Modern vehicles are taking on more and more functions that bring new challenges. Although functional safety is not a new topic
in the automotive industry, it has been gaining increased attention over time. As a design principle, its primary focus is
reducing the risk of physical injury or damage to the health of people when using electrical/electronic (E/E) equipment. This
principle addresses random hardware failures and systematic failures – both of which are very relevant for in-vehicle network
(IVN) products.
Recent trends in the automotive industry are putting more demand on functional safety. One example of this is in autonomous
driving, where the vehicle takes over the task of driving and makes critical decisions. Autonomous driving represents a unique
opportunity for both OEMs and end-users, but it needs new solutions to fulfill the required high safety level.
Ethernet based in-vehicle network transporting safety critical information.
New Automotive Trends Are Redefining IVN
IVN is evolving to match the increased amount of data that autonomous vehicles will bring. Data has to be readily available and
secure for real-time processing and decision-making. There is also a need to reduce cable harness costs and weight.
These changes are transforming IVN architectures and creating a push towards the zonalization of architecture, in which vehicle
functions are spread over the complete network and rely much more on communication capabilities. Compared to former domain-based
sub-networks, functional safety becomes a more relevant part of the communication network.
A graphic description of zonal E/E architecture highlighting the decentralization of vehicle functions over the network.
System Safety and Availability: How Ethernet PHYs Can Support
IVN’s role in ensuring system safety and availability is growing as vehicle functions become more decentralized.
Modern vehicles require a highly reliable and high-speed data communication backbone, which is realized through automotive
Ethernet.
Ethernet components such as switches and PHYs need to integrate advanced monitoring and diagnostic features to achieve system
safety and availability goals.
Advanced monitoring and diagnostic features on the PHY level improve failure reaction on system level. They minimize the time it
takes to detect failures and shorten the system's response time. They also enhance failure localization on system level since
the PHY flags any issues that may prevent it from operating correctly. These two combined help by reacting on system level to
occurring failures in the shortest time possible.
Networking IC features can contribute significantly to functional safety by preventing, predicting and reacting to failure
scenarios. Standards such as ISO26262 provide the needed guidance in functional safety assessment. ISO26262 defines the methods
for functional safety system development; there are no concrete system requirements except for some general guidelines with
examples of serial communication.
Automobiles are rapidly evolving and incorporating unprecedented levels of comfort and safety. Explore our portfolio of ethernet solutions providing high data rates and design flexibility for this new era of automotive innovation.
Introducing TJA1103: NXP's First ASIL B- Compliant Ethernet PHY
More emphasis will be on the quality and reliability of network components as IVN continues to play a vital role in the
functional safety of next-generation vehicles. As such, it is essential that network components are developed according to
ISO26262 to reduce the risk of hazards from malfunctioning E/E systems.
NXP's broad history in the automotive industry provides the expertise to develop products, according to ISO26262, that support
system safety and availability. The
TJA1103
is the first device of an upcoming ASIL B-compliant scalable PHY family.
TJA1103’s development according to the ISO26262 standard helps prevent systematic faults and ensures all relevant safety
documentation is available. Its self-diagnostic during startup is implemented in hardware to prevent latent faults and support
random fault detection. If used in a functional safety context, the error notification of
TJA1103
allows the host controller to react accordingly and restore the system. If restoring is not possible, the affected part can be
set to a safe state to ensure safe communication in the remaining network. With this, improved quality and reliable networks for
safe communication can be maintained.