RTCA DO-254 / EUROCAE ED-80, Design Assurance Guidance for Airborne Electronic Hardware is a document providing guidance for the development of airborne electronic hardware, published by

RTCA, Incorporated RTCA, Inc. (formerly known as Radio Technical Commission for Aeronautics) is a United States non-profit organization that develops technical guidance for use by government regulatory authorities and by industry. It was founded in 1935 and was re-in ...

and

EUROCAE The European Organisation for Civil Aviation Equipment (EUROCAE) deals exclusively with aviation standardisation, for both airborne and ground systems and equipment. It was created in 1963 in Lucerne, Switzerland by a decision of the European Civi ...

. The DO-254/ED-80 standard was formally recognized by the

FAA The Federal Aviation Administration (FAA) is the largest transportation agency of the U.S. government and regulates all aspects of civil aviation in the country as well as over surrounding international waters. Its powers include air traffic m ...

in 2005 via AC 20-152 as a means of compliance for the design assurance of electronic hardware in airborne systems.AC 20-152
FAA, Office AIR-100, 2007. The guidance in this document is applicable, but not limited, to such electronic hardware items as * Line Replaceable Units (quickly replaceable components) * Circuit board assemblies (CBA) * Custom micro-coded components such as

field programmable gate array A field-programmable gate array (FPGA) is an integrated circuit designed to be configured by a customer or a designer after manufacturinghence the term '' field-programmable''. The FPGA configuration is generally specified using a hardware d ...

s (FPGA),

programmable logic device A programmable logic device (PLD) is an electronic component used to build reconfigurable digital circuits. Unlike digital logic constructed using discrete logic gates with fixed functions, a PLD has an undefined function at the time of manu ...

s (PLD), and

application-specific integrated circuit An application-specific integrated circuit (ASIC ) is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-effici ...

s (ASIC), including any associated macro functions * Integrated technology components such as

hybrid integrated circuit A hybrid integrated circuit (HIC), hybrid microcircuit, hybrid circuit or simply hybrid is a miniaturized electronic circuit constructed of individual devices, such as semiconductor devices (e.g. transistors, diodes or monolithic ICs) and pa ...

s and

multi-chip module A multi-chip module (MCM) is generically an electronic assembly (such as a package with a number of conductor terminals or "pins") where multiple integrated circuits (ICs or "chips"), semiconductor dies and/or other discrete components are in ...

s * Commercial off-the-shelf (COTS) components The document classifies electronic hardware items into simple or complex categories. An item is simple "if a comprehensive combination of deterministic tests and analyses appropriate to the design assurance level can ensure correct functional performance under all foreseeable operating conditions with no anomalous behavior." Conversely, a complex item is one that ''cannot'' have correct functional performance ensured by tests and analyses alone; so, assurance must be accomplished by additional means. The body of DO-254/ED-80 establishes objectives and activities for the systematic design assurance of complex electronic hardware, generally presumed to be ''complex'' custom micro-coded components, as listed above. However, simple electronic hardware is within the scope of DO-254/ED-80 and applicants propose and use the guidance in this standard to obtain certification approval of simple custom micro-coded components, especially devices that support higher level (A/B) aircraft functions. The DO-254/ED-80 standard is the counterpart to the well-established software standard RTCA

DO-178C DO-178C, Software Considerations in Airborne Systems and Equipment Certification is the primary document by which the certification authorities such as FAA, EASA and Transport Canada approve all commercial software-based aerospace systems. The d ...

ED-12C. With DO-254/ED-80, the certification authorities have indicated that avionics equipment contains both hardware and software, and each is critical to safe operation of

aircraft An aircraft is a vehicle that is able to fly by gaining support from the air. It counters the force of gravity by using either static lift or by using the dynamic lift of an airfoil, or in a few cases the downward thrust from jet engine ...

. There are five levels of compliance, A through E, which depend on the effect a failure of the hardware will have on the operation of the aircraft. Level A is the most stringent, defined as "catastrophic" effect (e.g., loss of the aircraft), while a failure of Level E hardware will not affect the

safety Safety is the state of being "safe", the condition of being protected from harm or other danger. Safety can also refer to the control of recognized hazards in order to achieve an acceptable level of risk. Meanings There are two slightly dif ...

of the aircraft. Meeting Level A compliance for complex electronic hardware requires a much higher level of

verification and validation Verification and validation (also abbreviated as V&V) are independent procedures that are used together for checking that a product, service, or system meets requirements and specifications and that it fulfills its intended purpose. These are ...

than Level E compliance.

System aspects of hardware design assurance

The main regulations that must be followed are the capturing and tracking of requirements throughout the design and verification process. The following items of substantiation are required to be provided to the FAA, or the Designated Engineering Representative (DER) representing the FAA: * Plan for Hardware Aspects of Certification (PHAC) * Hardware Verification Plan (HVP) * Top-Level Drawing * Hardware Accomplishment Summary (HAS)

Process overview

Hardware design life cycle

The hardware design and hardware verification need to be done independently. The hardware designer works to ensure the design of the hardware will meet the defined requirements. Meanwhile, the verification engineer will generate a verification plan which will allow for testing the hardware to verify that it meets all of its derived requirements.

Planning process

The planning process is the first step where the design authority (the company who develops the H/W and implements the COTS into its design) declares its approach towards the certification. At this point the PHAC (Plan for H/W Aspects of Certification) is presented to the authorities (EASA, FAA...). In this plan, the developer presents its approach and how DO-254/ED-80 is implemented. The PHAC is submitted as part of the authorities 1st stage of involvement (SOI#1). It is important to note that: *EASA wrote
certification memoranda
to require the use of DO-254 for all complex electronics within a system, stating that all equipment and CBA with a Design assurance classification of A, B, C or D should meet level D objectives for the equipment and CBA, regardless of the DAL of the system or aircraft function. *FAA wrote
Final Report for System-Level Assurance of Airborne Electronic
stating that CBA do not reach a level of complexity that would require such a structured development process to be fully deployed; a verification testing approach is deemed sufficient to providing assurance. For a generic DO-254 based process,
job aid
is provided including the Stages of Involvement (SOIs) defined by FAA on the "Airborne Electronic Hardware Review Job Aid".

Hardware design processes

*Requirements Capture *Conceptual Design *Detailed Design *Implementation *Verification *Transfer to production

Validation and verification process

The hardware requirement validation process provides assurance that the hardware item derived requirements are correct and complete with respect to system requirements allocated to the hardware item. Validation of hardware requirements allocated from system requirements is a system process, rather than a hardware process. As such, hardware requirements that are derived by hardware processes should be identified to system processes for validation against the system requirements. For the purposes of this document's processes, a requirement is complete when all the attributes that have been defined are necessary and that all the necessary attributes have been defined, and a requirement is correct when the requirement is defined without ambiguity and there are no errors in the defined attributes. The

verification Verify or verification may refer to: General * Verification and validation, in engineering or quality management systems, is the act of reviewing, inspecting or testing, in order to establish and document that a product, service or system meets ...

process provides assurance that the hardware item implementation meets all of the hardware requirements, including derived requirements. Methods of verification include qualitative review, quantitative analysis, and functional testing. A widely used industry definition for the difference is: * Validation - designing the right system! * Verification - designing the system right!

Additional considerations

* Configuration Management Process * Process Assurance * Certification Liaison Process * Hardware Design Life Cycle Data * Use of Previously Developed Hardware * Commercial-Off-The Shelf ( COTS) Components Usage * Product Service Experience * Tool Assessment and Qualification * Appendix A. Modulation of Hardware Life Cycle Data Based on Hardware Design Assurance Level * Appendix B. Design Assurance Considerations for Level A and B Functions * Appendix C. Glossary of Terms * Appendix D. Acronyms

Important considerations

*Section 1.6, Complexity Considerations, presents the definition for simple and complex hardware items. *Table 5–1, Typical ASIC/PLD Process Mapping, presents a process mapping very useful for practical application considering the scope of AC 20-152. *Appendix B Design Assurance Considerations for Level A and B Functions - the longest chapter of the document - prepares the future of embedded electronics, paving the way for advanced design and verification methods, well known to the outside world, but fairly new for the avionics industry.

Application to simple electronic hardware

While simple electronic hardware (SEH) is within the scope of DO-254/ED-80, its guidance on the subject has been considered inadequate among applicants seeking certification of simple electronic hardware. The Certification Authorities Software Team published the Position Paper CAST-30, ''Simple Electronic Hardware and RTCA Document DO-254 and EUROCAE Document ED-80'', to provide clarification to the guidance for simple electronic hardware. This clarification was amplified as FAA guidance in FAA Order 8110.105. Essentially, for simple electronic hardware, the verification through “comprehensive combination of deterministic testing and analysis” that justifies the simple classification needs to be defined, performed, and recorded. However, the appropriate "rigor and thoroughness" of that verification depends on the hardware design assurance level. For Level A/B, test coverage analysis should confirm that all nodes and interconnections have been exercised (comparable to DO-178C structural coverage objectives), while for Level C it is only needed to demonstrate correct operation under all combinations and permutations of conditions of applied only to the inputs of the device (black box), and Level D testing can be accomplished through indirect tests applied to the system that has the item installed. If certification as a simple electronic device is sought, minimal documentation still should be submitted. A Plan for Hardware Aspects of Certification (PHAC) should be submitted to communicate the justification and means of certification, and a Hardware Verification Plan should be submitted to communicate the rigor and methods of the deterministic testing and analysis. Hardware Accomplishment Summary should be submitted to show compliance to the PHAC, and a Hardware Configuration Index should be submitted to define the production baseline that is the subject of the Hardware Identification and Compliance Statement in the Hardware Accomplishment Summary.

Resources

* FAR Part 23/25 §1301/§1309 * FAR Part 27/29 *AC 23/ 25.1309-1

Certification in Europe

*Replace FAA with

EASA The European Union Aviation Safety Agency (EASA) is an agency of the European Union (EU) with responsibility for civil aviation safety. It carries out certification, regulation and standardisation and also performs investigation and monitori ...

, JAA or CAA *Replace CFR with CS *Replace AC with AMC (Acceptable Means of Compliance) or AMJ (Advisory Material Joint)

External links

*DO-254 Docs & Papers
AC 25.1309-1A

AC 25.1309-1B

DO-254 In-Hardware Verification Paper from Aldec
**DO-254 Explained https://www.cadence.com/content/dam/cadence-www/global/en_US/documents/solutions/aerospace-and-defense/do-254-explained-wp.pdf
DO-254 Technical Papers from Mentor Graphics
*DO-254 Web Sites **The DO-254 User's Group http://www.do254site.com/ has chapters in the US and in EU. While the charter of this group is not to write a DO-254 “A” standard, participants exchange about needs, usability of emerging technologies, dedicated solutions, training, good practices for expertise, and also provide input to the certification authorities for consideration as means of compliance in addition to the current regulatory materials. The US chapter is Chaired b
Tammy Reeve
President o
Patmos Engineering Services

RTCA.org
is where the publication can be acquired

References

{{DEFAULTSORT:Do-254 Electronic design RTCA standards Avionics