Image credit: Marvell
Brightlane Gen3 Angle Edit 62a0f78dcc674

Secure Automotive Ethernet Switch Adds Lockstep Dual-Core CPU

June 9, 2022
As software takes over more of the modern car, the systems inside are being held to a higher standard of functional safety.

Marvell’s new generation of automotive-grade Ethernet switch chips features higher bandwidth and port counts along with a suite of networking and security technologies to lock down data traveling inside cars.

The Santa Clara, California-based company said the third generation Brightlane Ethernet switch is its most advanced yet and the first with a “lockstep” dual-core CPU that adds redundancy and reliability for safety-critical automotive systems. The new switch chip supports up to 16 interface ports that support Ethernet speeds from 10 Mb/s to 1 Gb/s, while integrating a dedicated security subsystem to guard against hackers.

The Brightlane switch is the latest offering in an extensive line of vehicle-networking chips from Marvell, which has been in an arm’s race with the likes of NXP to Microchip to own the in-car networks of the future. The company has landed over 30 design wins with leading auto OEMs, including eight of the world’s top 10.

New Architectures

As Apple, Google, and other tech giants try to take over the dashboards in cars and invest in autonomous driving, auto makers are trying to become more like them: They are all shifting their emphasis to software. However, their software ambitions need hardware to match.

Today, a high-end vehicle can contain more than 100 electronic control units (ECUs). Each module only has enough computing power to perform a single job, controlling everything from the powertrain and digital dashboard to advanced safety systems and various body controls. The systems tend to be developed by Tier-1 suppliers and rely on proprietary software, largely impenetrable even to the auto makers doing the installation.

But as the level of complexity gets out of control, auto makers are moving to “domain-based” architectures that integrate many of the ECUs—and the microcontrollers (MCUs) inside them—into a smaller number of “domain controllers.” The high-performance chips at the heart of each module are designed to safely and securely control several different functions at the same time, running them in separate software containers instead.

Other auto makers are trying to upgrade to “zonal-based” architectures. In this model, the bulk of the car’s computing power is in a central supercomputer, linked to the sensors and other systems around the car through “gateways” that each contain a switch to communicate with each other over Ethernet. This also reduces the cost and weight of wiring by keeping the gateways closer to devices they will be working with.

The overhaul opens the door for companies to support over-the-air software updates. That will allow cars to evolve over time by being continuously upgraded with new services and even features such as additional driving modes. The technology will also enable auto makers to run diagnostics and perform repairs remotely.

But as cars collect more data and run it through software, companies are looking to move it all faster. Advanced safety systems such as automatic emergency braking and lane-keeping assistance require instant communications. The car's internal network has long been dominated by the Controller Area Network (CAN) bus and bolstered by local interconnection networks (LINs). But these legacy networks are falling behind.

So, companies have been supplementing networks with 100-Mb/s to 10-Gb/s Ethernet to fight information overload. Many auto makers are using Ethernet to build out high-bandwidth network backbones in their vehicles.

Security Lockdown

As cars become computers on wheels, security has become one of the top priorities for auto makers today.

“That exposes you to lots of security vulnerabilities or possible security threats,” said John Bergen, senior product marketing manager in Marvell's automotive business unit. “Today’s cars may have up to 100 million lines of code, but as you move to autonomous cars, you can potentially have up to a billion lines of code. With all that software and connectivity, it creates a bigger surface for security threats and there are more potential points of entry for malicious attacks.”

Hackers can also carry out a very wide range of attacks once they get inside the vehicle, Bergen said. “What you will see is hackers trying to alter the configuration of a device, steal information from a vehicle, or even disrupt data transmission. All these areas need to be protected within the network and the switch.”

Marvell said the new secure Brightlane Ethernet switch is highly integrated and based on a heterogeneous architecture, leveraging several hardware blocks to harden the security of both the device and the network.

The chip integrates IEEE 802.1AE-compliant Media Access Control security (MACsec) protocols that secure the link between switches in the vehicle and protect the data traveling via Ethernet over the car’s network.

The embedded hardware security module (HSM) is used to authenticate software and encrypt data in the device itself. Marvell said the HSM enhances device security by supporting secure and encrypted boot and storing and managing cryptography keys used by advanced security features such as the MACsec.

Lockstep Arm CPUs

As software takes over more of the modern car, the systems inside are being held to higher standards for functional safety and reliability.

Brightlane adds a high-performance, dual-core Cortex-R52 CPU with dedicated on-chip memory that can run in “lockstep” mode to add redundancy. The CPU cores runs through the same series of computations at the same time to check for faults. That means even if one of the CPU cores fails, the switch will continue to perform networking and security protocols to transfer the data through the network as if nothing happened.

Marvell also integrated a wide range of advanced networking features in the third generation Brightlane switch. The switch supports the 10Base-T1S standard for the first time in a secure automotive-grade switch to run at data rates of 10 Mb/s. In addition, it incorporates 100Base-T1 and 1000Base-T1 Ethernet PHYs, 1G to 10G SerDes, and PCIe Gen 3 connectivity in a single chip, reducing component count in the vehicle.

On top of that, the switch supports the latest time-sensitive-networking (TSN) standards to reduce latency and improve reliability for mission-critical systems, including IEEE 802.1CB standards for data redundancy.

Marvell said the Brightlane switch fits the requirements of the ISO 26262 ASIL-B safety standard. The chips can tolerate the harsh temperature environments in cars, from −40 to 105 °C.

Port Flexibility

Flexibility is another advantage Marvell touted for the new Brightlane Ethernet switch. It is supplying the Ethernet switch in a nine-port configuration (88Q5152/51) that comes in a 15- × 15-mm BGA package.

Also available is a 19- × 19-mm, 16-port switch (88Q5192) that brings more networking and connectivity features into the fold, making it ideal for the central gateway or high-performance compute module at the heart of the vehicle.

The Brightlane Ethernet switch is currently sampling, with volume production scheduled for later this year.

About the Author

James Morra | Senior Editor

James Morra is a senior editor for Electronic Design, covering the semiconductor industry and new technology trends, with a focus on power management. He also reports on the business behind electrical engineering, including the electronics supply chain. He joined Electronic Design in 2015 and is based in Chicago, Illinois.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!