Tag: COTS IP

Is it OK to Provide or Use Hardware COTS IP in Avionics Designs?

Posted on by

The use of commercial off-the-shelf intellectual property (COTS IP, also known as IP cores or simply IP) has been exploding in every sector of the electronics industry for decades. Silicon area is readily available and using these pre-designed blocks has been a huge boon to design productivity. In fact, IP is a key enabler of cheaper, smaller, lighter, lower-power, more reliable, and more full-featured designs. Due to these benefits, this trend has even found its way into the highly conservative Aerospace and Defense (A&D) markets.

Initially, using IP seemed like an easy way around the tedious and complex compliance requirements for design mandated by RTCA/DO-254. It did not take long though before the certification authorities began to understand the risks and started clamping down on the unfettered use of IP in DO-254 programs.  

Seeing an opportunity, several companies dabbled in providing DO-254 compliant IP, but without clear guidance, the endeavor had some risk. Early on, seeing the issues, the DO-254 User Group developed a position paper entitled “Considerations for the Use of COTS IP in DO-254 Programs” in order to capture the issues and provide suggestions for the certification authorities to contemplate as they strove to establish guidance in this area. Now years later, the newly released EASA’s AMC 20-152A (and FAA’s AC 20-152A planned for release in 2021) has formally established guidance on the use of COTS IP within custom devices. (Learn more about AMC 20-152A and its impact on DO-254 programs by clicking here).

AMC 20-152A supplements DO-254 with six new objectives related to COTS IP. Objective IP-1 gives the applicant considerations for selecting appropriate IP.  Objective IP-2 specifies criteria for evaluating an IP supplier and associated IP data. Objective IP-3 guides the applicant on how to address gaps in the development assurance should the IP provider not fulfill all the requirements. Objective IP-4 guides the applicant to establish the verification strategy for the use of IP. Objective IP-5 guides the applicant on documenting hardware development assurance approach for the COTS IP in the PHAC. Objective IP -6 focuses on capturing the requirements representing the COTS IP functions to ensure thorough verification of the functions and the safety implications.

So can you or should you use COTS IP in avionics?

Sure! Just ensure you understand and meet the new guidance as specified in AMC 20-152A. Also, ensure you are getting IP from sources who take compliance seriously and have done the essential work required to provide the industry with IP developed with suitable assurance and the necessary documentation and data.

Can you provide IP to this market? 

Sure! Patmos has worked with several suppliers to ensure their COTS IP offerings meet the most stringent requirements for development assurance and documentation. See more information on the Patmos work with Holt IC’s MIL-STD-1553 DO-254 Certifiable IP Core here. Patmos has been on the leading edge of this trend, working with both Xilinx (on their compliant Avionics and UAV offering) and Logicircuit (on its Safe IPTM offering) on numerous IP compliance projects for nearly a decade. In addition, Patmos has worked on several compliant COTS and COTS IP projects with TTTech, including switches, end systems and components for their flight and rugged hardware product line.

If your company provides COTS and/or COTS IP and you want to begin supplying to the avionics market, or if you want to start using IP in your DO-254 compliant designs, contact us at Patmos Engineering Services for a free consultation on how to get started.

Mistake 1: Planning After the Fact

Posted on by

The next few blogs are dedicated to discussing the top mistakes that are commonly encountered in the compliance process.

The # 1 mistake is…Creating Plans After the Fact

It seems that many folks mistakenly believe that compliance to DO-254 is simply an exercise in filling in the boxes with the documentation required, and that the order or timeline of document creation is not important.  This is a serious misunderstanding of the intent of DO-254 design assurance.

DO-254 is needed because it is nearly impossible to show that today’s complex hardware functions comply to the Certification Authority (FAA/EASA/Etc.) regulation xx.1301 and xx.1309 “Perform intended function under all foreseeable operating conditions.” DO-254 was written as an agreed to industry design assurance strategy that can be used as a “means of compliance” to this regulatory requirement for complex hardware (see AC20-152).

As part of the DO-254 process, Planning is essential because it describes specifically “how” each of DO-254’s general objectives and activities will be met for a particular project. The plans then become the “contract” with the Certification authority for how a company will proceed in all development and testing aspects in order to meet the regulatory rules.  Review and agreement of the plans is important because it shows that there is an understanding of the needed reviews, transitions and analysis throughout the development of the complex hardware in order to ensure that the system is “performing its intended function” and is as free of errors as possible.

The design assurance level (DAL) A-E is a way to communicate the potential level of impact a device failure would have on passengers (with DAL A being very critical). The DAL modulates the objectives of DO-254 such that there is more rigor required when the impact of failure is higher. The planning documents must show this additional rigor and compliance to these additional objectives based on the DAL level.

In addition to these considerations, planning documents need to acknowledge and address certification authority or aircraft specific issue papers or certification review items (CRIs).  One such example is dealing with single event effects (SEE) in hardware, caused by high-speed neutron effects on SRAM based devices.  Another example is certification considerations for using COTS IP, which must adhere to DO-254 standards.  Planning documents should document the developer’s approach on these crucial subjects and applicants should reach agreement with authorities early in the process. Waiting until the end could potentially result in major product redesigns with major cost and schedule implications.

If your someone on your team is struggling to understand the purpose of planning within any sort of compliance program – whether it’s at the hardware, software or systems level – Patmos Engineering Services training can help. We offer a class called “Certification Overview” which covers the fundamentals of compliance (including the importance of planning) at all these levels.

Tammy Reeve has been involved in the certification of hardware (DO-254), software (DO-178C), and systems (ARP 4754A and related) for nearly 20 years.

Tammy Reeve
DER/Founder
Patmos Engineering Services, Inc.