Author: Zhu Yulong
Recently, I attended two design seminars held by NXP, namely “SAFETY CONCEPT FOR HV/LV POWER CONVERTERS” and “FAULT TOLERANT MOTOR CONTROL IN POWERTRAIN APPLICATION”. These two seminars focused on the safety design of powertrain systems for future vehicles with advanced driver assistance systems. This also represents the core view of Europe. As ADAS functions continue to advance, it is necessary to ensure the safety of the design for the vehicle to stop at a safe location.
I do not know how high the cost requirements are for this direction, but this reflects a key design trend in Europe, which is very different from our focus on product cost-effectiveness and extreme design direction.
The definitions of SSL A to SSL G here involve basic requirements for the driving system, steering, and driving, and also define the operating state of the vehicle. If intelligent cars are really to be made like this, the safety design of the internal electric drive powertrain system has also been improved.
Design Requirements of DC-DC
In order to collect a large amount of data from vehicle-mounted cameras and sensors in automatic driving cars, the core computing platform needs to process these data in real time to ensure that the vehicle stays on the right lane and operates safely when traveling to the destination. The entire vehicle computing platform controls communication with the cloud, and adjusts the planning control according to the changing weather and road conditions (such as detours and road debris). Currently, all important perception, processing and execution parts need to implement redundancy of critical mission systems (including power).
Currently, how these safety-related devices handle power supply has become a relatively big problem. There are various options at the board level and system level, but at the system level, it is hoped that the high-voltage-to-low-voltage DC-DC converter has safety redundancy.The Markdown text in English with reserved HTML tags is as below:
The basic architecture of the Fail Safe DCDC:
The design from Fail Safe to Fail Operational is mainly divided into three parts:
- Power stage: change the original power topology to T-shaped structure.
- Measurement stage: adopt an honorable algorithm to realize the acquisition of high and low voltage ends.
- Control level: redundant design around the MCU level.
The idea here is to strengthen a DCDC and strengthen it in all dimensions through functional safety analysis. Of course, I can also use two DC-DC processes or borrow additional power levels in the OBC.
DRIVE SYSTEM
In the design of the driving inverter, the control part mainly covers six parts: high-voltage measurement, motor temperature measurement, motor position measurement, phase current detection, control loop, and power loop. The power and communication parts include low-voltage power supply, high-voltage power supply, and vehicle communication.
### Inverter Link
If we add extra bridges to achieve redundancy, the effect may be better. This design considers the trade-offs between cost and volume.
Summary: We can see that China has taken a leading position in the market. However, our design concepts are significantly different from those of Europe, even in terms of powertrain ideas. Of course, it is not a matter of right or wrong, but rather a choice of design route.
This article is a translation by ChatGPT of a Chinese report from 42HOW. If you have any questions about it, please email bd@42how.com.