Currently, the second generation of the Aurix family is in production. Aurix microcontrollers sales so far have crossed the 3 million unit line and is used in advanced series vehicles like BMW’s 7 series and Daimler’s Mercedes E-class since 2016. In both cases the Aurix is involved in data fusion, one of the most demanding computing tasks in Advanced Driver Assistance Systems and self-driving cars for the high safety requirements to these algorithms. In such environments, the computer handling the driving decision must be designed such that it even can survive a power failure, explained Boehm. The Aurix microcontrollers therefore are typically located in ECUs that control power train, chassis and safety applications with time-critical requirements.
Currently, automotive OEMs are mulling over the best layout and partition the real-time date associated to autonomous driving. Will the computers in future car generations be more centralized than today’s far-flung electronics landscape with dozens of independent ECUs? Probably yes, Boehm says. However, the brain in this central computer won’t be implemented in a single microprocessor, not even one with many heterogeneous cores, Boehm believes. Instead, Aurix microcontrollers will be present even in the next generation of car computers –“and they will continue to be responsible for safety topics – not as a piece of IP in a highly integrated SoC but as a separate microcontroller,” Boehm predicts.
Beyond the question about centralizing or decentralizing the computing resources in future vehicles, there are a number of challenges for ECU designers: The high amount of data to be shuffled around between sensors, actuators, antennas and subsystems need to be handled. Therefore, switched Ethernet will be established as data highway in the cars. Software will be another challenge – the complex tasks and the degree at which tasks will be implemented in software instead of hardware will require the reuse of legacy code as well as safety concepts in software testing. The transition from fail-safe to fail-operational architectures in selected areas will require hardware / software repartitioning on ECU and at E/E level. And over-the-air software update concepts, currently under development across the automotive industry, will enable remote software updates but require end-to-end security.
The latest Aurix version TC3xx can handle these challenges, Boehm assures. Its performance in applications rated at ASIL-D (the highest level of functional safety according to ISO 26262) has been more than tripled over the predecessor version, and it supports Gigabit Ethernet – an industry first, as Boehm points out. With its hardware security architecture, the Aurix family is ready to perform secure OTA software transfers.
Another capability that is playing a major role in automotive real-time computing is virtualization. This feature enables automotive electronics designers to implement control units not in hardware but instead in software, which is a precondition to centralize computing resources and to establish domain controllers, or even more so, vehicle central computers. The Aurix family does not have this capability, at least for the time being. The reason: No hypervisor software is available for the Aurix. “We do not have any use cases yet”, explained Boehm. “But in the future we certainly will consider this topic. Perhaps the next Aurix generation will have it.”