In a previous blog, we learned that for the core of the Secure On-Board Communication (SecOC), for a Zonal Architecture, a powerful custom hardware-based solution is required instead of Ethernet switches, Network Processors, or software-based routing implementations.
In this blog, we would like to take an in-depth view at the CommEngine IP Core-based Gateway. A Zonal Gateway can either be a stand-alone device that constitutes a secure communications hub inside the vehicle, or it can be integrated into a central high-performance ECU in order to combine communication and computing functions in a single device.
The Zonal Gateway Architecture
Figure 1: High-level view of the Zonal Gateway Architecture
Figure 1 presents a high-level view of the Zonal Gateway Architecture. The FPGA constitutes the core of the gateway. It is complemented by peripherals for the implementation of physical interfaces such as CAN, LIN, Automotive Ethernet, and some general purpose interfaces (GPIO). Furthermore, the FPGA is supported by Flash and RAM memory.
The most significant part of the FPGA is the CommEngine IP Core which has been designed by GuardKnox with all the relevant functional and performance requirements in mind. Note that in this context IP stands for Intellectual Property rather than Internet Protocol.
In order to allow automakers to customize the FPGA to their specific requirements there are two blocks in the FPGA:
The IP Core wrapper that contains dedicated logic to access the IP Core. It can either be designed by GuardKnox or by the customer.
Customer-specific logic for any additional logic functions not covered by the IP Core or the wrapper.
Furthermore, the FPGA might contain a microcontroller core (soft core) for additional software-based functions.
To support this FPGA customization process, GuardKnox provides a PC-based toolchain.
The main functions of the IP Core are:
- Routing or switching between all the interfaces based on:
- LIN data – based on LIN-ID (L2)
- CAN data – based on CAN-ID (L2)
- Ethernet / IP – based on Ethernet MAC & IP address (with TCP/UDP port for packet inspection)
- AUTOSAR PDU – based on AUTOSAR PDU ID
- Firewall – stateless and stateful
- Deep Packet Inspection (DPI) – screening of message content
- Encryption – TLS
- SecOC (AUTOSAR Secure Onboard Communication Protocol)
Looking Under the Hood – The IP Core
Figure 2: Detailed view into IP Core
Figure 2 provides an in-depth view of the IP Core structure. Most of the components (in blue) have been designed by GuardKnox. For some interface implementations, commercially available packages have been integrated.
The functions of the IP Core can be broken down into a set of functional groups:
- External interfaces for LIN; CAN, Ethernet, GPIO
- Microcontroller interface
- Memory interface
- Switching layer
- L2 CAN switching
- L2 LIN switching
- L2 Ethernet switching, L3 IP routing, L4 UDP/TCP port handling
- PDU handling
- AUTOSAR PDU based routing
- PDU aggregation
- Security engine
- Log and diagnostics
The Zonal Gateway Architecture enabled by GuardKnox’s CommEngine is the next logical step towards a high-performance secure on-board communication, both within the car and with the car’s environment. GuardKnox’s CommEngine FPGA development team did not accept any compromises in terms of performance or functionality for networking and security.
The CommEngine thus is a key part of the secure-by-design approach that is a standard for automotive electronics.