ETNdigi issue 2/2020

Page 1

2/2020 TRUST - SECURITY from concept to deployment SPICE MODELS for analog components REDUCE radiation effects on automotive ICs


IoT devices are notorious for their bad security. Luckily new secure flash products come to rescue.


CATCH THE BUGS with UVM callbacks BSoC SECURES your transactions

IN FOCUS Design makes the phone IN FOCUS Easy & secure IoT connection


Page 2

ETNdigi - 2/2020

On Sunday 25th of November everything in Finland changed. The National Bureau of Investigation held a press conference and said that a huge amount of patient records from Psychotherapy Centre Vastaamo had been breaches and the victims - perhaps tens of thousands - are being blackmailed. The "Ransom_man" demanded payments in bitcoins from both Vastaamo and individual patients. The data breach hit the very heart of a digital society. For days the whole country was in shock. Authorities, politicians, organisations, cybersec professionals and the public were all in disbelief. The police acted quickly. The NBI started hunting down the perpetrator working together with international police organisations, cybersec companies and even white hat hackers. It is possible that the criminal behind the attack will never be caught. What is certain, is that the way we see security has changed forever. We thought that databases were secure, but obviously this is not the case. The government has already taken actions aiming to develop standards and methods so sensible data is secured at all times. In a way this is also an impossible task. Many experts say that when data has a connection to the public internet, it is only waiting to be stolen. The hacker will always find a way. It is down to cybersecurity experts to make these crimes as difficult to succeed as possible. It is clear that security needs to be taken into account from the start, whether you´re designing an IoT system or building a data base of sentitive information. For anyone able to design completely secure systems this poses huge possibilities for growth.

Veijo Ojanperä ETN, editor-in-chief

ETNdigi - 2/2020

Stay safe, in every possible meaning of the word. -Veijo Ojanperä ETN, editor-in-chief

ETNdigi editor-in-chief Veijo Ojanperä +358-407072530 sales manager Anne-Charlotte Sparrvik +46-734171099 Advertising prices: ETNdigi is a digital magazine specialised on IoT and embedded technology. It is published 2-3 times a year. ETN ( is a 24/7 news service focusing on electronics, telecommunications, nanotechnology and emerging applications. We publish in-depth articles regularly, written by our cooperation companies and partners. ETN organises the only independent embedded conference in Finland every year. The next Embedded Conference Finland is planned for spring 2021. More info on ECF21 can be found online at The easiest way to access our daily news service is to subscribe to our daily newsletter at tilaa. Cover photo: Edward Howell, Unsplash

Page 3

Embedded Conference Finland will be organised for the 4th time in 2021. In May 2019 we had more than 250 attendees enjoying a very strong technical program. You can find the ECF19 presentations on the event website at The keynotes and a selection of presentations can also be seen as video on the ETNtv Youtube channel. All vital information will be posted on the event website. As before, attending the conference will be free of charge. The registration for ECF21 will be opened early in 2021.

For more information see To book a table top or ask for sponsor packages please contact ETN editor-in-chief Veijo Ojanperä +358-407072530 or Sales Manager Anne-Charlotte Sparrvik +46-734171099

Page 4

ETNdigi - 2/2020



NEWS • No more keys, says NXP. • Where there is code, there are vulnerabilities. • Huawei is a security risk, says Sweden.

17 19 20

IN FOCUS Design makes the phone.


TRUST - SECURITY FROM CONCEPT TO DEPLOYMENT Security is now a key requirement for embedded systems. It can easily be deployed with the Trust platform.


SIMULATE MORE PRECISELY SPICE models have been available for active components for decades - but not for passive ones. Now Vishay delivers.


REDUCE RADIATION EFFECTS ON AUTOMOTIVE ICs An automated, systematic approach can identify design susceptibility to single event upset (SEU) through structural and static analysis.


AC AND DC DATA ACQUISITION MADE EASY ADC sampling induce the problems of aliasing and capacitive kickback, and to solve these problems, designers use filters and driving amplifiers that introduce their own sets of challenges.


CATCH YOUR BUGS WITH UVM CALLBACKS Finding bugs early in the design process is crucial. Callbacks implemented in verification IP can be used for assertion validation in designs using PCIe and other packet-based protocols.


BIOMETRIC SYSTEM-ON-CARDS Add a biometric SoC to a smart card and you get a highly secure solution for transactions, says STMicroelectronics.

ETNdigi - 2/2020

IN FOCUS Easy & secure connection to your IoT device. SECURE YOUR CODE & DATA IoT devices are notorious for their bad security. Luckily new secure flash products come to rescue.

Page 5



You should now take a close loo and car keychain. In the next few longer carry them with us. Instea become digital. This is accomplis technology, said Kurt Sievers, CE Semiconductros, in his opening s company’s virtual NXP Connects

Sievers stressed that the third wave of growth in the semiconductor industry is about to begin. The first was based on the laptop, the second on the smartphone in the previous decade, but the third will get its power through ubiquitous smart IoT devices and edge devices.

- It makes life easier for all of us, Sievers promised.

bringing a Digital Key app to its devices that will unlock electronic keys.

One might ask if the same has not been promised before. With Bluetooth and wifi? According to Sievers, the key difference is that UWB brings security to the centimeter level.

These devices must both adapt to a person’s needs and automatically provide the services he or she wants. - All this must take place in complete safety. Trust is a key part of the future, Sievers explained.

- For example, remote controls hidden by children can be found immediately. The cell phone will alert if our social distance shrinks too much during a pandemic, Sievers assured.

Samsung is part of the FiRa consortium launched by NXP and other big league electronics players, which manages the development of UWB technology and drives its usege in various applications. According to Sievers, UWB will rapidly expand beyond the smartphone. The next step will take UWB to cars where this technology will remove the physical car keys.

An excellent example of future growth areas can be found in our pockets. Sievers firmly believes that we can get rid of physical keys. It will be replaced by a fully secure, digital key that recognizes us and does many things for us automatically. This is all based on shortrange UWB technology.

Page 6

The change has already begun. Apple already introduced UWB technology on its iPhones. Samsung’s Ultra Note20 Ultra and Z Fold2, already on the market, are the first Android phones to feature UWB technology. Samsung's chief technology officer, KJ Kim, said during Sievers' keynote that UWB will become a standard mobile phone technology like Bluetooth and wifi. Samsung is soon

According to Lars Reger (pictured right), NXP’s chief technology officer, the company’s brand name for the UWB ecosystem is Trimension. It allows the smart home to know where a person is. Based on this UWB induced information the smart home system will be able to control heating, lights and open doors. - UWB brings GPS-level positioning indoors. In addition, it is highly robust, that is, it

ETNdigi - 2/2020


ok at your home w years, we will no ad the keys will shed with UWB EO of NXP speech at the s event.

works well among signals from different radios, Reger praised. With FiRa standardization, the technology will work on all devices. For example, picking up a rental car changes completely: booking and payment is made online and digital keys are received directly on your mobile phone, Reger explained.

Virtual really is the new normal When the corona pandemic quickly took over the entire world, physical encounters ended in most countries. Face-to-face meetings were replaced by various online and virtual meetings. There are, of course, a legion of tools for organizing online meetings, and as a general rule, they seem to work quite well. Above all, virtual meetings are effective. No more time spent traveling and parking and getting back to work right after the meeting. As virtual meetings become more common, their etiquette is also learned quickly. In recent years, work was sometimes done insanely inefficiently. In order to get to the 8am London plane in the morning, I had to be on my way to the airport at 6am. The plane arrived at Heathrow Airport at nine local time and usually the event started somewhere in the city center between ten and eleven. Then lunch and back to the airport for another three-hour flight. At home around midnight. Not very sensible or efficient, and certainly not ecological. Not all virtual conferences are the same, though. After attending quite a few during the past few months, I can safely say that there is no one universal tool, application or platform that will automatically turn everything into useful. It is still about the content. It is still about the importance of the message. It is still about making a difference. It seems clear that electronics companies have now come headto-head with this new challenge. How do I make mysef heard when I´m not physically present? Some companies figure that out sooner than others and that can really make a difference. Just a thought: maybe running through a powerpoint is not the way to get your message across?

ETNdigi - 2/2020

Page 7


WORLD´S FASTEST RISC-V CORE ACHIEVES 5 GHZ Micro Magic, Inc. has announced the world’s fastest 64-bit RISC-V core achieving 5GHz and 13,000 CoreMarks at 1.1V. A single Micro Magic core running at 0.8V nominal delivers 11,000 CoreMarks at 4.25GHz consuming only 200mW. Read more at

Where there is code, there are vulnerabilities Cybersec companies need to give their customers tools to see their whole system in realtime, says Rik Ferguson.

NEXPERIA LAUNCHES APPLICATION SPECIFIC FET Nexperia has defined a new MOSFET product group. Application Specific FETs (ASFETs) feature MOSFETs with optimized parameters for specific applications. By focusing on individual applications Nexperia can offer significant improvements. Nexperia is offering ASFET families for battery isolation, motor control, hot-swap and Power over Ethernet (PoE) applications. Read more at

NOKIA: IoT CYBERATTACKS ON THE RISE Cyberattacks on internet-connected devices continue to rise at an alarming rate due to poor security protections. Cybercriminals use automated tools to exploit these vulnerabilities, according to the latest Nokia Threat Intelligence Report. The report found that Internet-connected, or IoT, devices now make up roughly 33% of infected devices, up from about 16% in 2019. Read more at The Nokia Threat Intelligence Report can be found here.

CREE ABANDONS LEDS, FOCUSES ON SiC AND GaN Cree, Inc. announced that the company has entered into a definitive agreement to sell its LED Products business unit to SMART Global Holdings for up to $300 million. Cree, well known as the pioneer of leds, expects to receive an initial cash payment of $50 million upon closing and $125 million to be paid in August 2023. Cree is going through a tranformation focusing on silicon carbide and gallium nitride devices, as well as materials. Read more at

Page 8

Rik Ferguson, the director of security research at Trend Micro painted a rather bleak picture of the future of cybersecurity. The problem is never going away. - Where there is code, there will be vulnerabilities, Ferguson said in a webinar.

- After this, attackers can scan the entire system, all local hard drives, all traffic. Everything.

- And where there are users, there are weaknesses, Ferguson continued. The main problem is the exponential growth of the data. There are so many attacks that corporate security teams can never bridge the skills gap.

According to Ferguson, there are numerous points in the whole process where something could have been done if it had been seen. Security companies have different solutions to get a real-time view of the entire system for all events. Trend Micro's solution is XDR. At the heart of all of these solutions is automation.

Ferguson stressed the importance of seeing the big picture in the fight against cyber attacks. If you´re too close and stare at just one data point or a possible breakpoint, it doesn’t matter what it’s all about. - If you do not know which events led to the breach, it is very difficult to understand what has gone wrong. In Ferguson’s example a company was invaded through a phishing message sent to a salesman. The hackers knew in advance which company and against which employee the attack should be targeted. Once the victim´s email was taken over, it served as a gateway to two ultimate goals: to take over a developer’s Github credentials, and to gain systemwide admin rights.

When attackers caught the developer’s Github credentials, it was easy to contaminate the product code with malicious code.

- The problem is scale. There are so many attacks that it is impossible to go through all the alerts. For this reason, automation, orchestration, machine learning, and artificial intelligence are essential security tools. If the data is new oil, then the algorithms are new refineries, Ferguson formulated. The corona pandemic has significantly changed our working practices and Ferguson expects this change to continue in the coming years. - The big challenge for security professionals will be how to manage data, users, and usage when nothing happens in the organization’s own network, Ferguson concluded.

ETNdigi - 2/2020

Faster, smaller, more memory options Farnell has launched the new Compute Module 4 (CM4) from Raspberry Pi. The CM4 brings the power of the Raspberry Pi 4 to the compute module family and is accompanied by two accessories, the Compute Module 4 I/O (CM4IO) Board and the Compute Module 4 Antenna Kit. CM4 is a faster and more powerful System on Module (SoM) than previous models, offering a greater range of connectivity and memory options for design engineers building embedded solutions. Key features include a small form-factor, greater power efficiency, PCle support and a variety of multimedia interfaces. The power and versatility of CM4 make it an ideal solution for Artificial Intelligence, the Internet of Things (IoT) and a wide range of home and industrial

engineers can integrate CM4 and other Raspberry Pi Compute Modules into new products with confidence.

automation applications. Raspberry Pi products are increasingly being used in product design with an estimated 40-50 per cent of Raspberry Pi boards now being sold to industrial customers and Original Equipment Manufacturers (OEMs). As the highest volume manufacturing partner of Raspberry Pi, Farnell has heavily invested in stock to ensure availability for volume orders, meaning that design

CM4 is based on the acclaimed Raspberry Pi Model 4B single-board computer, with an updated form factor accommodating new interfaces such as dual HDMI, PCIe and Gigabit Ethernet, in a reduced footprint. Access to the processor interfaces and GPIO pins is provided via dual 100 pin high density connectors. For maximum flexibility, CM4 is available with different eMMC flash and DRAM density options, and with optional dual-band wireless connectivity. A “lite” variant is available without the eMMC fitted, making it an ideal solution for cost-sensitive applications. More info @Farnell.

Free tool for embedded Linux GUIs Graphical user interfaces (GUIs) and interactive touchscreen displays provide intuitive user experiences in applications from robotic and machine controls to medical user interfaces, automotive instrumentation and home and building automation systems. A well-designed GUI enables users to process information more quickly and interact more effectively with a product. Microchip Technology has announced a new GUI development toolkit for its portfolio of 32-bit microprocessors (MPUs) running Linux, helping designers of industrial, medical, consumer and automotive graphical displays to reduce development cost and time-to-market. Microchip’s new Ensemble Graphics Toolkit is a free and open-source C++ GUI suite for the company’s SAMA5 and SAM9 series of Arm Cortex-A5 and

ETNdigi - 2/2020

ARM926EJ-S processor-based MPUs including the system-in-package and system-on-module products. The Ensemble Graphics Toolkit is optimized for Microchip’s 32-bit MPUs running the Linux operating system. By taking advantage of underlying hardware acceleration, including graphics controllers and video decoders when available, the toolkit provides a highperformance user experience on low and mid-range graphical displays up to XGA (1024 × 768 pixels) resolution.

with boot times of under three seconds from cold reset that is required for applications such as automotive dashboard clusters.

Optimized code allows a smaller memory footprint, saving BOM cost. The efficient performance relative to other graphics solutions that rely on higher-performance cores and 3D graphical acceleration allows rich GUIs to be created for Microchip’s power-efficient MPUs. In addition, Ensemble Graphics Toolkit and Linux can be optimized for fast cold boot

The Ensemble Graphics Toolkit suite is available without licensing or royalty fees to all developers of graphical interfaces. Toolkit is complementary to Microchip’s bare metal/RTOS-focused MPLAB Harmony Graphics Suite embedded software development framework that also provides a zero-cost, royalty-free graphical user experience.

Page 9


Data revolutionizes everything

Data revolutionizes everything, said Cadence Design Systems CEO Lip-Bu Tan in the virtual CadenceLIVE 2020 event opening speech. This is reflected in all the major technology trends: 5G, industrial IoT, hyper-class data centers, robotic cars and artificial intelligence. - All this data needs to be processed, stored, transferred to data centers and analyzed, Lip-Bu Tan said. Data has long been talked about as a “new oil”, but the truth is that the revolution has only just begun. - 90% of all data has been generated in the last two years. 80 percent of this data is

unstructured, i.e. video, for example, and only two percent of the data is analyzed, the CEO of Cadence recalled. Still, Lip-Bu Tan predicts that all data will become real-time by 2025. This, in turn, is not possible with current systems. In edge devices the latency is less than a millisecond, at the edge of 5G less than 20 milliseconds, but a visit to a data center takes a hundred milliseconds. - In practice this means data cannot be sent to the data center and back, Lip-Bu Tan said. This means that the systems need to be changed. Devices — other than data centers — are moving to a new

Moore’s Law is slowing down and the price of a transistor is going up which poses huge challenges to semiconductor design, Lip-Bu Tan concluded.

generation of faster memory technologies, such as PCM and MRAM. Network switches and data centers are moving from 12.5 terabit switching to 25.6 terabits and a new class of 51.2 terabit is already coming. - Currently, for example, photonics is quite a bottleneck if we want to move to the 800G class in backbone networks, Lip-Bu Tan emphasized. The job of Cadence as an EDA company is to support the designers of these systems. The company has a new Intelligent System Design strategy, under which it has introduced more than 20 new products over the past three years.

Circuit design has to migrate to the cloud As circuits become more complex and larger, their design and functional verification require more and more computing capacity. The EDA power house Cadence says that cloud based design is increasingly necessary.

circuit simulation completed “overnight”. They need 10 times more computing power and they need it now.

rule checking in the cloud service is up to 16 times faster than with 24 CPU computing system.

Of course, computing capacity can be built locally by investing in your own data center. However, its utilization rate is difficult to keep high. It also comes at a high cost to maintain.

Cadence has its own Cloud product portfolio that it offers to its customers. Of course, the customer can make their own agreements with cloud service providers, but the platform managed by Cadence is a more straightforward approach. More than a hundred customers already trust it, Joshi said.

According to Ketan Josh, the key is that it is a familiar environment and flow for the designer. Simulation, DRC verification, or verification must be successful in the same way as using local tools.

In the cloud service resources are better managed. The team or organization pays only for the resources it needs, praised Ketan Joshi, Cadence’s director of cloud business.

If a company wants to manage cloud design themselves, Cadence also offers cloud-native CAD tools under Cloud Passport. They come with cloud-based license models.

The requirements speak in favor of this development: design teams want the

The benefits of the cloud are obvious. For example, DRC verification, or design

Page 10

The same is true for the hybrid model, which uses both on-premises computing capacity and the cloud. Cadence manages the interface between local and cloud computing. This is important because customers have not yet moved their design projects in to the cloud on a large-scale. Most customers rely on some sort of hybrid model. Photo: Unsplash

ETNdigi - 2/2020

Autonomous electric transport is here

FASTER MEMORY TO SMARTPHONES Micron Technology has launched the uMCP5, the industry’s first universal flash storage (UFS) multichip package with low-power DDR5 (LPDDR5) DRAM. The multichip package uses Micron’s LPDDR5 memory, high-reliability NAND and leading-edge UFS 3.1 controller to power advanced mobile features previously only seen in costly flagship devices using discrete products. Read more at

WORLD´S SMALLEST BLUETOOTH MODULE Swedish Einride has launched the next generation of the groundbreaking Pod making it commercially available on a global scale for the first time. In 2019 Einride became the first in the world to drive a fully autonomous and electric heavy transport vehicle on a public road, and has been testing and operating Pods at select customer sites in Sweden. - We started this journey in 2016 with a dream to build a better future through technology. Years of hard work and dedication from the whole team at Einride have made us the leader in AET, and today we are taking the next step to bring our solutions to the world, said Robert Falck, CEO and founder of Einride. The new Pod features a refined design, making it more aerodynamic and functional but also preparing it for wide-scale production and commercialization. For the first time, the Pod is available for orders for those looking to transition away from the analog, inefficient diesel transport solutions of today to a freight mobility solution that is safer, more sustainable, and more costeffective. Most self-driving vehicles are designated by SAE J3016 levels of autonomy, ranging from purely

ETNdigi - 2/2020

assistive (level 0) to fully autonomous, able to drive anywhere on their own under any conditions (level 5). As these standards rely on some level of human operation, Einride needed to develop a proprietary methodology for describing the use cases for Autonomous Electric Transport. The AET classification system ranges from levels 1 to 5, and levels 1 to 4 are available for pre-order based on individual business needs. AET 1 (Fenced) is ideal for closed facilities with predetermined routes that are best suited for fullyautonomous operation. AET 2 (Nearby) includes closed facility operation, but adds the capability to traverse public roads over short distances between destinations. Both AET 1 and 2 Pods are available for reservation now, and will begin shipping to customers starting next year. AET 3 (Rural) takes the Pod’s functionality to the next level, allowing operation on backroads and less busy main roads between facilities, at a maximum operating speed of 45 km/h. Finally, AET 4 (Highway) includes fully autonomous operation on freeways and other major roads at up to 85 km/h. Levels 3 and 4 are available for pre-order, and will ship to customers in 2022-2023.

LG Innotek of Korea has announced the smallest Bluetooth module in the market. The heart of this module consists of a super thin PCB substrate (250μm), developed and manufactured by the Austria-based market leader for high-end interconnection solutions, AT&S, in its location in Chongqing, China. By applying the sophisticated anylayer technology with stacked micro vias from top to bottom, it was possible to achieve the LG requirements in terms of package density. Read more at

ToF CAMERA SEES 10 METRES Infineon with cmd technologies have launched the 6th generation REAL3 ToF camera. The sensor has a resolution of 40K pixels at 5 meters and 0.6K pixels at 10 metres. The 3D sensor market in smartphones for rear side cameras is expected to grow up to more than 500 million units per year until 2024. Read more at

10 000 PPI DISPLAY Stanford researchers and collaborators in Korea have developed a new architecture for OLED displays that could enable televisions, smartphones and virtual or augmented reality devices with resolutions of up to 10,000 pixels per inch (PPI). The advance is based on research by Stanford University materials scientist Mark Brongersma, who was initially put on this research path because he wanted to create an ultra-thin solar panel design. Read more at

Page 11


The embedded sensor module finally has a standard PICMG, a leading consortium for the development of open embedded computing specifications, has announced the ratification of the MicroSAM specification. MicroSAM is a new microcontroller-agnostic, ultrasmall form-factor module for the enablement of smart sensors.

market. MicroSAM enables a fundamentally different IIoT architecture, offering a distributed architecture with true Plug and Play network integration. The specification defines a 32 x 32 mm hardware platform for sensor vendors wishing to quickly create smart sensors.

MicroSAM is the first specification in a series of IIoT-related open standards to reach ratification. It is the only open hardware specification to date that addresses the fast-growing sensor

MicroSAM fills a need not currently addressed by other industry specifications; namely, a compact module targeted at microcontrollers for each of the Industrial IoT sensor nodes. The processing performance and I/O connectivity are targeted toward the sensor interface. MicroSAM may exist in parallel with other embedded technologies, where MicroSAM devices provide sensor connec-

MicroSAM connects directly to sensors. The module supplies power and transfers signals to the sensor and back.

tivity, and PICMG standards such as COM Express, CompactPCI Serial or MicroTCA provide higher layers of control. TECHNICAL HIGHLIGHTS MicroSAM extends and co-exists with the existing open-sourced microcontroller ecosystem by offering a standards-based solution that has been designed specifically for embedded use. Some of its key technical advantages are: • Full industrial operating temperature range • Small size (32mm x 32mm) • Low power consumption • Power filtering and signal conditioning for embedded installations • Reliable industrial-grade communications • Direct connectivity to a variety of sensor types (analog voltage, analog current, digital) • Latching connectors for secure connectivity • PWM output for motion control applications

Huawei and ZTE ousted from Swedish 5G Hi3G Access, Net4Mobility, Telia Sverige and Teracom have been approved for the 5G mid-band auction ( 3.5 GHz and 2.3 GHz) in Sweden. The auction in the 3.5 GHz band starts on November 10. The Swedish Post and Telecom Authority has decided on licence conditions that address the assessments made by the Swedish Armed Forces and the Swedish Security Service. According to the new conditions Chinese vendors Huawei and ZTE are not allowed to supply equipment to the 5G applicants.

Page 12

New rules state for example, that • New installations and new implementation of central functions for the radio use in the frequency bands must not be carried out with products from the suppliers Huawei or ZTE. • If existing infrastructure for central functions is to be used to provide services in the concerned frequency bands, products from Huawei and ZTE must be phased out 1 January 2025 at the latest.

According to the Swedish Security Service China is one of the greatest threats to Sweden. The Chinese state carries out cyber espionage in order to promote its own economic development and to develop its military capability. It does so through comprehensive intelligence collection and theft of technology, research and development. This is something we have to take into account as the 5G network is being built. We cannot make compromises when it comes to Sweden's national security, says the Swedish Security Service.

ETNdigi - 2/2020

Secure your OT network new devices feature efficient performance with up to 30 Mbit/s VPN throughput and 20 concurrent connections. Following the same look and feel as the awardwinning Lock 500, the new 200 series have 2/2 x Digital I/O, industrial screwon DC power connector connection inside a compact and robust housing with built-in DIN rail bracket. Lock 250 has an integrated WiFi that offers an alternate connectivity method and doubles as a wireless device access point.

Tosibox from Oulu of Finland has announced a new generation TOSIBOX Lock 200 series with two efficient connectivity devices: Lock 250 and Lock 210. They are designed to secure industrial operational networks (OT). An operational network is a network of users, devices and systems consisting from both legacy applications and new era technology requiring remote access, data collection and network management. Tosibox is the world’s first purpose-designed connectivity solution for creating and managing global operational networks. The new TOSIBOX Lock 200 series industrial routers serve as endpoints for secure remote connections in operational networks.

- We have listened to the market needs and that is where all our product development gets originated. Thinking outside-in is in the very core of our strategy and this kind of lean product development projects are a great implication of our strategy execution, especially in turbulent times like these. We want to help our business partners to create new revenue streams and solve their customer’s needs, wants and headaches. That’s how we build a better business together, says Jarno Limnéll, CEO at Tosibox. All Tosibox OT network components are compatible with each other and include end-to-end encryption between devices. Patented and audited security features ensure that the routers adhere to the highest levels of industry safety and security standards.

More info can be found at

SK HYNIX TO BUY INTEL NAND MEMORY BUSINESS SK hynix will pay US $9 billion for the Intel NAND memory and storage business, which includes the NAND SSD business, the NAND component and wafer business, and the Dalian NAND memory manufacturing facility in China. Intel will retain its Intel Optane business. Read more at

QUALCOMM WANTS ITS SHARE OF THE 5G BASE STATION PIE Qualcomm has announced a full portfolio of 5G infrastructure semiconductor platforms designed for macro base stations with massive MIMO to micro base stations with compact designs. The company introduced three new 5G RAN platform offerings, which are the world’s first-announced solutions purposely-designed from the ground up to support leading mobile operators in the deployment of a new generation of converged, open and virtualized RAN (vRAN) networks. Read more at

5G SPEED RECORD HITS 5 GBPS Verizon, Ericsson and Qualcomm Technologies have teamed up to continue driving development forward by being the first in the world to demonstrate 5G peak speeds of 5.06 Gbps. Using 5G mmWave spectrum with carrier aggregation, the companies combined eight separate channels of spectrum to achieve the multigigabit speeds. Read more at

1200 V MOSFET ON SiC Toshiba Electronics Europe has launched a 1200V silicon carbide (SiC) MOSFET for high power industrial applications including 400V AC input AC-DC power supplies, photovoltaic inverters and bi-directional DCDC converters for UPS devices. The new TW070J120B power MOSFET is based upon SiC, a new wide bandgap material that allows devices to deliver high voltage resistance, high-speed switching, and low On-resistance when compared to conventional, siliconbased MOSFETs and IGTBs. Read more at

Powered by the latest chipsets, the

ETNdigi - 2/2020

Page 13


80 WATTS OF POWER WIRELESSLY Xiaomi of China has introduced the 80W Mi Wireless Charging Technology. With 80W power the technology is capable of filling a 4,000 mAh battery to 10% in 1 minute, 50% in 8 minutes and 100% in just 19 minutes. For comparison, 30W Mi Wireless Charging Technology from 2019 was capable of charging a similar battery to 50% in about 25 minutes, and 100% in 69 minutes. Read more at

ORGANIC BATTERY DEMONSTRATED IN SWEDEN Researchers at the Laboratory of Organic Electronics in the university of Linköping have for the first time demonstrated an organic battery. It is of a type known as a “redox flow battery”, with a large capacity that can be used to store energy. The researchers used the conducting polymer PEDOT for the electrodes, which they have doped to transport either positive ions (cations) or negative ions (anions). The water-based electrolyte they have developed consists of a solution of quinone molecules, which can be extracted from forest-based materials. Read more at

FIRST LOW-POWER DAC WITH NONVOLATILE MEMORY Microchip has announced MCP47/48FxBx8 which is a family of octal 12-bit DACs. These are the first DACs to include nonvolatile memory and an integrated Voltage Reference (Vref) source so they can be pre-configured for safe and efficient power-up without relying on the system processor. Read more at

BLE REACHES 1.3 KILOMETRES STMicroelectronics has revealed its latest Bluetooth LE SoC, with long range for up to 1.3 kilometres. The ultra-low-power radio is optimized to consume as little as 3.4mA in receive mode, just 4.3mA when transmitting, and less than 500nA quietly waiting for wakeup events, cutting by half the size of battery needed in most applications and prolonging runtime. Read more at

Page 14

One DPU can replace 125 processor cores Nvidia announced a new kind of processor at the company´s GPU Technology Conference. DPUs are data processing units supported by DOCA, a novel data-centerinfrastructure-on-a-chip architecture that enables breakthrough networking, storage and security performance. According to Nvidia founder and CEO Jensen Huang the data center has become the new unit of computing. - DPUs are an essential element of modern and secure accelerated data centers in which CPUs, GPUs and DPUs are able to combine into a single computing unit that’s fully programmable, AIenabled and can deliver levels of security and compute power not previously possible. Nvidias DPU roadmap features the new BlueField-2 family of DPUs and Nvidia DOCA software development kit for building applications on DPUaccelerated data center infrastructure services. Optimized to offload critical networking, storage and security tasks from CPUs, BlueField-2 DPUs enable organizations to transform their IT infrastructure into state-ofthe-art data centers that are

accelerated, fully programmable and armed with “zero-trust” security features to prevent data breaches and cyberattacks. A single BlueField-2 DPU can deliver the same data center services that could consume up to 125 CPU cores. This frees up valuable CPU cores to run a wide range of other enterprise applications. Nvidia’s current DPU lineup includes two PCIe products. The BlueField-2 DPU features all of the capabilities of the Nvidia Mellanox ConnectX-6 Dx SmartNIC combined with powerful Arm cores. The fully programmable solution delivers data transfer rates of 200 gigabits per second and accelerates key data center security, networking and storage tasks. The BlueField-2X DPU, which includes all the key features of a BlueField-2 DPU enhanced with an Nvidia Ampere GPU’s AI capabilities that can be applied to data center security, networking and storage tasks. Utilising Nvidia’s 3rd generation Tensor Cores, the BlueField-2X DPU is able to use AI for real-time security analytics, including identifying abnormal traffic, and encrypted traffic analytics at line rate.

ETNdigi - 2/2020

Renesas promises RISC-V product line

GaN MAKES CHARGERS FASTER AND SMALLER STMicroelectronics has unveiled MasterGaN, the world-first platform embedding a halfbridge driver based on silicon technology along with a pair of gallium-nitride (GaN) transistors. The combination will accelerate the creation of next-generation compact and efficient chargers and power adapters for consumer and industrial applications up to 400W. Read more at


Renesas Electronics has announced a technology IP cooperation with Andes Technology, an advanced supplier of RISC-V based embedded CPU cores and associated SoC development environment. Renesas selected the AndesCore 32-bit RISC-V CPU cores to be embedded embed into its new applicationspecific standard products that will begin customer sampling in the second half of 2021. - We are thrilled that Renesas, a top-tier global MCU provider has designed Andes RISC-V cores into their pre-programmed applicationspecific standard products. Renesas and Andes share the same vision to welcome the era of RISC-V being the mainstream CPU instruction set architecture (ISA) for SoC´s, said Frankwell Lin, President of Andes Technology. - Not only does this represent a milestone for Andes, but it marks the arrival of the open-source RISCV ISA as a mainstream computing engine. Renesas customers will benefit from a modern ISA constructed for the needs of 21st century computing, Lin added.

ETNdigi - 2/2020

- The scalable range of performance, selectable safety features, and customization options provided by the Andes RISC-V core IP enables Renesas to provide innovative solutions for future application-specific standard products, said Sailesh Chittipeddi, Executive Vice President, General Manager of Renesas’ IoT and Infrastructure Business Unit. The delivery of Renesas’ preprogrammed ASSP devices based on the RISC-V core architecture, combined with specialized user interface tools to set the application programmable parameters, will provide customers with complete and optimized solutions. This capability eliminates the initial RISC-V development and software investment barrier. In addition, an extensive network of regional Renesas partners with specialized expertise will provide cutting edge and sharply focused customer support.

More info on Andes RISC-V cores can be found at

Physicists at Aalto University and VTT Technical Research Centre of Finland have developed a new detector for measuring energy quanta at unprecedented resolution. The type of detector the team works on is called a bolometer, which measures the energy of incoming radiation by measuring how much it heats up the detector. Read more at

SECURED LIFECYCLE FOR IoT Infineon Technologies helps IoT device makers reduce firmware development risks and accelerate time-to-market with a highly integrated IoT lifecycle management solution. This industry’s first solution combines the well-known PSoC 64 Secure MCUs with Trusted Firmware-M embedded security, the Arm Mbed IoT OS, and the Arm Pelion IoT platform to securely design, manage, and update IoT products without the need for custom security firmware. Read more at

FIRST DDR5 DRAM MEMORY HITS THE MARKET SK Hynix of Korea has launched world’s first DDR5 DRAM. The DDR5 memory supports transfer rate of 4,800 - 5,600 Megabit-persecond (Mbps), which is 1.8 times faster than the previous DDR4 generation. For comparison, it can transmit 9 full-HD movies (5GB each) per second with 5,600Mbps transfer rate. Its operating voltage is 1.1V being lowered from 1.2V of DDR4, which cuts the power consumption by 20%. Read more at

Page 15

ETN is a Finnish technology media for everyone working, studying or just interested in technology. Through website with daily news and technical articles, daily newsletters and columns ETN covers every aspect of high technology. We cover automation, devices, networks, embedded, power, test & measurement, design & programming, manufacturing and distribution. All in Finnish.

For advertising and editorial cooperation, contact us Editor-in-chief Veijo Ojanperä +358-407072530 Sales Manager Anne-Charlotte Sparrvik +46-734171099

Page 16

ETNdigi - 2/2020


Design makes the phone HMD Global is a four-year-old company, but still a startup. From the very beginning, Nokia phones have been striving for a Finnish and distinctive look and feel. Hundreds of different models and prototypes are made every year under the leadership of the head designer Miika Mahonen.

The Nokia 8.3 5G has some design choices that have raised questions. For example, there is a dedicated physical button on the left side of the device for Google Assistant. Why did HMD made this design decision?

HMD's design team has eight employees, many with a background in Nokia's design team. The same design language is applied to different devices: simplified, strong, timeless, reliable, high quality. The task is not easy.

The fingerprint sensor placed on the right edge is another example and has received more praise. - The fingerprint sensor on the side was challenging because it had to fit in a smaller space. The sensor size and contact area are also smaller. At the edge of the phone the usability of the sensor is very good. The sensor is accurate and fast and the development work was very successful, Mahonen praises.

The latest work sample from Mahonen's team is the recently launched Nokia 8.3, which is also HMD's first 5G phone. As usual, the product-specific design of the 5G phone began about a year before its launch. - A total of 5 designers and other designers were involved in the design of Nokia 8.3. Industrial designers, material designer, graphic designer and packaging designer. The project started with a concept that defined the specs of the device. Usually we design many concepts, of which the best candidate is selected and developed into a finished product. In the Nokia 8.3 project we made many different models before choosing the best one. - We use 3D and 2D CAD tools for design. All designs are modeled with 3D software and models are made into mockups and prototypes. Materials and colors are also tested in models and protos, Mahonen explains. Smartphones from different manufacturers can sometimes be difficult to tell apart, and Mahonen admits this difficulty in design. - Technology determines a lot about the look of a product. The most prominent part is the display and the display technology determines the size and basic shape of the product. The battery also largely determines the shape of the devices. - Battery technology is constantly being developed and, as you can see from the new phones, the batteries are already quite large compared to the phones a couple of years ago. A smartphone is a communication device that includes antennas, and antennas bring their own needs and limitations to design. - Now that we are moving to 5G technology, the structure becomes even more complex and requires a lot of development work, Mahonen emphasizes.

ETNdigi - 2/2020

- The button offers better integration with Google Assistant and also fast use, Mahonen explains.

Mahonen emphasizes that simplicity and good usability are important in the design of Nokia phones. - In Finnish and Nordic design philosophy, simplicity is beautiful. Simplicity and precise design of all details make the product and design longlasting. It will stand the test of time and look good for years to come. The Nokia 8.3 5G still includes the old audio connector, although it has already disappeared from many other manufacturers' devices. Decisions about connectors or even moving to a new interface are big questions for the designer. - We always study the technologies of the future. If the technology is at a mature level and suitable for the market, we will drive development forward. Then there is the iconic Nokia logo. Until now, Nokia phones designed by HMD have had a physical logo. When the screen occupies nearly one hundred percent of the front surface, will the physical logo disappear? What will replace it? - With the logo, we want to strengthen the brand identity. As display technology defines the front of a lot of planning, wellmade unique Detailing such as our logo fits in it perfectly. We are working with new models and in the future, changes can certainly come as technologies change. However, Mahonen refuses to reveal any more about future solutions for Nokia phones. - We are already working hard with really interesting concepts for the future, he concludes.

Page 17

U N LO C K Y O U R 5 G F U T U R E . The emergence of 5G is bringing about rapid change. Analog Devices can help you keep pace. From testing and integrating 5G technology to leveraging it for real world applications in AI, autonomous transpor t, healthcare and more, we’re helping the world’s leading companies navigate the complexities. Get the key to your 5G future from the exper ts at ADI. ANALOG.COM/5G

Page 18

ETNdigi - 2/2020


Easy&secure IoT CONNECTION Jacob Lunn Lassen Microchip

Adding a secure connection between your IoT device and the cloud should not be an obstable. With easy-to-use development boards it´s not. Jacob Lunn Lassen of Microchip explaines.

C. What features and advantages do Microchip’s MCU have?

Microchip Technology’s AVR-IoT and PIC-IoT WG development boards have overcome the main obstacles that have, till now, limited the possibilities to accelerate prototyping and innovation in the IIoT environment. With Wi-Fi connectivity, security and A. What are (or will be) the issues of the Industry IoT market cloud connectivity, the AVR-IoT and PIC-IoT boards are a perfect starting point when connecting a variety of applications in 2020 in Microchip’s opinion? —ranging from wireless sensor nodes to intelligent lighting systems—to the cloud for remote command or control. With One of the great challenges of industrial IoT (IIoT) 4.0 is to their combination of a powerful, yet simple, AVR or PIC identify the “right application” and the “next big thing.” IIoT 4.0 microcontroller, a CryptoAuthentication secure element and a is often talked about in general terms and for many industrial fully certified Wi-Fi network controller companies it is abstract – abstract module, these plug-and-play boards in a way that makes it difficult to make it easy to connect embedded innovate. Often, conversations applications to the Google Cloud. The within the industry turn in the Click connector makes them ideal for direction of “well, you can make sensor prototyping, using existing Click connected sensors that measure modules or by adding the sensor type ‘any’ kind of data in your facility.” required to solve the engineering This broad association to the challenge at hand. technological marvel that is IIoT, Control your connected design with the powerful hinders today’s customers from yet efficient ATmega4808 MCU, which features When using Microchip’s boards, the identifying the innovative and main connectivity and security obstacles Core Independent Peripherals (CIPs) designed to game-changing solutions that will are eliminated. Now developers can help drive their productivity and handle more application tasks with less code. quickly design and evaluate new IIoT 4.0 quality - and competitiveness - to concepts on a small scale in new levels. So, how can we open up the conversation to help collaboration with industrial partners. This enables rapid better identify and advance a customer’s IoT needs? learning and fast iterations, quickly and easily turning ideas and concepts into solutions. Rapid IIoT 4.0 prototyping optimizes a Start small and iterate! Ask questions like, “what is the biggest head-ache with this part of the production line?” For example, if customer’s cost and efficiency greatly, with the potential to create a novel breakthrough in the way the industrial industry their answer is belt slippage that causes an unsteady flow of operates. units, then the IIoT provider can offer specific sensors that check when slippage starts to occur. This would allow the For design houses to be successful in driving the IIoT 4.0 customer to run the belt at the intended speed all the time, innovation, it is important to partner with the right developers. making adjustments as soon as the issue emerges. Planned Cloud and cloud processing require skilled software and web maintenance and real-time adjustments are always less costly developers. And, as data goes from small to big, data analysts than unexpected line-down situations. and AI experts will also be required. IIoT providers and industrial companies that do not adopt rapid prototyping to B. In Microchip’s opinion, what MCU function in the future develop advanced automation and monitoring solutions are will be required from Industrial automation market? likely to struggle in today’s competitive marketplace. Very few Sure … “just put together a couple of sensors!” It may sound companies have the skills, time and money to create the secure simple, but it’s not. The reality is that rapid prototyping is WiFi solutions required to accelerate prototyping and IIoT 4.0 necessary for rapid innovation, and the right building blocks are innovation. Therefore, adopting the building blocks, like already available today, helping providers better identify their Microchip’s AVR-IoT and PIC-IoT development boards, and customer’s needs and customers better understand what harnessing the knowhow offered by the right developers, can providers and IIoT 4.0 have to offer for the efficiency of their greatly benefit those companies looking to excel in the facility. industrial market.

ETNdigi - 2/2020

Page 19

SECUR CODE Hung-Wei Chen Winbond

IoT devices are notorious for their bad security. No wonder the number of security breaches is growing almost exponentially. There are ways to protect your IoT devices, though. Like using new secure flash products that provide security in the hardware level.

No embedded device manufacturer would claim that the exposure of connected devices to security threats is due to vulnerabilities in the security components available on the market today. This would be ridiculous: it is easy to find specialist components such as secure elements or high-end systems-on-chip (SoCs) which will implement sophisticated forms of cryptography, secure onchip key storage, power analysis and other security functions. Properly integrated into system designs, these components provide a strong shield for the device which hosts them. So if security components are readily available, why do successful attacks on embedded, connected devices continue on a daily basis? After all, the evidence of cyber attacks on

Page 20

electronics systems is abundant. Independent research shows that the number of cyber attacks on IoT devices in the US surged by 300% in 2019 compared to a year earlier. At the same time, it is estimated that some 57% of US IoT devices are vulnerable to attacks of a medium or high severity, and that each breach of an IoT end-point costs on average $9m. The financial cost of a successful cyber attack is due not only to the loss of revenue caused by service outage. Other costs include damage to the product manufacturer’s brand, potential penalties from government authorities for breaching security regulations, and the diversion of skilled and expensive engineering resources from productive development work

to urgent recovery and repair measures. Regulation in this area also continues to tighten, forcing IoT device manufacturers to pay attention to compliance requirements. The EU Cybersecurity Act and China’s Cybersecurity Law impose wideranging requirements backed by independent testing of device vulnerability, while the California Consumer Privacy Act imposes fines of $2,500 on companies for each unintentional violation. But despite all these costs and rules, compromised end-points remain vulnerable. In some cases, this will be because of a vulnerability in some part of the system beyond the secure element or secure SoC. Most commonly, such a vulnerability is in a standard external Flash memory

ETNdigi - 2/2020

RE YOUR E & DATA storing critical code or data. In other cases, a device is exposed to cyber attacks because the system has no secure element or secure SoC, and so lacks the sophisticated protection that it would provide.

grade protection. Often featuring a standard Flash memory package footprint and pin-out, and controlled via the standard SPI NOR Flash instruction set, these secure Flash


In both cases, the barriers to the implementation of hardware-level security are generally cost and difficulty. And it is true that high-end, payment-grade security components aimed at financial products such as payment terminals and mobile phones are technically complex and difficult to implement for engineers who are not security specialists. But now a new generation of secure Flash memory products has come to the market to provide a secure hardware foundation for embedded devices which do not require payment-

ETNdigi - 2/2020

memories are easy for general embedded device designers to implement, but provide a comprehensive set of security functions to protect connected devices from attack on a system’s integrity or data privacy.

It’s traditional to conceive of non-volatile memory as a simple device: bits are written to it, and the same bits are then read out. It’s generally thought of as a storage, not as a processor. In fact, of course, every NOR Flash memory used for code or application data includes logic to control memory operations and communications with the host via a serial peripheral interface. Secure Flash devices build on and extend this logic block to provide security functions alongside the memory control functions. Fig. 1: the W77Q can institute a secure channel to a trust centre in the cloud for over-the-air software updates even when the host SoC has been compromised. (Image credit: Winbond)

Flash memory manufacturers such as Winbond have developed this new generation of secure Flash products because of

Page 21

attack, and to provide for compliance with regulations such as the EU Cybersecurity Law’s Basic and Substantial levels of security functionality, Winbond has developed a multifunction secure NOR Flash memory, the W77Q, part of its TrustME family of secure Flash products. In addition to secure authentication, the W77Q provides: • Resilience: protection, detection and recovery, to ensure that an IoT device can automatically reboot into known safe code even after a cyber attack has attempted to disable it. • Root-of-trust to enable authenticated communication with the host SoC and with external systems such as cloud computing services. • Secure data storage

Fig. 2: The W77Q can always be trusted to maintain platform health by implementing protection, detection and recovery. (Image credit: Winbond) the limitations of the embedded Flash memory provision in microcontrollers and SoCs. While advanced microcontrollers and SoCs have migrated to wafer fabrication processes at nodes smaller than 20nm, the scaling of embedded NOR Flash has not followed suit. This means that in the latest MCUs and SoCs, a scaled embedded floating-gate flash process is not available, and the capacity which is available is often not large enough to store the sophisticated software code which MCUs or SoCs are intended to run. So in today’s embedded device designs, application code is more commonly stored in an external Flash memory device. But if the device is connected – particularly if it is an IoT device connected to the internet – the boot code in external Flash is vulnerable to attack, and data is vulnerable to theft or intrusion, unless the memory device itself is shielded by comprehensive security function-

Page 22

ality. This is the value of a secure Flash device operating in tandem with the security functions of the host MCU or SoC. THE KEY CAPABILITIES OF SECURE FLASH The reason for replacing standard external NOR Flash in an IoT endpoint with secure Flash, then, is to protect the integrity of boot code and application data. Various secure Flash devices on the market provide some form of secure storage. At its most basic, this security functionality provides for secure, encrypted authentication: this means that the Flash device will only permit the authorised host to perform Read and Write operations, protecting the data from being accessed by any device other than the host SoC. But this provides only a limited form of security protection. To protect against the many types of cyber

• Secure channel from Flash to a trust authority in the cloud for overthe-air firmware updates. This channel means that the memory can update to a new version of boot code independently of the SoC, and even when the SoC has itself been compromised (see Figure 1). The W77Q has been assessed by an external, accredited laboratory. It complies with the requirements of the EU’s GDPR privacy legislation, and provides the ‘Substantial’ level of protection as specified by the EU’s Cybersecurity Act. It holds security certifications including CC EAL2 (VAN.2), IEC62443, SESIP and the Arm Platform Security Architecture (PSA) certification. Resilience is particularly important for IoT devices – and is a capability missing from most secure Flash products. In some devices, such as utility meters, physical intrusion (tampering) is a common form of attack for which protection is required. Large, very valuable assets such as power generation plants or military bases might be subject to physical intrusion into a local area network. For IoT devices, however, the main

ETNdigi - 2/2020

Fig. 3: comprehensive protection against cyber attacks requires the implementation of a layered set of security capabilities. (Image credit: Winbond)

threat is a scalable cyber attack exploiting a remote connection via the internet to the entire population of installed devices. The US National Institute of Standards and Technology’s (NIST) SP 800-193 standard specifies mechanisms which protect firmware and configuration data from such attacks, and which can detect and recover from successful attacks. The W77Q provides the resilience functions required to conform to this standard. Resilience has three elements: protection against attack, detection of attacks, and recovery from attack (see Figure 2). Functions such as encrypted authentication to prevent attempts by unauthorized devices to access data provide protection against attack. An attack might be successfully carried out on the host SoC, however, so the W77Q maintains the ability to detect when an attack has taken place. For instance, it checks that stored code has not been corrupted automatically, whenever the code is up-

ETNdigi - 2/2020

dated or accessed. It can also scan code on the instruction of the host device. If the W77Q detects that an attack has been successful and that, for instance, the compromised, authentic SoC has corrupted its own boot code, the Flash device automatically and with proper authentication recovers the platform firmware. It does so via its ‘Safe Fallback’ function, which reinstates boot code to a known safe version. This Safe Fallback function is backed by an authenticated watchdog timer, which can force the host SoC into a clean boot using the known safe code. SECURITY FUNCTIONALITY AVAILABLE FOR ALL Winbond’s approach in developing the W77Q has been to provide an off-the-shelf set of layered security capabilities to enable easy deployment by customers (see Figure 3).

With the W77Q, Winbond provides: • End-to-end, out-of-the-box security, with no need for prior security expertise • Fast deployment • A complete solution backed by compatible products from security software vendors • Simple security certification • Affordability By providing this comprehensive set of capabilities in a familiar SPI NOR Flash package with a standard footprint, Winbond can help ensure that no IoT device needs to go to market without proper protection against cyber attack.

More information about Winbonds TrustME product family can be found on the company website.

Page 23


Page 24

Security is now a key requirement for embedded systems. The desire to connect devices to the internet to make it easier to control them and pull live data from their sensors brings with it a high risk of hacking. The hacking activity does not put at risk just individual devices but entire networks.

ETNdigi - 2/2020

The direction is clear: vendors cannot go to market without an IoT product secure by design. The issue for device manufacturers as they look to harness the power of the IoT for their systems is the complexity of implementing effective and relevant security mechanisms. It is easy to see the fundamental need for authentication and encryption in these systems. But implementation has been much harder to achieve. There are multiple components, both software and hardware, that are needed to create a secure foundation for an embedded system. A weakness in any one of them can easily lead to the hardware being compromised and loaded with malware that is used to attack an operator’s network or to leak sensitive data to cybercriminals. At the same time, many design teams are confronting for the first time the development difficulties presented by security concerns. One of the core requirements for effective security is that each deployed device should have its own unique identity. A common flaw exploited by hackers is to have devices provide a common password or login for use by service and maintenance engineers. The details of this login are often easy to guess and even if they are not they are usually easily obtained by a hacker. With this login, it is possible to gain access to not just one device but the entire fleet. Cybercriminals were able to create botnets—armies of identical computers used in denial-of-service attacks—through the use of simple automated scripts. The scripts identified and logged into each device of a certain type that had an internet connection. With a unique identity, it is possible to give each system its own security credentials and greatly reduce the chance of giving hackers an easy way to construct botnets. Only if an authorized user has the right credentials for a particular device should they be allowed access.

ETNdigi - 2/2020

However, this increased level of protection has ramifications for the design, development and service management processes. Implementing effective security in a way that facilitates rather than impedes development involves careful choices. The first choice is over the hardware foundations employed to protect the integrity of the target device. This foundation ensures that it is impossible not just to access the core firmware of the device without authorization but to ensure its functions cannot be subverted and the device used to

which is typically used to verify messages. As its name suggests, this key can be distributed widely without compromising security. And it provides an easy way for anyone to send secure messages to a device, just as long as they know which public key to use. The device itself needs the private key which allows to sign messages sent to it which will be verified by the corresponding public key. From the basic PKI operations, it is possible to construct more structured authentication models, such as digital certificates that

A secure element is a vault that protects secrets, it’s a companion device to the microcontroller. attack the network. For example, if a hacker has obtained access credentials for one device, it must be impossible to convert another to accept those same credentials in order to form, for example, a botnet. As a result, identity and integrity are intimately tied. The public-key infrastructure (PKI) provides a means for establishing and proving a unique trusted identity not only within the device itself but across a network. PKI relies on the concept of asymmetric cryptography, a technique that links two numeric keys together mathematically. One is a public key,

demonstrate the identity of a device. To create a digital certificate, a device signs a message or challenge creating a signature using the private key. The corresponding public key is used by the recipient to determine the validity of the signature. The private key clearly needs strong protection. It is not enough to just program a key into non-volatile memory on a device before it is deployed as it’s easily accessible. The private key should never be disclosed. If there is a disclosure, it is possible for hackers to build their own clone devices. These are then able to impersonate and spoof the

Page 25

authentic device and so compromise the security of networked applications which depend on the data sent by the device. A problem for a conventional microcontroller-based design is that any cryptographic software running on the processor core needs access to the private key in order to perform the necessary calculations assuming the key is in the controller. The core hardware requirement therefore is a secure element used to fold those cryptographic operations into a standalone piece of protected hardware together with secure storage for the private keys. As the key and cryptographic functions stored together inside the same physical secure boundary, there is no need to send sensitive data over the system’s internal bus. Instead, when the system needs to communicate securely or prove its identity, it calls upon the secure element to respond to a random challenge. The response to this challenge is a code derived arithmetically from the random part of the challenge and the relevant private key stored inside the secure element. In other words, the random challenge is signed by the private key. In this way, the secure element can demonstrate that it holds the appropriate secret but does not need to disclose the sensitive private key itself. The secure element can also protect

the device from counterfeit code that an attacker might attempt to run and use to try to compromise the system. The protection mechanism that is needed to prevent this is a code verification, sometimes known as a secured boot or a runtime code verification. In this case, the challenge sent to the secure element is a signature obtained from the signed boot image stored on the device. Any updates to the code have to be signed by the OEM using its private key. Through secured boot and runtime verification procedures, the system can support over-the-air updates provided by the manufacturer without the risk of running updates provided by a third party using a man-in-the-middle attack or a similar approach. This key used to verify the code signature is a sensitive credential that will and so should live in a protected and immutable memory zone. If the key can be altered, the system would simply not work. If the key pair can be altered then the code can similarly be tampered with. An example of effective protection can be found in the Microchip Technology ATECC608B. This is a secure element that can be used with in any microcontroller-based system thanks to its use of a standard I²C or Single-wire communication link. The device combines a non-volatile memory with several crypto-accelerators designed to support algorithms

The development flow with Microchip’s Trust Platform.

Page 26

based on elliptic-curve algorithms, for example, in a secure silicon. The device never reveals private keys through the communication link and includes a number of anti-tampering hardware features that make it practically not feasible to discover its contents. Although a secure element coupled to a microcontroller provides an effective foundation for building connected embedded devices that can guarantee high security, this combination is only part of the overall solution. There are many usecases that involve constructing complex protocols in embedded software out of the core functions a secure element provides. For example, in addition to secure boot, an IoT device will need to be able to communicate with remote hosts using encrypted protocols such as TLS and generate certificates on demand that show that the device has not been compromised when it wants to connect to a new service. When the manufacturer or service operator wants to send a code update, that firmware’s signature will need to be verified before the flash memory is updated and the system rebooted. A further requirement may be the ability to detect system accessories or consumable cartridges and determine whether they are authentic. This function can be performed using protocols that are similar to those used to build the code verification example, but with some key differences. For example, each peripheral may have its own secure element that is used to check that the host system into which it is plugged is itself authentic. Although the principles behind each of the protocols that implements these functions are reasonably straightforward, implementation can be difficult because the ability to debug problems is constrained by the need for the system to obey the secure protocols.

ETNdigi - 2/2020

The ordering/ delivery flow of Microchip’s Trust Platform.

A common assumption during development is that pressing the reset button or flushing the contents of memory will let engineers gain access to an unresponsive device. Debug modes generally give the developer privileged access to the system. But when the higher levels of security required for systems that will be connected to the internet are introduced, some of these assumptions no longer apply. Failure to implement software in the right way can lead to the prototype device becoming unreachable. The most troublesome parts of secure-system development lie in the debugging of the core protocols. For example, it is easy to introduce bugs into the code used to process passcodes or security certificate that cause the device to be unable to respond to valid requests. If it were possible to reset the device to gain access, the facility would provide hackers with an easily exploitable backdoor into the system. As a result, securityfocused development introduces hurdles into the development process. They are difficult to deal with if the team does not have experience of the techniques that are required. However, one advantage of systems built on a PKI infrastructure is that applications can be built on top of core protocols and use-cases, such as the verification of signed executables and certificate creation,

ETNdigi - 2/2020

that can be reused across many projects. Such insight helped lead to the creation of Microchip’s Trust Platform. This platform provides a suite of configurations, source code, hardware and software tools designed to make it easy for customers to implement a wide variety of use-cases in a workflow that guides the user from concept to implementation based on hardware that includes a secure element such as the ATECC608B. The Trust Platform divides into three main offerings. The simplest is Trust&GO, which provides a fixed set of functions, such as giving a device access to cloud services hosted on AWS, Google Cloud, Microsoft Azure or a private cloud. Another configuration supported by Trust&GO is a complete secure authentication solution for devices that need to connect to a LoRaWAN wireless network. TrustFLEX provides an additional level of customization with support for a wide range of operations from secure boot to certificate generation. The third option, TrustCUSTOM, provides customers with the ability to tune the creation and integration of secure elements into their desired security model. An important element of the Trust Platform that eases access to security compared to other offerings

is the way in which the secure key provisioning service can be deployed on low-volume applications. With competing secure-element supply chains, the minimum order quantity can be 100,000 because of the overhead involved in setting up the initial certificates and keys that need to be programmed into the hardware in the supplier’s secure manufacturing production line. With Trust&GO, customers can buy secure elements starting 10 units per order and have all the support of the Trust Platform infrastructure, including provisioning. For TrustFLEX, the minimum order quantity is as low as 2,000 units also including provisioning, but still provides the user with the greater level of control over certificates, keys and applications that might be expected from customized secure supply-chain solutions. Under the Microchip Trust Platform, customers have access to highly customizable security mechanisms with much lower development and deployment risk than existing solutions. The combination of tools, source code and supply infrastructure provide a path for embedded systems developers to gain access to a complete securely provisioned system that works from concept to deployment, reducing the development process from months to days.

Page 27



José Angel Iglesias Mazuelos, Rutronik Alain Stas, Vishay

SPICE models have been available for active components for decades - but not for passive ones. Vishay provides a precise SPICE model for a temperature sensor that enables much more precise simulation than generic models. With the advent of IoT applications, electromobility and increasing industrial automation, the precise simulation of passive components, such as temperature sensors, is becoming increasingly important. Complex mechatronic problems require powerful software to perform difficult calculations, and efficient simulation models for electronic components.

model that enables much more precise simulation than generic models.

Since there are hardly any realistic models available for passive components, generic models are often used. Such simulations provide qualitatively correct results, but their accuracy is limited.

If this setup is to be used for temperature measurement, the circuit diagram can be described as shown in image 1 (right).

For a temperature sensor circuit based on an RTD resistor, however, Vishay provides a precise SPICE

Page 28

The active part of the measuring circuit consists of an operational amplifier LTC2063, which was launched onto the market by Analog Devices in 2017, and which is characterized by an extremely low current consumption of just 2 µA.

An SMD platinum sensor (PTS1206) from Vishay with accuracy class 1B serves as the input signal for the temperature measurement. This type of linear temperature sensor has

become increasingly popular in the automotive industry since attaining its AEC-Q200 standard qualification, as it provides a good alternative to conventional SMD NTCs for applications involving high stability and temperature requirements. Another key advantage of the PTS over NTCs is the linearity of the electrical characteristic. Although NTCs are more sensitive than RTDs, they are not nearly linear enough over the wide temperature range from -40 °C to +85 °C, even after linearization. Analog Devices does of course provide a usable LTspice model for this circuit, which is available to download from [1]. In this, the PTS sensor is represented by a variable resistor (image 2, above).

ETNdigi - 2/2020

Engineers who are familiar with simulations will notice a particular detail in this model: Although this is a temperature measurement circuit with a specified overall accuracy of ±1 °C, the variable temperature (global ambient temperature) does not appear anywhere - neither in the SPICE directives nor in the definition of the PTS. To save users of LTC2063 models from having to delve into the PTS

Image 1. LTC2063 circuit diagram.

ETNdigi - 2/2020

data sheets, Vishay has explicitly included the SPICE model for DC temperature sweep. This extended model enables the following features: • Adjusting/passing through the temperature • Visualizing the influence of the TK tolerances of the PTS • Fine-tuning/determining the feedback resistance • Testing the circuit with Monte Carlo

tolerances of all passive components (fixed resistors, PTS) • Calculating the effective output voltage accuracy of the LTC2063 as a measure of temperature in °C (image 3, p. 30) Image 3 shows that the circuit itself, including all component tolerances, has a linear temperature characteristic (top window) with a total accuracy of mostly ±1 °C (bottom window) - which had to be proven. The analysis could be taken deeper, such as with a dynamic temperature change over time for the PTS sensor. However, this would require a different SPICE model for the sensor. This could be used to demonstrate an important effect: the response of the sensor over time. If the sensor turns out to be too slow for the planned application, a smaller sensor - such as in the 0805, 0603 format, or even smaller - is a good alternative.

Page 29

Image 2. Measurement setup for Ltspice simulation.

The example shows that a SPICE model provided by the sensor manufacturer complements the simulation model for the IC outstandingly well. It also shows that there are numerous possibilities for developments in the field of temperature sensor simulation. The simulation described in this article can also be found in [2].

References: [1] [2] [3] [4] docs/28899/ptsat.pdf

Page 30

Image 3. LTC2063 has a linear temperature characteristic (top) with a total accuracy of mostly ¹1 °C (below).

ETNdigi - 2/2020

Want to join us?

• ETNdigi is a special digital magazine from ETN. We cover components, test & measurement, radios & networks and the whole scope of embedded software. To put it short: Everything related to embedded design. • In 2021 we plan to publish two magazines. The 1st one is planned for May, the 2nd issue for October-November. • Want to join us? Just contact ETN editor-in-chief Veijo Ojanperä at or our sales manager Anne-Charlotte Sparrvik at More info about the pricing can be found at

ETNdigi - 2/2020

Page 31

Reduce radiation on automotive ICs

Jacob Wiltgen Mentor Graphics

Companies remain continually challenged to deliver feature-rich products on time and on budget, while simultaneously ensuring high availability and correct operation under all conditions. Therefore, the demand for high availability is driving the need for more robust verification of random hardware faults. Faults can be caused by many different mechanisms, but within the context of this article the term fault refers to these random hardware faults.

This article describes an automated, systematic approach to identifying design susceptibility to single event upset (SEU) through structural and static analysis. ISO 26262 is the state-of-the-art safety standard guiding the safety activities and work products required for electronics deployed in an automotive system. It requires that a design be protected from the effects of radiation-based events that have the potential to violate a safety goal. In automotive applications, radiationbased events fall under the term random hardware faults, which are unpredictable throughout the operational life of a vehicle. The diagram below outlines a generic ASIC development flow in grey. When developing an ASIC compliant to ISO 26262 there are additional phases, which are shown in blue. Traditionally, expertise-driven judgement has been the technique commonly deployed to identify failure modes due to random hardware faults. The creation of a Failure Modes Effects Diagnostic Analysis (FMEDA) is both a common approach and the work product when estimating failure modes. An FMEDA uses mission environment, failure rate data, and

Page 32

target technology to calculate design susceptibility to faults. There are number of drawbacks associated with depending solely on expert-driven fault analysis: • Not repeatable • Not exhaustive • Does not scale well • Difficult for third-party IP, legacy IP, or machine-generated code Fortunately, a new breed of verification technologies and a three-phase methodology has been born to assist experts in analyzing, protecting, and testing a design for random fault detection and mitigation effectiveness. This three-phase methodology is guided by automation to systematically protect a design from faults and prove through metrics that this has been fully accomplished. PHASE 1: FAULT ANALYSIS Augmenting expert analysis with automated structural analysis of fault protection and the logic it protects provides a higher level of confidence and reduces the iterations required to develop a robust design. Such solutions

ETNdigi - 2/2020

n effects enable engineers to accurately estimate metrics, such as fault coverage (DC), which is an indication of how much of the design is protected from faults. There are many advantages of using this more automated, structural approach over traditional, manual fault analysis approaches. Fault analysis can be subdivided into two activities. The first activity is an initial design assessment which validates the accuracy of expert judgement and metrics such as failure in time (FIT) and DC. Structural connectivity information is used to identify areas of the design that can be impacted by faults and, correspondingly, how effective fault protection logic is at mitigation. This bottom-up approach provides a high level of accuracy compared to a top-down, expert-driven analysis. Instance and end-to-end analysis represent the two types of analysis used to calculate FIT and DC. End-to-end structural analysis estimates the fault coverage of end-to-end protection mechanisms covering multi-cycle logic. Using this technique, the fault coverage is calculated for all gates and state elements between the generation and check points of protection mechanisms. Data path parity and CRC are common examples of multi-cycle protection mechanisms.

mitigation strategy which provides the desired level of fault protection while simultaneously meeting power and area requirements. When deciding on a safety strategy, an engineer has many safety mechanism choices, each with their unique level of effectiveness and impact on power and area. Understanding these varying efficacies and impacts is critical in guiding the exploration of different mitigation strategies. Some fault mitigation techniques also have the ability to detect errors, while others are more advanced and can correct single bit errors. During this step, engineers perform a series of “what-if� experiments to understand the impact of different fault mitigation strategies on power, area, and fault coverage. This exploration is performed without modification to the design, allowing for multiple parallel analyses. The outcome of exploration is a clear understanding of the design enhancements required to meet the safety requirements. PHASE 2: FAULT PROTECTION Fault protection circuitry comes in a variety of flavors, each with its own level of effectiveness in detecting faults. Typically protection mechanisms are bucketed as either fail-safe or fail-operational. Fail-safe mechanisms are capable of fault detection but do not guarantee correct operation through the fault. Fail-operational protection mechanisms are capable of detecting and correcting random hardware faults. Fail-operational protection typically involves redundancy and incurs a

Figure 1. ASIC development flow modifications for ISO 26262 compliance.

Instance analysis estimates the effectiveness of fault protection on hardware mechanisms that protect single instances like modules or flip flops. Using this technique, the fault coverage is estimated for the protection mechanisms protecting state elements, modules, and their localized cones of logic. Three common examples of instance level protection are flip-flop parity chains, full module level duplications, and memory ECCs. In the event the initial coverage assessment identifies gaps in fault protection, a strategy for mitigation must be derived. This strategy typically consists of either modifying existing or adding additional fault protection hardware. The second activity is safety exploration. The objective of exploration is to identify a

ETNdigi - 2/2020

Page 33

The primary objective of fault verification is to inject faults into a design, propagate the faults in simulation, and identify if the fault is detected. Using the results of fault injection, the overall fault coverage is calculated by comparing faults detected by protection mechanisms to the entire fault state space.

Figure 2: End-to-end structural analysis.

Figure 3: Instance structural analysis. higher resource utilization but provides the added benefit that the design will continue to function correctly through the fault. After insertion, logical equivalency between the original and enhanced design must be performed to ensure that no functional deviation has been introduced. PHASE 3: FAULT VERIFICATION Fault analysis can prove that a design is protected once protection mechanisms are in place, but it is important to prove that the design

operates correctly in a faulted state. Fault verification must be performed by simulating the design’s behavior in a faulted state to ensure correct operation. One simple example would be a CRC error causing a recovery mechanism to fail. Even if the CRC logic was implemented correctly, a recovery mechanism that caused the retransmission of a packet could be in error. Fault verification closes the loop by ensuring that the design is robust and will operate correctly through faults.

Figure 4: Calculating fault coverage from fault classification.

Page 34

It is not uncommon for designs to have millions of potential fault nodes, so every means must be taken to reduce the fault list to a minimal set of fault nodes and then leverage automation to inject faults as efficiently and effectively as possible. Purpose-built fault simulators have been developed to address these gaps and challenges. To achieve maximum performance, three levels of concurrency are deployed. First, faults are injected using a concurrent fault injection algorithm that provides parallelism across a single thread. Multithreading and multicore adds another level of fault injection concurrency. Lastly, fault injection jobs are further distributed across the larger machine grid. Fault management oversees the job distribution and the coalescing of the resulting data. CONCLUSION The evolving size and complexity of designs demand the use of more automated and scalable techniques in the development of ICs used in automotive applications. Manual processes for developing and validating safety mechanisms do not scale to very large designs, are not conclusive or exhaustive, and are not easily repeated. Mentor, a Siemens Business, offers a suite of automated, formal verification and analysis tools and apps that deliver a much more effective, higher quality, and repeatable process for fault analysis, protection, and verification. As part of the Siemens Xcelerator portfolio, this solution arms project teams with the technology and information they need to create next-generation fault tolerant designs today.

ETNdigi - 2/2020

High-accuracy MEMS inclinometer with Machine-Learning core

The IIS2ICLX digital inclinometer boosts safety and stability in industrial automation and structural-health monitoring.

ETNdigi - 2/2020

Find out more at: Page 35

AC and DC dat


Wasim Shaikh and Srikanth Nittala, Analog Devices

This article describes continuoustime sigma-delta (∑-Δ) ADCs that inherently and dramatically solve the sampling problems by simplifying signal chains. They remove the need for antialiasing filters and buffers, and solve signal chain offset errors and drift issues associated with the additional components. These benefits shrink the solution size, ease solution design, and improve the phase matching and overall latency of the system. This article also draws a comparison with discrete-time converters and highlights system benefits, as well as the constraints of using continuoustime sigma-delta ADCs. SAMPLING FUNDAMENTALS Digitization of data involves the two fundamental processes of sampling and quantization, as shown below in Figure 1. Sampling is the first step wherein a continuous-time varying analog signal x(t) is converted into a discrete-time signal x(n) using sampling frequency fS. The result is evenly separated by a period of 1/TS (fS = 1/TS). The second step is quantization,

Page 36

which approximates the value of these discrete-time samples to one of the finite possible values and is represented in digital code, as shown in Figure 1. This quantization to a finite set of values leads to error in digitization called quantization noise.

In order to understand the implications of aliasing in both the time and frequency domain, first consider the case of a time domain representation of a single tone sine wave sampled as shown in Figure 2. In this example, the sampling frequency, fS, is not at least 2fa, but only slightly more than the analog input frequency, fa, thus failing to meet the Nyquist criterion. Notice that the pattern of the actual samples produces an aliased sine wave at a lower frequency equal to fS – fa.

Figure 1. Data sampling. The sampling process also results in aliasing, in which we see foldback from input signals and its harmonics around sample and hold clock frequency. The Nyquist criterion requires that the sampling frequency be at least twice the highest frequency contained in the signal. If the sampling frequency is less than twice the maximum analog signal frequency, a phenomenon known as aliasing will occur.

Figure 2. Aliasing: representation in the time domain.

The corresponding frequency domain representation of this scenario is shown in Figure 3. The Nyquist bandwidth is defined to be the frequency spectrum from dc to

ETNdigi - 2/2020

ta acquisition


Sampling phenomena in analog-to-digital converters (ADCs) induce the problems of aliasing and capacitive kickback, and to solve these problems, designers use filters and driving amplifiers that introduce their own sets of challenges. This makes achieving precision dc and ac performance in medium bandwidth application areas a challenge and designers end up trading off system goals to do so.

fS/2. The frequency spectrum is divided into an infinite number of Nyquist zones, each having a width equal to 0.5fS. In practice, the ideal sampler is replaced by an ADC followed by an FFT processor. The FFT processor only provides an output from dc to fS/2; that is, the signals or aliases that appear in the first Nyquist zone.

equal to | ± KfS ± fa|, K = 1, 2, 3, 4, and so on. Now consider the case of a signal that is outside of the first Nyquist zone in Figure 3. The signal frequency is only slightly less than the sampling frequency, corresponding to the condition shown in the time domain representation in Figure 2. Notice that even though the signal is outside the first Nyquist zone, its image (or alias), fS – fa, falls inside. Returning to Figure 3, it is clear that if an unwanted signal appears at any of the image frequencies of fa, it will also occur at fa, thereby producing a spurious frequency component in the first Nyquist zone.

Figure 3. Aliasing: representation in the frequency domain.


Consider the case of a single frequency sine wave of frequency fa sampled at a frequency fS by an ideal impulse sampler (see Figure 1). Also assume that fS > 2fa. The frequency domain output of the sampler shows aliases, or images, of the original signal around every multiple of fS; that is, at frequencies

For high performance applications, system designers need to combat quantization noise, aliasing, and switched capacitor input sampling issues resulting from the sampling process. Both types of precision ADCs—that is, successive approximation registers (SARs) and sigma-delta ADCs, available in the

ETNdigi - 2/2020

industry— are designed using switched capacitor-based sampling techniques. QUANTIZATION NOISE In an ideal Nyquist ADC, the LSB size of the ADC will determine the quantization noise that gets added to the input, while doing analog-todigital conversion. This quantization noise is spread over the bandwidth of fS/2. To combat quantization noise, the first technique is oversampling, which is sampling the input signal at a much higher rate than the Nyquist frequency to increase the signal-to-noise ratio (SNR) and the resolution (ENOB). In oversampling, the sampling frequency is chosen to be N times the Nyquist frequency (2 × fIN), and as a result the same quantization noise has to now spread over N times Nyquist frequency. This also relaxes the requirements on the antialiasing filter. Oversampling ratio (OSR) is defined as fS/2fIN, where fIN is the signal BW of interest. As a general guideline, oversampling the ADC by a factor of four provides one additional bit of resolution, or a 6 dB

Page 37

increase in dynamic range. Increasing the oversampling ratio results in overall reduced noise and the dynamic range (DR) improvement due to oversampling is ΔDR = 10log10 OSR in dB. Oversampling is inherently used and implemented together with an integrated digital filter and decimation functionality. The basic oversampling modulator in sigmadelta ADC shapes the quantization noise such that most of it occurs outside the bandwidth of interest,

typical sigma-delta ADC. The noiseshaping slope depends on the order of loop filter H(z) (see Figure 11) and is (20 × n) dB/decade, where n is the order of the loop filter. The sigmadelta ADC achieves a high resolution in-band by a combination of noise shaping and oversampling. In-band bandwidth is equal to fODR/2 (ODR stands for output data rate). Higher resolution can be obtained by increasing the order of the loop filter or by increasing the oversampling ratio.

Figure 4. An example of oversampling. resulting in an increased overall dynamic range at low frequencies, as shown in Figure 4. The digital low-pass filter (LPF) then removes the quantization noise outside the bandwidth of interest, and the decimator reduces the output data rate back to the Nyquist rate. Noise shaping is the other technique to reduce the quantization noise. In sigma-delta ADCs, a low resolution quantizer (one bit to five bits) is used inside a loop after the loop filter. A DAC is used as feedback to subtract the quantized signal from the input, as shown in Figure 5.

Figure 5. Noise shaping. The integrator will keep summing up the quantization error resulting in shaping of the quantization noise to higher frequencies, which then can be filtered using a digital filter. Figure 6 illustrates the power spectral density (PSD) of the output x[n] of a

Page 38

Figure 6. Oversampling and noise shaping plot.

ALIASING To combat aliasing in high performance applications, higher order antialiasing filters are used to avoid any amount of foldback. An antialiasing filter is a low-pass filter that band limits the input signal and ensures that there is no frequency component in signal beyond the bandwidth of interest that can fold back. The filter performance will depend on how close the out-ofband signal is to fS/2, and the amount of attenuation required. For SAR ADCs, the gap between the input signal BW and sampling frequency is not huge, hence we need a higher order filter that calls for a complex, higher order filter design with more power and more distortion. For example, if a 200 kSPS sampling speed SAR has an input BW of 100 kHz, the antialiasing filter will need to reject an input signal of >100 kHz to make sure there is no aliasing. This requires a very high order filter. Figure 7 shows

the steep curve demand.

Figure 7. Alias requirement. If a sampling speed of 400 kSPS is chosen to relax the order of the filter, the rejection is needed for >300 kHz input frequency. Increasing the sampling speed will increase the power, and for double speed, the power would also be doubled. Further oversampling at the cost of power will further relax the antialiasing filter requirement, as the sampling frequency is much higher than the input BW. In sigma-delta ADCs, input is oversampled at a much higher OSR, so the antialiasing filter requirement is relaxed as the sampling frequency is much higher than the input BW, as shown in Figure 8.

Figure 8. Antialiasing filter requirement in sigma-delta. Figure 9 gives an idea of the AAF complexity for SAR and discretetime sigma-delta (DTSD) architectures. If we take a –3 dB input bandwidth of 100 kHz to achieve 102 dB attenuation at sampling frequency fS, a secondorder antialiasing filter will be needed for a DTSD ADC while getting the same attenuation at fS will require a

ETNdigi - 2/2020

fifth-order filter using a SAR ADC. For a continuous-time sigma-delta (CTSD) ADC, the attenuation is inherent, so we don’t need any antialiasing filter. These filters can be a pain point for system designers, and they have to optimize them for the droop they provide in the band of interest and provide as much rejection as possible. They also add a lot of other errors like offset, gain, phase error, and noise to the system, thus

Figure 9. AAF filter requirement for various architectures.

performance of the ADC, implying that the driving amplifier needs to settle quickly after the kickback event. This leads to the need for a high bandwidth driver that can support fast settling and absorb the kickback of the switched capacitor operation. In switched capacitor inputs, whenever the sampling is ON, the driver immediately has to supply the charge for the hold capacitor. This sudden surge in current can only be provided in time if the driver has sufficient bandwidth capabilities. Due to the parasitics of the switch, there will be kickback on the driver at the time of sampling. If the kickback does not settle before the next sampling, it will result in an error being sampled, thus corrupting the ADC input. Figure 10 shows the kickback on the DTSD ADC. If, for example, the sampling frequency is 24 MHz, the data signal needs to settle within 41 ns. Since the reference is also a switched capacitor input, a high

reducing its performance. Also, high performance ADCs are differential in nature, so we need twice the number of passive components. To get better phase matching in multichannel applications, all the components in the signal chain must match well. As a result, components with tighter tolerance are required. SWITCHED CAPACITOR INPUT Switched capacitor input sampling relies on the settling time of sampled input onto a capacitor, creating a demand for charging/discharging transient current when the sampling switch is turned on/off. This is called kickback on the input and calls for an input driving amplifier that can support these transient currents. Also, the input is required to be settled at the end of the sampling time and the accuracy of the input sampled determines the

ETNdigi - 2/2020

Figure 10. Sampling kickback. bandwidth buffer is also needed on the reference input pin. These input signal and reference buffers add to noise and drop the overall performance of the signal chain. Furthermore, the distortion components from the input signal driver (around the S&H frequency) further adds to antialiasing requirements. Also, with switched capacitor inputs, changes in the sampling speed will result in varying input current. This could result in retuning of the system for reducing

gain error generated in the driver or the preceding stage while driving the ADC. CONTINOUS-TIME SIGMA-DELTA ADC A CTSD ADC is an alternative sigmadelta ADC architecture that takes advantage of principles such as oversampling and noise shaping, but that has an alternative means of implementing the sampling operation that delivers significant system benefits. Figure 11 shows a comparison of a DTSD architecture and CTSD architecture. As we see in the DTSD architecture, the input is sampled before the loop. The loop filter H(z) is discrete in time and implemented using switched capacitor integrators. The feedback DAC is also switched capacitor-based. As there is sampling at the input, which will result in an aliasing problem from fS, an additional antialiasing filter is required on the input before it is sampled. CTSD does not have a sampler at the input. Rather, it is sampled at the quantizer inside the loop. The loop filter is now continuous-time using continuous-time integrators, and so is the feedback DAC. Similar to the quantization that gets shaped, the aliasing due to sampling gets shaped as well. This results in an almost nonsampling ADC, making a class of its own. The sampling frequency of the CTSD is fixed, unlike in the DTSD where the sampling frequency of the modulator can be easily scaled. Also, CTSD ADCs are known to be less tolerant to jitter than switched capacitor equivalents. Off-the-shelf crystal or CMOS oscillators provide low jitter clocks to ADCs locally, which helps avoid transmitting low jitter clock over isolation and reduces EMC. The two primary benefits of CTSD are the inherent alias rejection and

Page 39

Figure 11. Discrete-time and continuous-time modular block schematics.

Figure 13. Input settling for CTSD.

the resistive inputs for signals and reference.

input resistance is constant, the retuning of the system for gain errors is also eliminated.

INHERENT ALIASING Moving the quantizer inside the loop results in inherent alias rejection. As shown in Figure 12, the input signal passes through the loop filter before being sampled and the foldback (alias) error, which is introduced at the quantizer, also sees this filter. The signal and the alias error will see the same noise transfer function as the sigma-delta loop, and both will have similar noise shaping as the quantization noise in sigma-delta architectures. Thus, the frequency

Figure 12. Frequency response of a CTSD modulator. response of the CTSD loop naturally rejects input signals around integer multiples of the sampling frequency, acting as an antialiasing filter. RESISTIVE INPUT Having resistive inputs on signal and reference inputs makes it easier to drive than the sample-and-hold configurations. With constant resistive inputs, there is no kickback and the driver can be completely removed. The input is distortion free, as shown in Figure 13. And since the

Page 40

Analog inputs can be bipolar even though the ADC has unipolar supply. This can remove the need for level shifting from a bipolar front end to the ADC. The dc performance of the ADC may not be the same as the input resistor now has input common-mode dependent current as well as the input current. The reference load is also resistive, which reduces switching kickback, hence a separate reference buffer is not required. The resistor for a lowpass filter can be made on-chip so that it can track along with on-chip resistive load (as they could be of same material), for reduced gain error temperature drift.

CTSD solves a number of significant system-level problems. Due to a number of technological shortcomings, the use of CTSD has previously been limited to relative audio frequency/bandwidth and lower dynamic range. Therefore, high performance Nyquist rate converters such as successive approximation ADCs and oversampled DTSD converters have been the mainstream solution for precision, high performance/medium bandwidth applications. However, recent technology breakthroughs introduced at Analog Devices have enabled overcoming many limitations. AD7134 is the first high precision dc to 400 kHz bandwidth ADC based on CTSD that achieves substantially higher performance specifications, while providing dc accuracy and, in turn, enabling the solution for a number of important system-level problems in high performance instrumentation

CTSD architecture is not new, but the megatrends in industrial and instrumentation markets demand dc and ac precision performance at higher bandwidths. Moreover, customers prefer a single platform design that would cater to most of their solutions in order to reduce their time to market. CTSD architecture has been the choice in a broad set of applications ranging from high performance audio to cellular handset RF front end due to a number of advantages over other types of ADCs. The benefits include greater amenability to integration and low power consumption, but also, and possibly more importantly, because using a

Figure 15. Size comparison of discrete-time and continuous-time signal chain.

ETNdigi - 2/2020

Signal Chain Benefits of AD7134 ALIAS FREE • Inherent alias rejection removes the need for an antialiasing filter, which results in fewer components and a smaller solution size. More importantly, all the performance worries that come along with an antialiasing filter such as droop, errors such as offset, gain, and phase error, and noise in the system are no longer present. LOW LATENCY SIGNAL CHAIN • An antialiasing filter adds significantly to the overall latency in the signal chain depending upon the rejection needed. Removal of the filter removes this delay completely and gets you to run precision conversion in noisy digital control loop applications. EXCELLENT PHASE MATCH • Having no antialiasing filter at the system level, phase matching in multichannel systems can be vastly improved. This makes it the right choice for applications demanding low channel-tochannel mismatch such as vibration monitoring, power measurements, data acquisition modules, and sonar.

applications. The AD7134 also integrates an asynchronous sample rate converter (ASRC) providing data at variable data rates derived from the fixed sampling speed of CTSD. The output data rate can be independent of modulator sampling frequency and can enable successful use of CTSD ADCs for different granular throughputs. The flexibility to change the output data rate at a granular level also enables users to use coherent sampling.

ETNdigi - 2/2020

ROBUSTNESS WITH INTERFERENCE • Because of its inherent filtering action, CTSD ADCs are also immune to any

errors like offset, gain, phase error, and noise to the system are no longer there. EASY TO DESIGN • The struggle to achieve the precision performance is very minimal as the number of designed elements is significantly reduced. This result in faster design time, faster time to market for customers, easier BOM management, and reliability.

Figure 14. A discrete-time-based (left) and a continuous-time-based (right) signal chain comparison. kind of interference at the system level, as well from within the IC itself. In DTSD ADCs and SAR ADCs, care has to be taken such that there is less interference when the ADC is sampling. Also, there would be immunity from interference on power supply lines due to the inherent filtering action. RESISTIVE INPUTS • With constant resistive analog inputs and reference inputs, the driver requirement can be completely removed. Again, all the performance worries such as

SIZE • Removal of an antialiasing filter, a driver, and a reference buffer will significantly reduce the system board area. An instrumentation amplifier can be used to directly drive the ADC. For AD7134, as it is a differential input only ADC, a differential inamp such as the LTC6373 can be used as a driver. The comparison in Figure 14 shows the signal chain for a discretetime-based signal chain and a continuous-time-based signal chain. Our experiment shows 70% of area savings when compared to an equivalent discrete-time-based signal chain, making it an excellent choice for high density multichannel applications.

REFERENCES Kester, Walt. “MT-002: What the Nyquist Criterion Means to Your Sampled Data System Design.” Analog Devices, Inc., 2009. Pavan, Shanti. “Alias Rejection of Continuous-Time Δ∑ Modulators with Switched Capacitor Feedback DACs.” IEEE Transactions on Circuits and Systems I: Regular Papers, Vol. 58, No. 2, February 2011. Schreier, Richard and Gabor C. Temes. Understanding Delta-Sigma Data Converters. John Wiley and Sons, 2005. Acknowledgements The author would like to thank Abhilasha Kawle, Avinash Gutta, and Roberto Maurino for their support on this article.

Page 41

Catch yo with cal

Finding bugs as early in the de UVM callbacks implemented i be used for assertion validatio PCIe and other packet-based

Akshay Sarup and Mark Olen Mentor Graphics

Assertions bring immediate benefits to the entire design and verification cycle. They facilitate easy detection of functional bugs, allow the user to find bugs closer to the actual cause, and ensure that bugs are found early on in the design process. Any challenges engineers face in coding and testing assertions are worth resolving. An assertion is a conditional statement that indicates the incorrect behavior of a design by flagging an error and thereby catching bugs. Assertions are used for validating a hardware design at different stages of its life-cycle, such as formal verification, dynamic validation, runtime monitoring, and emulation. To use assertions effectively in the verification cycle, they need to be exercised for checking legal design behavior and also must fire when illegal behavior is encountered in the design. When a large number of assertions need to be validated for firing under illegal circumstances, a callback mechanism is particularly effective for creating these scenarios because they require minimal updates to the testbench environment and minimize the effort to create complex scenarios for validating the assertions.

Page 42

By definition, a callback is a “callafter� function that alters the intent of the original function call. Callbacks are a common mechanism used in functional verification to modify the original content of a sequence item to induce a desired scenario. This allows more dynamic and fine-grained control in selecting which particular sequence item gets corrupted and, in a test, how many such corruptions take place in order to stress test the design. Since callbacks allow for the easy creation of nuanced and complex stimulus creation, they are instrumental to assertion verification. Assertion verification is usually an integral part of the verification IP development cycle. The first step involves coding the assertions. The second step validates the assertions by creating scenarios that fully exercise the assertions to ensure

they do not fire under intended design behavior and do fire under erroneous scenarios. Callbacks can be very beneficial in the scenariogeneration step since the verification engineer does not have to write additional tests. Instead they enable callbacks to modify the original stimulus in order to create interesting scenarios. This is achieved by simply extending the callback class to override the virtual method (do_callback(...)) that gets called when a sequence item is executed by the BFM. This is particularly useful in packet-based protocols, such as PCIe, where packet fields need to be corrupted and callbacks provide fine-grained control to do so. The job of the validation engineer is to make sure that the assertions are validated in every relevant scenario. Callbacks can be of extreme importance when assertion

Figure 1: The basic sequence of events that take place when callbacks are enabled in an agent.

ETNdigi - 2/2020

class slave_driver extends uvm_component;

our bugs llbacks

esign process is crucial. in verification IP can on in designs using d protocols.

resp_type resp; `uvm_component_utils(slave_driver) `uvm_register_cb(slave_driver,driver_callback) function new(string name, uvm_component parent);,parent); endfunction

task run_phase(uvm_phase phase); repeat(2) begin //{ std::randomize(resp) with { resp == OKAY;};

`uvm_do_callbacks(slave_driver,driver_callback,update_resp (resp)); validation is carried out by manipulating the fields of a sequence item or by initiating a sequence item in a state in which it is not allowed. Callbacks speed up assertion validation by providing the entire structure for such manipulation in a UVM testbench, with minimal updates and no interaction with the existing sequences responsible for generating the sequence items.

assertions can be easily verified by making use of this mechanism. Now let’s take a look at a scenario from each of the transaction, data link, and physical layer packets. CASE 1: TRANSACTION LAYER BASED CALLBACKS The high-level transactions occurring at the device core are known as transaction layer packets (TLP).

Figure 2: Populating the do_callback method. tlp is the instance of the TLP sequence item.

For a layered protocol like PCIe, where communication between the transmitter and receiver elements takes place via structures known as packets, the use of callbacks for assertion validation improves efficacy significantly. Using verification IP, the packet information can be modified via callbacks and all packet-based

ETNdigi - 2/2020

Verification IP, such as Questa Verification IP, allows all fields of a TLP (both request and completion TLPs) to be altered. If users want to validate an assertion related to the fields of a TLP, they can simply do so by corrupting the TLP fields via a callback. For example, the PCIe protocol

states that for a request of “length = 1 DW” the value of the Last Byte Enable field should be zero; where Last Byte Enable is the Byte Enable value for the last DWORD of the request. In simulation, if users want to inject this error to every Memory Write packet of length 1 DW, then they may do so as illustrated in Figure 2. CASE 2: DATA LINK LAYER BASED CALLBACKS Data link layer packets (DLLP) are used for a variety of purposes; such as ensuring the integrity of TLPs, flow control, and power management. Just as for TLPs, callbacks can be used to inject errors in DLLP packets. For instance, lcrc is used for checking the data integrity of TLPs and DLLPs. lcrc is appended in the TLP at the data link layer (DLL). If the value of the lcrc attached with a packet is not the same as the calculated value, then it is a protocol violation. This incorrect behavior, or assertion firing, can be verified, as illustrated in Figure 3. CASE 3: PHYSICAL LAYER BASED CALLBACKS Perhaps the most efficient use of callbacks comes from modifying ordered set fields. In the cases of DLLPs and TLPs, a packet can still

Page 43

be executed via a sequence once linkup is achieved. But using a sequence to inject an error into an ordered set before linkup can be more convoluted and more susceptible to errors because the ordered set rules change with each LTSSM state. Callbacks, on the other hand, allow the user to inject an error in a much more controlled way. For instance, if a control SKP ordered set is to be sent in place of a TS2 OS, one can easily use callbacks. And hence this invalid protocol scenario can be easily validated via callbacks, as illustrated in Figure 4. USING CALLBACKS WITH VERIFICATION IP Now lets dig deep into how callbacks are used in a commercially available verification IP (VIP), in this case, Questa Verification IP, from Mentor Graphics, a Siemens Business. Using Questa VIP the callback methods and policies are first defined such that they are common across all protocols. For each specific protocol, the callback methods are subsequently extended from these base classes. One of these base classes is called cb_policy, which extends itself from uvm_object. It defines methods such as register, get, and return callbacks. These methods are declared as pure virtual tasks or functions so that the derived class can override the base class definition. A second base class extends from uvm_component and is called cb_manager. The run_phase() of this class is a forever loop in which first we get the sequence item from the BFM and then we return the changed sequence item back to the BFM. In separate external tasks defined inside the cb_manager class, callback sequence items are added and deleted from the callback queue and the register callback method is activated based on the queue size. For each protocol specific callback implementation, each sequence item

Page 44

Figure 3: Populating the do_callback method. tl_to_dll is an instance of the TLP sequence item at the DLL. peculiar to the protocol extends itself from the aforementioned base classes. The names are assigned as: <sequence_item_name_>_ cb_manager for the class extending from cb_manager and <sequence_item_name>_cb_policy for the class extending from cb_policy. In the class <sequence_item_name>_cb_policy, the register, get, and return callback methods are populated based on the nature of each protocol. The process

name_>_cb_manager. The altered sequence item is then returned back to the BFM via DPI calls, which is eventually driven onto the bus. CONCLUSION When a large number of assertions are to be validated, callbacks save time by making sure that the engineer does not have to code a new sequence for each scenario. It provides for more dynamic and finegrained control. The scenarios covered in the paper are very basic

Figure 4: do_callback method populated to replace TS2 OS with CTRL_SKP in Recovery RcvrCfg state at Gen3 speed. of enabling callbacks for a particular sequence item starts with enabling the agent settings in the build_phase of a test (the class extending from uvm_test), which instantiates the <sequence_item_name_>_cb_mana ger. In the run_phase of the test, the register callback method is activated by calling the add callback task (defined inside cb_manager). The main aim of the register callback method is to initiate the callback related task inside the BFM that sets a status variable. The get callback method gets called upon once the status variable inside the BFM is set and is used to get the sequence item from the BFM via DPI calls. The entire logic for manipulating the fields of the sequence item is placed in the do_callback task defined inside <sequence_item_

ways in which callbacks can be implemented. But another advantage of callbacks is the control it gives in terms of which packets are to be injected with an error. Similarly, one can easily control the number of packets in which an error is to be injected. Callbacks allow for the creation of nuanced and complex stimulus creation with ease and are, hence, instrumental for assertion verification. As part of Xcelerator, the comprehensive and integrated portfolio of software and services from Siemens Digital Industries Software, Questa VIP helps companies of all sizes create and leverage the digital twin that can provide organizations with new insights, opportunities, and levels of automation to drive innovation and realize tomorrow’s designs today.

ETNdigi - 2/2020


HIGH-TECH COMPONENTS for Your Innovations

As a leading distributor of electronic components we are able to offer you a wide portfolio of products, expert technical support for product development and design-in, individual logistics and supply chain management solutions as well as comprehensive services. Semiconductors Passive Components

Electromechanical Components

Displays & Monitors Boards & Systems

Storage Technologies Wireless Technologies

For more information about RUTRONIK: Tel. +358 9 3291 2200 | ETNdigi - 2/2020

Page 45

Biometric system-onSTMicroelectronics

Technology is now ready. The recent sanitary crisis has led individuals worldwide to make fewer cash payments, more PINless transactions and benefit from an increased contactless payment limit, thereby encouraging the development of multiple innovations in payment systems. These technological advancements have the potential to go beyond the payment industry by enabling various types of applications, including access control.

Smartcard technology is nowadays the most convenient and secure way to ensure authentication in a wide range of applications. Complementing the existing infrastructure with Biometric SoC technology will bring an additional security layer to transactions.

WHAT IS A BSoC? Biometric System-on-Card (BSoC), also called Fingerprint Card or Biometric Smart Card (BSC), is a portable card-size device. This innovative authentication

technology is suitable for PIN-less operations like contactless payment, tool gates or health cards, in which no card holder verification takes place today. Biometric identification can also be implemented as a second authentication level in noncontactless transactions and sometimes replace PIN codes. HOW DOES IT WORK? Before using biometric technology, the cardholder has to provide his fingerprint as an initial one-time action. It is securely captured and stored as a template in the card (Identification). Once this first step is completed, the cardholder simply has to place his finger on the card sensor to authenticate himself during payment transactions (Authentication). PROCESS OVERVIEW

Fig 1: BSoC offers a higher security level in transactions.

Page 46

• Capture: a sensor captures individual biometrics during the

ETNdigi - 2/2020

-cards enrolment step (identification), and every time a transaction is performed (authentication). • Feature extraction and template creation: a microcontroller extracts the biometric data, thereby creating a reference template during the first enrollment or matching. • Reference template: the reference template is the data which is securely stored in the SE (secure element) and used at each authentication to make the matching comparison. • Matching comparison (match-oncard): the template is compared to the reference template to authenticate or reject the enrollment. ST OFFERING FOR BSOC APPLICATIONS STMicroelectronics supports traditional developers with ST31 Secure Elements (SE) and STM32L4 microcontrollers (MCU), independently. The ST31 family includes dedicated solutions for biometry enabling energy harvesting to run the full card system in contactless contexts. For banking-card customers, ST offers a bundled solution based on STPay-Topaz-Bio that includes the ST31 SE (with Banking SOC + MOC library) and a low-power STM32L4 MCU (with Biometric Library), combined with partner expertise in fingerprint sensors, pre-lamination, and packaging.

ETNdigi - 2/2020

Fig 2: BSoC, a new authentication technology for smartcards with an embedded power management system (energy harvesting in contact or contactless).

WHAT ARE THE OPPORTUNITIES FOR BSOC? • Strong authentication of the card • Nothing to remember (PIN) – same as mobile phone authentication

• Uncapped contactless transaction • Reduced BOM • Ease of integration in traditional cards • No infrastructure change (same readers)

STMicroelectronica has recently teamed with Fingerprint Cards AB to develop an advanced BSoC solution based on fingerprint-recognition technology. The BSoC integration combines ST’s latest-generation secure-payment technology based on the ST31/STPay chipset and STM32 general-purpose microcontrollers with Fingerprints’ next-generation T-shape sensor module to provide a turnkey battery-less secure solution for the banking market.

Page 47

Want to join us?

• ETNdigi is a special digital magazine from ETN. We cover components, test & measurement, radios & networks and the whole scope of embedded software. To put it short: Everything related to embedded design. • In 2021 we plan to publish two magazines. The 1st one is planned for May, the 2nd issue for October-November. • Want to join us? Just contact ETN editor-in-chief Veijo Ojanperä at or our sales manager Anne-Charlotte Sparrvik at More info about the pricing can be found at

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.