Your SlideShare is downloading. ×
0
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
20140211 critical-electronics-for-aircraft
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

20140211 critical-electronics-for-aircraft

2,319

Published on


In aeronautics, embedded electronics plays a major role in the systems development, integration, maturity, reliability in harsh environmental conditions.

Electronic technologies are oriented by mass markets and industrials of electronics onboard aircraft are, in a competitive context, facing challenges to meet the requirements and constraints of embedded products (environment, certification, ...), demonstrate the reliability of their products and control their life time (over 20 years).

In this context, emphasis will be placed on the requirements for avionics applications, including critical ones, as well as the processes and activities established in electronic development to master the complexity and meet the requirements.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,319
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
64
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Presented by: Philippe PONS Airbus Avionics & Simulation Products Electronics Senior Expert CISEC 2014 Conferences – Critical Embedded Systems Electronics for Aircraft – Avionics Feb. 11, 2014
  • 2. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Electronics for Aircraft – Avionics Summary • Introduction • Context • Some significant aeronautical constraints / requirements – Impacts on electronics and avionics equipments development • Design and development processes • Conclusion Page 2 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 3. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Introduction Page 3 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 4. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Introduction – Overview of Avionics & Simulation Products • Avionics & Simulation Products (EYY): AIRBUS Centre of Competences simul ation Avionics for on-board Electronics and Software in real time applications  Cover the whole life cycle: development, production, sales & customer support Design of 10 to 15% of Aircraft Electronics to acquire expertise and support Programmes, Procurement, Engineering regarding the other 85 to 90% Focus on domains which are difficult, and/or sensitive & critical, innovative A300/310 A319/20/21 • • • • Flight Control Warnings Maintenance Communication A380 A330/340 6000 equipments / year Page 4 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 5. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Context (1/5) Embedded electronics: high growth since 20 years Electronics overruns the Aircraft and brings intelligence, control precision, performance, flexibility, reliability… Examples: Fly-by-Wire, Cockpit Cockpit commands Aircraft sensors Flight computers Page 5 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Actuators
  • 6. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Context (2/5) • Nevertheless, low percentage of the worldwide electronics industry o Dominated and ruled by high volume and low cost oriented applications (ex. consumers, telecom) Note: - Aerospace: below 1% of global component market, almost stable - Automotive: ~8%, growing o Characterized by rapide changes (ex. electronic components technologies, component manufacturers buyout…) A300 A340 A380 • But high level of contraints & requirements for on-board applications Page 6 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 7. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Context (3/5) • Markets have drastically different characteristics Page 7 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 8. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Context (4/5) How to proceed to remain competive in development / production of onboard electronics & equipments? Adapt to the technologies, components, … market trends & use appropriate processes  Grasp opportunities offered by advanced & emerging technologies and propose innovative solutions to keep a competitive advantage  - • Enabling new functions, allowing higher performance and integration with reduced cost But - Often implemented on commercial applications, high volume, low constraints, and not initially adapted to needs & requirements of on-board systems - Sometimes, limited access for European Actors (growth in US, Asia, access / export limitation) - Adding higher complexity (IS; EMC; hot spot,...), PCB, assembly vs.comp. packages, certification, maintenance / investigations), obsolescence, potential counterfeiting issues, reliability risks,... © Freescale Semiconductor, Inc. 2008 Satisfy specific constraints / requirements of Avionics Page 8 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 9. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Context (5/5) Major drivers: • • Use of COTS components and widely ‘shared’ technologies (avoid “niches”) High performances (electrical; functional  ex. processing, power efficiency with increase of the frequency, …; less energy; …) • • • • High integration for smaller size & volume and smaller weight High reliability and safety in compliance with the requirements for embedded electronics Performance & compliance with environmental constraints (thermal, EMC, cosmic radiation,…) • • Regulations: certifications, environmental directives (ex. RoHS, Reach) Complexity and development cycles mastering – design maturity (model based techniques, modeling & simulation , verification,…) • • • • High industrial maturity (Entry in Service) Long term availability  High life time (~15 years to > 30 years) Lowest costs Low and medium manufacturing volume / mass-production Page 9 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 10. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Electronics for Aircraft – Avionics Summary • Introduction • Context • Some significant aeronautical constraints / requirements – Impacts on electronics and avionics equipments development • Design and development processes • Conclusion Page 10 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 11. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Some significant aeronautical constraints / requirements – Impacts on electronics and avionics equipments development  Service life o Electronic components (as example)  Environmental conditions (thermal, mechanical… EMC, atmospheric radiation, …)  Safety  Reliability  Maintainability and Testability  Certification Page 11 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 12. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Service life Service life of equipment is the time at which it is no longer physically feasible or economically considered as rentable to repair or overhaul the equipment to acceptable standards Example: 150 000 flight hours, 30 000 cycles or 25 years 200X 201x + 5 EIS Equipment 200X + 30 Equipment End of Service Life design Kick-off  High impacts on: Page 12 Electronic components and technologies (ex. manufacturing technologies) selection Electronic providers selection and follow-up Manufacturing & test means (industrialization) Documentation set volume to preserve product knowledge EIS: Entrance In Service © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 13. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Service life – Electronic components management • Context: Electronic components is the “raw material” for an electronic equipment: “to make a good dish, good ingredients are needed” Raw materials Design Ensure >25 years life cycle (service life) Page 13 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Final product
  • 14. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Service life – Electronic components management • Need to manage electronic components to ensure:  Right component for the right function: market trends, durability, reliability (e.g. failure mechanisms vs. new technologies), sensitivity to atmospheric radiation… Continuously supply A/C for 25 years: expertise and audit of components suppliers and manufacturers, obsolescence management and durability control of components (if stocks), counterfeiting avoidance (supply through approved network highly recommended) International Specification IEC/TS 62239-1 “Process management for avionics – Management plan – Part 1: Preparation and maintenance of an electronic management plan” defines requirements for selecting and managing electronic components (COTS and specific) in compliance with the end application Page 14 COTS: Commercial Off-The-Shelf © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 15. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Service life – Electronic components management Obsolescence management PREVENT DETECT  PREVENT Obsolescence - Select Electronic Components among “golden rules” - Manage selection for design with a Preferred Parts List - Define design margin in order to allow easier parts replacements - Perform BOM analysis in order to validate components choices - ...  DETECT Obsolescence - Perform technical components suppliers survey : meetings, visits, audits, ... - Identify availability information within the components database, - Conduct yearly obsolescence analysis and plan for each product  SOLVE Obsolescence - Identify replacement solutions & impacts on design (qualification level) - Decide the mitigation solutions : short / mid / long – term redesign, stock, - Update obsolescence plan - ... Page 15 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. SOLVE
  • 16. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Environmental conditions: Mechanical & climatic requirements Typical examples •Temperature (ex. E-bay) o o o Storage: -55°C / +85°C Operation: -40°C / +70°C ambiant, air forced Loss of cooling: 30mn @ +55°C ambiant; 8h @ +40 or +45°C • Temperature Variation • Altitude/Pressure (if required) • Humidity •Shocks (ex. E-bay) o 6g • Vibration o Random vibr. 1,68gRms / 10 – 400Hz • Constant Acceleration •10g •Fluids •Sand and Dust •Fungus Resistance •Salt Spray •Icing •Flammability/Smoke/Toxicity Requirement’s magnitude and applicability depend on equipment category  Temperature & Vibration are main constraints for on-board electronic equipments requiring: • Cooling analysis & solution (vs. for ex. acceptable components Tj) • Mechanical analysis & assembly solution • Performance margin definition • Component selection & sort !! Impact on weight Page 16 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 17. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Environmental conditions: Transients and Electromagnetic (EMC) requirements • Transients • Lightning strike attachments to the aircraft surface • On aircraft switching of electrical loads and electrostatic discharges • Radio Frequency Energy • Those generated externally (example: high intensity radiated fields and aircraft on-board transmitters) • Those generated internally (example: emissions from neighbouring systems and electronic equipments) High impact on equipment design: - Input/Output protections - Specific filters design - Strict packaging and electronic design rules/guidelines (vs. EMC emission, immunity) Page 17 EMC: Electro-Magnetic Compatibility © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 18. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Environmental conditions: EMC Emission and Immunity (Susceptibility) • • Electronic boards are the central issue of the avionic EMC Components may be both perturbing (guilty) and perturbed elements (victim) Page 18 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 19. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Environmental conditions: EMC activities within equipment development System level Equipment level Environmental & Functional HW assembly Specification Preliminary Design Integration / Verification Phase 1 Qualification Changes Management Packaging level packaging Specifications Preliminary Design Packaging Design implementation Verification Implementation (board prototyping) Verification Board level Environmental & Functional Board Specifications Preliminary Design Electrical Diagram Design, physical design, place and route FPGA ASIC level Functional FPGA Specifications Preliminary Design - Architecture - Electrical and grounding network technological drawing choices -Lightning processes (applicable Integral - EMC Mockprotection and ups BCI filtering Planning and HW architecture development - Signal - Mechanical intergrity design Simulations requirements Detailed Design, coding, synthesis, place and route Implementation (programming) Verification - Schematic diagram checks (Analysis at each level) report) Modification / - Signal Configuration intergrity management Simulations Page 19 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. - PCB Design checks - CAD Certification liaison Contraints Notes (airborne HW) - Board checks (signal integrtiy, ...) - Equipment checks (robustness tests) V&V HW process and quality assurance
  • 20. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Environmental conditions: EMC compliance (example) EMC compliance in a functional objective Comply with the EMC standards Functional improvement at design level Page 20 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 21. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Environmental conditions: Atmospheric radiation Atmospheric Radiation Requirements ALTITUDE 106 1. Ft (330 Kms) Orbit of the space shuttle PRIMARY PARTICLES ISSSUE FROM COSMIC RAY (protons : 87% - helium atoms : 12% - Heavy Ions : 1%) Filter (Terrestrial Magnetic Field + Solar Wind) INTERACTION WITH ATMOSPHERIC ATOMS (Oxygen + Nitrogen) ~ 39 000 Ft (12 000 m) Aircraft Altitude RADIATIVE ENVIRONMENT AT THE FLIGHT ALTITUDE For highly integrated electronic, consequences of the radiation impacts may be modifications to logic states SEU/MBU in memory cells or registers : Safety-Reliability-Availability impacts Order of Magnitude to consider: with 200MBytes embedded memory, 1 Upset by flight hour  Impact on equipment design: • Architecture • Component selection • Mitigation techniques Page 21 SEU: Single Event Upset MBU: Multiple Bit Upsets © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 22. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Environmental conditions: Atmospheric radiation effects High energy particles Collisions in atmosphere SEU sensitivity depends on many parameters: Technology(CMOS, Particle energy, particule flux (function of altitude, latitude), type of cell (RAM, flip-flop), cell design, ... SEU (Single Event Upset) are concerning sequential logic (RAM cells and Flip-Flops) Where bit flip can occur and remain “stored” Neutron Sensitive volume: nuclear reaction  parasitic currents SEU cross section: • Intrinsic parameter of a chip/circuit that specifies its response to a particle species (e.g. neutron, proton, pion, heavy ion, etc.) • Measured using a beam of particles produced at an accelerator. The SEU crosssection depends on the particle type and particle energy Page 22 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 23. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Environmental conditions: Atmospheric radiation management and mitigations • Atmospheric Radiation effects Risk analysis (part of safety risk analysis) International Standard IEC 62396-1 “Process management for avionics – Atmospheric radiation effects – Part 1: Accommodation of atmospheric radiation effects via single event effects within avionics electronic equipment” provides a general view of the subject to help designers to assess the impact of cosmic radiation on electronic: SEU/MBU Risk Analysis • Mitigations Techniques : Examples at component / equipment level • Hardware protections • Insensible components (ROM) or with a very low sensitivity • Parity checks on Memory allow detection of SEU. The computer can generate an auto-reset or can fail itself => impact on the availability • Error Correction Code (Hamming Code, Reed Solomon…) : allows the detection and the correction of the SEU => no impact on the availability (to be analyzed for MBU) • Scrambling : arrangement of bits of memory to limit MBU, • FPGA RAM Based : Internal triplication; Scrubbing : periodic refresh • Software protections • Many protections  Up to 30% of processor load Page 23 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 24. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Safety Safety requirement for safe operation in compliance with Authorities regulations and Customers / Airlines requirements • Safety activity shall be done in order to keep the hazards associated with the aircraft or with the environment to a minimum level Analyze all potential safety hazards and associated hazardous conditions: o Functional hazards (hazards associated with function/equipment/components) o Intrinsic hazards (hazards intrinsic to equipment) o Human activity hazards (maintenance, operational activities) Example: Flight Control Computer safety requirements • No single hardware failure shall be able to cause undetected oscillation of inputs / outputs Failure Modes and Effects Analysis (FMEA) is a systematic method of safety analysis o Identify potential failure modes of a system, function, or piece part (i.e. component) o Determine the effects on the respective level as well as on the next higher levels of the design Page 24 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 25. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Safety: Impacts and mitigations Impact on equipment design: Functional architecture solution Hardware and Software design solutions / techniques Example of common safety mechanisms implemented in hardware and electronics design • COM/MON architecture • Monitoring and test of each function shall be possible • Watchdog • Clock monitoring, Power monitoring • ECC (error-correcting code) protection of RAM • CRC (cyclic redundancy check) on ROM content • Etc… Additional features required by aeronautical requirements - Over current protection with filter - High level disabling capability - Function status feedback for monitoring purpose - Lock mechanism on failure (prevent from oscillatory behaviour) - Current inversion protection Page 25 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 26. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Reliability Probability that an item will perform a required function, under specified conditions, without failure, for a specified period of time Main Quantitative specifications through: • MTBUR (Mean Time Between Unscheduled Removals): obtained by dividing the total number of flight hours logged by population of an equipment over a certain period of time by the number of unscheduled removals during that same period • MTBF (Mean Time Between Failures): obtained by dividing the total number of flight hours logged by a population of an equipment over a certain period of time by the total number of confirmed failures occurring in flight or on ground within the population during the same time period • FR (Failure Rate): failures count per flight hour • FIT (Failure in Time): failures for billion flight hours Example: Flight Control Computer shall comply with MTBF 15 000FH & MTBUR 12 000FH  Impact on equipment design: • All domains from architecture, components selection, design rules, thermal – vibration – EMC … environmental solutions implementation Page 26 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 27. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Reliability: Design for reliability and reliability prediction approach Design for reliability based on FIDES Guide: new predictive reliability methodology based on Physic of Failure, as previous methodology and guides were based only on experience feedback analysis, did not follow the components evolutions, were very pessimistic compared with the current field return (e.g. MIL-HDBK217,… ) • Many COTS families Parts Electronic boards Sub-assemblies • Fides methodology for MTBF evaluation Technology Reliability Good correlation between FIDES predictions and field return data Use Process http://www.fides-reliability.org/ Page 27 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 28. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Reliability: Mission profile impact Medium Range A/C Computer in avionic bay Computer in wing Impact of the Mission Profile on MTBF using FIDES: Avionic Bay Wing A/C Long Range x >>x A/C Medium Range y >>y A/C Short Range z >>z Page 28 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Very important to know the real environment
  • 29. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Reliability: Example of reliability assessments and qualification applied to manufacturing technologies (e.g. PCB, assembly) • How to do? Potential failure modes & mechanisms  Reliability Pass criteria Key characteristics  Monitoring Technologies & processes maturity • Example: How many manufacturing process qualified for series production of this board? • PCB : 11 • Comp Assembly: 33 • Mech Assembly: 13 Page 29 PCB: Printed Circuit Board © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 30. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Reliability: Example of reliability assessments and qualification applied to manufacturing technologies (e.g. PCB, assembly) • Qualification procedure according to • Normative standards (ex. IPC) • Experience • Procedures and sanction criterias defined to meet Aircraft Worst Case mission profile • Typical qualification stress o 1000 thermal cycles from -40°C to +100°C with ramp +5°C or 10°C/mn o Or 2000 thermal cycles if Lead-Free technology o Vibration And analysis o Board visual inspection, resistivity measurements between isolated area., continuity measurements on daisy chained assembly, PCB micro-sections inspection with microscope Objective: Identify potential failure modes & mechanisms (ex. at solder joints level) influancing reliability parameters / models (cf. FIDES) Page 30 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 31. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Maintenability and Testability • Maintainability Under dedicated use conditions, capacity of an equipment to be maintained or restored in a state in which it is able to accomplish its required function, when the maintenance has been accomplished under the required conditions, using the required procedures and tools Obtained thanks to a set of principles and directives, which have to be followed throughout the design of the equipment • Testability: Property of a system or Line Replaceable Unit (LRU) allowing rapid confirmation of its own functional integrity at the most cost effective level o Testability at system level: prompt integrity check of an operationally critical LRU o Testability at LRU level: prompt integrity check of an internal board, component or module Impact on equipment design: design for test • Electronic and functions observability • Test coverage techniques … Page 31 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 32. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Time Critical Equipment shall meet strict Time Critical performances for a number of applications (example: Flight Control).  Huge impact on equipment design: • Equipment architecture to ensure determinism • Electronic component selection to reach committed performances (ideally: cycle accurate model) • Specific custom component’s behavior determinism • Software partitionning and determinism (including OS) Page 32 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 33. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Certification Equipment shall meet Airworthiness Certification standards to be integrated in Aircraft System (Safety driven) Need to follow strict Design Assurance Guidelines defined according to equipment criticity level  Design Assurance Levels (DAL) DAL Description Failure Rate (Hours) A Catastrophic < 10-9 B Hazardous < 10-7 C Major < 10-5 D Minor > 10-5 E No Effects Don't Care Impact on equipment design process according to criticity level mainly for complex COTS components, specific components (e.g. FPGA, ASIC) •For example for DAL-A: requirements traceability, FPGA separated design and verification teams… Page 33 DAL: Design Assurance Level FPGA: Field Programmable Gate Array © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. ASIC: Application-Specific Integrated Circuit
  • 34. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Typical requirements for Flight Control Computer located in Avionics Bay • • • • Service Life: 25 years MTBF : 15 000 Flight Hours DAL A : Catastrophic  Failure rate < 10-9 Environmental constraints compliance (vs. directives and/or normative standards) o Operating temperature range thermal cycles) from -40°C to +70°C and loss of cooling conditions o Vibration: (engine fan blade loss o EMC compliance (radiated and conducted emission and immunity ) o Lightning protections o Atmospheric radiation o …. • Power Supply Line (28VDC): from 18.5V to 32.5V with 46 V exceptionally • Strict Time Critical Application  Equipment’s function looks quite simple BUT due to Avionics constraints & requirements, Design and Verification become COMPLEX  Complex balance to meet specifications with regard to weight… and cost targets Page 34 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 35. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Electronics for Aircraft – Avionics Summary • Introduction • Context • Some significant aeronautical constraints / requirements – Impacts on electronics and avionics equipments development • Design and development processes • Conclusion Page 35 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 36. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Product life – End to End process Requirements (Customers) Specifications Design Hardware Development Product lifecycle Software Software Hardware Manufacturing Test & Integration Delivery Support Page 36 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Avionics Products
  • 37. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Design and development processes • Development process: How to Master the complexity  Certification standards driven  Design and development process / cycle Page 37 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 38. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Civil certification standards Part 21 : Certification of Aircraft and related Products, Parts and Appliances CS25 : Certification Specifications for large Aeroplanes CS25.1309 : Equipment, Systems and installations AMC 25.1309 : system Design and analysis ARP4754/ED79 System Development Process ARP4761/ED135 Safety Assessment Airworthiness Standards Set of requirements to ensure passengers safety Regulatory request Acceptable Means of compliance Industrial answer, agreed by consensus System / Equipment DO297/ED124 Integrated Modular Avionics (IMA) DO160E/ED14E Environmental conditions and test procedures DO254/ED80 Hardware Development Process Hardware / electronics DO178B/ED12B Software Development Process Software Updated : DO178C Page 38 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 39. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Civil certification - ARP4761, safety approach overview • Aircraft development based on an overall safety approach o Take into account different root causes which can affect the behaviour of a system : random failures, events and errors • Development errors avoidance: confidence that errors have been sufficiently removed from a product is based on the quality level of the development process o Development Assurance Level (DAL) “drives” the Quality of a development Page 39 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 40. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Civil certification – DO254 / ED80 overview A full methodology handbook for hardware (electronics) design assurance Supporting Processes · · · · Planning (Section 4) S y s t e m P r o c e s s M a n u f a c t u r i n g Validation and Verification Process (Section 6) Configuration Management (Section 7) Process Assurance (Section 8) Certification Liaison (Section 9) Hardware Design Processes (Section 5) Requirements Capture Section 5.1 . (Section 2) Conceptual Design Detailed Design Section 5.2 . Section 5.3 . Derived Requirements • No (or few) How • No guidance about in series production Page 40 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Implementation Section 5.4 Production Transition Section 5.5 . P r o c e s s
  • 41. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Civil certification – DO254 / ED80 overview and content Chapter 1 : introduction Chapter 2 : system aspects of HW design assurance Chapter 3 : HW life cycle Chapter 4 : planning process Chapter 5 : HW design process Scope and complexity considerations Decision making for HW design assurance strategy Definition of Transition criteria Supporting process Design processes Chapter 6 : validation and verification process Chapter 7 : configuration management process Chapter 8 : process assurance Supporting processes Chapter 9 : certification liaison process Chapter 10 : HW life cycle data Chapter 11 : additional considerations Appendix A : modulation of HW life cycle data based on HW design assurance level Appendix B : design assurance considerations for level A and B functions Appendix C, D : glossary of terms, acronyms Page 41 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Previously developed HW, COTS, tool qualification Data vs. Design assurance level, independence definition Additional Verification activities for DAL A &B
  • 42. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Complexity mastery and maturity search Ensure electronic complexity mastery and product maturity: implementation of structured development process as a key factor • Hardware life cycle (V&V process) o Usually, 2 main cycles : development prototype & industrial prototype (Note : development prototype cycle not mandatory according to type / characteristics of the project) • Development Prototype • Validate and firm-up requirements with a physical implementation • Industrial Prototype • Verify the requirements with a physical implementation vs. product specification • Build the industrial dossier Page 42 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 43. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Development life cycle Development Life cycle : W process example Delivery Works Requirements capture R traceability HW-SW integration tests A Preliminary Design R PR traceability Detailed Design A R T HW Qualification R T R HW-HW Transition to integration testsproduction T HW-HW integration tests Req capture R R A T Test Detailed Design Test R R Prototype manufacturing LUAR T R Prototype manufacturing Development Prototype HW-SW integration tests CDR Industrial Prototype PDR R A DDR Page 43 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. T Review Analysis Test
  • 44. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Detailled development life cycle Upper level requirements HW assembly level Packaging level Requirements Board level capture ASIC level  Activities at different level HW-HW integration tests PLD level Supporting processes HW Quality Assurance Requirements Preliminary capture Design review Planning & Development review VERIFICATION Preliminary Detailed Transition to production analysis Design Design Validation & Verification review Detailed Prototype Modification & Configuration Management Certification liaison (airborne HW) Implementation Design review Prototype © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Delivery Works Test Implementation Test Page 44 HW Qualification analysis test review
  • 45. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Board development process example Preliminary Detailed design Board Spec design Board Architecture Design Analysis: - Pre-BoM - Schematcis - EMC - Technology - Safety - Func Testability. - Manuf Testability - Thermal Board Pre-Placement Analysis: -EMC -Thermal V & V Strategy Definition  Develop Board Verification SW.  Develop Enabling products  Develop Programmable component Review Schematic Design Analysis: - BoM - Schematics - EMC - Technology - Safety - Func Testability. - Documentary - Manuf Testability - Thermal - JTAG Board Place & Route Analysis: -Packaging. -Thermal -Test -Manuf Techno Design Dossier (design justification) Definition and Manufacturing Dossier Prototype Verification Verification Procedure Writing Prototype Integration with Programmable components Board Verif SW Integration Complete Board Verification Update Design and Definition Dossier if required Review Review Page 45 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.
  • 46. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Design and development processes: Multi-disciplinary • Many specific jobs around Avionic Equipment and Electronics Development activities working closely together Electronic Components Quality Manufacturing Technologies Procurement Design: • Digital, • Specific components (FPGA, ASIC), • Analog, • Power Supply, • PCB layout, • Packaging Environment: • Thermal, • Mechanical, • EMC, • Lightning, • Radiation • … Page 46 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Equipment, Electronics Development Certification Qualification Integration Manufacturing Safety & Reliability Maintenability & Testability
  • 47. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Electronics for Aircraft – Avionics Summary • Introduction • Context • Some significant aeronautical constraints / requirements – Impacts on electronics and avionics equipments development • Design and development processes • Conclusion Page 47 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. Fbruary 2014
  • 48. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 Conclusion Electronics is a major enabler for Aircraft systems • • • • Intelligence, performance, smart controls… Integration / miniaturization (more perf. in same or lower volume & weight) Flexibility … But faced to high levels of constraints & requirements (life time, safety, reliability, environment, certification…) Requiring robust design and development processes, multi-diciplinary activities for assessments, analysis, demonstration leading to safe applications Page 48 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. More than Moore: Diversification Analog/RF More Moore: Miniaturization Requiring to survey market & trends, to adapt, to take advantage of advanced emerging technologies for proposing opportunities and differentiating innovations Requiring to prepare the future Moore’s Law & More Baseline CMOS: CPU, Memory, Logic  Electronics technologies are dominated and ruled by high volume and low cost oriented applications characterized by rapid change HV Power Passives 65nm 45nm 32nm Biochips Interacting with people and environment 130nm 90nm Sensors Actuators Co m bi Non-digital content System-in-package (SiP) ni ng Information Processing Digital content System-on-chip (SoC) 22nm . . . V Beyond CMOS So C an d Si P: Hi g he rV alu eS ys te m s
  • 49. CISEC 2014 Conferences / Critical Embedded Systems / Electronics for Aircraft - Avioncs Fbruary 2014 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document. This document and all information contained herein is the sole property of AIRBUS Operations S.A.S. No intellectual property rights are granted by the delivery of this document or the disclosure of its content. This document shall not be reproduced or disclosed to a third party without the express written consent of AIRBUS Operations S.A.S. This document and its content shall not be used for any purpose other than that for which it is supplied. The statements made herein do not constitute an offer. They are based on the mentioned assumptions and are expressed in good faith. Where the supporting grounds for these statements are not shown, AIRBUS Operations S.A.S will be pleased to explain the basis thereof. AIRBUS, its logo, A300, A310, A318, A319, A320, A321, A330, A340, A350, A380, A400M are registered trademarks. Page 49 © AIRBUS Operations S.A.S. All rights reserved. Confidential and proprietary document.

×