Design considerations for harsh environment embedded systems
Designing embedded systems that operate reliably in harsh environments presents a unique set of challenges. Consumer electronics products such as cellphones can withstand drops, knocks and some models can now be submerged in water and still operate. Impressive indeed, but still child’s play compared to operating 5 km down an oil well or orbiting earth in a satellite.
Embedded systems that operate in down-hole drilling, jet engine controls, space and other high radiation environments are all subjected to an environment that is not forgiving to commercial electronics. For these types of applications and others with similar challenging conditions, special attention must be given to system design, circuit design and component selection. The embedded system will be exposed to temperature extremes, mechanical shocks, electrical shocks and bombarded with ionizing radiation that can latch-up any standard CMOS chip on the market today.
All CMOS chips go through a ‘Qualification’ process before they are released to the market. An industry standard qualification will ensure that the device can operate across a reasonable temperature range, withstand ESD events, a certain level of humidity and can still operate for a reasonable expected lifetime. JEDEC publish standards that provide a consistent level of stress testing throughout the industry. The Automotive Electronics Council requires a more stringent level of qualification for devices that need to demonstrate higher reliability and operation in harsher environments (typically 125˚C for auto, compared to consumer grade that would be expected to operate up to only 85˚C).
Harsh environment embedded systems require components that will operate well above even the automotive specifications. A major headache for designers is that there is a very limited pool of products to choose from when selecting an IC that must operate at high temperature or must withstand a high total ionizing dose of radiation. Look for yourself – how many ARM Cortex-M microcontrollers can you find that are specified to operate at 200˚C?
Designers get around this problem by either ‘up-screening’ a COTS (commercial off-the-shelf) component or choosing a device that has been designed-for-purpose. There are obvious concerns with up-screened COTS in that the device will be operating outside the specification that it was designed for and is not recommended or guaranteed by the original manufacturer for use. A ‘designed-for-purpose’ device is a safer option, but the pool of components to select from is limited. Often these components are developed using a more exotic process (such as silicon-on-insulator) so will likely be more expensive. Note that even ‘commercial grade’ products that have been up-screened will be expensive – up to one hundred times the price of a comparable 85˚C part.
Electrical issues arising in harsh electronics environments
Harsh environments throw up a multitude of electrical issues for embedded systems designers. ESD, voltage transients, high temperature induced carrier-creation and ionizing particle strikes can all be expected. All of these electrical issues can cause a CMOS device to malfunction or be destroyed by latch-up.
Latch-up is a phenomenon that is widespread across the industry because every bulk CMOS device contains millions of parasitic transistors that are created due to the structure of complementary metal oxide semiconductor device architecture. A pair of parasitic bi-polar junction transistors are shown superimposed on the CMOS device cross section in Figure 1. The BJTs can be switched on by a voltage transient, high temperature carrier effect or a particle strike (expect this in space or high radiation environments). When one of the transistors becomes forward biased and switches on, it will drive the other transistor, creating a low impedance path between Vdd and Vss. Latch-up will result in drawing excess current, disrupting circuit behavior and can destroy the device quickly unless the condition is reset (power cycling is required to reset a latch-up condition).
Under normal circumstances, when the device is operating within specification, latch-up should not occur. In a harsh electrical, radiation or high temperature environment, latch-up will certainly occur unless precautions are taken by the IC designer.
Figure 1 – Parasitic BJTs that exist in CMOS devices. (Source: Author)