About DO178B certification with ARM processor

Hello Thierry,

You are correct that there are a large number of functional safety standards.  While the goals of the standards are similar, there are several different strategies the standards have approached to meeting the goals.  

IEC 61508 provides a probabilistic, performance based approach which is leveraged heavily by other standards such as IEC 61511 (industrial process), IEC 62061 (industrial machinery), and to a lesser degree ISO 26262 (road vehicles) and EN51029 (rail).  There are a large number of IEC and ISO standards which are written harmonized to IEC 61508 either upon first release or upon revision.

The aerospace industry takes a different approach with the RTCA/DO series of standards.  Unfortunately this approach is not harmonized to IEC 61508.  While a functionally safe system according to IEC 61508 could certainly also show compliance to RTCA/DO 178/254, there is not a one to one mapping of work products and cross certification cannot be guaranteed.  Compliance to one of the standards should be beneficial in developing a compliant system to the other standard because the standards share many of the same recommended techniques and measures to achieve functional safety.

DO178 (now in C revision) is a standard for software used in airborne applications.  From a standards point of view, it is neutral to the hardware upon which the software executes.  While it may be that an assessor is more familiar with approaches taken on a commonly used PPC architecture, this should not prohibit achieving compliance with another architecture.  ARM, Intel, and Infineon processor architectures are also used in DO 178 compliant systems.

As a general rule, TI does not make claims of compliance on functional safety standards unless we have full evidence to demonstrate that the TI product complies to all relevant requirements of the standard.  The Hercules product line was developed targeting the relevant component level requirements of IEC 61508 and ISO 26262, which is why we make the claims seen on our website.

As DO178 is a software functional safety standard, the hardware offering of the Hercules family is not relevant, so  we do not make any claims towards this standard with respect to hardware.  Today's Hercules software offerings were not developed explicitly following the requirements of DO178, but this could be possible on future offerings based on market demand.

As to DO254, the issues are more complicated.  DO254 compliance for hardware components is desirable, but not always necessary as we understand the standard.  To my understanding, the majority of components used in compliant systems today are non-compliant to DO 254.  DO254 compliance for a hardware component requires a very high degree of disclosure of the internal component design, including source code of embedded IP components (such as the Cortex cores we license from ARM core).  This is extremely challenging from both confidentiality and commercial points of view.  These challenges are a main reason why most of the DO254 compliant components are programmable logic or ASICS which only target the aerospace market.

I hope this clarifies for you.  Please feel free to ask further questions if something is not clear.

Best Regards,

Karl