QCIMby BTQ
Future release · QCIM Safety RoT

Safety-critical Root-of-Trust.

ISO 26262 ASIL-D · Lockstep · Automotive + aerospace

Safety-critical Hardware Root-of-Trust designed for automotive, aerospace, and high-reliability applications. Redundant logic, fault tolerance mechanisms, and comprehensive diagnostics ensure cryptographic workloads work at the reliability levels required by safety-critical systems.

Status
Future release
Safety target
ASIL-D
MTBF
>100k hr
Aerospace
DO-178C
Configuration overview

Safety + security in one IP block.

    01

    ISO 26262 ASIL-D ready.

    Designed to meet the highest automotive functional safety integrity level requirements.

    Architecture follows ISO 26262 Part 5 development process with documented safety analysis, FMEA, FTA, and verification artifacts.

    ASIL-DSafety target
    02

    Fault tolerance mechanisms.

    Comprehensive fault detection, isolation, and recovery with continuous diagnostics.

    Cryptographic operations meet safety integrity requirements through dual lockstep execution, memory ECC with scrubbing, and continuous self-test.

    >99%Fault coverage
    03

    Redundant logic design.

    Dual redundant execution paths with comparison logic.

    Enables safe operation of trusted programs and cryptographic workloads in safety-critical environments where single-fault tolerance is required.

    LockstepArchitecture
Target applications

Where QCIM Safety RoT ships.

Automotive Safety Systems

ADAS, autonomous driving, and vehicle safety ECUs requiring ASIL-D level security.

  • · Autonomous driving controllers
  • · ADAS security modules
  • · Vehicle gateway ECUs

Aerospace & Avionics

Flight control, navigation, and mission-critical aerospace systems.

  • · Avionics security modules
  • · Flight control systems
  • · Satellite secure processors
Safety & security features

Detection, response, security, compliance.

Fault Detection
  • Dual lockstep execution
  • Memory ECC with scrubbing
  • Watchdog timers
  • Clock monitoring
  • Voltage / temperature sensors
Fault Response
  • Safe state transitions
  • Fault logging and reporting
  • Graceful degradation
  • Emergency shutdown
  • Diagnostic self-tests
Security Features
  • Secure boot with redundancy
  • Anti-tamper with safety response
  • Cryptographic self-tests
  • Key backup and recovery
  • Secure firmware updates
Safety Compliance
  • ISO 26262 ASIL-D design
  • DO-178C Level A ready
  • IEC 61508 SIL 3
  • Safety manual included
  • FMEA documentation
Estimated performance

Performance includes safety mechanism overhead.

Throughput (Target)
RSA-2048 Sign
150+ ops/sec
ECDSA P-256
400+ ops/sec
AES-256
80+ MB/s
Resource usage (Est.)
LUTs
~15,000
BRAM
192 KB
Power
<300 mW
Reliability
Fault coverage
>99%
MTBF
>100k hours
Safe failure
>90%

· Performance includes safety mechanism overhead. Specifications subject to safety analysis validation.

Safety analysis & documentation

The safety case, packaged for integrators.

    01

    ISO 26262 development process

    Complete development following ISO 26262 Part 5 (Hardware Development) with comprehensive safety analysis, FMEA, FTA, and verification artifacts.

    02

    Safety manual & integration guide

    Detailed safety manual with ASIL decomposition, safety requirements, integration constraints, and diagnostic coverage analysis for system integrators.

    03

    Certification support

    Complete certification package including safety case, compliance matrix, test reports, and engineering support for customer-specific certification needs.

Target certifications
Functional safety standards path

  • ISO 26262

    ASIL-D ready for automotive safety

  • DO-178C

    DAL A for aerospace applications

  • IEC 61508

    SIL 3 functional safety

Safety-critical applications.

Contact our safety engineering team to discuss functional safety requirements and certification roadmap.

Contact safety engineeringCompare configurations