Jürgen Belz, senior consultant, functional safety and cybersecurity at Prometo, co-authored this technical article.
The migration from internal combustion engines (ICEs) to electric vehicles (EVs) requires at least five new electrical/electronic/programmable electronic (E/E/PE) systems. Figure 1 depicts these systems within an EV.
Figure 1: Block diagram of a typical EV powertrain
In order to zero out tailpipe emissions and reduce continued reliance on fossil fuels, refuelling EVs happens at a charging station. These EV charging stations could be supplied with renewable energy sources like solar and wind, which increases the positive impact of EVs on the environment. The onboard charger forms a functional unit with the high-voltage battery, which ensures fast, efficient charging while still protecting the battery from overcharging. These and other safety requirements are described in International Organization for Standardization (ISO) 6469 parts 1, 2 and 3 – the standard that governs the high-voltage electrical safety requirements for electric road vehicles.
All Electronic Control Units (ECUs) in an EV require a 12-V battery charged by a high-voltage-to-low voltage DC/DC converter, which helps establish galvanic separation between the low-voltage (12-V) battery and the high-voltage (400 V or 800 V) battery. The inverter and the electric machine (propulsion motor) deliver torque for controlled motion. Very compact and high-power-density permanently excited synchronous machines are usually deployed in an EV propulsion motor. At lower power levels, asynchronous machines have found limited use in EVs. Functional safety aspects of this high-voltage-to-low voltage DC/DC converter help guarantee the operation of all ECU features while the EV is in motion and the EV Traction Inverter (EVTI) are outlined in ISO 26262:2018.
For instance, for a vehicle with an ICE, the operating time (or power-on hours) of a semiconductor component is between 8,000 and 10,000 hours. With an EV, this increases to 30,000 hours or more. The reason: semiconductor components have to remain powered up not only when the vehicle is being driven, but also when the vehicle is charging. This amount of power influences, for example, the calculation of the probabilistic metric for random hardware failures according to ISO 26262. For engineers, this amount of power means that they must develop a system that on average has a fivefold lower probability of dangerous component failures or failure in time.
In an electrified powertrain, the C2000™ real-time microcontroller (MCU) typically addresses power conversion and communicates with a general-purpose MCU connected to the bus vehicle, managing the highest level of security, shown in Figure 2.
Figure 2: C2000 real-time control in an electric powertrain
You might still want to consider encrypted communication between the communication MCU and the C2000 real-time controller, typically used for over-the-air upgrades. In such cases, you need to assess the threat level and define a security strategy at the system level to leverage the various security enablers that the C2000 real-time MCU offers, listed in Figure 3.
Figure 3: C2000 supported enabler status
Some of the technical features supporting these security enablers include:
Because the electric drives or voltage converters have to be functionally safe, high-voltage safe, power-efficient and cost-effective, the challenges and complexities increase exponentially. Designing with C2000 real-time MCUs can help solve these challenges by giving EV charging designers the option to use a single device that enables all of these requirements.
All content and materials on this site are provided "as is". TI and its respective suppliers and providers of content make no representations about the suitability of these materials for any purpose and disclaim all warranties and conditions with regard to these materials, including but not limited to all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement of any third party intellectual property right. No license, either express or implied, by estoppel or otherwise, is granted by TI. Use of the information on this site may require a license from a third party, or a license from TI.
TI is a global semiconductor design and manufacturing company. Innovate with 100,000+ analog ICs andembedded processors, along with software, tools and the industry’s largest sales/support staff.