Issue link: https://read.uberflip.com/i/1173438
w w w. m r c y. c o m WHITE PAPER 2 Introduction As processing systems are being designed to assist and in the case of autonomous, unmanned aerial vehicles (UAVs) replace humans, and as military platforms increasingly require flight safety assurance for govern- ment permission to operate within commercial aerospace, safety certifi- cation is becoming ever more critical and widespread. Developing processing subsystems that have the required safety certifi- cation for these rolls is complex, time consuming and has the potential to be expensive. The traditional approach to developing these subsystems has been to design them from scratch, which has resulted in project delays and an overall high execution risk. There is a need for an efficient, reliable and cost-effective path to develop safety critical processing sub- systems which is inherently low risk. For non-safety equipment, system engineers leverage COTS (Commer- cial off the Shelf) items to accelerate the development and lower the risk of projects. Now these COTS building blocks are available for safety applications with the introduction of Mercury Mission System's Avionics Series that are designed from the ground up with safety built-in. Avion- ics Series processing building blocks are designed to DO-254 (hardware) and DO-178 (software) processes and are provided with artifacts to sup- port system certification, saving time, cost and minimizing risk while developing safety critical processing systems. "There is a need for a fast, reliable and cost-effective path to develop safety critical applications which is inherently risk adverse" Safety Off-The-Shelf Mercury Mission Systems' Avionics safety certifiable COTS building blocks or SRUs (Shop Replaceable Units) are engineered to the Radio Technical Commission for Aeronautics (RTCA) DO-254 / DO-178 design process. They are delivered with certification artifacts that support their successful certification of the aircraft. A significant part of these certifi- cation artifacts are re-used across multiple programs, reducing cost and development time. Leveraging proven safety certifiable COTS building blocks has proven to reduce program risk and development schedules, right up to the highest, most critical safety certification levels. Top-Down Approach to Safety at the System Level Mercury's Avionics certifiable building blocks use a COTS model to identify the processing requirements of each building block. Each build- ing block efficiently addresses a fundamental processing sub-function. Through subsequent integration of these interoperable building blocks, complex safety certifiable processing subsystems are quickly and afford- ably designed. We leverage a top-down approach that addresses how each individual building block will work together, without compromis- ing safety. Specific mechanisms, such as time synchronization, specific bus topology and segregation. are all designed within a pre-defined, in- teroperable and proven safety ecosystem. This holistic design approach removes the inefficiencies of the traditional safety design doctrine and instead builds in inherent safety that is scalable, highly interoperable and proven. Each Mercury safety certifiable processing building block is designed in compliance with DO-178 / DO-254 building safety in with an overall system level perspective. Our Avionics Series safety certifiable building blocks address most avionic systems requirements including avionic I/O to control actuators and gather data from sensors, processors to assess the situation, make decisions, give commands and video processing to capture, overlay, encode, decode, stream and display visual data. Reducing the Total Cost of Ownership An important aspect of developing safety certifiable building blocks is the ability to support long services lives. There should be robust provi- sion for future technology insertions that fully consider the implications of safety recertification. As an example, a safety certified processing solution may be initially designed with processor A and later upgraded to processor B for higher performance or perhaps greater power effi- ciency. To lower the overall cost of ownership, the tech insertion should be performed without having to repeat the whole certification process. The upgrade of a certified system without re-certification is not trivial. Whereas I/O such as ARINC 429 and MIL-STD-155 have been largely static in terms of upgrades for generations, processors are much more dynamic. Mercury's safety building blocks enable easier tech refreshes by mounting often refreshed technology (e.g. processors) on mezzanine platforms. Such an approach enables tech refreshes to be recertified at a mezzanine level rather than at a more complex system level.