Digital Device Architecture and the Safe Use of Flash Devices in Munitions by Katz, Richard B. et al.
“Digital Device Architecture and the Safe Use of Flash Devices in Munitions” 
1 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
https://ntrs.nasa.gov/search.jsp?R=20170004555 2019-08-29T22:44:09+00:00Z
“Digital Device Architecture and the 
Safe Use of Flash Devices in 
Munitions” 
Rich Katz (NASA) 
David Flowers (DMEA) 
Keith Bergevin (DMEA) 
Contact Information: 
richard.b.katz@nasa.gov 
david.flowers@dmea.osd.mil 
keith.bergevin@dmea.osd.mil 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
2 
Abstract 
 Flash technology is being utilized in fuzed munition applications and, 
based on the development of digital logic devices in the commercial world, usage of 
flash technology will increase.  Digital devices of interest to designers include flash-
based microcontrollers and field programmable gate arrays (FPGAs). 
 
 Almost a decade ago, a study was undertaken to determine if flash-based 
microcontrollers could be safely used in fuzes and, if so, how should such devices be 
applied.  The results were documented in the “Technical Manual for the Use of Logic 
Devices in Safety Features.” 
 
 This paper will first review the Technical Manual and discuss the rationale 
behind the suggested architectures for microcontrollers and a brief review of the 
concern about data retention in flash cells.  An architectural feature in the 
microcontroller under study will be discussed and its use will show how to screen for 
weak or failed cells during manufacture, storage, or immediately prior to use.  As was 
done for microcontrollers a decade ago, architectures for a flash-based FPGA will be 
discussed, showing how it can be safely used in fuzes.  Additionally, architectures for 
using non-volatile (including flash-based) storage will be discussed for SRAM-based 
FPGAs. 
3 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Outline 
• Fuze engineering working group discussions 
– Technologies for logic devices (antifuse, EEPROM, Flash, etc.) 
• Example (non-DoD): EEPROMs and Single Board 
Computers 
• Technical Manual criteria for use of Flash/EEPROM 
• µController architectures 
• FPGA Architecture and Capabilities for flash cell 
validation 
• Performance characterization 
4 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Logic Device Technology 
From DoD Fuze Engineering Standardization Working Group, “Technical Manual for the Use of Logic Devices in 
Safety Features,” March 8, 2011. 
SF: Safety Feature 
5 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
A Typical µP-Based Computer 
µP 
EEPROM RAM I/O 
Not a recommended architecture. 
6 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
7 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
8 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
A Typical µP-Based Computer 
µP 
EEPROM RAM I/O 
Not a recommended architecture. 
Checksum/Boot Code 
9 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Memory Validation Required 
From DoD Fuze Engineering Standardization Working Group, “Technical Manual for the Use of Logic Devices in 
Safety Features,” March 8, 2011. 
10 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Memory Validation:µC Example 
From DoD Fuze Engineering Standardization Working Group, “Technical Manual for the Use of Logic Devices in 
Safety Features,” March 8, 2011. 
11 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
SmartFusion2 FPGA Architecture 
From Microsemi documentation. 
12 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Smartfusion2 Fabric Configuration and eNVM 
(non-volatile memory) Integrity Tests 
From Microsemi documentation. 
13 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Smartfusion2 Integrity Check 
(Power-up Digest Check) 
From Microsemi documentation. 
14 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Smartfusion2 Integrity Check 
(Power-up Digest Check) 
15 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
System Controller Checks Data Integrity 
From Microsemi documentation. 
16 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Summary of Test Results 
• Testing smartfusion2 devices for start up time with flash cell checking on startup. 
– Using on-chip 50 MHz RC oscillator driven off-chip as the device start indicator. 
 
– Devices: 
• M2S005S:     6,060 Logic Elements, 128 kbytes ROM 
• M2S010TS: 12,084 Logic Elements, 256 kbytes ROM 
• M2S025TS: 27,696 Logic Elements, 256 kbytes ROM 
• M2S090TS: 86,315 Logic Elements, 512 kbytes ROM 
 
– No checks enabled: start time < 1 ms 
• Used 50 μs start time in device settings (this is a programmable value) 
 
– Fabric: flash cell checking enabled 
 
– NVM (non-volatile memories in on-chip computer): 
• Measured start times for 16k, 32k, 64k, 128k, 256k, and 512k memory sizes (size is programmable) 
 
– Preliminary Results for Fabric Checking (NVM Checking Disabled): Logic size vs. start time 
• M2S005S:      544 ms 
• M2S010TS:    897 ms 
• M2S025TS: 1,291 ms 
• M2S090TS: 2,530 ms 
17 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Typical Measurement Scheme 
Ch 2: 50 MHz Oscillator 
Ch 1: Vcore (1.2V) 
18 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
M2S090TS Measurement Scheme 
Ch 1 is devrst_n 
Ch 2: 50 MHz Oscillator 
19 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
01000
2000
3000
4000
5000
0 10 20 30 40 50 60 70 80 90 100
St
ar
t 
Ti
m
e
 (
m
s)
 
Number of Logic Elements (in thousands) 
Smartfusion2 Start Time with Flash Cell Checking 
June 25, 2016 
Fabric Check
+16K ROM
+32K ROM
+64K ROM
+128K ROM
+256K ROM
+512K ROM
20 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
0500
1000
1500
2000
2500
3000
0 5 10 15 20 25 30
St
ar
t 
Ti
m
e
 (
m
s)
 
Number of Logic Elements (in thousands) 
Smartfusion2 Start Time with Flash Cell Checking 
June 25, 2016 
Fabric Check
+16K ROM
+32K ROM
+64K ROM
+128K ROM
+256K ROM
+512K ROM
Zoomed in view 
21 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
01000
2000
3000
4000
5000
6000
0 50 100 150 200 250 300 350 400 450 500 550 600
St
ar
t 
Ti
m
e
 (
m
s)
 
NVM Size (kbytes) 
Smartfusion2 Start Time with  Flash Cell Checking 
June 25, 2016 
M2S005S
M2S010TS
M2S025TS
M2S090TS
22 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
01000
2000
3000
4000
0 50 100 150 200 250 300
St
ar
t 
Ti
m
e
 (
m
s)
 
Testing Fabric and ROM NVM Size (kbytes) 
Smartfusion2 Start Time with  Flash Cell Checking 
June 25, 2016 
M2S005S
M2S010TS
M2S025TS
M2S090TS
Zoomed in view 
23 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
System Controller Clocked by RC Oscillator 
From Microsemi documentation. 
24 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
RC Oscillator Specification 
From Microsemi documentation. 
25 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
1930
1940
1950
1960
1970
1980
1990
2000
-75 -50 -25 0 25 50 75 100 125 150
St
ar
t 
Ti
m
e
 (
m
s)
 
Temperature (°C) 
Start Time for M2S010TS 
Flash Cell Check of Fabric and 256 kbytes of ROM 
June 30, 2016   
26 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
-2.0
-1.5
-1.0
-0.5
0.0
0.5
1.0
1.5
2.0
-75 -50 -25 0 25 50 75 100 125 150
St
ar
t 
Ti
m
e
 (
%
 C
h
an
ge
 f
ro
m
 2
5
 °C
) 
Temperature (°C) 
Start Time for M2S010TS 
Flash Cell Check of Fabric and 256 kbytes of ROM 
June 30, 2016   
27 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
Upcoming Work 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
28 
From Microsemi documentation.  UG0443, Rev. 8, July 2016. 
Conclusion 
• Appears Technical Manual criteria for validating configuration memory in 
flash-based FPGAs can now mostly be met. 
– FPGA includes a µP, flash and RAM memories, and peripherals 
– Comparison done in a separate internal section but not an external device. 
– Next year’s work to investigate exporting checksum for external comparison. 
 
• Stronger validation check then notional µController architecture 
– µController architecture relies on small amount of flash being functional for 
small memory scanning/CRC calculating software routine. 
– Time for validation is not specified by manufacturer. 
 
• Validation time dependent on: 
– Size of FPGA “fabric” (logic area) 
– Amount of non-volatile memory used in the application. 
– Frequency of on-chip ring oscillator. 
29 
60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
References 
• “Long Term Data Retention of Flash Cells Used in Critical Applications,” K. Bergevin, R. Katz, and D. 
Flowers, 58th Annual Fuze Conference, July 7-9, 2015, Baltimore, MD. 
 
• “Viability of New COTS Technologies in Future Weapon Systems,” J. Marchiondo, et. al, Sandia 
National Labs, September 2010. 
 
• “High Reliability FPGAs in Fuze and Fuze Safety Applications,” O’Neill, K., 59th Annual NDIA Fuze 
Conference, May 3-6, 2016, Charleston, South Carolina. 
 
• “An Evaluation of Flash Cells Used in Critical Applications,” R. Katz, D. Flowers, and K. Bergevin, 59th 
Annual Fuze Conference, May 3-6, 2016, Charleston, South Carolina. 
 
• “Analysis & Recommendations for the Implementation of Flash Devices in Safety-Critical 
Applications,” D. Flowers, and K. Bergevin, 59th Annual Fuze Conference, May 3-6, 2016, Charleston, 
South Carolina. 
 
• “Environmental Effects on Data Retention in Flash Cells,” R. Katz, D. Flowers, and K. Bergevin, 60th 
Annual Fuze Conference, May 9-11, 2017, Cincinnati,  Ohio. 
 
• “Advanced Analysis Techniques for the Implementation of Flash Devices in Safety-Critical 
Applications,” D. Flowers, K. Bergevin, K. Islam, and M. Demmick, 60th Annual Fuze Conference, May 
9-11, 2017, Cincinnati,  Ohio. 
 
• DoD Fuze Engineering Standardization Working Group, “Technical Manual for the Use of Logic 
Devices in Safety Features,” March 8, 2011. 
 
 
 
 
 
30 60th Annual Fuze Conference, May 9-11, 
2017, Cincinnati,  Ohio. 
