Electric traction has become a critical part of a growing number of systems that need efficient motion and position control. Motors do not just provide the driving force for vehicles, from e-bikes to cars to industrial and agricultural machinery. They also enable a new generation of robots, whether they use wheels, propellers or legs for motion.
The other common thread for many of these systems lies in the way they are expected to operate in a highly connected environment. For instance, wireless connectivity has enabled novel business models for e-bike rental and delivers positioning and other vital data to robots as they move around.
But the same connections to the Internet open avenues of attack in ways that previous generations of motion-control systems have not had to deal with. It complicates the tasks of designing, certifying, and maintaining systems that ensure safe operation.
To guarantee the actuators do not cause injury, designers must implement safeguards for their control systems to prevent them being bypassed and creating unsafe situations. They also need to ensure that corruption by hackers does not disrupt the system’s behavior. Security, therefore, now plays a major role in the design of the motor-control subsystems.
Figure 1 Connectivity in warehouse robots also opens vulnerabilities in motor control systems. Source: EnSilica
Algorithmic demands drive architectural change
Complexity in the motor control also arises from the novel algorithms that designers are using to improve energy efficiency and to deliver more precise positioning. The drive algorithms have moved away from simple strategies such as analog controllers that simply relate power delivered to the motor windings to the motors rotational speed.
They now employ far more sophisticated techniques such as field-oriented control (FOC) that are better able to deliver precise changes in torque and rotor position. With FOC, a mathematical model predicts with high precision when power transistors should activate to supply power to each of the stator windings in order to control rotor torque.
The maximum torque results when the electric and magnetic fields are offset by 90°, delivering highly efficient motion control. It also ensures high positioning accuracy with no need for expensive sensors or encoders. Instead, the mathematical model uses voltage and current inputs from the motor winding to provide the data needed to estimate position and state accurately.
Figure 2 The use of techniques like FOC delivers highly efficient motion control, which ensures greater positioning accuracy without expensive sensors or encoders. Source: EnSilica
In robotics, these algorithms are being supplemented by techniques such as reinforcement learning. Using machine learning to augment motion control has proven highly effective at delivering precise traction control for both wheeled vehicles and legged robots. Dusty or slippery surfaces can be problematic for any automated traction control systems. Training the system to cope with these difficult surfaces delivers greater stability than conventional model-based techniques.
Such control strategies often call for the use of extensive software-based algorithms running on digital signal processors (DSPs) and other accelerators alongside high-performance microprocessors in a layered architecture because of the different time horizons of each of the components.
An AI model trained using a reinforcement learning model, for example, will typically operate with a longer cycle time than the FOC algorithms and the pulse-width modulation (PWM) control signals below them that ensure the motors follow the response needed. As a result, DSP-based models with long time horizons will be supported by algorithms and peripherals that use hardware assistance to operate and meet the deadlines required for real-time operation.
The case for custom hardware
The hard real-time functions are those that have direct control over the power transistors that deliver power to the motor windings, usually implemented in an “inverter” comprising a half-bridge circuit for each of the motor phases. Traditionally, such half-bridge controllers have focused on the implementation of timing loops for PWM.
The switching frequencies are often too high to be supported reliably by software running even on a dedicated microprocessor without needing the processor to be clocked at excessive frequencies. The state machines used to implement PWM switching also take care of functions such as dead-time insertion, which is used to ensure that each transistor doesn’t turn on before its counterpart transistor in the half-bridge inverter is turned off.
The timing gap prevents the shoot-through of current that would result if both transistors were active at the same time. The excess current can damage the motor windings and the drive circuit board. These subsystems are so important that they are often provided as standard building blocks for industrial microcontrollers.
However, in the context of increased threats from hackers and the need to support advanced algorithms, the inverter controller can become a vital component in supporting overall system resilience. By customising the inverter controller, implementors can more easily guarantee safety and security, as well as protect core traction-control IP. Partitioning of the inverter and the rest of the drive subsystem need not just support all three aims, which can also reduce the cost of implementation and verification.
A major advantage of hardware in terms of security is its relative immutability compared to software code. Attackers cannot replace important parts of the hardware algorithm if they gain access. This simplifies some aspects of security certification in addition. Techniques such as formal verification can determine whether the circuitry can ever enter a particular state. Future updates to the system will not directly affect that circuitry.
It’s possible for code changes to alter the interactions between the microcontroller-based subsystems and the lower-level hardware. However, this relationship provides opportunities for the designer to improve their ability to guarantee safe operation, even under the worst-case conditions where a hacker has gained access and replaced the firmware.
Hardware-based lockout mechanisms and security checks can ensure that if the upper-level software of the system is compromised, the system will place itself into a safe state. The lockouts can include support for mechanisms such as secure boot. This ensures that only the software that passes the ASIC’s own checks can activate the motor.
Using hardware for safety and security protection can help reduce the cost of software assurance, which is now subject to legislation such as the European Union’s Cybersecurity Resilience Act (CRA). The new law demands that manufacturers and service operators issue software updates for critically compromised systems.
By moving key elements of the system design into hardware and minimizing the implications of a hack, the designer can reduce the need for frequent updates if new vulnerabilities are found in upper-level software. Similarly, moving interlocks into hardware simplifies the task of demonstrating safe operation for standards such as ISO 26262 compared with purely software-based implementations.
Physical attacks can often involve power interruptions, which provides a way to design an ASIC that protects against such tampering. For example, if power monitoring circuitry detects a brownout, it can reset the microprocessor and place the rest of the system in a safe, quiescent state.
Hardware choices that support compliance and control
Alongside the additional functions, an ASIC inverter controller can host more extensive parts of the motor-control subsystem and reduce the cost of the microprocessor components. For example, FOC relies on trigonometric and other computationally expensive transforms.
Moving these into a coprocessor block in the ASIC can streamline the design. This combination can also reduce control latency by connecting inputs from current and voltage sensors to the low-level DSP functions.
The functions need not all be fixed. Modern ASICs may include configurable blocks such as programmable filters, gain stages, and parameterizable logic to offer a level of adaptability. The use of programmable functions can let a single ASIC design control various motor configurations across an entire product range.
The programming of these elements illustrates one of the many safety and security trade-offs that design teams can make. Incorporating non-volatile memory into the ASIC can provide the greatest security. Putting the programmable elements into an ASIC that can be locked by blowing fuses after manufacturing is more secure than a design where a host microcontroller writes configuration values during the boot process.
The MCU-based control chips require a silicon process suitable for storing the firmware code, normally based on flash memory. This implies some additional processing masks, which increase the cost of the final product, a factor especially sensitive if the production volume is high.
If the design calls for the high-voltage capability offered by Bipolar-CMOS-DMOS (BCD) processes for the motor-drive circuitry, a second die may be needed for non-volatile memory. But the flash CMOS process will normally support a higher logic density than the BCD-based parts, which allows the overall cost to be optimized.
Thanks to its ability to support deterministic control loops and support verification techniques that can ease security and safety certification, the use of hardware is becoming increasingly important to e-mobility and robotics designs.
Through careful architecture selection, such hardware can enable the use of software for flexibility and its own ability to support novel control strategies as they evolve. The result is an environment where ASIC use can offer the best of both worlds to design teams.
David Tester, chief engineer at EnSilica, has 30+ years of experience in the development of analogue, digital and mixed-signal ICs across a wide range of semiconductor products.
Related Content
- Learning the Basics of Motor Control
- Optimizing motor control for energy efficiency
- Five trends to watch in automotive motor control
- MCUs specialize in motor control and power conversion systems
- High-Performance Motor Control Chip with Multi-Core Architecture
The post Custom hardware helps deliver safety and security for electric traction appeared first on EDN.
