireless link for the key fob and monitor a capacitive sensor in the handle. Because these features are always consuming power, the ECUs supporting them need to minimize power consumption and operate in standby mode to prevent draining the battery between charging (i.e., driving) sessions. Buck-boost convertors in PMICs have the advantage of connecting directly to the vehicle battery. This enables them to consume less power in standby mode, making them battery-friendly and preventing the battery from being drained. For example, the quiescent current of a buck-boost convertor like the Cypress S6BP202A is 20μA. Compare this to the leakage current of over 100μA at 12 V for large electrolytic capacitors. This substantially reduces power consumption while still providing stable operation during cold cranking, Stop-Start, and load dump conditions.
Figure 1: The output response of a buck convertor with boost capabilities during cold cranking conditions is kept stable despite large fluctuations in the input voltage.
age can drop below 5V when there is too much strain on the power system. If this is the case, system blackout may occur. Traditionally, buck converters have been used in vehicles to provide main power rails, such as 5V from battery voltage, to support vehicle electronics. To stabilize voltage fluctuations and prevent them from affecting battery performance, car manufacturers have employed large capacitors as part of the vehicle power management system. Electrolytic capacitors are often used, despite their bulk and unreliability. In addition, vehicles can experience “Load Dump” conditions when the battery is disconnected from the alternator while the battery is being charged. This results in other loads connected to the alternator seeing a power surge. To support the high input voltage of a Load Dump, relatively expensive capacitors are required. Today, electrolytic capacitors can be replaced with a buck convertor with boost capabilities. Buck-boost technology can change operation mode seamlessly between buck conversion and boost conversion. Power management ICs (PMIC) designed specifically for automotive applications support these capabilities across a wide input voltage range such as 2.5 to 42 V. This enables the system stabilize the power supply during unstable power conditions such as cold-cranking, Stop-Start, and Load Dump. Figure 1 shows the output response of a buck convertor with boost capabilities during cold cranking conditions. Figure 2 shows the output response during load dump conditions. In both cases, the output voltage is kept stable despite the unstable input voltage. Note that the transient response of the output voltage/current of the
Integrated Safety Functions
A primary design constraint for all automotive ECUs is compliance with safety requirement under all operating conditions. Consider the trend of introducing features such as collision prevention and autopilot systems. Diagnostic features built into ECUs providing these features must comply with safety regulations as well.
Figure 2: The output response of a buck convertor with boost capabilities during load dump conditions is kept stable despite large fluctuations in the input voltage.
RTC Magazine JUNE 2016 | 25
3.2 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN Part of complying with safety regulations is validating that designs meet these requirements. To both accelerate design and simplify design validation, many PMIC manufactures provide evaluation kits with design validation tools. These evaluation kits enable developers to verify that specifications are being met early in the design cycle. However, more effort is typically required to accurately measure specifications under different conditions. Design tools can simplify this process. For example, Cypress provides a web-based tool, Easy DesignSim, for use with evaluation kits. Engineers can simulate circuit performance, then modify component and circuit parameters to verify requirements are being met. Together, these tools accelerate the design of power management systems by enabling developers to check the schematic while performing various measurements, including usage BOM analysis, transient analysis, steady-state analysis, startup, and shutdown.
Small Assemblies Figure 3: PMICs provide compact, integrated power management. For example, the system illustrated here built on the Cypress S6BP20x automotive PMIC requires only 132 mm2 area with a height of 5 mm.
Integrating boost technology eliminates the need for electrolytic capacitors. In addition to reducing component count, automotive PMICs offer many fault protection features. These make it easier to comply with automotive safety requirements under all operating conditions: Under Voltage Lockout (UVLO): When the input voltage of the PMIC drops below a specified threshold, the under voltage lockout stops PMIC operation to prevent abnormal operation of the vehicle and its electronic systems. Over Voltage Protection (OVP): When the output voltage of the PMIC rises abnormally above a specified threshold, the over voltage protection feature is triggered. This prevents the output voltage from rising above a specified limit. It also stops PMIC operation to protect peripheral devices. Over Current Protection (OCP): When the output of the PMIC is shorted due to a breakdown of the load circuit, over current protection limits the load current to prevent current damage to the system. Thermal Shutdown (TSD): When the internal temperature of the PMIC exceeds a specified threshold, thermal shutdown stops PMIC operation to prevent thermal damage. Power Good (PG): The PMIC provides an output signal to signify that the supplied power is ready. The power good safety feature enables peripheral devices to avoid operation using improper voltages. This prevents damage and/or erroneous results from affecting the vehicle.
26 | RTC Magazine JUNE 2016
A final challenge for engineers is building a more stable, efficient, and reliable power system without increasing its size, slowing design, or increasing system cost. Even the automotive market is experiencing pressure to shrink design cycles while introducing new and complex technology. These means engineers have to fit more functionality in the same space. For example, Advanced Driver Assistance Systems (ADAS) have been gaining market traction. ADAS includes several assistance systems such as autonomous emergency braking, lane departure warning, and lane keeping. ADAS systems have to be mounted in tight spaces around the car. In addition to being compact, ECUs must also minimize system cost without compromising features or functional safety. Integrating buck-boost capabilities in a compact PMIC frees up board space overall through the elimination of large electrolytic capacitors (see Figure 3). Integrated safety features increase reliability while adding boost capabilities and shrinking the power management system’s footprint. Advanced automotive electronics offer greater functionality and safety to drivers but at the cost of increasing power fluctuations. Integrated buck-boost technology eliminates bulky capacitors to reduce system cost and size. The integration of PMICs also decreases power drain on the battery while increasing overall system reliability with built-in safety functions.
About the author: Toshifumi Sago is the senior product marketing engineer for analog component group at Cypress, specializing in power management ICs (PMICs). In his current role, he is responsible for market analysis, new product launch, product planning and design-in activities of Cypress’s PMIC business in automotive segments. He joined Cypress in March 2015. Prior to Cypress, he has planned and designed multi-channel PMICs in Spansion and Fujitsu Semiconductor. www.cypress.com
Connected Health Summit: Engaging Consumers, August 30 - September 1 in San Diego, analyzes the role of innovative connected health solutions in driving changes in consumer behaviors. The core themes: • Role of healthcare in the connected home • Impact of technology innovations and disruptions • Success stories in expanding accountability and consumer engagement • Transformative business models for providers
Hosted By
2016 Advisory Board AARP ADT AMC Health Care Innovations Cigna
Keynotes
Healthways Alex Hurd
Annette Brüls
Senior Director, Product Development, Growth and Payer Innovation - Health & Welness Walmart
President, Diabetes Service and Solutions Medtronic
higi Humana Johnson & Johnson Health and Wellness Solutions MDLIVE, Inc. mPulse Mobile, Inc.
David Rhew
Stuart Slutzky
Chief Medical Officer and Head of Healthcare and Fitness Samsung
Chief, Product Innovation Humana
The Permanente Medical Group Qualcomm Life Samsung Electronics America
Sessions August 31 - Business Transformation and Consumer Engagement
September 1 - Health Innovations and Disruptive Business Models
From Selling Products to Selling an Integrated Care Experience
Innovative Devices for Consumer Care
Effective Population Health Management Strategies: Success and Lessons Learned
Sensors and IoT Technologies for Connected Care
From Fee-for-Service to Pay-for-Performance: Success Stories
Connected Health Partnerships: Strategies to Manage Chronic Conditions
Engaging Caregivers for Coordinated Care
Bring Doctors to Your Home: Virtually and In Person
Integrated Technology and Data Platforms to Enable Better Care
Everything Disruptive: What Consumers Can Expect from Care Innovators
Integrating Smart Home Solutions into Connected Health Experience
Venture Capital and Investment Trends in Consumer Health
Sponsors RECEPTION
SESSION
LUNCH
ADVISORY
EVENT
BREAKFAST
CHARGING STATION
Register Now at www.connectedhealthsummit.com
3.3 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Embedded Hypervisor Enhances Virtualization Ecosystem The automotive electronics and the embedded virtualization ecosystem have become increasingly more difficult to navigate over the last several years with new product entrants coming from both traditional embedded vendors as well as general purpose virtualization vendors more typical of IT/datacenter virtualization options. The distinction between “Type 1” vs. “Type 2” hypervisors is getting increasingly blurred. It’s the job of the system architect to navigate these subtle differences across all hypervisor vendors when selecting a platform for their next up-coming product. by Chris Ault, Qnx Software Systems
As automotive electronics get more complex, manufacturers are under increasing pressure to control costs by moving away from multiple electronic control units (ECU) to consolidated domain controllers. We are now at that time when less is more. With consolidation of digital instrument clusters that blend in infotainment being considered the leading application, this transition brings new challenges to ensure separation between safety-critical and non-safety critical systems. Safety matters. Separation between consumer infotainment applications and cluster gauges is critical to making sure a consumer application downloaded to the in-vehicle infotainment (IVI) system or connected via a smartphone cannot adversely affect or crash the cluster gauges. With new products from traditional embedded-software vendors and general-purpose virtualization vendors, the embed28 | RTC Magazine JUNE 2016
ded virtualization ecosystem has become increasingly difficult to navigate. In addition, the distinction between Type 1 and Type 2 hypervisors has become increasingly blurry. The system architect therefore must be highly attuned to these subtle yet significant differences when selecting a hypervisor platform. All hypervisor “Types” have their pros and cons, so it is important to understand how they differ from each other, and it is just as important to step back and ask some preliminary questions. For instance, what are the real-time performance requirements of the applications that will run in the virtual machines? To help frame the discussion, consider a real-time system, such as a digital instrument cluster for a car or a train control management system (TCMS) for a locomotive, to which the system architect needs to add third-party applications or a complete application frame-
work. The cluster or TCMS would have safety certification requirements — and the chances are, its existing real-time application has already been certified to those safety levels. Adding, say, an Android application framework would introduce far too much interference and uncertainty for the real-time application to pass the same safety certifications. But fortunately, using a hypervisor to isolate Android from the real-time software can create clean separation. To enable clean separation and maintain the system’s real-time performance and safety certification, a hypervisor must offer several features, including: • Virtual CPU cores and scheduling • CPU core affinity • Device sharing: virtualized, direct, or some combination of the two • Direct interrupt delivery • Virtual machine (VM) priority handling Figure 1 shows how these characteristics map to the hypervisor type. See figure 1.
Hypervisor Types Compared
Let’s examine the characteristics of hypervisors in more detail starting with Type 0, which support CPU core affinity and direct assignment of devices into VMs, but have 1) no CPU core sharing, 2) no scheduling, and 3) no device sharing (as devices are directly assigned to individual VMs). Given these characteristics, Type 0 hypervisors are suitable for embedded devices that have limited functionality and where applications in different VMs do not need to communicate with each other. They are less useful on systems where applications in different VMs need to share hardware devices, such as an Ethernet or serial port, or where the number of virtual CPU cores that must be assigned to virtual machines exceeds the number of physical CPU cores. Characteristics of a Type 1 hypervisor include: 1. CPU core sharing (can support more VMs than CPUs)
1. All devices being virtualized 2. User programs can run in hypervisor space, which is typically a complete OS with a virtualization extension added In a Type 2 hypervisor, VMs can share physical devices, but only if the device drivers for each OS in the VMs are instrumented to cooperate with the hypervisor’s device driver. The Type 2 hypervisor vendor must make these modifications as only they know the implementation details of the protocols between the “front-end” VM driver and the “back-end” driver running on the hypervisor side. In this driver model, data must be copied from the front-end driver to the back-end driver, and then to the native hardware driver in the hypervisor. This data copy overhead has significant impact on overall system performance, as well as on the real-time capabilities of the VMs. And what about the interrupts for these drivers? Because the Type 2 hypervisor performs all interrupt handling, it must take on the extra work required to synchronize an interrupt from the hardware, determine which VM must handle the interrupt, copy data into buffers, and send a software interrupt to the guest OS. On interrupt completion, the hypervisor has to handle the end-of-interrupt event on behalf of the guest VM(s). All of these context switches between guest and hypervisor incur a lot of time: hundreds of instructions per switch. Overall system performance degrades, as does determinism. Figure 2 shows a device access architecture that is somewhat popular, and sometimes hard to identify as a Type 2 hypervisor. The architecture employs a proprietary I/O “engine” that runs as a privileged guest, but the system architect doesn’t have access to it — it is closed and hidden. All devices are assigned to that I/O engine, and only it has direct access to the hardware. The I/O engine also has the back-end drivers that communicate to front-end drivers, which reside in the actual VMs. This front-back interaction allows multiple VMs to access each physical device on the board through the VMs’ front-end
2. Virtual CPU core scheduling supports VM priorities, not just round-robin scheduling 3. Minimal device sharing as needed 4. Direct assignment of devices into VMs 5. No user programs or applications running in the scope of the hypervisor Type 1 hypervisors are best suited for embedded applications as they allow the system architect to virtualize the physical CPU cores, to share devices as needed (provided sharing is kept to a minimum), and to assign specific devices to each VM, along with the interrupt for each device. These are core requirements for whenever a development team needs to bring a tested, mature software application to a new hardware platform. The majority of projects fall under this category, because teams rarely start from scratch and need to leverage existing code. Characteristics of a Type 2 hypervisor include:
Figure 1: Virtualization characteristics of hypervisors by Type.
RTC Magazine JUNE 2016 | 29
3.3 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN hardware as a VM that hosts a general-purpose OS, such as Android or Linux 2. L imit the scope of device safety certification to just the real-time VM and the hypervisor In other words, the hypervisor and its limited scope, along with its usage of the hardware for handling the extended page table and for device assignment, allows the system architect to build a sufficiently safe system in which Android has extremely limited ability to interf with the QNX guest. This approach greatly reduces the overall scope of safety certification; that is, the amount of software that needs to be certified.
Priorities and Partitioning
Figure 2: — In Type 2 virtualization, guest operating systems do not have direct access to devices.
driver. This architecture has many implications that impact real-time determinism, regression testing, and safety certifications, but it is a clear implementation of Type 2 virtualization as all device accesses are handled by an intermediary. See figure 2.
Reducing the Scope of Certification
To understand which hypervisor can best address system requirements, it is important to understand the actual role of a hypervisor. A hypervisor separates CPU cores, memory, interrupts, and devices in such a way that two or more OSs can run, unmodified, on a single hardware platform. Specifically, the hypervisor is a small shim layer that boots right out of Power On Self Test (POST) and Board Support Package (BSP) code. It loads as a binary image and reads a user-defined system configuration file that specifies the characteristics of the entire virtualized platform. These characteristics include which devices reside in the hypervisor for support and sharing, which VMs are to be configured, how much memory each VM is to have, where each VM resides in physical memory, which devices are to be assigned to each VM, and so on. The hypervisor configures the underlying hardware registers according the parameters specified in the configuration file. Then its job is to get out of the way, sit tight, and handle exceptions. These include interrupts for the (few) shared devices, such as serial ports and timers, or for when a VM may try to access memory or devices outside of its configuration. The hypervisor may also need to perform some scheduling if the number of virtual CPU cores assigned to guests exceeds the number of physical CPU cores. But otherwise, that’s it. It is within this role and sequence, and by leveraging the virtualization assists provided in the hardware, that the hypervisor can supply the spatial isolation and separation needed to: 1. Run a VM that hosts a real-time OS, such as QNX, on the same
30 | RTC Magazine JUNE 2016
As mentioned, a Type 1 hypervisor can provide spatial isolation and impose hard restrictions on which regions of physical memory each VM can access. These restrictions are enforced by the hardware on systems that use Intel-VT technology or ARMv7/v8 processors. The hypervisor also allows the system architect to assign a subset of CPU cores to the VMs. For example, if the architect assigns cores 1-3 to QNX, Android cannot access those cores. But, what if applications in different VMs need to share CPU cores? How can the real-time VM always get the CPU cycles it needs when the system configuration allows Android to run on the same cores? This is where the hypervisor scheduler comes in. Some hypervisors support the notion of VM priority, which allows the system architect to assign the real-time VM a higher priority than the Android VM. The hypervisor scheduler must respect this priority — it can’t just provide round-robin or First Come First Served (FCFS) scheduling. Keep in mind that supporting priorities is not enough. If Android gets into a loop in which it is calling home and downloading a software update, it may not relinquish the CPU, thus starving the real-time guest. But, if the hypervisor scheduler supports time partitioning, the system architect can assign perhaps 70% of the CPU budget to the real-time VM and the remaining 30% to Android. If Android then consumes its time budget, the scheduler will, regardless of workload, swap it out for the real-time guest. This approach ensures that real-time applications never get starved of CPU time. It also allows the hypervisor to implement temporal isolation between the VMs on the system. As with spatial isolation, this capability greatly simplifies the safety certification of the end product.
About the author: Chris Ault is the senior product manager responsible for QNX Software Systems’ medical product portfolio, which includes the QNX OS for Medical. Before joining QNX, Chris was a senior product manager focused on virtualization technologies. He has held positions of increasing responsibility with hardware and software vendors, including Ciena, Nortel, Catena Networks, and Liquid Computing. Chris holds degrees in computer science, electronics, and economics from Algonquin College and Carleton University. He is an avid electric guitar player and a skilled carpenter. www.qnx.com
3.4 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Smart Home Growth Provides Connected Car Opportunities The connected car and connected home markets are growing in parallel, slowly gaining traction among U.S. consumers. Players from both industries are experimenting with cross-over solutions and partnerships, but the mass market consumer does not yet perceive the benefit. However, data indicate that personal experience with smart home solutions increases the appeal of cross-over scenarios dramatically. by Jennifer Kent, Parks Associates
The connected car industry is experiencing a period of tremendous growth. By the end of 2015, Parks Associates estimates 21% of light vehicles in operation in the U.S. market were equipped with a connectivity solution, and 16% of light vehicles, or 41.4 million vehicles, had an active connection. At the same time, smart home devices and services have been gaining traction with a growing ecosystem of smart home access, control, and management apps. Nearly 20% of U.S. broadband households own a smart home device (smart thermostats, networked cameras, smart video doorbells, smart door locks, smart lighting devices, or smart home central controllers). 32 | RTC Magazine JUNE 2016
In many ways, the smart home ecosystem has been growing in parallel with the connected car ecosystem: both are enabled by falling costs of sensors, networking technologies, and data costs, as well as by expanded cloud services, the mass penetration of smartphones, and consumer demand for the connected lifestyle. In 2016, these ecosystems are beginning to converge, with particular use cases, such as remote home controls, entertainment on-the-go, and home energy management, emerging at the intersection. Currently, the most used and most appealing connected car features are those that are core to the driving experience, such as mapping and navigation, and information on vehicle performance and
Appeal of Connected Car/Smart Home Crossover Features by Smart Home Device Ownership (Q1/15) Among Car Owners in U.S. Broadband Households Own Smart Home Device (n=573, ±4.09%)
Do Not Own Smart Home Devices (n=3,934, ±1.56%)
% Rating “Very Appealing” (Rating 6-7 on a 7-pt Scale)
60% 50% 40% 30%
About the author: Jennifer Kent manages Parks Associates process for the production of high-quality, relevant, and meaningful research. Jennifer publishes research and analysis in the connected cars space, as well as the connected home and other emerging consumer technology markets. Jennifer is a certified focus group moderator and earned her Ph.D. in religion, politics, and society from Baylor University. www.parksassociates.com
20% 10% 0%
Automatic Away Mode for Your Home
Home Entertainment On-the-Go © Parks Associates
Figure 1 Appeal of connected car-smart home crossover scenarios doubles among those who own a smart home device.
maintenance needs. However, some consumers express in cross-over features between the two markets. In 2015, Parks Associates surveyed vehicle owners living in a broadband, testing several connected car-connected home cross-over scenarios: • Automatic away mode for the home—the car and home communicate so that when you are leaving or coming home, lights, locks, the thermostat, etc. automatically turn on/off or adjust to the appropriate setting.
圀攀 猀椀洀瀀氀椀昀礀 琀栀攀 甀猀攀 漀昀 攀洀戀攀搀搀攀搀 琀攀挀栀渀漀氀漀最礀
• Home entertainment on-the-go—passengers in your car can access all the same TV shows, movies, games, photos, and computer files that you can have at home, including movies and TV shows from your pay-TV services. Respondents slightly preferred the away mode feature: 24% rated away-mode very appealing, compared with 20% of finding the entertainment option appealing. Notably, a higher percentage of respondents rated both features unappealing (33% and 40% rating unappealing, respectively). Clearly, the mass market consumer does not yet perceive the value in these cross-over features. However, responses differ dramatically among consumers who own at least one smart home device. Appeal of both scenarios is doubled among those who own a smart device, compared with those who do not (See Figure 1). Smart device home owners likely have a better understanding of the value proposition of the connected lifestyle, and thus better appreciate the added benefits of connecting the driving experience to the home. General consumer awareness of smart home devices and services is low, and many smart home benefits are only perceived experientially. Yet, when a consumer makes the jump into one connected home solution, the appeal of connecting other devices becomes more evident. Presented data indicate that as the smart home market progresses, the potential for cross-over opportunities in the connected car space to gain traction in the market will increase.
吀攀挀栀渀漀氀漀最礀 昀漀爀 戀爀椀氀氀椀愀渀琀 椀洀愀最椀渀最
挀漀渀最愀ⴀ吀匀㜀 ⴀ 㘀琀栀 䜀攀渀攀爀愀琀椀漀渀 䤀渀琀攀氀글 䌀漀爀攀∡ ⴀ 䤀渀琀攀氀글 䜀攀渀㤀 䠀䐀 䜀爀愀瀀栀椀挀猀
RTC Magazine JUNE 2016 | 33
3.5 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Figure 1: Infotainment systems incorporate sophisticated audio and video features into cars today, resulting in a more complex system architectures in vehicles
Effective Test Solutions for MOST Streaming Devices MOST specification, an international infotainment standard developed by its carmaker members worldwide, has help carmakers develop great systems over the years. But as the infotainment systems are becoming more and more complex with an increased amount of audio and/or video transmissions, carmakers are looking for ways to shorten its development cycle. by Matthias Karcher, Senior Manager Tools & Modules with K2L
Various trends can be observed in the car industry that influence MOST based infotainment systems in modern car platforms. These trends are evident regardless of whether we talk about the feature increases driven by carmakers in order to stay competitive or about the pressure on carmakers to develop their systems faster to meet and not miss existing market windows. All of these trends have a heavy impact on the development process in general and that of infotainment systems and devices using the MOST technology in particular. The increased number of devices and features in infotainment systems obviously also boosts the number of audio and/or video transmissions in such infotainment systems. This article discusses the impact of this increase on the development process and presents a solution for increased speed through the development and test cycle for audio/video based MOST infotainment systems.
34 | RTC Magazine JUNE 2016
Current infotainment systems in vehicles are more and more often becoming the figurehead or differentiator in the race among carmakers for customers. As a consequence, the carmakers are forced to implement more and more features and functionality into infotainment systems in less time. This is especially true of features and functionalities that can be experienced by the customer, namely the driver or co-drivers in the car, and hence can be considered as the basis for decision-making for a certain car model. Crucial features in that context are certainly those that directly affect human sense organs, such as all audio and video related functionalities (see figure 1). Based on this, it is becoming popular to implement more and more sophisticated audio and video features into cars today, resulting in more complex infotainment system architectures. This complexity derives on one hand from the feature increase in those systems, and on the
other hand from the integration of consumer electronics devices such as smart phones, tablets, etc. In parallel to the increase in complexity, another trend can be observed in the industry, which is the decrease of the development cycle time. This is required to meet the increased demand to roll out more car models in a certain time, and also to deal with the shorter life cycle of consumer electronics devices.
Simulation is the Key
All these mentioned trends are certainly significant challenges for all parties involved in the development of the electronics architecture of a car, and hence also those parties involved in the development of an infotainment system, including all the built-in devices. In order to develop, test and validate their systems very quickly to support the decreased development cycle time, the suppliers and OEMs need to adapt their development process in order to save time. From various discussions with customers, we identified a simple approach to dealing with that need: it is as simple as starting very early in the process with tests against simulations. Simulation is the key here, since real devices are normally not available so early in the process. If testing against these simulations starts early, then a lot of issues, problems and mistakes can be identified long before the product or solution goes into real validation, meaning a couple of bug fixing cycles and thus a bunch of development time can be saved. By nature, infotainment systems are a little bit different from other control systems or networks in a car. Infotainment is the only domain where streaming data such as audio and video data is distributed over a network like MOST, and where Audio/ Video Sink and Source devices are connected to each other via a network in order to transmit those signals across this network. Since this setup is special, the availability of tools solving the simulation and test problem in a convenient way is somewhat rare. Such tools are unique, especially since, in addition to the MOST interfaces, the tool needs certain interfaces to audio/
Figure 2: The MOST PCI Tool Kit simplifies the set up by using the standard A/V interfaces of the PC with a PCI board assembled into the PC or a USB based device
video devices plus a certain system architecture, allowing it to stream high bandwidth data from the MOST network to the sink or vice versa. The use case for A/V applications on MOST is pretty simple. If an A/V source device is developed, a counterpart device should connect via MOST to the device under test (DUT) and simply receive the audio and/or video data via MOST from the DUT in order to make it visible or audible. In the case of an A/V sink device, it is just the other way round and the tool needs to receive A/V data through typical audio interfaces and then put the data correctly onto MOST. As a consequence of that, the tools are a selection of standard audio interfaces (Line In/Out, SPDIF In/ Out…) and video interfaces (DVI, HDMI, etc.) on one end and a MOST interface on the other end. As for other tool solutions, such a tool should be operated easily via PC software and hence consists of a hardware interface connected to a PC, where the control software or GUI (Graphical User Interface) is operated. With this in mind, what would be more obvious than using the PC as a carrier for the A/V interfaces? A standard PC could be equipped with sound and/or video/frame grabber cards and then connected with a “simple” MOST hardware interface via standard interfaces such as PCI or USB.
MOST Stream Testing
The setup of K2L’s MOST PCI Tool Kit, which comes with a new GUI called MOST Stream (see figure 2) that eases the handling for testing streaming devices significantly. It simply uses the standard A/V interfaces of the PC with a PCI board assembled into the PC or, in future, also a USB based device, both connected into a MOST network. With just a few clicks in MOST Stream, the user can stream a video coming in e.g. via HDMI or a recorded video file sitting on the hard disk of the PC to MOST in order to test a MOST display or RSE unit. Another example would be an audio stream of any format coming from a MOST amplifier, received from the MOST PCI Toolkit and then sent straight to a sound card and loudspeakers. MOST Stream already supports a wide variety of formats for both audio and video, and the number of supported formats is still increasing. Hence devices can be tested that process everything from simple mono audio format, via various MPEG formats (such as MP3) up to Dolby digital multi-channel formats such as 5.1 or 7.1, and the same thing for video: everything from simple SD video format up to high definition (HD) video format is supported. The list of formats is also steadily increasing. As mentioned, MOST Stream (figure 3) supports this very conveniently. It just differentiates between the kind if streaming data that either runs from MOST into the tool or is sent from the tool to MOST. The user
RTC Magazine JUNE 2016 | 35
3.5 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN About the author: Dipl.-Ing. (FH) Matthias Karcher graduated in Electronics, with a particular focus on automation. He has been working in the software development field for over fifteen years, specializing in development tools; for over ten years he has been dealing with network tools for the automotive industry. For over two years, Mr. Karcher has been in charge of the tools business at K2L GmbH & Co. http://k2l.de/
Figure 3: With the MOST Stream software, users select to process either synchronous or isochronous data, where synchronous data is supported through all MOST speed grades and the isochronous channel has been introduced by MOST150
only needs to select whether he wants to process synchronous or isochronous data, where synchronous data is supported through all MOST speed grades and the isochronous channel has been introduced by MOST150 and supports mainly video transmissions, which are not synchronous to the MOST clock. On different tabs in the software, the user can send or receive data from or to source interfaces or, in the common use case, from or to files located on the PC. This allows the user to set up a test for streaming devices simply through a few mouse clicks, and thus the user can create either a counterpart device for his streaming device or a test setup for his DUT in a very short time. Certainly multiple streams can be operated in parallel. With that, all aspects for the test and simulation of MOST streaming devices can be covered in a very efficient way, and thus the development cycle for streaming devices can be optimized, saving a lot of development time. Consequently, the increased complexity can be managed in an efficient way, time to market can be reduced and quality of MOST streaming devices increases. 36 | RTC Magazine JUNE 2016
The only limit is the imagination ••
Modular enclosure solutions and components
• OpenVPX, MicroTCA, AdvancedTCA, and more
Pixus offers virtually unlimited configurations for 19” rackmount, desktop, and rugged enclosures.
• Electronics Cases
From electronics instrumentation cases to embedded systems in the latest backplane architectures, Pixus has a solution for you.
• Subrack and faceplate components • Rugged options for Mil/Aero, Railway
sales@pixustechnologies.com | pixustechnologies.com
Automotive Development and Networking Tools K2L is a provider of development tools for devices which enable data communication over leading-edge automotive networks such as CAN, CAN FD, FlexRay™, LIN, MOST® and Automotive Ethernet. K2L’s experienced and knowledgeable team provides a wide variety of solutions to fully support the standard V-model software development process used in the design of automotive electronic control units (ECU). K2L can assist with all phases of the design process including rapid prototyping, embedded device development, ready-to-run test solutions and highly-productive test environments. To further assist with product development, K2L offers software components, engineering services, training modules and workshops, and technical support.
K2L GmbH & Co. KG · Emmy-Noether-Straße 14 · 76131 Karlsruhe · Germany Tel. +49 721 62537 0 · info@k2l.de · www.k2l.de
3.6 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN
Figure 1: The Rimac Concept One electric supercar incorporates the design of in-vehicle infotainment (IVI)
New In-vehicle Infotainment (IVI) Architecture Provides 3D View Around the Car The motor vehicle industry is going through massive changes in terms of how it approaches the engineering of its products. Not only is there a strong push for advanced driver assistance system (ADAS) technology that may culminate in fully automated driving, there is the need to satisfy the requirements of the ISO 26262 safety standard and the expectation among buyers that the dashboard and infotainment should reflect the same sophistication that they see in their smartphones and tablets. Figure 1. by Alistair Adams, Global Automotive Product Manager, The Qt Company
The demand for more interactive systems within the cabin has led not only to a migration away from traditional mechanical dashboard displays but a growth in the number of displays. These provide passengers with their own entertainment while riding as well as giving the driver better information about the road conditions around them. Advanced 3D graphics provide 360° view of the environment around the car, removing the need for the driver to worry about blind spots. Better intelligence built into the image-processing software that generates these displays will give the driver advanced warning of potential hazards as vehicles move between lanes to the side or as
38 | RTC Magazine JUNE 2016
road conditions ahead. Easy to understand interaction is a key component of these in-vehicle infotainment (IVI) systems to avoid giving the driver too much extraneous information and causing distractions. Functions to change background music or alter climate control need to be readily available and not cause the driver to take their eyes off the road for too long. Such interaction design is difficult to put into practice as it involves many variables. As voice-control and more sophisticated gestural interfaces become more prevalent, they will need to be embraced and put into action by UX designers.
User testing is vital to ensure that ideas of how interaction should work play out in reality. UX experts need to be able to tweak the interface quickly as issues are encountered, while developers ensure that the underlying command and control code operates correctly. Thanks to the growth of application ecosystems in consumer electronics, the car itself is becoming an IT platform. The IVI systems will expose APIs to third-party devices that allow the development of additional services without the direct involvement of the car OEM. But there are significant challenges associated with these trends. Figure 2. The demands being placed on IVI development raise important problems for the traditional waterfall model of software development. OEMs and, in turn, tier-one suppliers are looking toward more agile ways of building and maintaining IVI software. Standards such as GENIVI provide important base-level platforms for APIs that can be used by a wide community of developers. But the OEMs need to be able to innovate quickly and allow architects, UX designers and developers to work on their respective parts of the code base without conflict. And they need to be able work with tier-one suppliers in a way that maximizes the potential for collaboration. Architectural abstraction is a key instrument in the ability to satisfy these needs. The first requirement is an underlying base level of software that allows a single codebase to run across multiple targets. This ensures that different generations and models of vehicle can run a common codebase. But there is also a need for differentiation within product families, to provide a luxury experience for some models and a more basic set of features for low-cost variants. There is a further consideration. Although many of the infotainment systems that car manufacturers want to introduce do not have a direct impact on vehicle safety, developers need to be mindful of the requirements of ISO26262. The standard demands that changes
made to safety-related systems are documented and justified clearly with safety cases. As a result, it is vital that a clear separation be made between driving systems and those used for infotainment so that small, frequent changes made to do not interfere with the software architecture of those critical systems. Without appropriate software architecture, this becomes difficult to guarantee. The model-view-controller (MVC) design pattern provides a means to give both UX designers and developers independent control of their areas and experiment, test and refine novel approaches more easily. The MVC pattern divides the application into three parts that are interconnected by APIs. The model manages the data and rules of the core application. The view portion builds the user interface elements and reports the user interactions back to the controller. In turn, the controller portion interprets the user gestures and requests and converts them into commands that the model can apply to its internal logic. The separation of functions in MVC makes it possible to use the same core logic to drive different types of user interface, supporting the needs of different types of IVI application. This way, the same core control logic can work with spoken or GUI interactions, for example. It also allows different UI elements to be used for different models of vehicle without needing to change the underlying code. A declarative programming model for the view components through an approach based on markup languages further enhances flexibility. Based on the industry-standard Javascript, QML is a markup language designed to support easy and rapid interface development. What may be initiated on one device using a gesture may be performed on another using a slider object. By binding different properties to objects, developers can quickly try out different interface configurations to suit the individual display environment of
Figure 2: The Rimac Concept One electric supercar interior has easy to understand interaction to avoid giving the driver too much extraneous information causing distractions
RTC Magazine JUNE 2016 | 39
3.5 HOW TECHNOLOGIES WILL CHANGE FUTURE CAR DESIGN each target device. Unlike HTML5, with QML it is trivial to interface the declarative language with core C++ for the control code thus retaining native performance. Thanks to its JavaScript-based structure, QML lets the developers bring in third-party libraries that may be used to perform input validation or provide additional user-interface services such as voice recognition. For situations where it makes sense, QML has powerful enough logic functions as well. In Qt’s Automotive Suite, the QML and C++ libraries that support attractive and fluid interactive 3D interfaces are coupled with libraries and support software and services focused on the automotive environments. The suite includes the GENIVI-compliant automotive platform developed by Pelagicore as well as KDAB’s GammaRay tool for debugging highly interactive applications. The QmlLive tool allows the QML markup to be updated on a live system so that designers can experience immediately the impact of their changes allowing them to iterate more frequently leading to better designs. As well as the fluidity of the interface and access to a wide range of add-on applications, concerns over security will play a major role in defining the IVI architecture of the future. An application manager can support this focus on security, safety and resilience by making it possible to implement policies for applications to ensure they do not conflict with each other or risk the leaking of data between compo-
40 | RTC Magazine JUNE 2016
nents. By making a single manager component responsible for policy enforcement, OEMs are provided with the flexibility to respond to rapid changes in UX innovations and market demands and still deliver systems that conform to leading security and safety standards. With these components and tools, the Qt Automotive Suite makes it possible for automotive OEMs to deliver better software much faster than before that meets the multiple competing needs they need to address now within IVI and into the future. About the author: Alistair Adams is Global Automotive Product Manager at The Qt Company. He specialises in embedded systems, infotainment, user-interface technologies, and the mobile industry. Alistair has nearly 20 years’ experience in the software engineering and development industry. He previously worked with HERE, Nokia, Trolltech and Openwave Systems. Alistair holds a Master degree in Electrical and Control Engineering from the University of Cambridge, UK, and was jointly awarded a patent for associating location information with a WLAN. www.qt.io/qt-in-automotive
STMicroelectronics - a leader in IoT • Sensors & Actuators • Microcontrollers & Memories • Ultra-low power connectivity • Analog & Mixed Signal components • Smart energy management
Build your prototype. Make your product. A fast and affordable way to develop innovative devices and applications with state-of-the-art ST components.
For more information, visit www.st.com
ADVERTISER INDEX GET CONNECTED WITH INTELLIGENT SYSTEMS SOURCE AND PURCHASABLE SOLUTIONS NOW Intelligent Systems Source is a new resource that gives you the power to compare, review and even purchase embedded computing products intelligently. To help you research SBCs, SOMs, COMs, Systems, or I/O boards, the Intelligent Systems Source website provides products, articles, and whitepapers from industry leading manufacturers---and it's even connected to the top 5 distributors. Go to Intelligent Systems Source now so you can start to locate, compare, and purchase the correct product for your needs.
intelligentsystemssource.com
Company...........................................................................Page................................................................................Website congatec................................................................................................................................33...........................................................................................................www.congatec.us Connected Health Summit......................................................................................27................................................................. www.connectedhealthsummit.com Green Hills Software.....................................................................................................15.....................................................................................................................www.ghs.com Intelligent Systems Source.................................................................................31, 40........................................................... www.intelligentsystemssource.com InterDrone............................................................................................................................ 19.....................................................................................................www.interdrone.com K2L.............................................................................................................................................37..........................................................................................................................www.k2l.de Microchip..............................................................................................................................23.....................................................................................................www.microchip.com Novasom Industries...................................................................................................... 4................................................................................www.novasomindustries.com One Stop Systems.......................................................................................................9, 13.................................................................................. www.onestopsystems.com Pentek.....................................................................................................................................44............................................................................................................www.pentek.com Pixus Technologies.......................................................................................................36................................................................................www.pixustechnologies.com STMicroelectronics........................................................................................................41......................................................................................................................... www.st.com Sundance...............................................................................................................................17......................................................................................................www.sundance.com Supermicro........................................................................................................................... 2................................................................................................... www.supermicro.com TQ...............................................................................................................................................43................................................................................www.embeddedmodules.net
RTC (Issn#1092-1524) magazine is published monthly at 905 Calle Amanecer, Ste. 150, San Clemente, CA 92673. Periodical postage paid at San Clemente and at additional mailing offices. POSTMASTER: Send address changes to The RTC Group, 905 Calle Amanecer, Ste. 150, San Clemente, CA 92673.
42 | RTC Magazine JUNE 2016
Experience Real Design Freedom
Only TQ allows you to choose between ARM®, Intel®, NXP and TI • Off-the-shelf modules from Intel, NXP and TI • Custom designs and manufacturing • Rigorous testing • Built for rugged environments: -40°C... +85°C • Long-term availability • Smallest form factors in the industry • All processor functions available
For more information call 508 209 0294 www.embeddedmodules.net
Capture. Record. Real-Time. Every Time. Intelligently record wideband signals continuously...for hours Capturing critical SIGINT, radar and communications signals requires hardware highly-optimized for precision and performance. Our COTS Talon® recording systems deliver the industry’s highest levels of performance, even in the harshest environments. You’ll get extended operation, high dynamic range and exceptional recording speed every time! •
High-speed, real-time recording: Sustained data capture rates to 8 GB/sec
•
Extended capture periods: Record real-time for hours or days with storage up to 100+ TB
•
Exceptional signal quality: Maintain highest dynamic range for critical signals
•
Flexible I/O: Capture both analog and digital signals
•
Operational in any environment: Lab, rugged, flight-certified, portable and SFF systems designed for SWaP
•
Out-of-the-box operation: SystemFlow® GUI, signal analyzer and API provide simple instrument interfaces
•
Intelligent recording: Sentinel Intelligent Scan and Capture software automatically detects and records signals of interest ™
Eight SSD QuickPac™ canister, removable in seconds!
Download the FREE High-Speed Recording Systems Handbook at: www.pentek.com/go/cotstalon or call 201-818-5900 for additional information.
Pentek, Inc., One Park Way, Upper Saddle River, NJ 07458 Phone: 201-818-5900 • Fax: 201-818-5904 • email: info@pentek.com • www.pentek.com Worldwide Distribution & Support, Copyright © 2016 Pentek, Inc. Pentek, Talon, SystemFlow, Sentinel and QuickPac are trademarks of Pentek, Inc. Other trademarks are properties of their respective owners.