PUBLIC USE

NOV 2016

NXP

PROCESSEURS POUR ENVIRONNEMENT

CONTRAINTS ET SÉCURISÉS

PUBLIC USE1

Security Ease of UseEnergy Efficient

Automotive AND Industrial Megatrends

• IoT / Big Data

• Sensor Fusion

• Detection

• Encryption

• Authentication

• Perform/Power

• Heat dissipation

• Higher Integration

• Space Constrained

• Proven Quality

• Reliability

• Product Longevity

• High Temperature

• Functional Safety

• Low Cost SW

• Reference Designs

• Trusted Partners

• Strong Support

• Faster Launch

Robust

PUBLIC USE2

Application Overview

Ultra-reliable MCUs are ideal for challenging environments found in industrial, infrastructure,

automation, communications, transportation, medical and A&D applications.

Circular pump for heatingand cooling water circuit

Engine cooling fan

Starter

Alternator, generator

Steering wheel,adjustment

Scavenging pump,high-pressure pump

Headlight rangeadjustment unit

Heating fan

Cooling fan for airconditioning system

Circular pump for stationary heating system

Motor for stationary heating system

Heating and air conditioning system

ABS pump

Window winder

Arial drive

Idle positionadjustment system

Tailgate closing

Rear windscreenwiper

Fuel pumpErgonomic backrest,headrest adjustment

Headlight cleaning

Headlight tilting

Wipers

Sliding roof

Mirror adjustment

Central locking system

Door closing

Belt system

Seat control

Headrest adjustment

Backrest adjustment

Rear seat adjustment

Convertible roof

Active suspension

EPS drive

Lighting

ControlCentral Locking

System

High Pressure

Pump

Alternator,

Generator

Circular Pump for Heating and

Cooling Water Circuit

Air Conditioning

SystemGate Closing

Robot Arm movementFluid Pump

Machinery Positioning

Solar InverterElevator

Medical Pump

Avionics

Signaling System Construction/Harvesting machine

engine management and motor control

Fire Alarm

Oil Rig Sensor

Those MCUs offers best-in-class

quality, reliability and safety for

applications that need to perform in

the harshest environments.

NXP.com/UltraReliableMCUs

PUBLIC USE3

Ultra-Reliable Auto & Industrial MCUs Values

Broadest ultra-reliable MCU portfolio• 8k to 8 MB of embedded flash with 5V supply, -40 to 150 ˚C ambient

temperature

• Safety supporting ISO26262/IEC61508 requirement

• Security (detection & prevention) for connected nodes

Best in class quality, reliability and safety MCUs

• 30 year delivering industrial and automotive grade quality

• Zero defect program, no failure in the field

• Advanced design for manufacturing (DFM) and test (DFT)

Industry’s benchmark product longevity

• 15 years minimum product longevity support

• 20 years service lifetime and 5 years shelf-life

• Below 1ppm defect qualityNXP.com/UltraReliableMCUs

PUBLIC USE4

Functional Safety and Security

PUBLIC USE5

SafeAssure™ Program

• NXP simplifies the process of system compliance for automotive and industrial functional safety standards

• Reduces the time and complexity required to develop safety systems that comply with ISO 26262 and IEC 61508 standards

• Supports the most stringent Safety Integrity Levels (SILs)

• Zero defect methodology from design to manufacturing to help ensure our products meet the stringent demands of safety applications

• Functional safety activities address:

− Safety process (FMEA, FTA, FMEDA) integrated into development process

− Safety hardware (safety manual) BIST, ECC, etc

− Safety software (safety manual) Autosar MCAL, OS, core self tests, etc.

− Safety support – training, documentation and tech support

PUBLIC USE6

Single Point Failure

Immediate potential for hazard

Latent Failure

Danger with second fault

Common Cause Failure

Annul redundancy-based measures

NXP Solution• Structure redundancy [Core, DMA]

• Information redundancy [E2E, ECC,

EDC]

NXP Solution• Hardware self test [memory, logic]

• 90% stuck-at-fault

NXP Solution• Delayed checker core

• Clock, temp, power monitor

• Independent safety clock

Functional Safety Implementation

Key Features:

Lockstep cores, ECC on memories, Redundant function, Monitors, Build-in self-test,

Fault collection and control, Core self test, FMEDA, Safety manual

NXP.com/SafeAssure

PUBLIC USE7

Functional Safety on Automotive and Industrial Ultra-Reliable

MCUs

NXP.com/SafeAssure

Product Target Applications Safety Hardware

MPC577xK Vision/Radar Targets ASIL D

MPC5748G Control Module/Gateway Targets ASIL B

MPC5777M Engine Control Targets ASIL D

MPC5744P Safety Domain Control Targets ASIL D

MPC564xL Input/output Control Targets ASIL D

S32KGeneral Purpose ARM MCU,

Motor ControlTargets ASIL B

S32V Radar, Sensor fusion, Vision Targets ASIL B

S12ZVL LIN NodesTargets ASIL A

S12ZVC CAN Nodes

PUBLIC USE8

Security, What you need to know

Multi-layered approach strengthens overall equipment

security

• Protects against HW and SW theft, tuning, parts cloning, component

age manipulation and personal data theft

Trusted execution against

• Attacks from compromised platform SW

• Violation of confidentiality and integrity of sensitive data

• Access to critical peripherals and memory

• Backdoors using untrusted DMA masters

• Starvation of resources available to critical services

Communications

Applications

HSM/CSE/Trust Zone

Tamper detection module

Encryption

Authentication

Firewall

Audit Trail

Flash

PUBLIC USE9

Security Implementation

CSE HSM TDM

Cryptographic Security

Engine

• Turn-key solution

• SHE Compliant

• AES-128

• Secure Key Storage

Hardware Security

Module

• User programmable

• Secure debug

• Supports CSE functional

requirements

• Secure sensor interface

‒ Voltage, temperature and

clock monitoring

Flash Tamper Detection

Module

• Records all attempts to

modify flash memory

• Detects unauthorized re-

programming of application

code

• Protects manufacturer’s

investment

PUBLIC USE10

AEC Q100

All NXP Automotive

MCU are AEC

Q100 certified

125˚CAll NXP Automotive

MCU support up to

125˚C ambient

temperature

135˚C+Extended temperature

up to 135˚C+ ambient

on several product lines

(S08SG, S12G, S12ZV,

MPC57xx)

Low PPM

Benefit of one of the

lowest PPM level in the

industry targeting zero

defects performance

• Largest portfolio with automotive qualification grade

• High temperature for space constraint applications like fuel, oil, water pumps, sensor and

actuators.

NXP Products: Automotive Grade for Challenging Environments

PUBLIC USE11

Portfolio Overview

PUBLIC USE12

Ultra-Reliable Automotive and Industrial Product Lines

Advanced

Assist

Systems

Dynamics and Connectivity

General Purpose and Integrated Solutions

Vision & Radar

Vehicle IoT

Autonomous System

Engine Management

New Energy

Gateway

Safety

CAN/LIN nodes

Motor control

Sensor/Actuators

Application

Specific

Functional Safety

Multicore Processing

Code Security

Time to Market

Reference Solutions

Hyper-integration

Broad Market

PUBLIC USE14

NXP Automotive General Purpose and Integrated MCU PortfolioA

pp

licati

on

s

Now in production

S08

8bit auto

S12

16bit auto

MPC56xx / MPC57xx

32bit auto

S32K

S12 MagniV

Ramping in 2017+

KEA

PUBLIC USE15

S32K – Fastest Time to Market + Future-Proof Features

Most Scalable Portfolio• 8K to 2M+ Flash• HW and SW compatibility Reduce R&D

Superior Performanceand Features• Cortex M with FPU & DSP• Lowest Stop Current• ASIL-B safety • SHE- Security• CAN-FD, Ethernet• FlexIO, Reduced BOM Cost Future proof designs

Complete Software Solution• S32 Design Studio• Software Devt Kit (SDK)• Autosar MCAL + OS Reduce Time-to-Market

PUBLIC USE16

S32K148 Block Diagram

Crossbar Switch with MPU

RAM

Up To

256KB

System

Periphera

l

Bridge Flash

Up To

2M

NV

IC

Cortex M4F

112 MHz

FPU, DSP, MPU,

4 KB I/D-Cache

EEPROM

Up To

4KB

RTC

PMC2.7 - 5.5V

FLL Clk Mult

Ext Osc (8 - 40MHz)

Fast R/C OSC(48MHz 1%)

LP OSC (128KHz 10%)

SCG

High Performance• ARM Cortex M4F up to 112MHz w FPU

• eDMA from 57xxx family

Software Friendly Architecture• High RAM to Flash ratio

• Independent CPU and peripheral clocking

• 48MHz 1% IRC – no PLL init required in LP

• Registers maintained in all modes

• Programmable triggers for ADC no SW delay counters or extra

interrupts

Functional safety• ISO26262 support for ASIL B or higher

• Memory Protection Unit

• ECC on Flash/Dataflash and RAM

• Independent internal OSC for Watchdog

• Diversity between ADC and ACMP

• Diversity between SPI/SCI and FlexIO

• Core self test libraries

• Scalable LVD protection

• CRC

Low power• Low leakage technology

• Multiple VLP modes and IRC combos

• Wake-up on analog thresholds

Security• CSEc (SHE-spec)

Operating Characteristics• Voltage range: 2.7V to 5.5V

• Temperature (ambient): -40°C to +125°C

Digital

Components

5V Analogue

ComponentsMCU Core

and Memories

Packages & IO• Open-drain for 3.3 V and hi-drive pins

• Powered ESD protection

• Packages: 100 BGA, 144 LQFP, 176 LQFP

secu

rity

Slow R/C OSC(8MHz 3%)

16ch

eDMA

LVD

WDOG EWM

Debug

SWD JTAG

Communications / I/O System

2x A

DC

32

ch 1

2bit

AC

MP

w 8

-bit D

AC

8x F

lexT

ime

r8ch 1

6-B

it

3x F

lex C

AN

2 w

ith

FD

2x P

DB

Qu

ad

SP

I

3x S

PI

2x I

2C

Flex IO

I2S

UA

RT

SP

ILP

IT

CR

C

3x U

AR

T/L

IN

SAI

I2S

AC

97

TD

M

100MBit/s

Ethernet

incl. PTP

PUBLIC USE17

S32K SafeAssure Program

Safety HardwareCommon safe hardware platform for application software:

• Voltage/clocks monitoring

• Memories w/ error correction (ECC)

• Window Watchdog...

Safety Process

• ISO 26262 development processfor all products

• Safety Element out of Context

Product Development

Process

FMEDA Report

Availability

Dependant

Failure Analysis

Safety

Manual

Core Self-Test and User

Guide

S32K ISO 26262 Upon request Yes Yes Yes

Quality Foundation

Safety Support

• FIT rates

• Safety manual

• Technical support as required

Safety SoftwareS32K core self-test available to complement the built-in hardware safety features

PUBLIC USE18

MPC5777M MCU for Automotive & Industrial Engine

Key Features

• Two independent 300 MHz Power

Architecture z7 computational

cores

– Single 300 MHz Power

Architecture z7 lockstep

– Delayed lock-step for ASIL-D

safety

• Single I/O Core 200 MHz Power

Architecture z4 core

• 8M Flash with ECC

• 596k total SRAM with ECC

– 404k of system RAM (incls. 64k

standby)

– 192k of tightly coupled data

RAM

• 10 ΣΔ converters for knock

detection, 12 SAR converters –

84 total ADC channels

• GTM – 248 timer channels

• eDMA controller – 128 channels

Package• 416 PBGA, 512 PBGA

• eCAL emulation device for each package

PUBLIC USE19

Safety Concept Summary

• Measures against single point faults

− Replication only of Cores & attached periphery

− End-2-End protection of data paths (ECC)

− ECC on all RAMs (System, periphery, Cache, TCM) & Flash

• Measures against latent errors (during boot)

− Memory BIST

− LBIST

− Limited BIST of analog components

• Measures against Common Cause errors

− Clock & Power Monitors, Monitors of signal lines (debug, test, …)

− HW-evaluated Temperature Sensors

• Some errors not handled

− External hardware supervision (Watchdog, Supply Voltage)

− Redundant usage of I/O by software

< 50ms

PUBLIC USE20

ADAS and HAD Portfolio

Target Markets Products

Highly Automated

Driving

Surround Vision

Front L/M Range Corner Radar Highly Integrated

Sensor

Mono/Stereo Vision

Vision ADAS & Automated Driving

Radar Based ADAS

S32V

Automotive open platform built on

quality, highly performing, fully

abstracted accelerators,

uncompromised safety and security

S32A

General purpose computing with

MASSIVE performance for

environmental modeling acceleration,

automotive quality, fault tolerance and

security

S32R

Scalable, highly integrated, safe and

secure family driving the digitalization of

radar and sensor data fusion

Technology

Best in Class

Cognitive

Acceleration

Software Dev Kit

& Linux

ARM Cortex Safe

& Secure

Architecture

PUBLIC USE21

256kB Banked L2

ARM A53

32KB

L1-D

32KB

L1-I

ARM A53

32KB

L1-D

32KB

L1-I

S32V234: ADAS Safety Controller

General Purpose Processing

• Two 2x ARM A53 Safe Clusters

• 64 Bit, 1.0 GHz

• 2 x 256 kB L2 cache per cluster

• Neon SIMD

• ~10000 DMIPS

• 2 x 32b DDR3/LPDDR2 at 533MHz

Accelerated Processing

• Image Signal Processing

• 2 x APEX2 – Image cognition

Processing Open CL

• h.264 Codec and MJPEG decoder

• 3D GPU GC3000 (4 Shader)

Coherency Fabric2x CSI2 4ln

2x 16 bit Par I/F

Power Management

SDHC

LinFLex

I2C

GPIO, JTAG

4MB

System RAM

CSE3

M4

32-bit DDR3/LPDDR2

Memory Controller

32-bit DDR3/LPDDR2

Memory Controller

Gb

ET

H

Fle

xR

AY

Zip

wire

PC

Ie

3D

GPUISP

Safe

DMA

Multi

Master

Sram

Ctrl

ADC

FCCU

APEX

2

APEX

2

H.264 MJPEG

Functional SAFETY

• Classic ASIL B capable SoC

• LBIST, MBIST

• Voltage Monitoring, Temperature Monitoring

• Full memory ECC, E2E ECC

• SW Core Self Tests

• SW independent Fault monitoring and reporting

• Safe DMA, CRC processing

• Safe MCAL

High Speed Serial Interfaces

• 1 PCIe controllers

• 1 Dual Channel FlexRay

• 1 Zipwire

• 2 x MIPI CSI2 - 4 lanes 6Gb/s

Low Speed Serial Interfaces

• 2 CAN –FD

• 4 SPI

• 2 LinFLEX

• 4x Timer

• FlexRay

Security

• 1 CSE3 – Flashless

256kB Banked L2

ARM A53

32KB

L1-D

32KB

L1-I

ARM A53

32KB

L1-D

32KB

L1-I

DCU

Vision Surround Fusion

PUBLIC USE22

Introducing Ethernet: NXP Provides Auto-Native Portfolio Flexible, scalable solution

TJA1102

Dual-OABR PHY

TJA1102

Dual-OABR PHY

e.g. MPC574xC/D/G

802.1Q + AVB

802.1Q + AVB + TSN

SJA1105T

SJA1105

AVB SW

AUTOSAR Capability

Host Processor(i.MX, MPC574x, S32x)

• TJA1100 100MBPS PHY − Open Alliance BroadR-Reach Compliant

− Fully automotive qualified

− Robust automotive grade EMC and ESD

− Minimal external component count

− Enhanced Power Management to save battery life

• TJA1102 Dual-PHY − Single chip dual Broad-R-Rach PHY

− Enables better scalability

• SJA1105 FIVE-PORT SWITCH− Layer 2 Store and Forward Switch,

− Supports AVB, TSN and Deterministic Ethernet

− Up to 1-Gb network speed,

− MII/RMII/RGMII Interface

− Port Mirroring and VLAN support (IEEE 802.1Q and IEEE 802.1P)

PUBLIC USE24

ATTRIBUTION STATEMENT

NXP, the NXP logo, NXP SECURE CONNECTIONS FOR A SMARTER WORLD, CoolFlux, EMBRACE, GREENCHIP, HITAG, I2C BUS, ICODE, JCOP, LIFE VIBES, MIFARE, MIFARE Classic, MIFARE

DESFire, MIFARE Plus, MIFARE FleX, MANTIS, MIFARE ULTRALIGHT, MIFARE4MOBILE, MIGLO, NTAG, ROADLINK, SMARTLX, SMARTMX, STARPLUG, TOPFET, TrenchMOS, UCODE, Freescale,

the Freescale logo, AltiVec, C 5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C Ware, the Energy Efficient Solutions logo, Kinetis, Layerscape, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert,

QorIQ, QorIQ Qonverge, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid, Airfast, BeeKit, BeeStack, CoreNet, Flexis, MXC, Platform in a Package, QUICC Engine,

SMARTMOS, Tower, TurboLink, and UMEMS are trademarks of NXP B.V. All other product or service names are the property of their respective owners. ARM, AMBA, ARM Powered, Artisan, Cortex,

Jazelle, Keil, SecurCore, Thumb, TrustZone, and μVision are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. ARM7, ARM9, ARM11, big.LITTLE, CoreLink,

CoreSight, DesignStart, Mali, mbed, NEON, POP, Sensinode, Socrates, ULINK and Versatile are trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. Oracle and

Java are registered trademarks of Oracle and/or its affiliates. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks

licensed by Power.org. © 2015–2016 NXP B.V.