Enabling Safety With the DRAM Industry’s First Hardware Evaluation Report

By Steven Berggren - 2021-03-17

As vehicles become virtual data centers on wheels to handle the massive amount of data generated by compute-intensive systems enabling advanced driver-assistance systems (ADAS), there is a need for these systems to adhere to stringent functional safety (FuSa) standards governed by ISO 26262 compliance.

Demonstrating ISO-26262 compliance for the most rigorous Automotive Safety Integrity Level (ASIL), ASIL D, requires system integrators to provide reports verifying safety requirements are met. Traditionally, all safety analysis and reporting are performed solely by the system integrator. Micron is changing this. We are the first memory supplier to offer a safety-evaluated LPDDR5 product suitable for use in ASIL-D-rated systems, and now we are the first to market with new automotive safety documentation: A developer-written LPDDR5 hardware evaluation report.

Expanding automotive product safety documentation

As quality-management-grade (QM-grade) memory components are integrated into ASIL systems, product safety documentation support is increasingly required. Micron provides three documents to assist integrators with their system-level compliance to ISO 26262, up to ASIL D:

  1. Safety analysis report — This report summarizes results of product failure modes, effects and diagnostic analysis (FMEDA). Quantitative FIT numbers are meant to be verified by system integrators and used on application mission profiles. A key criterion is integrator acceptance of the listed assumptions of use as described in the safety application note.
  2. Safety application note — Similar to a safety manual, this document facilitates integration of a Micron QM product and assists system developers in creating a safety system in which to embed Micron memory products. It describes how the memory device behaves in the presence of a fault, how the failure is detected and/or corrected, how the host system can be configured by integrators to improve notification of the failure, and other factors. It includes product use cases, top-level safety requirements, failure modes, safe states, constraints, design measures, assumptions of use and external measure guidance for integrators to apply the memory product.
  3. Hardware evaluation report —The purpose of a hardware evaluation of an electronic component is to ensure that the functional behavior is adequate to meet safety requirements, allocated by the integrator and their system, so that the risk of a violation to those requirements, due to systematic faults in the component, is sufficiently low.

Whereas the above two documents are commonplace, a supplier-provided hardware evaluation report is unique. Let’s dive deeper.

Why is a hardware evaluation report needed?

Subject to the system integrators’ assessment, a QM part can be used for ISO 26262-compliant systems. Part 8, clause 13, of the standard states a component can be considered adequate to meet the allocated safety requirements if the integrator can perform a hardware evaluation to “provide evidence of the suitability of hardware components and parts.” When a hardware component not originally developed according to ISO 26262 is integrated in a safety-compliant item and if safety requirements are allocated to this hardware component, a hardware evaluation is required. With this interpretation, Micron’s new Functional Safety Office formalized the documentation for our customers.

It is highly recommended that the system integrator performs the hardware evaluation with support from the developer of the hardware element. The evaluation is performed by Micron, who, as developer and supplier of the hardware element (for example, a functional safety-evaluated LPDDR5), has access to detailed knowledge about design internals and manufacturing processes.

A well-recognized third-party consultant, exida, has confirmed our hardware evaluation approach, making it an alternative to ISO-26262-compliant integrated circuit development when using commercial off-the-shelf (COTS) hardware components. Micron’s analysis, coupled with exida’s independent assessment, can help integrators evaluate their product as a Class III hardware element with supporting documentation.

The table below shows different aspects that are relevant for a complete and thorough hardware (HW) element evaluation:

The hardware evaluation is performed against a set of well-documented, assumed top-level safety requirements and other functional and nonfunctional requirements. This approach is comparable to the often-used safety element out of context (SEooC) concept in ISO 26262. Micron’s document covers the requirements related to two ISO 26262-8 work products: WP 13.5.1: Hardware element evaluation plan and WP 13.5.3: Hardware element evaluation report.

Why is Micron’s hardware evaluation report so useful?

System designers and integrators must demonstrate that using QM-grade automotive parts in safety-critical applications does not represent an unacceptable risk. Micron is aiding in this evaluation by providing a supplier-performed hardware evaluation that relies on several activities:

  • Micron’s mature automotive memory development and manufacturing processes
  • Reviews and inspections of requirements, design specifications and implementation, and other work products created during the product development and production
  • Comprehensive pre-silicon verification, including simulation, design analysis and formal verification methods
  • Rigorous post-silicon verification, including validation, characterization and AEC-Q100 automotive qualification
  • Extensive requirements’ traceability to pre-silicon verification and post-silicon validation
  • State-of-the-art automotive memory production testing
  • Qualitative failure and safety analyses (Concept-FMEA, Design-FMEA, DFA)
  • Quantitative analysis of random hardware faults (FMEDA)

What industry “first” is Micron achieving?

Micron is the first memory supplier to develop an automotive-grade low-power DDR5 DRAM (LPDDR5) and make it available for automotive safety systems targeting up to ASIL-D compliance. Micron’s automotive LPDDR5 is the first memory product solution to be accompanied by the hardware evaluation report and other extensive collateral to support integrators developing their functional safety systems.

Continuing our 30-year commitment to the automotive marketing, Micron leads the charge in memory for functional safety systems and compliance documentation.

How can I access the hardware evaluation report?

Both the hardware evaluation report and the exida third-party assessment are available under NDA. Contact your Micron field representative for a copy of the report on helping to achieve ISO-26262 compliance. Keep up with Micron’s functional safety online.

Steven Berggren

Steven Berggren is Micron’s director of Automotive Functional Safety where he ensures that Micron’s automotive-grade memory and storage product portfolios are positioned to further support automotive customer requirements and industry standards such as ISO 26262.