How Safety-Certifiable COTS are Designed to Meet DO-254 Requirements

May 03, 2018

How Safety-Certifiable COTS are Designed to Meet DO-254 Requirements

There are many considerations that guide the selection of parts and features for a safety-certifiable COTS product. Optimizing size, weight and power (SWaP) and maximizing performance are key considerations, as with any piece of defense technology, but there is a fine balance between delivering high performance and adhering to proven, reliable safety measures that COTS vendors must achieve through the design process.

Rigorous Component Selection

The lack of stringent requirements for traditional COTS modules means they can be designed with the latest and greatest semiconductor technology, and are intended to be very flexible and adaptable to many different design situations. This COTS model helps speed the deployment of cutting-edge semiconductor devices out to the field, especially for military applications. For safety-certifiable designs, the use of newer technologies can be less attractive than long-fielded, well-known devices. However, that’s not to imply safety-certifiable COTS modules deliver lower performance than their traditional COTS counterparts. It’s important to consider the reasoning for this difference, starting from the design process.

For safety-certifiable COTS boards, the associated design assurance level (DAL) requirements place more rigorous challenges on component selection. The latest processor technologies are often not selected for safety-certifiable boards because they have not yet met the criteria set out by international certifying agencies (including FAA, EASA, and Transport Canada) for aspects such as service history, which includes all the collected knowledge and experience from a device’s previous use in potentially thousands of diverse applications.

For example, an SBC based on an older A53 Arm processor architecture is preferable for safety-certifiable applications when compared to an SBC based on A72 Arm cores because the older processor has been in use much longer, which eases the collection of data artifacts and service history needed for certification. If the SBC has previously been used in avionics applications and has accumulated flight hours, all the better. While traditional COTS modules may boast the latest and greatest in processor technology, the benefit of the careful component selection behind safety-certifiable COTS modules is delivery of a tried and true solution with the service history, design and manufacturing pedigree to support its performance.

Carefully Considered Features

Safety-certifiable COTS modules also need to be more rigidly defined in order to minimize (or, preferably, completely eliminate) the presence of any inessential or unneeded features that might add complexity to the certification process. All functionality must be “locked down,” meaning that any unused hardware functions or software features are discarded or disabled in such a way that they can’t impact the performance or safety of the system itself. The COTS vendor needs to be able to prove that any disabled hardware function will remain off and can’t be accidentally turned on again. As well, any unneeded or undesired software features should be completely removed in order to reduce the number of lines of software code that need to be tested for certifiability, as any additional line of code that isn’t needed for the application will add unnecessary burden to the certification process. This added requirement makes the management and collection of the already voluminous data artifacts required for certification even more difficult.

However, one of the great advantages that safety-certifiable COTS products deliver to designers of avionics systems is that their application development can get underway quickly. Any modifications, such as the deletion or disablement of unneeded software and hardware features, can be done in parallel without delaying development.

Reusable, But Tailored Artifacts

Certifiable COTS vendors produce data artifacts for their products that are intended to be reused in subsequent designs, similar to the nature of COTS products themselves. This repeatability helps COTS vendors deliver considerable cost savings to their customers compared to certifying a custom design. It’s understood, however, that different programs will have unique requirements that dictate which features are necessary for safety-certifiable modules. This means that, while safety-certifiable COTS have artifacts packages readily available, they will need to be updated and altered to align with any requirement or feature changes for that given system. Even so, the available artifacts for a COTS board, module or system provide a solid starting ground for customization, which in turn results in a faster time to market compared to the development of an artifacts package for a custom design.

Download “Understanding Your Safety-Certifiable COTS Options: A Closer Look at the Subsystem Level” to learn more about:

  • Component selection for DO-254 certifiable hardware
  • What to look for at the module level
  • Applications of COTS-based safety-certifiable systems

Flight Safety

RTCA DO-254 / EUROCAE ED-80 Safety Certifiable COTS. Reduce your program cost, development time and certification risk