The AURIX™ is Infineon’s brand new family of microcontrollers serving the needs of the automotive industry in terms of performance and safety. Its innovative multicore architecture, based on up to three independent 32-bit TriCore™ CPUs, has been designed to meet the highest safety standards while increasing performance at the same time.
Using the AURIX™ platform, automotive developers will be able to control powertrain, body, safety and ADAS applications with one single MCU platform. These same features also apply outside of automotive to other application areas including rail and industrial. Developments using AURIX™ will require less effort to achieve the ASIL-D standard than with a classical Lockstep architecture. Customers are now able to cut down their MCU safety development by 30%. By the same token, a performance surplus from 50 - 100% allows for more functionality and offers a sufficient resource buffer for future requirements, keeping the power consumption on the single-core microcontroller level.
The AURIX™ device combines three powerful technologies within one silicon die, achieving new levels of power, speed, and economy for embedded applications. These are, a Reduced Instruction Set Computing (RISC) processor architecture, Digital Signal Processing (DSP) operations and on-chip memories and peripherals. DSP operations and addressing modes provide the computational power necessary to efficiently analyse complex real-world signals. The RISC load/store architecture provides high computational bandwidth with low system cost. On-chip memory and peripherals are designed to support even the most demanding high-bandwidth, real-time embedded control-systems tasks.
The AURIX™ is designed to meet the needs of the most demanding embedded control systems applications where the competing issues of price/performance, real-time responsiveness, computational power, data bandwidth and power consumption are key design elements. The complete AURIX™ family ranges from single core devices running up to 133MHz in 80 pin packages and 512kB Flash, through dual core derivatives right up to triple core devices running at 300MHz in BGA-416 packages and 8MB Flash. In addition to the ‘user’ core(s), all derivatives have at least one additional ‘checker’ core although there is an option in the very low end parts to have a single core without a checker. The internal peripherals include versatile signal generation and measurement with a number of timer inputs and outputs as well as analogue to digital converters, numerous communication interfaces including CAN, Ethernet and serial, sensor inputs and even a hardware security module. The mix of peripherals varies between the derivatives with the aim being that there is a good fit somewhere within the family for a wide range of requirements for different applications. As many applications now have require some degree of safety, the AURIX™ has a number of mechanisms to meet the requirements, either in hardware with, for example, the checker core, watchdogs, broken wire detection for the ADC and hardware error correction on memories or with software packages such as SafeTlib™. One of the earliest tasks in any AURIX™ project is the design of the overall system architecture to meet the applicable safety goals (the first is to identify the safety goals themselves).
SafeTlibTM is a middleware system that manages the safety aspects of the AURIX™ and associated applications. At the simplest level it provides a set of configurable and Infineon-approved tests that is compatible with the IEC61508 SILs and ISO26262 ASILs. These tests in the Microcontroller Test Library prove the correct operation of the AURIX™ at start-up by exercising the built-in fault detection mechanisms such as the ECC on the FLASH and SRAM.It also provides a series of cyclic tests that verify the continued correct operation of the device during normal running of the application.However, it can also manage the challenge-response signature watchdog function, based on external safety monitors like the CIC61508 and the TLF35584 combined power regulator and safety monitor.In the event of a failure, the SafeTlib™ will notify the application, which then takes action to shut the system down.At the same time, the external safety monitor will independently take steps to render the system safe. SafeTlib™ has been developed using a process that meets the requirements of IEC61508 and ISO26262 and it greatly reduces the effort required to create an application that has to be certified to these standards.It is backed up by a full set of Safety Manuals, Safety Cases and requirements/traceability databases and consultancy services from Hitex.
The AURIX™ microcontroller hardware and SafeTlib™ software are intended to be used together as an element of an electrical and/or electronic (E/E) system, as defined by the ISO 26262 standard. It was developed as a Safety Element out of Context (SEooC) in accordance with the ISO 26262-10with ASIL D capability.
Summary
It can be seen that the AURIX™ microcontroller family provides a scalable solution for many application areas including rail, particularly if there are safety requirements. For these, the microcontroller hardware with its unique features is part of a complete package which includes documentation, software and external safety monitors. In addition to this, the ecosystem for product development including evaluation boards, third party software packages, compilers and debuggers are easily available and mature. Hitex have been working with this family of microcontrollers from the first TriCore devices introduced in the late 90’s through to the latest AURIX™ today and can provide a complete range of services to accelerate the product development.
