## KP LABS

System-level hardening techniques used in the COTSbased data processing unit (OBDP2021)

Piotr Kuligowski Grzegorz Gajoch Maciej Nowak Wojciech Sładek

www.kplabs.pl

# INTRODUCTION

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### COTS utilization in CubeSats

CubeSat missions, in most cases, utilize commercial off-the-shelf (COTS) components.

The COTS components are vulnerable to radiation effects such as single event effects (SEE) or total ionizing dose damage (TID). Those effects decrease overall system reliability and can lead to permanent damage to components.



P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Why COTS components?

- In less than a few kilograms we have to fit a lot of electronic subsystems and sometimes the largest optical instrument possible in this volume.
- Price \$\$\$
- Lead time
- Rad-hard components have limited software ecosystem



These techniques were reviewed then selected techniques were implemented in the KP Labs' Leopard data processing unit (DPU). The proposed solutions may be re-used in other missions to fulfill mission reliability, availability, and safety levels.

the system and implement the best possible architecture that improves reliability using the same components

• component level – use reliable components • system-level hardening techniques - understand

- Improving the reliability of COTS-based subsystems:
- techniques

System-level hardening

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU



Intuition-1 will be a 6U-class CubeSat, and it will utilize a specialized hyperspectral camera with

spectral resolution in the range of 470-900 nm with 150 spectral bands.

It will be equipped with a processing unit called Leopard DPU (data processing unit).



P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Intuition-1 mission

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Leopard DPU

Leopard DPU processes hyperspectral image data using powerful FPGA-based artificial neural network accelerator. Leopard DPU is a part of Intuition-1 mission scheduled to be launched in 2023.



### P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Intuition-1 mission

8

202

The primary purpose of this mission is to technologically demonstrate the reduction of the spatial resolution of hyperspectral images (HSI), hyperspectral band selection, and segmentation of HSI with a neural network-based in-orbit processing hardware that is the Leopard DPU.

This is why **state-off-the-art** EEE (Electrical, Electronic, and Electromechanical) components have to be used.



# MISSION REQUIREMENTS

suport.

#### image sensor, >=50Mbit, CCSDS-complianat X-Band link

- >=4.8Gbps of bandwidth for hyperspectral
- >=16GB of DDR4 memory, >=0.5TB of mass memory,
- <10W per SoC/FPGA,</li>
- >1TOPS (tera operations per second, DNNs INT8 quantized) of processing power,

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Intuition-1 mission requirements







#### System architecture



P. Kuligowski | System-level hardening techniques used in the COTS-based DPU



#### Leopard DPU architecture – Vitis AI stack

| User Application            |                                                                                                       |           |               |  |
|-----------------------------|-------------------------------------------------------------------------------------------------------|-----------|---------------|--|
| Frameworks                  | Caffe                                                                                                 | O PyTorch | 1 TensorFlow  |  |
| Vitis Al Models             | Model Zoo                                                                                             |           | Custom Models |  |
| Vitis Al<br>Development Kit | Al Compiler   Al Quantizer   Al Optimizer<br>Al Profiler   Al Library<br>Xilinx Runtime library (XRT) |           |               |  |
| Overlay                     | Deep Learning Processing Unit (DPU)                                                                   |           |               |  |

2021



#### Leopard DPU architecture – Zynq Ultrascale + MPSoC



2021

# IDENTIFYING THE THREAT

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Single-event effects (SEE)

- Zynq's configuration RAM bitflips
- DDR4 memory bitflips/latch-ups
- Programmable Logic: bitflips and transients
- Zynq's latch-ups (known as high-current events)
- Power management IC: transients
- Other peripherals: bitflips and/or latch-ups



• PLLs may degrade.

damage. Charge pumps may degrade

- making it impossible to reprogram Flash memories.
- Power management ICs may degrade and change output voltage leading to permanent
- Current consumption may increase due to TID,
- Most COTS components have lower TID immunity than radiation-hardened/tolerant parts. This may lead to permanent damage before the mission ends.
- Total ionization dose (TID)





# RADIATION MITIGATION TECHNIQUES

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Radiation effect mitigation techniques

- Use examited COTS parts to radiation effects
- Implement full redundancy (cold, hot or warm)
- Implement TMR if possible
- EDACs on all memories
- Latch-up protections on all supply rails
- Use ruggedized controller to detect SEFIs
- Memory scrubbing





P. Kuligowski | System-level hardening

techniques used in the COTS-based DPU

There is no room for full redundancy, where two independent DPUs and two optical imagers are fitted.

System-level - redundancy

Redundancy is limited to two processing nodes within one processing unit. Supervisor has to be ruggedized.







P. Kuligowski | System-level hardening techniques used in the COTS-based DPU



#### System-level - redundancy



• Safe/minimal Linux image

contains:

- Zynq's bootloaders
- On the Supervisro TMRed NOR Flash memory

placed on the Supervisor. This allows to update these images' update process while processing nodes are disabled. TMRed NOR Flash memory has been placed on the Supervisor.

To simplify the images these Flash have to be

a TMRed memory

# Safe Linux images and FSBL in







### Safe Linux images and FSBL in a TMRed memory



2021

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Implemented SEE mitigation techniques

On Processing Node:

- Over-current protections on all supply rails that protect from high-current events (especially on VCCINT and VCCAUX). This protection can be overrided by the Supervisor.
- current-limited DCDC outputs to not exceed MPSoC's electrical characteristics.





• Redundant SSD disks

• Xilinx's SEM IP to mitigate SEUs in CRAM

On Processing Node:

- DDR4 with ECC (9-chip option)
- SEFI detector implemented in the Supervisor that detects functional interrupt of the processing nodes
- Zyng's Cortex-R5 cores in lock-step





P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

# Implemented SEE mitigation techniques

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Implemented SEE mitigation techniques

On the Supervisor:

- Radiation hardened uC with ECCs on all registers and memories: Vorago's Cortex-M0
- Radiation tolerant FPGA with TMRed critical logic: Microsemi's ProASIC3







P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

# Used examined COTS parts if possible

To lower the costs of the project, avoiding component-level testing, component pre-selection has to be performed. Pre-selected components based on available radiation test results:

- NAND Flash for Processing Nodes
- NOR Flash
- DDR4 memory (at least this DDR4 family, not this part exactly)
- Power management ICs
- Supervisor's uC and FPGA
- Zynq Ultrascale+ has been tested and there are known radiation characteristics

21

20

P. Kuligowski | System-level hardening techniques used in the COTS-based DPU

### Radiation testing on subsystem-level

Leopard DPU is now at TRL6.

Radiation tests are scheduled to be performed in 2021. Test campaign includes both SEE and TID tests that will examine all the protections and mechnisms.







# Thank you!

KP Labs Sp. z o.o, ul. Stanisława Konarskiego 18C, 44-100 Gliwice,

kontakt@kplabs.pl

www.kplabs.pl