Paul-Vincent Bonzom joined Bull in February 2011 to manage the microelectronics practice. Previously Director of PSI Electronics, a microelectronics design company, he had started his career as a research engineer at the IN2P3 (CNRS’ Institut national de physique nucléaire et de physique des particules), responsible for developing mixed circuits in severely restricted environments for the LHC/CERN – the particle accelerator that enabled the discovery of the Higgs boson in June 2012. Paul-Vincent has a Ph.D. in microelectronics from the University of Montpellier and carried out Post Doctoral work at the Ecole Polytechnique Fédérale de Lausanne in ASIC design (development of circuits for HDTVs).
Microchips form the basis of any high-tech system, from mobile phones to GPS, from bank cards to industrial robots. It is one of Bull’s major expertises with its Amesys product line. For example, the majority of mobile phones on the market today, whatever their brands, incorporate Bull’s know-how.
A system is said to be critical when any failure is likely to have serious consequences for personal safety (flight calculator for an aeroplane), for the economy (encryption of banking transactions) or for the environment (controlling a nuclear reactor). Apart from industry, transport, banking and energy, there are also critical systems in the health sector (pacemaker control for example), the space industry (commands to a satellite that it will be impossible to repair once in orbit) or the defence industry. Extreme contexts and conditions where you need to prepare for the unpredictable and anticipate situations as far as possible in order to guarantee the operation expected.
Chips must be designed, tested and validated to take into account these sometimes harsh constraints of reliability, resilience and/or safety. At their elementary level, they are the first link of the strategy put in place for the system as a whole. The micro-electronics of critical systems thus require very specific knowledge, as they are necessary to master not only all the hardware and software technologies available to create hardened components based on the constraints, but also to be fully conversant with all the requirements, methods and rules relative to the systems themselves.
For example, one of the issues that we very often encounter is the need to develop systems that are resistant to radiation (nuclear, space, defence) and to other extreme environments (temperature, high voltages, …). To do this, logical architectures have been designed to counter SEU (Single Event Upset) events. Specific design techniques or innovative technologies, such as SOI (Silicon On Insulator), were implemented to withstand cumulative radioactive doses.
Another example that we could mention is the work carried out to make it more difficult for hackers to penetrate critical systems (banking, security, communications) by incorporating cryptography algorithms directly onto the silicon. The result being that these systems were rendered very resilient. In terms of design, the systems of measures and counter-measures have been incorporated directly onto the silicon to counter the most sophisticated attacks (laser, ‘side channel’, DPA, EMC, …). Moreover, “dummy” modules were also etched into the silicon, aimed at misleading any hackers undertaking reverse engineering operations on the chips (after decapsulation and chemical etching on the layers of the various mask levels).
The expertise acquired, in recent years, in the design and verification of highly complex systems (chips for mobile phones, digital televisions, decoders, calculators, …) is re-used to improve the reliability of critical aeronautical components. For example, re-using OVM and UVM methodologies based on new languages such as SystemVerilog. These methodologies, which have already been in use for several years in the semi-conductor industry, are now being transposed to the aeronautics and space industries to verify micro-electronics components.
When assessing, the global security requirements of a critical system, Operator of Vital Importance or business system we have to consider a chain with a variety of challenges – governance, ruggedness, protection vis-à-vis the outside, reliability, quality, security or confidentiality of the system. In the corporate sector for example, the applications and indispensable control of energy constraints mean that supercomputers are highly critical systems; we work with our HPC R&D colleagues on the chips of Bull’s future supercomputers.
Generally, the production of a critical system is bound by certification processes and standards that are specific to each sector. In the aeronautics industry, for example, any aircraft component must comply with the standards enacted by the US RTCA and the European EUROCAE. Thus, the DO-254 (hardware) and DO-178 (software) standards fix the conditions to be adhered to for onboard systems, with great precision, depending on their severity. And these requirements cascade throughout the design chain. Thus, each aircraft must without fail have three flight computers that mutually monitor each other. This rule of “triplication” is then present at all levels – the computers need to be developed by three independent teams, that must use three different sources for their components, which are themselves “triplicated”. All our products, created for the aeronautics industry, are developed so as to comply with the requirements in force.
In so far as concerns the chip, this example gives a good insight into the very considerable complexity that needs to be taken into account when designing micro-electronics in critical systems. Teams must have total control over the requirements of the trade standard in order to appreciate the consequences for the chip that they are to design. They then need to be inventive in order to comply with the constraints without neglecting all the other dimensions of the specifications (cost, performance, footprint, power consumption …). All these parameters will then govern the technological choices. Should we adopt a hardware solution, that is more secure, faster, but more expensive, or a software solution, which has the advantage of being parameterisable and correctible? Should we fully develop a specific integrated system, the cost of which can only be amortised by significant volumes, or should we make use of a programmable logic circuit (FPGA) which is significantly less costly for low production volumes? Designers and developers must thus be capable of making a judicious selection among all the technologies available to them. These technologies can vary greatly, being either consumer applications, or on the contrary specially designed for advanced uses (for example, components that resist solar neutrinos for the space industry and very high altitude flights). And this choice is only the first stage, as, for the technologies chosen, they will then need to implement the safety rules to be adhered to, then test the components extensively and to their limits until they are capable of providing the required guarantees.
The know-how needed for the micro-electronics used in critical systems extends therefore far beyond simple technology. Reliability is a chain in which there must not be the slightest defect in any of the links. To obtain a hardened computer, the technology must be hardened, the methodology must be hardened, the test must be hardened, qualification must be hardened, project management must be hardened… Nothing must be left to chance and the requirement must be permanent for everything and everybody. As Bull does, we must work in close partnership with laboratories and competitiveness clusters, such as the Aerospace Valley, SCS (Systèmes Communicants Sécurisés) or Minalogic clusters. Constant contact must be maintained with manufacturers, specific tools must be developed – like the EASI Tester test bench. Finally, rare know-how must be cultivated, such as our ability to reverse engineer obsolete electronic components to maintain old systems in operating condition. The very high quality required by critical systems can only be achieved as a result of the alliance between the most advanced technological expertise and a culture based on excellence at all times.