The Conundrum of DO-254 Compliance and COTS IP

A tornado is blowing through a specific area of the semiconductor market. The market for Intellectual Property (or IP, also known as IP cores or IP blocks) is roughly $2.5B and growing at twice the rate of the overall semiconductor market. As semiconductor platforms offer a continually increasing silicon playing field, designers are struggling to fully utilize the design real estate now available to them. Traditional design techniques simply can’t keep pace. This is where IP fits in. IP provides pre-designed building blocks that can be connected relatively quickly and easily to create complex, custom semiconductor designs. Thus, IP is a critical bridge between designers’ creative productivity and the markets’ ever increasing demands for cheaper, smaller, lighter, lower-power, more reliable, full-featured designs.

These winds of change are heading now for the Aerospace and Defense (A&D) markets. All electronics market segments have been increasingly adopting the use of IP as standard practice. Some segments, such as A&D, however, have been slower to do so. Safety concern is the key reason. As the trend towards IP usage has been accelerating, aerospace regulators have been raising concerns that have put the brakes on its use in avionics. Understanding why this is so requires some knowledge of the airborne electronics design standard, DO-254.

The RTCA/DO-254 document “Design Assurance Guidance for Airborne Electronic Hardware” was developed throughout the 1990’s by a committee of industry experts working under the guidance of the RTCA. The intent of the document is to ensure design safety by imposing a structured and rigorous development process to ensure that the resulting product will perform its intended function. This is what is meant by development assurance. The DO-254 development assurance process applies to airborne electronics. With IP use surging in other domains, more and more avionics designers either are—or would like to be—using IP to simplify, accelerate, and lower the cost of the avionics development process. Unfortunately, the typical commercial IP development process and business model do not easily lend themselves to DO-254 compliance specifically, or design assurance in general.

So does IP really need to be compliant? After all, DO-254 itself says nothing about the use of IP. In fact, it barely references FPGA and ASIC designs, which are the focus of how the policy is applied today. This is not surprising given that DO-254 was developed in the 1990’s, when these types of devices were in their infancy and not yet commonplace in the cautious aerospace market. But this highlights one of the key challenges that regulators face – how to keep policy up to speed with technology advances. The case of IP highlights this challenge.

IP used in avionics systems is growing.
In regulation and certification realms, IP is referred to as COTS IP. COTS, or “commercial off the shelf,” is added presumably to emphasize that the IP is developed outside of the scope or control of the company developing the avionics design, which is subject to DO-254 compliance. The DO-254 compliance challenges arise primarily from the assumed lack of development assurance during the IP design process. These concerns with COTS IP are first mentioned in Order 8110.105 (2008), an FAA policy document that shapes how DO-254 is applied to FPGAs. Order 8110.105 emphasizes that COTS IP is indeed within the realm of DO-254 compliance. Order 8110.105 does not however explain how to apply DO-254 to these functions. Similarly, in 2011, the European Aviation Safety Agency (EASA) released certification memo SWCEH-001 which corroborated the FAA position, and still did not provide any specific guidance.

Policy evolution has led to IP compliance requirements.
It wasn’t until October 2014 that the CAST organization (the certification authority software team, which is a group of worldwide regulators who coordinate positions on certification issues for software and hardware) published the first real position and guide for the use of IP in DO-254 programs in CAST 33. This paper, entitled “Compliance to RTCA DO-254/ EUROCAE ED-80, ‘Design Assurance Guidance for Airborne Electronic Hardware’, for COTS Intellectual Property Used in Programmable Logic Devices and Application Specific Integrated Circuits,” makes it clear that DO- 254 compliance is necessary for IP and also describes how that may be achieved. While hard IP (that which is targeted for or implemented within a specific silicon package) has to abide by the latest guidance for COTS, soft IP (that which is available in source form and incorporated with custom code during the development process) must demonstrate the appropriate development assurance. In essence this means the IP has to be developed to be DO-254 compliant or reverse-engineered to become so.

On the surface, this sounds simple enough. An avionics engineer must buy compliant soft IP or get the source and reverse engineer it with an appropriate DO-254 process. In reality, it isn’t so simple. Let’s explore these options one at a time.

“Safe IP” is a library of DO-254 compliant IP
First, very few commercial IP vendors have developed DO-254 compliant IP. The investment is too high (due to the expertise and process required) and the return too low (due to the small size of the avionics market). Second, even if a commercial IP vendor provides the source code (which is somewhat unusual since it violates the traditional IP business model), the cost of obtaining the source is typically high and reverse engineering it for DO-254 compliance without support from the vendor can be nearly as difficult as just re-creating the IP function from scratch.

What then are the options? A market void will always be filled by some creative companies, and the beginnings of this are evident in the avionics IP market. A handful of avionics companies are reselling some of their own internal IP, which presumably they’ve taken through DO-254 compliance for their own programs. A few DO-254 compliant IP companies are emerging, developing new IP following a DO-254 process. An interesting hybrid business model is also emerging, involving the partnership of commercial IP providers and DO-254 consulting companies. In this situation, DO-254 experts take commercial IP with a proven track record and re-engineer it (with support from the original engineers as needed) to be in compliance with the standard. This latter model offers the benefits of starting with a proven baseline of industry use for the IP, and leveraging the expertise of a company well versed in DO-254 to work with that IP as needed to bring it up to full compliance for use in even the most safety-critical designs.

So how can an avionics engineer find and leverage this IP? Finding it is easy. A compliance of the IP is adequate for its use in the design. The easiest IP to incorporate is that in which the IP provider established a methodology for reuse of the compliance effort. It’s one thing to say that an IP is compliant. It’s another to actually incorporate all the data and artifacts that demonstrate this into a DO-254 compliance package at the device level that can stand up to stringent DO-254 audits.

IP compliance data package requirements
Inherent trust is not a notion in DO-254. Compliant IP should come with a data package demonstrating that it has been developed or reverse engineered in compliance with the standard. This package provides evidence that the IP function itself meets DO-254 objectives. But that function is a small piece of a larger design. So reuse of that compliance effort and filling in any compliance gaps at the device level is also a necessity. Vendors of compliant IP should additionally offer support to help their IP users close this very vital gap in compliance.

IP use is here to stay and its use in avionics designs is certain to increase. But safety is paramount in airborne applications, and this includes the functions provided by IP. The policy makers have made this clear in the evolution of policy. Solutions are emerging to offer even this niche market IP solutions that provide the productivity gains designers are seeking and the design assurance certification authorities are seeking. The IP market tornado is yielding sunnier days ahead for avionics.

This article was written by Michelle Lange, Director of Sales and Marketing, Logicircuit, Inc. (Alpharetta, GA). For more information, Click Here .