The RTCA DO-254/Eurocae ED-80 standard provides guidance for design assurance of airborne electronic hardware, from conception through initial certification and subsequent post certification product improvements to ensure continued airworthiness. DO-254 defines objectives that must be met by avionics equipment manufacturers according to EASA and FAA guidelines.

The RTCA DO-254 standard defines five levels of criticality from level A (highest) to level E (lowest). These design assurance levels are required for all civil airborne electronic hardware. More recently, military airborne applications such as A400M are now requiring DO-254 compliance.

To support the DO-254 certification process, Altera and its partners are proposing a complete set of tools and intellectual property (IP) that provides the data to present to the certification authority (see Figure 1). Altera’s experience with developers of airborne systems yields the following recommendations, as shown in Table 1.

Figure 1. Altera's Full Design Cycle Partner Network Solutions

Figure 1. Altera's Full Design Cycle Partner Network Solutions

 

Table 1. DO-254 Certification Support

Level Description Affected Area Altera® Solutions
AFailure will cause or contribute to a catastrophic failure of the aircraft.Display unit, switch systems, airborne computing

FPGA or HardCopy® ASIC with cyclic redundancy check (CRC) feature

BFailure will cause or contribute to a hazardous/severe failure condition.Back-up power, heads-up display

FPGA or HardCopy ASIC with CRC feature

CFailure will cause or contribute to a major failure condition.Any

FPGA with or without CRC feature

DFailure will cause or contribute to a minor failure condition.Any

FPGA with or without CRC feature

EFailure will have no effect on the aircraft or on pilot workload.Any

FPGA with or without CRC feature

Nios II DO-254 Certifiable Soft Core Processor

Recent FAA guidance has highlighted the necessity to supply additional design documentation when using a generic-purpose processor or a graphical chipset. The soft IP solution is a design path that offers a high degree of available design documentation. Recently, Altera announced the DO-254 certifiable soft processor: NIOS II_SC. This safety-critical version is provided through our partner Hcell Engineering. The NIOS II_SC package was developed under DO-254 design assurance levels, as well as a safety analysis in accordance with Appendix B of the DO-254 certification.

To comply with level A, several teams were involved in the design, verification, and validation process. A "V Cycle" design verification was performed. The requirement capture is done independently from design, validation, and verification. See Figure 2.

Figure 2. Design Verification Flow

Figure 1. Design Verification Flow

NIOS II_SC Package

Altera and Hcell Engineering have developed a complete DO-254 certifiable package, including:

  • NIOS II_SC Plan for Hardware Aspect of Certification (PHAC)
  • NIOS II_SC design data:
    • Requirements identification are based on the Nios® II specification, plus design assurance considerations
    • Conceptual design data
    • Detailed design data
  • Top-level drawing
  • Verification data with Nios II processor test procedures and test results
  • NIOS II_SC configuration management
  • NIOS II_SC reports
  • NIOS II_SC accomplishment summary

Altera Global Partner Network

Table 2 shows Altera's global partners and their solutions.

Table 2. Global Partner Network Members

Partner Solutions
Hcell Engineering Services to provide certifiable IP cores via Mentor Graphics® flow
ALDEC Compliance tool set for simulation and in-hardware verification
Mentor Graphics Compliance tool set for simulation
HighRely Training and documentation
Aeroconseil Training and documentation

Altera Partners in DO-254 Certifiable IP

The following IP cores are either being assessed for certification or are currently going through a documentation and certification process for Altera customers. Each of these IP cores, and several others, represent customer opportunities to undergo certification with support of Altera and IP partners (see Tables 3 and 4).

Table 3. Microprocessors and Graphical Avionics Capability

IP Core Provider Function
NIOS II_SC Hcell Engineering or Altera 32-Bit µP
Avalon® System Interconnect Hcell Engineering or Altera System Interconnect
Simple IP Hcell Engineering or Altera UART
TIMER
CFlash
Graphics IMAGEM Graphics IP

Table 4. Network Avionics Capability

IP Core Provider Function
Time Triggered Protocol TTTech Time triggered protocol
Ethernet MTIP 10/100
10/100/1000
1553 BC/RT HCELL Engineering Bus controller
ARINC 429 Barco and HCELL Engineering Bus controller
PCI PLDA 32/66 MHz
PCI Express PLDA Gen1
ARINC 818 Great River Technology Avionics Digital Video Bus

What Customers are Saying About Altera’s DO-254 Efforts

“Altera is a member of the DO-254 Users Group, since its creation in 2004, to unite the industry efforts in Europe. Altera, with the NIOS II_SC for DO-254, has made all the necessary efforts to understand the objectives for the requirements, development, production, and verification data for their NIOS II_SC processor.”

Lionel Burgaud
DO-254 Group Founder and Chairman

“We have involved Altera and Hcell Engineering since the beginning of our project to have the right level of confidence and documentation to present to EASA.”

Jerome Papineau
Program Manager at Thales Aerospace

“Together with Altera’s Cyclone® II and Cyclone III FPGAs and Nios II embedded processor, we are able to address application requirements for very compact design of distributed embedded systems and smart sensor/actuator modules, that otherwise would require several components—thus reducing system cost and increasing reliability.”

Guenter Motzet
Director Chip IP Design from TTTech