The document provides an overview of NXP's functional safety process and traction inverter reference design following ISO 26262. It discusses the concept phase, technical safety requirements, hardware and software architecture, and safety mechanisms. The key points are that NXP follows ISO 26262 to ensure absence of unreasonable risk from malfunctions, and proposes a technical safety concept for the inverter to provide safe states and fault reactions.

1. Company Public – NXP, the NXP logo, and NXP secure connections for a smarter world are trademarks of NXP
B.V. All other product or service names are the property of their respective owners. © 2019 NXP B.V.
Segment Line Manager, Powertrain & Electrification
PL Drivers & Energy Systems
Vincent M. McNeil, Ph.D.
Functional Safety High Voltage
Traction Inverter Reference Platform
October 2019 | Session #AMF-AUT-T3659

2. COMPANY PUBLIC 1
Session Goal
• Technical Presentation
• Go through the ISO 26262 Process with Example of Power Inverter
• Understand NXP Reference Design Safety Concept

3. COMPANY PUBLIC 2
COMPANY PUBLIC 2
• Following the ISO26262-2018
− Part 3: Concept Phase Inverter
− Part 4: Technical Safety Requirements
− Part 5: HW Safety Architecture
− Part 6: SW Safety Architecture
Agenda

4. COMPANY PUBLIC 3
NXP Offer to the State-of-the-Art xEV Architecture
48 V or > 60 V
(e.g. 400 V)
* only in (P)HEVs, BEVs, omitted in 48 V MHEV systems
** bidirectional in 48 V systems
*** as in exisiting ICE-based vehicles
AC
M
M
~
=
ACDC
Charger*
=
=
DCDC**
=
~
=
~
Motor control Motor(s)
M
LV
lead-acid
or Li-Ion
Battery
BMS
BMS
DC
12 V
HV
Li-Ion
Battery
48 V and HV
Modules
12 V-bus
Modules***
Hybrid Control
Unit (HCU)
Wed 12th 5pm: GD3100 Next Advanced Isolated
of High Voltage Gate driver
Thru 13th 9am: Cost optimized HV BMS MC3377x
Thru 13th 1:30pm: Next Gen Processor solutions
for advanced HEV and Safety Domain
Wed 12th 4pm: High Voltage Safe reference
design Introduction
Thru 13th 2:30pm: Functional safety concept of
High voltage traction Inverter
Thru 13th 3:30pm: Mathworks Model based Design
with NXP Greenbox II
Wed 12th 10:45am: S32K Complete portfolio
update

5. COMPANY PUBLIC 4
eMotor Inverter Reference Design
• Traction eMotor power inverters convert DC
from HV battery to multi-phase AC
• Output power & efficiency critical at operation >300V
• Output power requirements ranging up to 200+ kW
• Functional safety requirement at ASIL-C/ ASIL-D
Yesterday we studied how an Inverter work…
Today we are going to study how to make sure it fails safely

6. COMPANY PUBLIC 5
What Can Go Wrong in a Traction Inverter?
Unintended self
acceleration while in
stop
Unintended reverse
speed wheel while in
stop or parking
Unintended loss of
torque while driving
(overtaking)
Unintended over
torque while driving
Traction
hazards
Braking
hazards
Unintended self braking
while driving at high
speed
Unintended
regeneration inside the
HV Battery that could
result in fire hazard
Unintended self
braking while driving
at low speed

7. COMPANY PUBLIC 6
ISO26262-2018 Standard
“Absence of unreasonable risk due to hazards caused by malfunctioning
behavior of E/E systems”
NXP Safety Assure Process

8. COMPANY PUBLIC 7
ISO26262-2018 Standard
NXP Safety Assure Process
“Absence of unreasonable risk due to hazards caused by malfunctioning
behavior of E/E systems”

9. COMPANY PUBLIC 8
ISO 26262-2018 Standard
NXP Safety Assure Process
NXP Safety Enable
NXP Safety enablement
NXP value
proposition
Assumptions
for analysis
Hazard and risk
assessments
Safety Goals
System Safety
Concept
FMEA, FTA,
FMEDA
Test Safety
mechanism
Test Safety
mechanism
Validate safety
assumptions
“Absence of unreasonable risk due to hazards caused by malfunctioning behavior
of E/E systems”

10. COMPANY PUBLIC 9
Part 3: Item Definition

11. COMPANY PUBLIC 10
Part 3: Concept Phase
• Item definition
• HARA
• FSC

12. COMPANY PUBLIC 11
Example of Assumptions and Safety Goals
Safety goal ASIL
SG1: Avoid unintended acceleration while in stop D
SG2: Avoid unintended acceleration , torque lock or over
acceleration torque while driving
B
SG3: Avoid reverse torque D
SG4: Avoid sudden loss of acceleration torque B
SG5: Avoid self-braking torque while driving at high speed D
SG6: Avoid self-braking torque while driving at low speed B
Unintended self
acceleration while in
stop
Unintended reverse
speed wheel while in
stop or parking
Unintended loss of
torque while driving
(overtaking)
Unintended over
torque while driving
Traction
hazards
Braking
hazards
Unintended self braking
while driving at high
speed
Unintended
regeneration inside the
HV Battery that could
result in fire hazard
Unintended self
braking while driving at
low speed
Assumption:
• Single permanent magnet motor PMSM
• No clutch
-> Cannot open motor phases at high speed!
(Back EMF, High braking power, SG5 violation)
* Exercise was done as a example (with Severity, Exposure,
Controllability Matrix)
** One possible example, customer can have different safety goals

13. COMPANY PUBLIC 12
Functional Safety Requirements
FSR1: “We need to guarantee the
received command is correct and the
communication alive.”
FSR2: “We need to guarantee the
sensors measurements are correct.”
FSR3: “We monitor the torque to detect a
fault of torque processing.”
FSR5: : “When a fault of communication,
sensors or control is detected we need to go
to the appropriate safe state”.
FSR4: : “We need to guarantee the
information we send to VCU, and report
fault”.

14. COMPANY PUBLIC 13
Functional Block Analysis
Example for function Command • For each of this block:
− Defined FR and FSR
− Decompose functional safety requirements
− Available inside application notes:
“Functional Safety concept of HV Traction
Inverter”.

15. COMPANY PUBLIC 14
Part 4: System Design

16. COMPANY PUBLIC 15
Part 4: System Design
• Technical Safety
Requirements
• System Architectural
Design
• Technical Safety Concept

17. COMPANY PUBLIC 16
Technical Safety Concept
System Functional details decomposition

18. COMPANY PUBLIC 17
Safe State (1/2)
• Preferred safe state = 0 Torque control or Degraded Torque control
In 0 Torque control we keep PWM the IGBT, but the control request an Iq = 0
which will lead to no torque and will not violate any safety goal.
This safe state has the advantage to be easily restarted, and avoid sudden
loss of torque (ramp down). It requires to have a fully functional control and
sensors measurement. This strategy will be applied for communication failure
with VCU for example.
• Three phase Open at low Speed
M
This safe state open all the Phases of the Inverter. This safe state is
only acceptable at low speed (see next slide). It is a preferred safe
state when vehicle is stopped or at low speed.
When the speed is unknown or when higher than the maximum
back EMF allowed, the preferred safe state will be 3 phases short.

19. COMPANY PUBLIC 18
PMSM + No Clutch + 3PO = Braking Hazard at High Speed
M
BEMF
VBAT
Braking current • Back EMF > Battery voltage
• Regeneration current
• Braking torque
Depending on your motor in can generate:
~100Nm braking ~ 100kW Braking Power
Violation of safety Goal !
SG5: Avoid self-braking torque
while driving at high speed

20. COMPANY PUBLIC 19
Safe state (2/2)
3 Phases Short
This safe state LS Short is the preferred safe state when the speed
is high or unknown (loss of control). The control of the high side or
low side needs to be fully functional to close one or the other.
M
M
We must adapt the reaction if the Fault is in High side (BATT to Phase Short ) or low side!
Requirements:
• We need to detect the side and type of failure
• We need to have at least the high side or the low side to work

21. COMPANY PUBLIC 20
High Level Failure Modes
High Level System Fault Condition Safe State
Failure of communication 0 Torque control
Failure of control or sensor at low speed 3 Phase Open
Failure of control or sensor at high speed Active short
(HS or LS based on the
fault)
Loss of control capability (MCU/SW) or speed information
missing
Active short LS

22. COMPANY PUBLIC 21
Fault Reaction of Sensor (Easy!)

23. COMPANY PUBLIC 22
Technical Safety Concept
System Functional details decomposition

24. COMPANY PUBLIC 23
Technical Safety Concept Example
• Inside the safety concept
for each functional block
you will find:
− Technical requirement
− Technical safety requirement
− Reaction and safe state for
safety manager
TSR_ CUS _004: [CURRMEAS_OOR_ERR]
TSR_ CUS _005: [CURRMEAS_PLAUS_ERR]

25. COMPANY PUBLIC 24
Technical Safety Concept Example
Technical requirement
Technical safety requirement
Reaction and safe state for safety manager

26. COMPANY PUBLIC 25
Principle for SPF and Failure Matrix
Function
Detection=
Safety
mechanism
Reaction
Safety goal violation
Function Safety
Mechanism
Reaction
Function x SM x Safe State y
… … …
Failure matrix

27. COMPANY PUBLIC 26
Principle for Latent Fault
Function
Detection=
Safety
mechanism
Reaction
Latent fault
We check for all the latent fault once at Init.

28. COMPANY PUBLIC 27
Fault Reaction of Motor Interface
(a Little Harder!)

29. COMPANY PUBLIC 28
Technical Safety Requirements
System Functional details decomposition

30. COMPANY PUBLIC 29
Motor Interface Implementation1/2
The GD3100 will detect the fault of the IGBT, and
Motor phase using DESAT, Short circuit, VGE
monitoring, temperature, and some additional voltage
that could be the DC bus or the Phase voltage
1
Critical fault (like short circuit) will need a quick
reaction from the GD3100, without any MCU feedback.
The GD3100 will turn off the gate quickly (but not
abruptly) with some configurable waveshapping to
maintain the IGBT in an Off position.
2
VGE comparator verify the measure
value of the gate (through AMC pins)
and the commands. It guarantee the
communication path, gate drive and
gate drive logic
3
The bidirectional communication
has several safety mechanism to
detect the integrity of the
message (CRC...) and the loss of
communication (watchdog...)
4
PWM and PWMALT is a safety
mechanism to guarantee the
command does not allow shoot-
through and respect dead time
5
The GD3100 reports a fault by pulling the INTB pins and
by sending a 5% duty cycle on AOUT pins. The INTB
pins of all the HS and LS are connected through an OR
gate, the AOUT are individually connected to the eTPU
for analysis
7

31. COMPANY PUBLIC 30
Motor Interface Implementation (2/2)
• Each gate driver reports fault by
Daisy Chain (HS or LS)
• GD3100 flag are analyzed and
changed to system Fault
[MOT_SHORTCUT_HVN_ERR]
• System Fault are sent to safety
manager for reaction
VCCOV
VCCREG
UV
VSUPOV
OTSD_
IC
OTSD OTW CLAMP DESAT SC OC
BIST_
FAIL
VDD_
UVOV
DTFLT SPIERR
CONFCR
C_ERR
VGE_FL
T
COMER
R
VREFUV VEE
WDOF_
FLT
8

32. COMPANY PUBLIC 31
Motor Interface Highlight
• Remember Safe State slide:
• Highlights:
− Quick protection to protect against short circuit
− Fault reporting to identify HS or LS and fault criticality (SPI, INTB, AOUT)
− Analyze fault and react on system
− We must have independence of HS and LS or we can have a fault without
3PS possibility!

33. COMPANY PUBLIC 32
Fault Reaction of Processing and
Safety Manager (a little harder!)

34. COMPANY PUBLIC 33
Motor Control Algorithm
Motor control developed in QM

35. COMPANY PUBLIC 34
Motor Control Algorithm
Motor control developed in QM
Safety mechanism to verify it
inside the lockstep

36. COMPANY PUBLIC 35
Safety Manager

37. COMPANY PUBLIC 36
Safety Manager

38. COMPANY PUBLIC 37
Safety Manager

39. COMPANY PUBLIC 38
Technical Safety Requirements

40. COMPANY PUBLIC 39
Part 5: HW Design

41. COMPANY PUBLIC 40
Part 5: HW Design
• HW Safety Requirements
• HW Architecture Design
• HW Metrics (FMEDA with
IC system failure mode)

42. COMPANY PUBLIC 41
HW Architecture Highlight
• High level overview:
− 1) Decomposition QM and ASIL-D:
▪ Functional traction motor control
QM(D)
▪ Safety Manager ASIL-D
− 2) Three phase short at high speed
for Back EMF and SPF:
▪ Independent HS and LS driver
▪ ASIL D gate driver
− 3) Safety logic to do three phase
short during MCU failure

43. COMPANY PUBLIC 42
Vepco Hardware
Leadership ASIL-D
Certified MCUs
Smart, flexible
Fail-safe SBCs
FS65
Traction Motor
Inverter Systems
Advanced Si IGBT
Power module
Integrated Isolated
HV IGBT gate driver

44. COMPANY PUBLIC 43
Part 6: SW Design

45. COMPANY PUBLIC 44
Part 6: SW Design
• SW Safety Requirements
• SW Architecture Design
• SW Verification
NXP

46. COMPANY PUBLIC 45
Software Architecture WIP Function Safety
Mechanism
Reaction
Function x SM x Safe State y
… … …

47. COMPANY PUBLIC 46
NXP Safety Enablement

48. COMPANY PUBLIC 47
Safety Enablement
• Followed the ISO 26262 Standard
for NXP Components
• Proposed TSC, HWSC, SWSC for
Inverter to be re-used by customer
• We make available the Safety
Application Notes, and safety Lib.

49. COMPANY PUBLIC 48
Control Flow from Torque to Wheel

50. COMPANY PUBLIC 49
VCU Interface

51. COMPANY PUBLIC 50
CAN Messaging
• Two CAN path:
− FS65 Path
− TJA1051 NXP transceiver
• FS65 functions are:
− Power for all sensor, driver,
MCU, Comm
− Key Safety Mechanism for MCU:
▪ Check MCU, Clock, Power Supply
− Bring the system into safe state
− Latch on / latch off system

52. COMPANY PUBLIC 51
FS65: Integrate MCU Safety Monitoring Capabilities
Independent Fail Safe State
Machine
✓Physical & Electrical
independance to fit for ASILD
✓Power Management
Monitoring Unit (UV / OV)
✓Analog & Digital Built In Self
Test to minimize Latent Faults
✓Own Reference & Supply to
Reduce Common Cause
Failure
Fail Safe Pin (FS0b) :
✓Redundant System Fail Safe
enabler
✓Second Fail Safe pin to assert
safety path with configurable
delay after failure
Advanced Watchdog
✓Challenger
✓Replace external MCU
Monitoring
MCU Monitoring
✓FCCU : Fault Collection
Control Unit
✓Monitor Dual Core Lock Step
Modes MCUs
RSTb – Fail Silent Mode
✓Configurable RSTb activation
giving more system availability
HW Redundancy
✓Vcore external Monitoring
Safety SBC
FS65
Safety MCU

53. COMPANY PUBLIC 52
MCU and SW Architecture

54. COMPANY PUBLIC 53
MPC5775E: Traction Inverter MCU
Cores
Z7 Functional core (QM)
Z7 Safety Core (lockstep)
Interconnect Isolation
Cross bar with end to end ECC
MPU for isolation
Memory
4M Flash
512K RAM
Peripherals
FlexCAN (4) + CRC
SPI for gate driver and FS65
ETPU for (next slide):
- CA-PWM + ADC Trigger
- SW Resolver and diag
eQADC
SD ADC (for resolver)
Security
Crypto Security Engine
For OTA Update
Safety
FCCU, ECC, SWT, Lockstep
CMU PMU…
And Latent fault check (BIST,
ECC Fault Injection)

55. COMPANY PUBLIC 54
SW Architecture
• Performance core:
− Mostly use for Motor Control
− Re-use NXP Enablement
(SDK, App notes,…)
− Enable customer or offer
professional partner (Vepco)
to develop their own Motor
control
• Safety core:
− Implement Safety Concept of
NXP product (MCU+ AAA
product)
− Help customer to achieve
ISO 26262

56. COMPANY PUBLIC 55
FOC Control for Traction Inverter

57. COMPANY PUBLIC 56
SW Enablement
Motor control Application
• Develop your own using service layer
• Buy professional code (Vepco)
• Use NXP Matlab Model Base Toolbox
Service
• Reusable and modifiable basic source code
NXP SDK
• NXP Software development kit
• FreeRTOS or bare-metal with OS
interface layer
• Production-ready drivers with MISRA
C 2012 compliance
https://www.nxp.com/support/developer-
resources/run-time-software/s32-
sdk/s32-sdk-for-power-architecture-
devices:S32SDK-POWER-
ARCHITECTURE
eTPU code
• Advance Motor control already optimized
• Customer can customize/optimize it

58. COMPANY PUBLIC 57
Where to Find the Software?
Visit our web at
www.nxp.com/evinverterplatform
for more information.
https://www.nxp.com/support/developer-resources/evaluation-and-development-boards/ultra-reliable-dev-
platforms/mpc57xx-mcus-platforms/ev-power-inverter-reference-platform:RDPWRINVERTER

59. COMPANY PUBLIC 58
PWM to IGBT/SiC Drive

60. COMPANY PUBLIC 59
GD3100 Architecture & Product Features
Features:
Applications:
• HEV Motor Inverters
• HV UPS Inverters
Advanced gate driver for high voltage power IGBTs with integrated high voltage isolator.
ASILC/D compliant
Logic Block 1
SCLK
CSB
MOSI
MISO
SPI
PWM
FSSTATE
INTB
Config, DT Control,
Cross Conduction,
Flt Management,
Safing
VSUP
TSENSEA
AMC
GH
VEE
(2 pins)
DESAT
GND1
(2 pins)
GND2
(2 pins)
RX TX
INT
DATA_IN
DATA_OUT
PWMALT Serial
Comm
GL
RX TX
Logic Block 2
CLAMP
ISENSE
TEMP IGBT
AMUXIN
TX RX
NC13
PWM
TX RX
TEMP IC
AOUT Duty Cycle
Encoder
VCC
VREF
(5 V, 1 %,
20 mA)
GND2
VCCREG
AMUX &
10-bit
ADC VCC
Serial
Comm
Fault
Management,
Conf.
Registers,
fault registers,
Gate control
logic,
ASIL test
control
FSENB
VDD
Gate Drive
Control
Active Vce
Clamp,
Desat
Charge and
Discharge
Control
Active Miller
Clamp
IGBT
Current
Sense
Safing
Logic
Deadtime
Control
IGBT Temp
Sense
Power
Management 1
VCCLV,
Bandgap,
References,
Oscillators
UV/OVLO, etc.
Power
Management 2
VCCHV,
Bandgap,
References,
Oscillators
UV/OVLO, etc.
NC2
FSISO
INTB/
VGEMON
• High gate current capability 10A peak source/sink current
• ISO 26262 ASIL C/D compliant
• Integrated galvanic isolation in compact 10 x 18 mm SOIC
• Separate outputs (GL/GH) to IGBT gate
• Active Miller Clamp (AMC) reduces need for turn off assist
circuitry
• Fast short circuit protection via direct feedback through i-
sense IGBTs with soft shutdown.
• Programmable Desaturation Detect level, Two Level Turn
off
• Minimum programmable deadtime of 500ns
• Integrated temperature sense for system warning and
ultimately soft shutdown for system protection
• Compatible with 200V to 1700V IGBTs, power range
>125kW
• Compatible with 3.3V and 5V IOs
32-Pin
SOIC-WB

61. COMPANY PUBLIC 60
Motor Interface Implementation 1/2

62. COMPANY PUBLIC 61
Motor Interface Implementation (2/2)
• Each gate driver reports fault by
Daisy Chain (HS or LS)
• GD3100 flag are analyzed and
changed to system Fault
[MOT_SHORTCUT_HVN_ERR]
• System Fault are sent to safety
manager for reaction
VCCOV
VCCREG
UV
VSUPOV
OTSD_
IC
OTSD OTW CLAMP DESAT SC OC
BIST_
FAIL
VDD_
UVOV
DTFLT SPIERR
CONFCR
C_ERR
VGE_FL
T
COMER
R
VREFUV VEE
WDOF_
FLT
8

63. COMPANY PUBLIC 62
IGBT/SiC to Motor Phase

64. COMPANY PUBLIC 63
Fuji 750V/800A 6-in-1 Power Inverter Module
Features
• 750V/800A 6-in-1 3-phase power inverter module
• Reverse-conducting IGBT with integrated temperature sensor
• Integrated ‘i-Sense’ current sensor for fast over-current detection
• 162mm × 117mm × 24mm compact direct-cooling water-jacket
aluminum housing with new thin fin structure
• Flange structure at cooling water IN/OUT for 30% lower thermal
resistance vs conventional fin type heat sink.
• 175℃ guaranteed operating temperature range
Application Example
• 70～120kW motor output power
− Fsw = 6kHz
− Coolant temp = 65℃
− Coolant flow rate = 10L/min
− Vdc = 450V
− Ipeak = 460Arms @ 1s
− Icont = 430Arms
Top view
Bottom view

65. COMPANY PUBLIC 64
High Level Inverter Specification
• Automotive Optimized EE – Simple Mechanical
• What if you need 150KW peak?
− Change IGBT and Motor
− Keep same architecture
• Open design, Adapt it to your Spec !

66. COMPANY PUBLIC 65
Sensor Feedback to Close the Loop

67. COMPANY PUBLIC 66
Current and Voltage Sensing
Current Sensing HV Battery Sensing

68. COMPANY PUBLIC 67
MPC5775E: SW Resolver
eTPU + SD_ADC= SW resolver
eTPU Engine
A executes
functions:
• Resolver_EXC
• Resolver_ATO
• PWMM
eTPU Engine
B executes
functions:
• Resolver_DIAG
• Resolver_EXT
RAPOL
• AS
SCM
SDM

69. COMPANY PUBLIC 68
eTPU B
eTPU-Based RDC – Block Diagram
eTPU A
SDADC
Resolver
Cos
Sin
Output
Excitation
Amplifier
DIAGnostics
Angle
Tracking
Observer
Angular Position
Angular Speed
EXC
SIN
COS
Diagnostic Measures
Diagnostic Flags
EXCitation
Generator
Shared
Data
Memory
(SDM)
ADC1
ADC0
eDMA
eDMA
MPC5775E
Angle
EXTrapo-
lation
Angular Position
Angular Speed
trigger
Shared
Code
Memory
(SCM)
Input
resistor
network
External HW
On-chip HW
On-chip SW
TE Core
Fault
reporting
Command
integrity
check
Sensor
plausibility
check;
includes
RDC
checker
Torque
monitoring
NTE Core
Command
processing
Torque
control
Motor
state
measur
ement
Status
reporting
Safety
Manager

70. COMPANY PUBLIC 69
And We are Closing the Loop…

71. COMPANY PUBLIC 70
What About Functional Safety…
• Safety is the longest part of
the development
• Enable with:
− Part 3,
− System Part 4 and
− Safety lib Part 6
NXP Safety enablement
NXP value
proposition
Assumptions
for analysis
Hazard and risk
assessments
Safety Goals
System Safety
Concept
FMEA, FTA,
FMEDA
Test Safety
mechanism
Test Safety
mechanism
Validate safety
assumptions
Functional safety concept:
• “What if… fails…”
• See more in tomorrow’s session

72. COMPANY PUBLIC 71
NXP High Voltage Traction Offer

73. COMPANY PUBLIC 72
NXP/Vepco Enablement Kit
Design Documentation
Visit www.nxp.com/evinverterplatform for more
information on acquiring the kit with the
following documentation:
− Inverter specification
− Schematic and layout recommendation
− Safety concept Application notes
− NXP SDK and motor control enablement
− Dyno Test and efficiency results
− NXP components and safety
documentation

74. COMPANY PUBLIC 73
NXP High Voltage Traction Offer
• Everything you need for:
− Spin a Motor
− Evaluating on a dyno
− Design your own PCB and
build your own A sample
− Understand NXP recommend
Safety architecture
Evaluation Package
A Sample
Pre-Production Package
B Sample
Safety customization (IC,
Software, System…)
• Everything you need for:
− Customize a motor/Gearbox to
your own Specs (Different Form
factor, Power Voltage)
− Customize Inverter
− Customize Professional Motor
Control software
− Quick time to market
• Everything you need for:
− Adapt NXP Safety concept to
your own Assumptions of Use
− Support for Safety Analysis
− Customize software Lib
Visit www.nxp.com/evinverterplatform

75. COMPANY PUBLIC 74
NXP’s Power Inverter Platform
NXP Reference Design Differentiators:
• System safety concept based on NXP’s Safety IC & ISO
26262 methodology
• Optimized BOM solution to comply with ASIL-D requirements
• Automotive Quality Proof-of-concept available for Dyno testing
• Scalable offer with professional design partners (e.g. Vepco) can
reduce customer’s engineering efforts significantly
• Open hardware, enablement software and safety concept to
support prototype development
NXP Components
• GD3100 (6x) - Isolated IGBT gate driver with <2us over-current protection
• MPC5775E - Advanced motor control ASIL-D MCU with software resolver
• FS65 - Robust ASIL-D SBC with fail-silent and Grade 0 capabilities
• TJA1042 - Redundant CAN bus interface with low power standby
PCB assembly Vepco ref Design Matching 150kW PM Motor
NXP Early Success Story
High Volume production for HEV
Successfully re-use 75% of analysis for SiC design
Successfully re-use 90% for IGBT, save R&D time
…A lot more to come
Availability:
• Website and Distribution → Now

76. COMPANY PUBLIC 75
NXP Offer to the State-of-the-Art xEV Architecture
48 V or
> 60 V (e.g. 400 V)
* only in (P)HEVs, BEVs, omitted in 48 V MHEV systems
** bidirectional in 48 V systems
*** as in exisiting ICE-based vehicles
AC
M
M
~
=
ACDC
Charger*
=
=
DCDC**
=
~
=
~
Motor control Motor(s)
M
LV
lead-acid
or Li-Ion
Battery
BMS
BMS
DC
12 V
HV
Li-Ion
Battery
48 V and HV
Modules
12 V-bus
Modules***
Hybrid Control
Unit (HCU)
Wed 12th 5pm: GD3100 Next Advanced Isolated of
High Voltage Gate driver
Thru 13th 9am: Cost optimized HV BMS MC3377x
Thru 13th 1:30pm: Next Gen Processor solutions for
advanced HEV and Safety Domain
Wed 12th 4pm: High Voltage Safe reference design
Introduction
Thru 13th 2:30pm: Functional safety concept of High
voltage traction Inverter
Thru 13th 3:30pm: Mathworks Model based Design
with NXP Greenbox II
Wed 12th 10:45am: S32K Complete portfolio update

77. NXP and the NXP logo are trademarks of NXP B.V. All other product or service names are the property of their respective owners. © 2019 NXP B.V.