Infineon Technologies on the system level safety aspects as seen by the power supply of an ECU

Automotive IQ sat down with Mr. Skroppa, Senior Staff Engineer at Infineon Technologies, and discussed possible effects of faults and concepts for detection and reaction for reducing the risk of failures. 

Ole-Kristian Skroppa, you are Senior Staff Application Engineer Safety at Infineon. In this role, you are focusing on Power Systems. What is your precise role when it comes to functional safety

We are defining and implementing System Supplies / Power Management ICs for safety relevant applications. My role is to interpret the requirements of the ISO26262 to our product specific features, creation of the PMIC functional safety concepts and the documentation in terms of e.g. a safety manual.

What is most challenging when it comes to functional safety for power supply systems?

The safety PMICs are responsible supplying and monitoring the ECU main or safety microcontroller and additionally activation of a safe state when required. Potential faults can occur externally on the ECU or as random hardware faults internally in the PMIC itself.

Whereas an application’s primary safety path usually is controlled by a safety MCU, the safety PMIC is capable of activation of a secondary path. This could be in situation where the MCU operate erroneously or when the applied supply voltages violates its’ operating conditions. The safety PMIC is in many applications considered the last sole survivor of the ECU when other ICs malfunctions.

For the semiconductor industry, interpreting and applying the ISO 26262 standard in a cost efficient way is challenging. What is, in your opinion, needs to be changed to overcome this challenge?

For reaching a common industry wide census for interpretation of the standard, open discussions in a forum like the ISO26262 to semiconductor conference is extremely valuable. Functional safety topics are typically treated in secretive manors, where stakeholders’ requirements and expectations may easily be misaligned. The development of PMICs as Safety Elements out of Context for widely different applications may very easily lead to over engineering. I hope better understanding and improved bilateral communication between suppliers and customers can ease this situation.

In your role at Infineon you are mentoring a project on autonomous driving and electric vehicles. In your opinion, are standards as the ISO 26262 at the same level as the technical possibilities today?

The processing power of future ECUs for automated driving applications is massively increasing, with similar increase of power demand of the application processors. Such systems resembles more industrial computing centers than classical automotive sensor-actuator ECUs. There is a major challenge to implement these systems with the automotive functional safety and quality requirements. For electrical vehicles the operating life time is also significantly increased. I expect the conception of functional safety to further evolve towards automated driving and electrical vehicle applications.

What will be the topic of your presentation on the “Guidance of ISO 26262 to Semiconductor” conference in December in Munich?

The main focus of my presentation will be on the system level safety aspects as seen by the power supply of an ECU. This includes the interaction between the safety PMIC and the safety MCU, possible effects of faults and concepts for detection and reaction for reducing the risk of failures. While more and more systems are moving from a fail silent behavior towards fail operational states with performance degradation, effective measures for both guaranteeing safety while also increasing the system availability will be discussed.