Calterah Achieved ISO 26262 Functional Safety Management Certification, Supporting up to ASIL D Chip Development

2020-03-19

Recently, TÜV Rheinland issued ISO 26262 Functional Safety Management Certificate to Calterah Semiconductor, making Calterah one of the two fabless design houses in China semiconductor industry that has achieved this certification.

Covering the functional safety requirement planning, design, implementation, integration, verification, confirmation measures and configuration, ISO 26262 series of automotive functional safety standards is one of the market thresholds for E/E part suppliers to enter the automotive industry, with the aim of minimizing the risks from automotive E/E system failures through comprehensive development processes.

ISO 26262 series of standards provides a risk-based approach to determine automotive safety integrity levels (ASILs). There are four ASILs defined, ASIL A, B, C and D, with D representing the highest level and A the lowest level. A higher ASIL level means more stringent requirements on system safety, hardware diagnostic coverage and development processes, which also puts a higher demand on technology.

▲Calterah Obtained ISO 26262 Functional Safety Management Certificate

Based on ISO 26262:2018, Calterah Semiconductor has established a complete set of functional safety product development process, which supports the development of IC products with up to ASIL D level.

As safety is the basic requirement of intelligent drive, Calterah has always put a priority on product functional safety management and certification, so as to guarantee the reliability and safety of products.

Chen Xiaobing, the functional safety manager of Calterah, said: “In the beginning, functional safety design was not based on the actual circuits inside the chip. The chip was regarded as a sensor within the whole circuitry, so safety mechanisms were designed based on the functional analysis of the chip. That means, the chip was regarded a black box. It didn’t matter what circuits or logic were used in the chip to achieve functions. We conducted analysis just according to the functions of the chip, and designed safety mechanisms that just ensure the whole chip meet the functional safety requirements. For example, for a millimeter wave sensor, according to ISO 26262, four types of failures, i.e., out-of-range, offsets, stuck in range and oscillations, shall be detected on sensors. These failures can be detected with a single safety measure like test pattern…”.

“However, from the perspective of chip design, we clearly know what circuits are inside the chip and what functions each circuit has. For us, the chip is a white box, which means we clearly know what are inside the chip and how they work. So we can, based on the circuits in the chip and their failure modes, design more efficient and targeted safety mechanisms. Hence, we analyzed 190 modules in the chip and found, besides test pattern, some other tests and protection mechanisms are still needed to ensure safety…”.

In order to meet this requirement, we provided more than 50 safety mechanisms, including real-time detection like ECC, pseudo-real-time detection like LBIST and test pattern, as well as detection during boot time like boot time MBIST…”.

“So here we are with a millimeter-wave radar sensor chip that has been developed with functional safety management processes that meet the requirements of ISO 26262. In the meantime, we also provide materials that can help our customers understand and implement the functional safety of our chip, including FMEDA, Pin FMEA, DFA, and safety manual.”