Designing RF ASICs for Space: Understanding the Environmental Challenges of Satellite-Based Electronics

In the first installment of this two-part blog series on space-based ASICs, we delve into the intricate challenges of designing ASICs for the demanding environment of space. The stakes are high; launching and maintaining satellite equipment in orbit is a costly endeavor, so ensuring the effectiveness and reliability of integral components is paramount.


In this article, we’re focusing on the unique environmental challenges that ASICs used on satellites encounter beyond the Earth’s atmosphere. Unlike their terrestrial counterparts, these specialized circuits must withstand extreme conditions that go far beyond the usual demands of electronic components. From the intense radiation to the unforgiving vacuum of space, every aspect of their design demands meticulous attention to detail and precision. This is where the resilience and ingenuity of satellite ASICs truly shine, paving the way for space-based innovation and observation.


Satellite Orbiting Earth.

Satellite Orbiting Earth. 3D Scene. Elements of this image furnished by NASA.


The Unique Environment of Space for Satellite ASICs

The environment of space presents a range of challenges that are vastly different from those on Earth, posing unique hurdles for the design and functionality of RF ASICs on satellites. One of the most significant factors is the extreme temperature variations that space-bound equipment must endure. Unlike the more controlled terrestrial environments, satellite-mounted ASICs can be exposed to temperatures ranging from the intense cold of deep space to the searing heat when exposed to direct sunlight. This extreme range, which can fluctuate by as much as 150°C, demands robust design considerations to ensure the operational integrity and longevity of the ASICs in such fluctuating conditions.


Another critical aspect unique to space is the vacuum environment. This absence of atmosphere affects not only the thermal management of satellite ASICs but also impacts material selection and structural design. In space, the lack of air means that traditional cooling methods through air convection are ineffective, necessitating reliance on thermal radiation for heat dissipation. This shift requires a different approach to thermal management, with a focus on radiation and insulation techniques. Additionally, the vacuum of space can lead to outgassing from materials, potentially causing delamination or other forms of degradation. Ensuring that ASICs are designed with these factors in mind is crucial for their successful operation in the harsh and unforgiving environment of space.


Understanding Radiation and Its Impact on Satellite ASICs

A critical challenge in the design of an RF ASIC destined for space is the management and mitigation of radiation, a pervasive and potentially destructive force in the extraterrestrial environment. Space radiation primarily comprises high-energy particles, including protons and electrons from solar winds and cosmic rays from distant galaxies, which can have severe effects on electronic components. These particles, when interacting with the delicate structures of ASICs, can lead to various forms of damage, such as the buildup of charged particles in the gate oxides of transistors, altering their operational characteristics. In the realm of satellite ASICs, this can manifest as changes in threshold voltages in transistors, potentially leading to malfunction or failure of the circuit. The impact is more pronounced in smaller gate sizes, common in modern ASIC designs, where the probability of radiation-induced damage is significantly higher. Understanding these radiation effects is not only crucial for the initial design but also for the ongoing reliability and functionality of satellite ASICs operating in such a high-radiation environment. This understanding forms the basis for developing effective mitigation strategies to protect these sophisticated components from the harsh realities of space radiation.



Mitigation Techniques Part 1: Design and Material Considerations

When it comes to satellite ASICs, effective mitigation against the harsh radiation of space is achieved through a blend of innovative design and strategic material selection. For RF ASICs, which are integral in communication and signal processing in satellites, the choice of gate material and structure is pivotal. Materials that offer higher resistance to radiation help in reducing the vulnerability of these ASICs to radiation-induced damages, such as threshold voltage shifts, which are critical in maintaining signal integrity and performance. The physical design of the ASICs, including the layout and sizing of the gates, is also tailored with radiation resilience in mind. This is particularly important for RF ASICs, where precision and reliability in signal processing are paramount.


What’s more, the overall packaging of these ASICs plays a vital role in radiation protection. Utilizing radiation-hardened packaging materials and specialized insulation techniques provides an additional defense layer, crucial for shielding the sensitive electronic components from direct radiation exposure. This approach is especially relevant for RF ASICs, as it ensures the integrity and efficiency of communication systems, which are often the lifeline of satellite operations. These design and material considerations form the cornerstone of the development of robust satellite ASICs, ensuring their operational effectiveness and longevity in the challenging environment of space.


Stay tuned for our next blog, where we will delve deeper into advanced mitigation techniques and explore the crucial role of software strategies in safeguarding ASICs against the unpredictable nature of space.


*The opening image of the James Webb Space Telescope is credited to NASA/Desiree Stover.


Medical ASICs: Balancing Power and Performance in Wearable Technologies

When it comes to medical devices, navigating the intricate world of ASICs is something of a tightrope walk. Each step of the design phase involves striking a delicate balance between power, efficiency, and performance, where every gain comes at a cost. Medical ASICs are the beating hearts of potentially life-saving devices that must remain operational around the clock, yet are constrained by the finite capacity of their batteries. In this first part of our two-part blog series, we explore the nuanced tradeoffs that define ASIC design in medical applications, focusing on the harmonization of “always-on” functionality with the critical limitations of power resources, and how these factors interplay to shape battery size and device performance.

Balancing “always on” demands with battery capabilities

The need for “always on” functionality is now commonplace, but nowhere is it more crucial than in the development of wearable medical devices. This presents a formidable challenge when it comes to designing medical ASICs, where high performance meets the stark reality of limited battery capabilities. That’s why custom ASICs, the linchpins in these medical devices, are increasingly engineered with a keen focus on striking this critical balance. But it’s not easy. The battery’s capacity, a finite resource, automatically becomes the defining factor for the device’s energy management and overall functionality. This limitation is even more acute in devices that eschew traditional batteries for innovative energy-harvesting solutions.


However, there are ways of managing this trade-off, particularly when it comes to the strategic decision-making around the device’s duty cycle. Despite the “always on” label, an optimally designed medical device actually spends much of its time in a low-power state, conserving energy by remaining dormant until needed. This is where the ingenuity of custom ASICs shines, employing power gating as an essential tool to control leakage current in transistors – a persistent issue in medical ASICs.


The solution often lies in creating multiple clock and power domains within the ASIC, allowing power to be judiciously supplied to specific subsystems only when necessary. Typically, the most consistently active elements are a low-power timer and a memory buffer, which periodically activate the front-end circuitry for brief data conversion and storage tasks. This selective engagement, a hallmark of sophisticated ASIC design, is pivotal in marrying the necessity of “always-on” functionality with the stringent power limitations that are a hallmark of modern medical devices.


Optimizing performance with limited battery size

The pursuit of high performance in medical ASICs often leads designers into something of a struggle with battery size. High-resolution Analog-to-Digital Converters (ADCs), a staple in many medical devices for their accuracy and dynamic range, typically employ a sigma-delta architecture. This architecture, while cost-effective and precise, can be a significant drain on power resources. The challenge here is to achieve the necessary performance without imposing undue demands on the battery.


In sigma-delta ADCs, a digital filter section effectively trades sample rate for resolution, derived from a relatively simple analog input stage. This setup is ideal for managing interference in noisy environments, common in medical applications. However, the downside is the substantial energy required not just for the oversampling and filtering by the Digital Signal Processor (DSP), but also for the extensive digital post-processing on the host microcontroller. Each capture cycle, therefore, becomes a power-intensive operation, exacerbated by the high latency characteristic of sigma-delta converters, especially when high resolution is desired.


A more energy-efficient approach involves tackling interference closer to its source, using mixed-signal circuitry within the ASIC to address common noise sources. This strategy allows for a cleaner, lower-rate signal to be sent to the microcontroller, reducing overall circuit activity and, consequently, power consumption. Custom DSPs integrated into the ASIC can perform digital filtering of the oversampled signal, achieving two critical goals: reducing the dynamic range requirement for the ADC and enabling transmission of the filtered signal at a lower sample rate. This not only conserves power but also allows for the buffering of output samples within the ASIC, reducing the frequency at which the microcontroller needs to wake up for data processing. In some designs, only specific signal features or events, such as abnormal heart-rate readings, are transmitted, further minimizing power usage and maximizing the efficiency of medical ASICs.


Final thoughts

When it comes to designing medical ASICs, the tradeoffs between “always-on” functionality, performance, and battery size are not just challenges; they’re also opportunities for innovation and optimization. As we have explored, the key lies in intelligent design choices that balance these competing demands, ensuring that medical devices deliver on their promise of reliability and efficiency. Custom ASICs, with their ability to finely tune power states and manage energy consumption smartly, are the counterweights key to mastering this balancing act.


However, the exploration of power and performance tradeoffs is just the beginning. In the next article in this two-part series, we’ll delve into the equally critical aspects of functionality versus form factor and the balancing act between reducing the Bill of Materials (BoM) and managing costs. These considerations are pivotal in shaping the final design and effectiveness of medical ASICs, further demonstrating the nuanced complexity of ASIC design in the medical field. Remember, in this high-stakes arena, understanding and managing these tradeoffs is not just about technical proficiency; it’s about crafting solutions that ultimately enhance patient care and safety.


For more information, contact EnSilica’s expert team

EnSilica to supply beamforming SatCom ICs to Germany’s VITES to enable power- and cost-efficient flat panel terminals for NGSO-constellations

Focus on connectivity systems for moving vehicles. Initial applications include commercial and government land-based vehicles


EnSilica (AIM: ENSI), a leading turnkey supplier of mixed signal ASICs and SoCs, has announced it is to supply VITES with a new beamformer chip for satellite user terminals. VITES will use the chip at the heart of its new ViSAT-Ka-band terminal.

EnSilica’s beam-forming chip is optimised to enable VITES’s creation of power- and cost-efficient ground-based flat panel user terminals for satellite communication systems that can be used across a range of fixed and SatCom on the move (SOTM) applications.VITES specialises in broadband wireless systems for professional applications and has been delivering flat panel terminals based on its own phased array technology since 2019.

Its new ViSAT-Ka-band terminal is intended to be integrated into vehicles for Communications-on-the Move applications. As such it is able to track the movement of low earth orbit (LEO) and other non geo synchronous (NGSO) satellites and allows users to access high-speed connectivity anywhere on the planet while the vehicle is moving.

ViSAT-Ka uses an innovative scalable architecture that enables extremely power efficient TDD and FDD terminals at affordable prices. On this advanced technical base, VITES is developing terminals for both land-based and maritime vehicles of any kind, including for cost and power sensitive automotive applications.

This means that vehicles can access “Always on” broadband connections outside of 4G / 5G network coverage areas, with high throughput, and in an ultra-compact form factor that allows for both retro and line fitting.

Paul Morris, VP of the RF and communications business unit at EnSilica commented:

“EnSilica has been investing in this area for several years working closely with the UK Space Agency, European Space Agency and VITES GmbH. VITES have provided clear terminal requirements so we have been able to optimise our solution for the market. This beamformer chip can be paired with a range of Ka- and Ku-band RFICs including our own EN92030 allowing it to cover the various LEO or GEO constellations. “ 

Martin Gassner, CEO of VITES said:

“For the upcoming NGSO-constellations, quantum leap solutions are required in order to drive performance up, while driving cost and power consumption down. Our new ViSAT-Ka-Band terminals are the solution to these challenges. We’re delighted to be partnering with EnSilica and working closely with them on leading SOTM solutions that are delivering broadband connectivity even when there is no access to terrestrial networks.”


 Fig 1) The ViSAT-Ka-band terminal is intended to be integrated into vehicles for Communications-on-the Move.


Fig 2) Map showing 4G and 5G coverage in US and Germany, with significant areas not served by any operator. Copyright nPerf

For further information please contact:


EnSilica plc

Ian Lankshear, Chief Executive Officer

Via Vigo Consulting

+44 (0)20 7390 0233



Martin Gassner, Chief Executive Officer



+49 (0)89 6088 4600


Sonus PR (Technology Public Relations)

Rob Ashwell

+44 (0)7800 515 001


About EnSilica

EnSilica is a leading fabless design house focused on custom ASIC design and supply for OEMs and system houses, as well as IC design services for companies with their own design teams. The company has world-class expertise in supplying custom RF, mmWave, mixed signal and digital ICs to its international customers in the automotive, industrial, healthcare and communications markets. The company also offers a broad portfolio of core IP covering cryptography, radar, and communications systems. EnSilica has a track record of delivering high quality solutions to demanding industry standards. The company is headquartered near Oxford, UK and has design centres across the UK, in Bangalore, India and in Port Alegre, Brazil.



VITES GmbH (“VITES”) is an innovative German supplier of high-performance broadband wireless systems and customized solutions for professional applications. Main focus is the development of FPA-terminals for SATCOM-on-the-Move applications. These terminals are based on a power efficient active phased array technology, appropriate for any kind of vehicle, including governmental as well as commercial use.

In the areas of public safety, security and disaster management, VITES offers nomadic LTE-/5G- (ViCell) as well as broadband IP-Mesh-Networks (ViMesh). The brand vikomobil 2.0 represents complete customer specific mobile communication nodes (“cell on wheels”) that are energy autonomous and integrate SATCOM.

EnSilica und VITES kooperieren bei der Chipsatz-Entwicklung zur Realisierung energie- und kosteneffizienter Flat-Panel-Terminals für NGSO-Konstellationen

Fokus auf breitbandige SATCOM-Datenanbindung während der Fahrt. Erste Anwendungen umfassen kommerzielle Fahrzeuge und solche der Sicherheitsbehörden


EnSilica (AIM: ENSI), ein führender Anbieter von Mixed-Signal-ASICs und SoCs, gibt bekannt, die VITES GmbH mit einem neuen Beamforming-Chipsatz (elektronische Funkstrahl-Formung) für Satelliten-User-Terminals zu beliefern. VITES wird die ASIC-Entwicklung maßgeblich begleiten und den Chipsatz in seinen neuen ViSAT-Ka-Band-Terminals einsetzen.


Der Beamforming-Chipsatz von EnSilica ist daraufhin optimiert, energie- und kosteneffiziente, bodengestützte Flat-Panel-User-Terminals für Satellitenkommunikationssysteme realisieren zu können, die sich für ortsfeste SATCOM- und mobile SATCOM-on-the-Move-/Communications-on-the-Move Anwendungen eignen.

VITES ist auf Breitband-Funksysteme für professionelle Anwendungen spezialisiert und liefert seit 2019 Flat-Panel-Terminals auf Basis einer eigenen Phased-Array-Technologie.

Integriert in Fahrzeuge, ermöglicht das neue ViSAT-Ka-Band-Terminal der VITES die Konnektivität mit Satelliten während der Fahrt (Communications-on-the-Move, COTM). Das Terminal ist in der Lage, den Funkstrahl vollelektronisch auf die Bewegung von erdnahen Satelliten (LEO, Low Earth Orbit) und anderen nicht geosynchronen Satelliten (NGSO) nachzuführen. Nutzer erhalten damit einen schnellen Netzwerkzugang überall auf der Welt, auch während der Fahrt.

ViSAT-Ka basiert auf einer skalierbaren Architektur, die sehr energieeffiziente TDD- und FDD-Terminals zu erschwinglichen Preisen ermöglicht. Auf dieser fortschrittlichen technischen Basis entwickelt VITES Terminals für Land- und Seefahrzeuge aller Art – auch für kostensensitive Automotive-Anwendungen, die zudem eine sehr geringe Verlustleistung erfordern.

Mit dieser Technologie haben Fahrzeuge auch außerhalb der 4G-/5G-Netzabdeckung Zugang zu „Always-on“-Breitbandverbindungen mit hohem Durchsatz – und das in einer sehr flachen, kompakten Formgebung, die sich gleichermaßen für Nachrüstungen, als auch für die Fahrzeug-Erstausrüstung ab Werk eignet.

Paul Morris, VP der RF and Communications Business Unit bei EnSilica, dazu:

„EnSilica investiert seit mehreren Jahren in diesen Bereich und arbeitet eng mit der UK Space Agency, der European Space Agency und der VITES GmbH zusammen. VITES hat klare Anforderungen für die Beamforming-Chips geliefert, so dass wir unsere Lösung für den Markt optimieren konnten. Der Chipsatz lässt sich mit Ka- und Ku-Band-RFICs kombinieren, einschließlich unserem EN92030 Ka-band-Chip, so dass er die verschiedenen LEO- oder GEO-Konstellationen abdeckt.“ 

Martin Gassner, CEO von VITES, fügte hinzu:

„Für die kommenden NGSO-Konstellationen sind Terminals erforderlich, die in Bezug auf Performance, Energieeffizienz und Herstellungskosten einen Quantensprung darstellen. Diese Anforderungen erfüllen wir mit unseren neuen ViSAT-Ka-Band-Terminals. Wir freuen uns über die Partnerschaft mit EnSilica und die Zusammenarbeit bei der Entwicklung von COTM-Lösungen, die Breitbandverbindungen auch dort ermöglichen, wo es keinen Zugang zu terrestrischen Netzen gibt.“

Bild 1: Das ViSAT-Ka-Band-Terminal misst je nach Version zwischen ca. 16 x 10 cm und 50 x 30 cm und ist für den Einbau in Fahrzeuge für Communications-on-the-Move vorgesehen


Bild 2: 4G- und 5G-Abdeckung in Deutschland, wobei wesentliche Gebiete von keinem Betreiber versorgt werden (Quelle: nPerf).

Kontakt für weitere Informationen:


EnSilica plc

Ian Lankshear, Chief Executive Officer

Via Vigo Consulting

+44 (0)20 7390 0233



Martin Gassner, Chief Executive Officer



+49 (0)89 6088 4600


Sonus PR (Technology Public Relations)

Rob Ashwell

+44 (0)7800 515 001


Über EnSilica

EnSilica ist ein führendes Fabless-Design-Unternehmen, das sich auf kundenspezifisches ASIC-Design für Erstausrüster (OEMs) und Systemhäuser sowie auf IC-Designdienstleistungen für Firmen mit eigener IC-Entwicklung konzentriert. Das Unternehmen besitzt erstrangige Erfahrungen in der Entwicklung kundenspezifischer HF-, mmWave-, Mixed-Signal- und Digital-ICs für internationale Kunden in den Bereichen Automotive, Industrie, Gesundheitswesen und Kommunikation. Darüber hinaus bietet das Unternehmen ein breites Spektrum an Kern-IP für Kryptographie, Radar und Kommunikationssysteme. EnSilica hat umfangreiche Erfahrung in der Lieferung qualitativ hochwertiger Dienstleistungen, die anspruchsvolle Industrienormen erfüllen. Das Unternehmen hat seinen Hauptsitz in der Nähe von Oxford, Großbritannien, und verfügt über Entwicklungszentren in ganz Großbritannien, in Bangalore, Indien, und in Port Alegre, Brasilien.


Die VITES GmbH („VITES“) ist ein innovativer deutscher Anbieter hochleistungsfähiger Breitband-Funksysteme und kundenspezifischer Lösungen für professionelle Anwendungen. Der Schwerpunkt liegt auf der Entwicklung von Flat-Panel-Terminals für Communications-on-the-Move-Anwendungen. Diese Terminals basieren auf einer energieeffizienten aktiven Phased-Array-Technologie, die für jede Art von Fahrzeugen geeignet ist, sowohl für den kommerziellen Einsatz als auch bei Sicherheitsbehörden.

Im Bereich öffentliche Sicherheit und Katastrophenschutz bietet VITES nomadische LTE-/5G- (ViCell) als auch breitbandige IP-Mesh-Netze (ViMesh) an. Die Marke vikomobil 2.0 steht für mobile energieautarke Mobilfunkknoten („Mobilfunkzelle auf Rädern“) die zusätzlich SATCOM integrieren.

ensilica custom asic banner

How to write an ASIC design specification well – Part 3

This is a 3 part blog. If you missed it, click here to read part 1 and part 2.

The 7 Most Common Mistakes and How To Avoid Them

The first step in developing a new ASIC for any function – be it a wireless chip for a wearable healthcare sensor device, an autonomous vehicle ASIC, or a communications system for a satellite – is the specification.

To ensure the product you need is produced, is done so on time and on budget, and that errors aren’t introduced that could require a recall, the specification has to be written clearly and concisely.

In this, the final part, we look at the most common mistakes and how to avoid them.

1) Loose language

The language used in the document matters. It can add clarity, and it can add ambiguity.
For example, there is a big difference between ‘shall’ (expresses a requirement), ‘will’ (makes a statement of fact), and ‘should’ (expresses an aspiration).

2) Not being concise

Requirements should be as concise as possible, and broken down into individual items to give full clarity when reporting compliance during the development.
For example, it is better to say, “The product must do X” and “The product should do Y” versus “The product must do X and should do Y”.

3) Missing information

Any aspect of the product’s functionality that is missing from the requirements will not make it to specification document. And, therefore, will be missing in the product.

4) Lacking rationales

Rationales should be added for each requirement where appropriate.
But note, these should not be extensions of the requirement. And compliance will be determined against the requirement, not the rationale.

5) How vs what

The requirements describe what the product must do rather than how it must provide that functionality.

6) Including non-essential functionality

If something is not essential for the intended product functionality, then it should not be a requirement.

7) Lacking measurability

Requirements should be clear and unambiguous, and terminologies or expressions that are not verifiable should be avoided all costs.

This means subjective statements like “The product must be low power” should be defined to say “The product must consume less than X”.

And for reporting compliance, there must be a way to uniquely identify each requirement. This enables compliance reports to make clear statements such as “Specification S.17 addresses requirement R.49”.

Getting a specification wrong can be catastrophic. By following these seven tips you’ll be well-placed to get it right first time.

If you want to find out more about how EnSilica can help, click here.

How to write an ASIC design specification well – Part 2

This is a 3 part blog. If you missed it, click here to read part 1.

Who Is The Specification For

The first step in developing a new ASIC for any function – be it a wireless chip for a wearable healthcare sensor device, an autonomous vehicle ASIC, or a communications system for a satellite – is the specification.

To ensure the product you need is produced, is done so on time and on budget, and that errors aren’t introduced that could require a recall, the specification has to be written clearly and concisely.
In this, the second of three blogs on the topic, we look at the audiences for needs the specification and the information they need.

“The specification can (and does) act as the communication channel, helping information to flow.”

Who reads it?

There are two audiences.

1) Your internal system development team. If they lack understanding or agreement of the product’s definition, there’s little chance that the development team can successfully deliver what is required.

2) Our development team. Because it’s natural and common for individual members in a development team to read the sections of the specification focused on their tasks… and only these sections, the specification document allows a development team to be structured correctly and the right skill sets brought together to get it right first time.

Potential pitfalls

However, the specification document does not act as a panacea to magically resolve poor communication between customer and supplier. Nor will it fix potential communication problems between people within a development team, however it can (and does) act as the communication channel, helping information to flow.

If you want to find out more about how EnSilica can help, click here.

Click here to read part 1 and part 3.

How to write an ASIC design specification well – Part 1

The Purpose Of The Specification

The first step in developing a new ASIC for any function – be it a wireless chip for a wearable healthcare sensor device, an autonomous vehicle ASIC, or a communications system for a satellite – is the specification.

To ensure the product you need is produced, is done so on time and on budget, and that errors aren’t introduced that could require a recall, the specification has to be written clearly and concisely.
In this, the first of three blogs on the topic, we look at the purpose of the specification to help you avoid some of the most common mistakes.

“One common misconception is that the specification can serve as a datasheet or user manual. It cannot and does not.”

The specification’s purpose

To get it designs right first time, it is crucial to clearly define the required functionality and behaviours that the product must possess; and the specification is there to define these. And to also state that any functionality that is explicitly not required.

Who writes it

Typically, the engineering team generates the specification in collaboration with the end customer. It will be based on a requirements document, which will be provided by the customer.

What the document enables

Instead, the primary role of a specification is to unambiguously set out the customer’s requirements. With each customer requirement directly or indirectly addressed by the functionality defined in the specification.

There should be a clear mapping, (one-to-one / one-to-many), between each customer requirement and each function defined in the specification.

What it should not be used for

One common misconception is that the specification can serve as a datasheet or user manual. It cannot and does not.

What happens once it’s written

Once written, it is essential for the customer and development team to thoroughly review and approve the specification and ensure it adequately meets each requirement.

Additionally, the compliance report prepared by the development team should be reviewed and approved by the customer to make sure everything has been interpreted correctly.

If you want to find out more about how EnSilica can help, click here.

Click here to read part 2 and part 3.

Automotive ASICs and the functional safety standard ISO 26262

Over the past 20 years EnSilica has developed ASICs for several major automotive OEMs and tier-1 suppliers, based both here in the UK and in Europe and the US and these mixed-signal chips have controlled and enabled several functions from power management to ride comfort and, with all of these chips, a series of trade-offs are therefore balanced to achieve the right performance, cost, size, power etc.

Functional safety is obviously a core part of all of these and so, when looking for articles on ISO 26262 in, I recently re-stumbled upon an article written by our head of functional safety, Enrique Martinez, and after reading was glad we only deal with these technical trade-offs for vehicles, and not with the moral dilemmas.

In his article, published in EDN, he cites a 2018 Nature paper on the moral imperatives relating to decisions made by autonomous vehicles and how these vary region by region.

While the paper is, in effect, re-running the old runaway tramcar thought experiment, the differences in who gets protected are quite stark.

For example, Eastern cultures are more likely to protect the old, Southern cultures prefer inaction over purposeful selection, Western ones more likely to protect people of status over vulnerable users like pedestrians (thankfully this last one would be nigh-on impossible to code).

Considerations in developing safety critical SoCs

As mentioned, the article also looks at ISO 26262 and IEC 61508 and is well worth a read, and a summary can be found below:

As Enrique argues: Safety-critical projects require comprehensive safety analysis procedures. And a pivotal role in this process is played by the designer, establishing an understanding of potential malfunctions within a circuit or IP block and implementing mitigation strategies.

To make sure safety measures work, ISO 26262 also mandates that complex SoCs use specialised fault injection software tools to simulate common faults and ensure proper detection and/or correction mechanisms are in place.

Debugging embedded software is never easy, and challenges are further amplified when the code image is in the silicon itself (so traditional debugging tools become less effective /practical). The way around this is by running co-simulation models that encompass both hardware and software, and that give a comprehensive view of the system’s behaviour, even before you get your hands on the silicon itself.

The final key element in creating safety-critical systems is vendor verification, with any device used in applications governed by ISO 26262 needing fabs and subcontractors to demonstrate their ability to manufacture components to automotive safety standards. This means a communication flow with suppliers and customers that strictly adheres to safety plans and development interface agreements (DIA) is essential.

If you need more information than this short summary allows, you can read Enrique’s original article on EDN, here.