Power inverter safety system concept for ISO 26262
A person of the indisputable info about the automotive sector is that the overall electronic procedure information in vehicles is expanding.
As vehicles develop into a lot more sophisticated and involve options that sense, imagine and act for the driver, the type of electronic information changes. In individual, there will be substantial expansion in hybrid electrical motor vehicle and electrical motor vehicle information, as very well as for automatic generate features.
On the other hand, a essential challenge that demands to be resolved is that the existing company product for electric vehicles is not profitable lengthy term for OEMs. The common estimated price for base electric vehicles is however a big concern.
OEMs will be seeking to near this gap by bringing a lot more layout back in-dwelling, or by bypassing Tier 1 suppliers to chat specifically to IC suppliers. The disrupter right here will be to combine embedded electronic architectures by combining ECUs and clustering features in a new way.
This is why NXP is performing intently with companions throughout the sector to speed up how these constraints are fulfilled. A person way is by creating reference layouts that blend our procedure know-how with our protection knowledge. This indicates that reference layouts involve essential protection procedure aspects from the outset.
To acquire protection ideas for procedure reference layouts, NXP has to be equipped to define the protection ambitions, thought and features for the supposed product to be equipped to detect the ideal procedure implementation into our procedure layout.
We do this by following the ISO 26262 growth system. This provides recommendations for each and every action alongside the growth system for protection procedure products and solutions with a V cycle project administration resource.
The V cycle teams each and every action as a Aspect and unique do the job products and solutions are envisioned at each and every level. IC suppliers like NXP can foresee and acquire procedure ECUs just like a Tier 1 provider does. By doing this, we can pace growth time and supply conventional deliverables that are of gain all through the growth chain.
The target is not automatically to supply a alternative with the identical level of maturity that a Tier 1 could supply, rather to speed up the growth of the do the job products and solutions for the Tier 1.
Let’s take into consideration as an example, how to acquire a protection thought for a power inverter module as a SEooC for an EV software. As an IC provider, we would do the job through pieces three, four, 5, six and 7 of the V cycle and supply the do the job products and solutions affiliated to each and every aspect. We commence by defining the product inside of the concentrate on procedure – i.e. what are the possible hazards and protection ambitions that we want to use to our reference layout?
Determine 1: HV Inverter for EVs
As figure 1 displays, the power inverter is the main traction procedure of an electrical motor vehicle. It controls the strength conversion concerning the electrical strength supply and the mechanical shaft of the electrical motor, dependent on the torque ask for from the Motor vehicle Command Device (VCU).
The VCU interprets the driver demands into acceleration or deceleration of the electrical motor. The inverter translates the torque ask for into phase currents heading into the traction motor.
In a battery electrical motor vehicle, this link is normally built with a very simple gearbox without a clutch. This is our first assumption. It is crucial to be unique right here, considering the fact that the protection situation would be distinct if the motor vehicle has a clutch.
In our situation, if a hazard really should manifest, it is difficult for the driver or the electrical procedure to halt the traction of the motor vehicle by simply opening the link concerning the electrical motor and the wheels of the car.
We also require to detect doable sources of EE malfunction – whether thanks to driving or non-driving scenarios. These hazards are then ranked by risk level according to the ASIL concentrations laid out in ISO 26262. As revealed in figure two, in this situation a protection target could be to steer clear of unintended acceleration if the motor vehicle is stopped.
Determine two: Illustrations of hazards and protection ambitions for an EV HV inverter
These protection ambitions guide to a practical protection architecture with practical requirements (FR) and practical protection requirements (FSR) with affiliated ASIL concentrations and FTTI these kinds of as:
FR1 | The Inverter shall review the ask for from VCU, then command the following features accordingly: traction, brake and battery regeneration. | ASIL D | FTTI two hundred ms |
FSR1 | The inverter shall verify the torque ask for from the VCU and inform in situation of unforeseen worth. | ASIL D | FTTI two hundred ms |
Determine three: Useful protection architecture
Now that we have the practical protection architecture, figure three, we require to exhibit that the procedure architecture will be equipped to fulfil the protection requirements and layout constraints.
To do this, we derived a complex protection thought from the practical protection thought. This combines the components and software sub-ingredient features that will be utilised to realize the supposed product and procedure functionality.
A protection examination is then run to verify that all doable procedure failures have been determined and that the proper protection mechanisms are in put. This may well result in new protection requirements being allotted to the protection architecture.
By doing this, the complex definition can supply the required evidence that the proper reactions have been determined and that a risk-free state can be reached in significantly less time than FTTI: thus that there is no violation of the protection ambitions of the product.
In our example, risk-free state is elaborate because of the significant sum of strength flowing into the electrical motor. A risk-free state right here indicates stopping the propulsion of the motor vehicle, by opening or shorting the 3 phases of the motor based on the pace of the motor.
As we development through the V cycle, the do the job products and solutions are made to assure the protection concerns a purchaser may well have are fulfilled. A components layout is coated by the system in the identical way the protection thought lowers the growth and prototyping phase for prospects by 3 to six months.
In the NXP reference layout, the finish protection architecture is developed out using NXP ICs and diagnostics and reaction to risk-free state are examined. The reference layout can help to pace growth and provides a level of complex protection architecture, alongside with evidence of the protection integrity level as aspect of the overall offer.
Discover out a lot more about the power inverter reference layout right here.