Cloud native EDA tools & pre-optimized hardware platforms
A little over 21 years ago, PCI Express 1.0 was released to the industry and began a shift to serial interfaces from then-ubiquitous parallel busses. No one in 2002 had any idea how compelling “PCIe” would become in vehicles – both because of the state of contemporaneous in-vehicle computation, and because PCIe’s focus then was clearly on traditional computers for desktop and data center use. In today’s world of connected vehicles with near-human (dare I say super-human?) self-driving abilities, the question seems not so much “Why would automobiles use PCIe now?” as “Why did automobiles wait so long to use PCIe?”
Every year we see increasing complexity in automotive electronics. Adaptive cruise-control (where one’s vehicle adjusts its speed to maintain a set distance from the vehicle in front of it) was not long ago exclusive to high-end luxury vehicles. Today that seems a quaint gimmick in a world where a middle-class family can purchase a car which steers itself in and around traffic, finds and occupies a parking space for itself and waits there until called for by its owner. The amount of sensor data, camera imagery, and sheer computational power to accomplish this is simply staggering, with some researchers calculating that data throughput in a single vehicle approaches 200Gbps!
Reliability has always been a fundamental requirement for automotive systems. Car advertisements of yesteryear touted a brand’s ability to get you safely to your destination, and consumers flocked to vehicles which spent more time on the road than in a mechanic’s shop. With consumers and their families now dependent not just on their vehicle’s ability to keep running, but on its ability to make critical decisions and to perform driving feats beyond the capacity of humans, the focus on reliability has never been higher. Adding the heat produced by all these advanced electronics to the already challenging and rapidly changing temperature, humidity, and vibration of an automobile environment makes a daunting task for automotive designers. Consumers who accept rebooting their smartphones for the occasional “crash” are unsurprisingly unforgiving of the same glitches in their automotive electronics – where the result could easily be a real-world crash with correspondingly severe consequences. Sadly, those same consumers have reluctantly accepted that cybercrime and “hacking” are more and more an unpleasant reality of their daily lives, but here again the consequences are so much more severe than even the most egregious identity theft.
Thus, it’s clear that modern vehicles need an interconnect with high bandwidth, extreme reliability, and robust security – all attributes common to PCI Express 6.0!
Since its first release, PCIe has offered an inherently reliable delivery mechanism. Every PCIe packet includes a link-level cyclic redundancy check (LCRC) which is verified immediately upon receipt. An ACK/NAK (Acknowledged/Not-Acknowledged) protocol provides seamless hardware retransmission of erroneous packets and includes timeouts to ensure broken links do not go unnoticed. As noted above, when a PCIe link is operating in FLIT mode, there’s an additional layer of protection provided by the use of FEC which is applied, and errors potentially corrected, even before the LCRC is checked. Packets which fail these checks are NAK’ed by the receiver, and trigger automatic retransmission by the transmitter. This hardware management of data transfers frees software developers to use PCIe-connected devices as if they were directly connected to the CPU, without the need to worry about the delivery of individual transfers.
PCIe 6.0 includes the Lane Margining feature (introduced with PCIe 4.0) which provides a standardized mechanism for all PCIe components to report the amount of margin they have between the “good” signals they’re receiving and the point of failure. With this feature, it’s possible to track potential signal quality degradation over the life of a component and trigger proactive failure mitigation such as retuning of signaling parameters, reduction in link speed, or even calling for pre-failure preventative component replacement.
PCI Express offers the option of utilizing Vendor Defined Messages (VDMs) to expand the PCIe protocol in numerous ways. Automotive designers may use these VDMs for heartbeat information, in-band management, and many other functions which can contribute to the reliability of the overall PCIe automotive system.
In the automotive realm, the phrase “interface security” may conjure up visions of movie secret agents assassinating evil geniuses by hacking their self-driving cars to drive off cliffs and explode in spectacular fashion, but there are actually multiple real-world scenarios behind the move to secure PCIe links. In a world where nations have been caught using cyberattacks to disrupt other nations’ weapons, we shouldn’t completely rule out the “hack vehicle for assassination” movie plot, but a far simpler profit motivation of theft would give savvy thieves an incentive for such hacking. As automotive manufacturers have closed more and more security vulnerabilities in traditional anti-theft mechanisms like Radio Frequency remote unlocking systems, thieves will necessarily have to turn their attention deeper inside the vehicle where PCIe interconnects might otherwise become an attractive point of attack. Often overlooked as well is the idea of interface security to enforce Digital Rights Management – where the “attacker” may be the vehicle owner with unlimited time and free access to the vehicle under “attack” who is intent on unlocking paid features such as autonomous driving.
These and other factors mean automotive designers now need to consider all of their internal interfaces as possible attack vectors. PCI Express includes a feature called Integrity and Data Encryption (IDE) which allows PCIe devices to perform hardware encryption and integrity checking on packets transferred across PCIe links. Fundamentally, IDE protects against hardware-level attacks conducted by skilled attackers with sophisticated tools and direct access to their victim systems. PCIe packets are individually encrypted and authenticated with an AES-GCM cryptographic algorithm to provide data confidentiality and integrity. Mechanisms within the IDE specification work throughout the PCIe protocol stack to protect against PCIe-specific attacks, such as forcing retries and injecting bad packets in attempts to force repeated transmission of the same data to expose the cryptographic keys being used. Due to these low-level protocol interactions, IDE must be implemented hand-in-hand with a PCIe controller to get the full benefit of the protection mechanisms and provide optimal solutions. As a result of the integrity checks, PCIe links secured by IDE also benefit from yet one more layer of reliability checking, since even a non-malicious modification of an IDE-protected PCIe packet will trigger a system-level response.
Figure 1: Synopsys IDE Implementation Example Within a PCIe Controller