This technical article was written jointly with J ü rgen Belz, senior consultant for prometo functional security and network security.
The transition from internal combustion engine (ice) to electric vehicle (EV) requires at least five additional electrical / electronic / programmable electronic (E / E / PE) systems. Figure 1 depicts these systems in an electric vehicle.
Figure 1: block diagram of typical electric vehicle powertrain
In order to achieve zero exhaust emissions and reduce the continuous dependence on fossil fuels, electric vehicles began to “supplement energy” at charging stations. These electric vehicle charging stations can convert renewable energy such as solar and wind energy into electric energy, so as to increase the positive impact of electric vehicles on the environment. The on-board charger and the high-voltage battery form a functional unit to ensure fast and efficient charging and protect the battery from overcharging. The above and other safety requirements are described in parts 1, 2 and 3 of the international organization for Standardization (ISO) 6469 – this standard is responsible for developing safety requirements for high voltage electrical systems of road electric vehicles.
All electronic control units (ECUs) in electric vehicles need a 12V battery charged by high-voltage / low-voltage DC / DC converter, which helps to achieve electrical isolation between low-voltage (12V) battery and high-voltage (400V or 800V) battery. The inverter and motor (propulsion motor) provide torque for controlled motion. Permanent magnet synchronous motors with high power density and very compact are usually deployed in the propulsion motor of electric vehicles. At lower power levels, the use of asynchronous motors in electric vehicles is limited. The functional safety features of the high / low voltage DC / DC converter can help ensure that all ECU functions are brought into full play when the electric vehicle is running. ISO 26262:2018 also outlines the electric vehicle traction inverter (evti).
For example, for a vehicle equipped with ice, the operating time (or power on hours) of the semiconductor element is between 8000 and 10000 hours. In electric vehicles, this will increase to 30000 hours or more. This is because the semiconductor element must remain energized not only when the vehicle is running, but also when the vehicle is charging. This power value will bring certain impact. For example, it will affect the calculation of random hardware failure probability index in ISO 26262. Engineers also need to develop a system with five times lower average probability of dangerous failure or time-based failure of components.
In the electrified powertrain, C2000The real-time microcontroller (MCU) is usually responsible for power conversion and communication with the general MCU connected to the bus to achieve a higher level of security, as shown in Figure 2.
Figure 2: C2000 real time control in electrified powertrain system
Generally, in wireless upgrade, you may still consider encrypted communication between communication MCU and C2000 real-time controller. In the above case, you need to evaluate the threat level and determine the system level security policy, so as to make full use of the various information security mechanisms provided by C2000 real-time MCU, as shown in Figure 3.
Figure 3: security mechanism status supported by C2000
Some technical features supporting these information security mechanisms include:
·Protects memory blocks.
·Memory area ownership of bus master controllers such as c28x central processing unit (CPU), control law accelerator and direct memory access.
·Execution only protection is provided for some memory areas (with callable safe copy and safe cyclic redundancy check software application programming interface functions in boot read only memory).
·Protect the CPU from improper access through debug ports and logic when executing code from a secure storage area (also known as the secure joint test action group).
·Each product has a unique identification.
·Hardware acceleration engine for 128 bit advanced embedded standard (AES) encryption.
Since electric drives or voltage converters must be functionally safe, high voltage safe, energy-efficient and cost-effective, the challenges and complexity increase exponentially. When designing with C2000 real-time MCU, electric vehicle charging designers can choose to use a single device that meets all these requirements to solve these challenges.