COM-HPC Mini standard and COM-HPC FuSa extension

Interview with Christian Eder, Director Product Marketing at congatec and Chairman of the COM‑HPC Workgroup of PICMG

The PICMG presented the new COM-HPC Mini standard at the recent embedded world trade show. What features does this latest expansion of high-performance computing module standards offer?

Christian: The most significant innovation is that there is now a high-end form factor for credit-card-sized Computer-on-Modules. Like all other COM-HPC module standards, it is positioned above the performance classes targeted by COM Express. So, as far as credit-card-sized modules are concerned, it is positioned above COM Express Mini. The new COM-HPC connector supports transfer rates of more than 32 Gbit/s, which means that it fully covers PCIe Gen 4 and Gen 5, and probably even Gen 6. The interface selection includes a plan for 16 such PCIe lanes, in addition to three graphics interfaces and various fast USB 3.2 or USB 4.0 interfaces. That packs extremely high performance into such a small computing module.

The third generation of credit-card-sized modules is coming: Despite their small dimensions – 95 x 60 mm, according to the current plan – COM-HPC Client modules in Mini format will offer a comprehensive set of interfaces. On the roadmap are, among others, 16x PCIe, 3x graphics and several USB4 interfaces.

What are the differences compared to COM-HPC Client modules?

Christian: COM-HPC Mini modules are half the size of the smallest COM-HPC Client module Size A, which measures 95 x 120 mm. We have now reduced this size to 95 x 60 mm. Unlike Client modules, Mini modules feature only one connector – which means there are 400 pins available. Compared to COM Express Mini, which offers only 220 pins, this is an immense step forward. In fact, it is 81% more. Compared to SMARC with 314 pins, there is still a 27% boost. When you add the fact that the COM-HPC connector is qualified for highest bandwidths, this is another big plus.

Is COM-HPC Mini designed to replace COM Express Mini? Why should developers switch to the new standard?

Christian: COM-HPC Mini should not be understood as a replacement for COM Express Mini or SMARC. Just like COM Express was not a replacement for ETX, COM-HPC will not be a replacement for COM Express. After all, it is common practice to continue to support existing designs for a long time. For example, ETX/XTX modules are still available today, which means that customers can continue to work based on the design principles of that time. New designs that need more and faster interfaces can now be addressed.

COM-HPC Mini is also interesting for COM Express designs that use the Compact form factor, which measures 95 x 95 mm. With 400 pins, these designs may only get 80% of the I/O options of COM Express Compact and Basic, which both offer 440 pins. But they get much higher performance and the option to further miniaturize their space-saving designs. There are few COM Express designs that use 100% of all I/Os. So, there is also vast switch potential in this respect.

The number of pins increases from µQseven to COM-HPC Mini, and so does the size. However, all have roughly the dimensions of a credit card (85.6 x 53.98 mm).

For which applications is the credit-card-sized high-performance standard predestined?

Christian: COM-HPC Mini is perfect for everything that must be highly performant, yet extremely small. That includes industrial DIN-rail PCs, multi-display systems at the point of sale, solar-powered systems in outdoor applications, mobile and portable systems in medical technology, rugged battery-powered tablets and handhelds, or small autonomous vehicles such as drones or autonomous mobile robots. They all need the new standard to implement the latest interface technology.

The new specification also adds Functional Safety (FuSa) to the feature set. What is the goal behind this extension?

Christian: The new functional safety enhancements target an even more promising market. Developers of networked devices want to use x86 processor technologies to run mixed-critical applications on multicore processors. This requires redundancy and the ability to implement fail-safe processes. In addition to control applications with functional safety requiring IoT and Industry 4.0 gateway extensions, the new specification also targets collaborative robotics where robots and humans work closely together. Other markets arise from the requirements of automated intralogistics for autonomous logistics vehicles and range from factory mobility to all new markets found within autonomous driving, from agricultural and construction machinery to smart city vehicles, AUVs and UAVs.

What does the PICMG hope to achieve with the addition of FuSa?

Christian: The goal is to provide standardized processor modules as application-ready components for FuSa applications.  Such standardization always accelerates market acceptance, and until today there are only proprietary implementations such as COM Express Mini modules with FuSa-qualified Intel CPU x6427FE available.

Thanks to the Safe Island Controller, Intel Atom multicore processor technology enables the development of mixed-critical systems that host secure applications in real-time capable virtual machines. Such systems can even host sophisticated sensor technology for situational awareness.

Is standardized hardware so crucial for FuSa- readiness?

Christian: Yes. It is a quality feature, especially when bearing in mind that vendors also need to fulfill all the necessary requirements to allow customers to use the modules in their FuSa applications, including documentation and secure development processes. Indeed, all organizational processes and documents created during development and testing such as FMEDA, which stands for Failure Modes, Effects and Diagnostic Analysis, as well as the verification and validation process, also known as V&V, must be aligned with the certification requirements and reviewed by external assessors. In this respect, manufacturers of modules who want to meet this standard must not only comply with the PIN specification, but also comprehensively design their R&D process to meet the requirements of the respective FuSa standards.

What are the advantages for developers?

Christian: Computer-on-Modules that are ready for application and FuSa certification can simplify and shorten the development process for safety-critical systems. They offer comprehensive certification support for the various safety standards that are being developed for electronic systems analog to the IEC 61508 functional safety standard. This includes railroad (EN 50129 / EN 50657) as well as commercial and agricultural vehicle applications (ISO 26262), civil aviation technology (DO 254), control systems in automation (IEC 61508), and medical applications (IEC 62304). Customers deploying FuSa-certifiable modules can also certify more easily for the Common Criteria standard, as many of the basic principles of FuSa are also required here.

Are there also disadvantages? For example, if I’m running applications that don’t require such levels of security?

Christian: No. No pins are occupied that would otherwise have a different function. In fact, developers can rest assured that all components on the module have, for example, a validated and verified high fail-safety.

How important are hypervisors for functional safety in this context?

Christian: Extremely important. Because in the high-end embedded computing area of COM-HPC, you want to be able to separate real-time applications cleanly from the other requirements. These are often mixed-critical systems that perform control tasks as well as visualization and gateway functions. These cannot be developed by simply using an operating system and containers for virtualization. Rather, it is necessary for functionally safe and “ordinary” virtual machines to be hosted side by side. For example, safety operating systems such as the Linux-based Zephyr or QNX are to be bundled with driver assistance systems for mobile machines and software update functions for connected devices. Among other things, for cyber security. But also for continuous software updates that are not related to FuSa functions. That’s why we’re glad to have a subsidiary such as Real-Time Systems that will provide just such a solution. Our cooperation with SYSGO will also be extremely useful as this company offers PikeOS, a safety hypervisor in combination with the RTOS of the same name.

This entry was posted on Friday, October 28th, 2022 at 7:40 am. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.