White Paper Avionics Commercial Off the Shelf Technology

# intel.

## Utilizing the Intel® Airworthiness Evidence Package (Intel®AEP) to Meet the COTS Objectives of AMC-20-152A

The Intel® Airworthiness Evidence Package (AEP) assists in meeting the design assurance requirements of DO-254/ED-80 and development assurance guidance of AMC 20-152A for when COTS devices are integrated into airborne electronic hardware.

> Autnors Debra Aubrey Gabrielle Davenport Luca Fogli

### Authors Introduction

The Intel<sup>®</sup> Airworthiness Evidence Package (Intel<sup>®</sup> AEP) accelerates your time to certification by providing confidential data that is normally unavailable to customers. With unprecedented access to the airworthiness-related data, Intel enables customers to build their certification packages for the full hardware and software stack which forms the foundation for safety-critical applications. Furthermore, when COTS devices are integrated into airborne electronic hardware, the Intel<sup>®</sup> AEP aids in meeting the design assurance requirements of DO-254/ED-80 and the development assurance guidance of AMC 20-152A.



### **Table of Contents**

| Introduction                                                                              | .1      |
|-------------------------------------------------------------------------------------------|---------|
| Intel® AEP delivers unparalleled access<br>to flight safety evidence                      | 1       |
| Intel collaborates with avionics systems<br>designers to ensure your needs are me         | s<br>t2 |
| Intel provides unmatched insight to its<br>development and change management<br>processes | t<br>2  |
| Potential effects of failures and<br>interference are identified                          | .2      |
| Intel processors provide real-time and<br>resource management to improve                  | 2       |
|                                                                                           |         |
|                                                                                           |         |

### Intel® AEP delivers unparalleled access to flight safety evidence

Intel processors are built for industrial use conditions and deliver significant advantages for avionics. With their higher performance per core, Intel processors meet the needs of modern avionics subsystems while simultaneously reducing complexity with lower core counts. They also scale in size, weight, performance, and cost. This provides manufacturers the ability to consolidate workloads and reduce BOM costs. Intel also designs select SKUs targeting aviation applications to meet real-time and safety-critical requirements. The critical use conditions the processors must meet include long life of parts (7-15 years for some parts), support for extended temperature range, and high performance in a single package.

#### White Paper | How the Intel® AEP helps meet the COTS objectives of AMC-20-152A

Looking across an aircraft, each subsystem is categorized relative to its influence on the safe operation of the overall aircraft. The Intel® AEP provides data to help avionics manufacturers and system integrators achieve airworthiness certification ranging from DAL A thru DAL D. Intel mapped functional safety evidence created to satisfy the automotive ISO 26262 and industrial IEC 61508 standards to the airborne electronic hardware DO-254 standard. The results of the mapping showed the Intel® Functional Safety Essential Design Package (Intel® FSEDP) supports customers building their own functional safety concepts.



The Intel<sup>®</sup> Airworthiness Evidence Package (Intel<sup>®</sup> AEP) further augments the Intel<sup>®</sup> FSEDP with additional evidence, including single event effects (SEE) analysis and interference analysis, product reliability data, product certifications, and field failure reports with the root cause analysis.

To help customers address the use of multi-core processors (MCPs) in their airborne systems, Intel provides guidance for configuring and tuning the Intel® Time Coordinated Computing (TCC) features. To enable the most predictable performance, the Intel® AEP includes a CAST-32A Guide which provides guidance for configuring Intel processors to limit the interference between the cores and core resources.

### Intel collaborates with avionics systems designers to ensure your needs are met

We initiate each new Intel® AEP license with a kick-off meeting during which our safety experts work with your engineering team to understand your safety-critical system, architectural block diagram, and the end-application including the I/Os and functions to be leveraged by the system. Based on this information, Intel creates a silicon (Si) bill of materials that specifies all components within the architectural safety boundary of the system as well as functions that will not be used.

Once agreement is reached, the Si bill-of-materials forms the basis to help you assess the level of complexity of your selected microprocessor for the system's hardware planning document (Plan for Hardware Aspects of Certification). Working with your design team Intel collaboratively reviews this customized Si billof- materials against the generic use cases used to develop the basic Intel® AEP. When differences are identified, Intel will conduct a review of the safety-related analyses to assess the impact of the deltas. The inventory of unused functions within the processor helps you demonstrate that those unused functions do not interfere with execution of the functions being used.

## Intel provides unmatched insight to its development and change management processes

AC-152A recommends that OEMs use the electronic component management process (ECMP) defined in IEC 62239-1 ("Process management for avionics – Management plan – Part 1: Preparation and maintenance of an electronics components management plan") for selection and management of electronic components. While the standard does not apply to component manufacturers, Intel provides information to help satisfy requirements of ECMP.

Intel includes detailed information around both our silicon development process and system integration milestones in the Intel® AEP. This data provides insight into the processes Intel follows to ensure the quality of our silicon, microcode, and firmware. Intel also provides a collection of data to help with supplier selection criteria, including information about our conflict-free minerals policy, REACH compliance, and product discontinuation policy.

All Intel customers have access to Intel's Resource & Design Center (RDC), which provides an extensive collection of technical documentation, software, and tools for designing and building with Intel products. The latest design specifications, errata sheets, and technical advisories can be accessed at any time in the RDC. Intel also maintains a dedicated site for Product Change Notifications (PCNs) and Product Discontinuance Notifications (PDNs) for products.

### Potential effects of failures and interference are identified

To further meet COTS objectives, the Intel® AEP includes validation data providing confidence that parts meet published specifications. Intel performs various levels of product qualification testing prior to releasing its products. Intel utilizes dependent failure analysis (DFA) to identify the single events or single causes that could bypass or invalidate a required independence or freedom from interference between given elements. DFA also identifies how dependent failures may affect the effectiveness of safety mechanisms, and possible countermeasures.

To understand whether safety requirements are violated due to the coexistence within the same element or sub-elements with different DAL levels, Intel includes both a hardware and firmware Freedom From Interference (FFI) analysis. So FFI identifies the possible source of interference between coexisting elements which have different criticality and the possible countermeasures.



The Intel® AEP also includes a Failure Modes, Effects, and Diagnostic Analysis (FMEDA) to anticipate possible failures in the design or manufacturing process, evaluate mitigation methods to achieve the required safety integrity, and calculate the safety metrics and failure rates (including soft error rates). In summary, FMEDA aims to obtain device level failure rates, failure mode distribution and diagnostic coverage of countermeasures.

### Intel processors provide real-time and resource management to improve network determinism

Intel real-time technology supports new solutions that require a high degree of coordination, both within and across devices. Intel® Time Coordinated Computing (Intel® TCC) enabled processors deliver optimal compute and time performance for real-time applications. Intel real-time computing performance and solutions are focused on use cases where missing a deadline could result in a system failure. Real-time offerings from Intel support new solutions that deliver both high compute and realtime performance by:

- Prioritizing real-time workloads access to cache, memory, and networking
- · Minimizing disruption from other workloads
- Optimizing performance for both real-time and non-realtime workloads
- Ensuring availability in both native and virtualized
  environments
- Providing Intel<sup>®</sup> TCC Time Synchronization
- Providing a hardware mechanism to coordinate the various clocks found in individual IP blocks.
- Providing a hardware mechanism to specify latency of data packets from one functional block to another (Intel® TCC Timeliness).

To power complex real-time devices and support multiple systems working together in an aircraft, Intel processors can pair with an Intel® Ethernet Controller featuring IEEE 802.1 time-sensitive networking (TSN) support or with any number of other popular networking devices. By using time synchronization and traffic scheduling, these standards enable ultra-reliable and low latency communication over Ethernet to support time sensitive applications.

#### **Contact Info**

For more information about how the Intel<sup>®</sup> AEP can help you reach your objectives, please contact us at <u>PublicSector@intel.com</u>

#### Notices & Disclaimers

Intel technologies may require enabled hardware, software or service activation.

No product or component can be absolutely secure.

Your costs and results may vary.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands

