Flash memory for software-defined vehicles?

Matthias Poppel

The architecture of vehicles is changing. New features for automation, connectivity, and personalization are increasingly being added through software enhancements, but the software-defined vehicle comes with new risks. Appropriate data storage solutions can help manage them.

In the past, when it came to safety issues in automotive development, the industry was concerned with functional safety. In the meantime, however, vehicles have become small data centers traveling at high speed.

The demands on data security increase with every new digital assistance, infotainment, or service function. Cybersecurity, the protection against data manipulation and spying, has become a significant concern for automotive manufacturers.

Failures in cybersecurity may have an impact on functional safety. It seems to make sense to implement closed, immutable systems, but the nature of software-defined systems is to be upgradeable and extensible.

The hardware of a new vehicle is fixed, but the software must be able to be constantly adapted to new functions and safety requirements. Additionally, many drivers expect the vehicle to be fully integrated into their existing digital world.

Manufacturers must also ensure adherence to regulations. The UNECE WP.29 cybersecurity regulation, maintained by the United Nations Economic Commission for Europe, requires newly developed vehicles to have a secure update capability for approval in Europe.

The Future Belongs to Software-Defined Vehicles

The advantages are obvious. In the future, software updates will enable new contract and billing models, enabling functions to be activated individually and on demand - even as time-limited services. Vehicles can communicate with their environment and collect data during real-world operation, allowing an improvement to services that are then, in turn, provided to the vehicle via over-the-air updates.

E-mobility can be integrated, with smart grids, car sharing, automated driving, and any other new developments enabled by software and potentially activated even after the initial car purchase. In this way, updates can be used to increase the value of the vehicle over its life cycle with new features – just as we use smartphones today.

There is a prerequisite. Software and hardware must be decoupled to guarantee ease of maintenance over the entire life cycle of a vehicle, from commissioning to decommissioning and at any time in between. This requires product architectures that support secure over-the-air (OTA) updates to the application software.

New Requirements for the Architecture

New high-performance applications increase the need for scalable computing power. Systems such as advanced driver assistance systems and autonomous driving (ADAS/AV), infotainment, drive video/data recorders, and instrument clusters all require high bandwidth and low-latency storage.

OEMs and Tier 1 suppliers are faced with the challenge of developing high-performance computing systems. It becomes appropriate to work with different central units, each separate but part of an internal communication network. Additionally, special sensor units exist that function following the principle of edge computing.

Zonal gateways or domain control units with gateway functionality are needed, as well as interfaces for PCIe, Ethernet, and CAN or LIN for the sensor technology (see Graphic). All these functions need highly reliable memory modules.

No Functional Safety Without Cyber Security

Functional safety as outlined by ISO 26262 also requires OEMs to demonstrate effective cyber security risk mitigation mechanisms, such as those defined in ISO 21434. These two standards go hand in hand, as a cyber-attack, whether direct or indirect, can compromise critical safety systems.

It is undisputed among experts that purely software-based safety devices are corruptible. Therefore, automotive electronics developers need hardware-based security solutions to protect data and devices, and comply with regulatory standards up to ASIL D.

An approach that has already proven its worth in other applications shows promise for the software-defined car. For years, security functions have been integrated into industrial flash memory modules for the protection of tamper-proof cell phones, police body cams, and cash register systems.

With a security chip as a hardware anchor and encryption functions in the firmware, removable memory cards can take over the function of a TPM (Trusted Platform Module) or other hardware security modules. These include secure boot, encryption of personal data that incorporates customer-specific functions, protection of intellectual property, and, of course, prevention of data manipulation.

For communication between subsystems and OTA updates, ensuring the unique identifiability of participants is very important. To accomplish this, M2M communication participants receive a forgery-proof identity allowing authentication mechanisms to prevent unauthorized access to the functions and systems of a software-defined car.

Beware of Flash Memory

SSDs and memory cards from the IT and consumer sectors are unsuitable for automotive applications. This is even more so as the current 3D-NAND chips are optimized solely for higher data volumes, sacrificing service life and reliability at high temperatures.

Developers of automotive applications need products that use industrial-grade memory modules based on specifically selected chips. This requires the production of robust hardware that is AEC-Q100 certified or manufactured in IATF16949-certified factories. The firmware of the memory modules is also crucial.

Through suitable firmware mechanisms, the fundamental weaknesses and temperature sensitivity of TLC NAND chips are mitigated, potentially extending both lifetime and data retention. These measures to compensate for the technology-related weaknesses can extend to pseudo-SLC mode, in which only the strong bit of a NAND cell is used.

Conclusion

Data protection and data security aspects are often considered too late in new technical achievements, as can be seen time and again with unprotected IoT devices. Safety engineering, which is firmly integrated into vehicle development, will ensure that this does not happen and that security issues are also considered. Hardware-based security integrated into memory modules can be an important building block in this regard.

Matthias Poppel, Chief Sales & Marketing Officer at Swissbit:Matthias Poppel has been responsible for Swissbit's global sales and marketing activities since 2018. He has more than 20 years of experience in the semiconductor and module industry. For many years, he held various management positions at Texas Instruments, including sales, product marketing, and business development as well as engineering. In recent years, his focus has been on IoT and security.