DO-254 (Hardware Design Assurance)

The primary guidance document for design assurance of airborne electronic hardware, including complex programmable hardware devices such as FPGAs, ASICs, PLDs, and complex COTS components. DO-254 defines a hardware design lifecycle similar in structure to DO-178C's software lifecycle, including planning, requirements capture, conceptual design, detailed design, implementation (synthesis, place-and-route), verification, configuration management, and process assurance. The objectives scale based on the hardware Design Assurance Level (DAL A through E). DO-254 applies specifically to complex electronic hardware; simple hardware items may be addressed through conventional quality assurance processes.

The primary guidance document for the design assurance of airborne electronic hardware (such as FPGAs, ASICs, and complex circuit board assemblies), jointly published by RTCA (as DO-254) and EUROCAE (as ED-80). DO-254 establishes objectives for hardware planning, design, validation, verification, configuration management, and process assurance, organized by Design Assurance Level. It provides the hardware counterpart to DO-178C's software assurance framework.

The EUROCAE publication of the hardware design assurance guidance document that is technically identical to RTCA DO-254. ED-80 is referenced by EASA as the acceptable means for complex airborne electronic hardware design assurance. All technical content, objectives, and guidance are identical to DO-254.

Electronic hardware items (circuit board assemblies, components, programmable logic devices, and associated wiring) that perform functions in airborne systems or equipment. AEH is distinct from software and is subject to its own assurance processes under DO-254/ED-80.

Airborne electronic hardware whose function can be fully verified through deterministic testing alone, without requiring the full DO-254 design assurance process. Simple hardware items have limited functionality and their correct behavior can be assured through comprehensive testing of all operational conditions.

Airborne electronic hardware whose function cannot be fully verified through deterministic testing alone due to the complexity of its design, the presence of programmable logic, or the impracticality of exhaustive testing. Complex hardware requires the full DO-254 design assurance lifecycle.

A general category of integrated circuits whose logic function is defined by the user after manufacture through programming rather than during the semiconductor fabrication process. PLDs include SPLDs (simple PLDs such as PALs and GALs), CPLDs, and FPGAs.

A programmable logic device consisting of multiple programmable logic array blocks interconnected through a centralized switch matrix. CPLDs provide deterministic timing, non-volatile configuration storage, and moderate logic capacity, making them suitable for glue logic, bus interface, and control applications in avionics.

A programmable logic device containing an array of configurable logic blocks (CLBs) interconnected through a programmable routing fabric, with configuration typically stored in volatile SRAM cells loaded at power-up from external non-volatile memory. FPGAs provide high logic density, parallel processing capability, and in-field reconfigurability.

An integrated circuit designed and manufactured for a specific application, with the logic function permanently defined during the fabrication process. Unlike FPGAs, ASICs cannot be reprogrammed after manufacture. ASICs include full-custom designs, standard-cell designs, and gate-array-based implementations.

A pre-designed, reusable block of logic, cell, or chip layout design that is the intellectual property of one party and can be integrated into a larger hardware design. IP cores are categorized as soft cores (synthesizable HDL), firm cores (optimized netlist), or hard cores (physical layout). In avionics, IP cores may be vendor-supplied or developed in-house.

Previously developed hardware design elements, including HDL modules, schematics, or IP cores, that are incorporated into a new hardware design. Reuse may involve using the design in a new application context, a different technology (e.g., migrating from one FPGA family to another), or a different design assurance level.

The set of documented conditions, capabilities, and constraints that the hardware item must satisfy, derived from system-level requirements through the system safety and requirements allocation processes. Hardware requirements include functional requirements, performance requirements, interface requirements, environmental requirements, and safety requirements allocated from the system level.

Requirements that arise from the hardware design process itself and are not directly traceable to higher-level system requirements. Derived requirements emerge during conceptual design, detailed design, or implementation when design decisions introduce additional requirements that were not anticipated at the system level.

The documented association between hardware requirements, design elements, implementation artifacts, and verification activities throughout the DO-254 lifecycle. Traceability demonstrates that every requirement has been implemented in the design and verified, and that every design element and verification activity traces to a requirement.

A verification method using computer-based models to evaluate the behavior of a hardware design against its requirements before physical implementation. For programmable logic, simulation typically involves functional simulation of HDL code, timing simulation with back-annotated delays, and system-level simulation of the integrated design.

An analytical verification method that evaluates hardware circuit performance under the most adverse combination of operating conditions, component tolerances, and aging effects. WCA encompasses worst-case circuit analysis (WCCA), thermal analysis, power analysis, timing analysis, and signal integrity analysis.

A structured evaluation of hardware design data by qualified reviewers to assess correctness, completeness, compliance with requirements, and conformance to applicable standards. Reviews are applied throughout the DO-254 lifecycle to requirements, conceptual design, detailed design, implementation data, and verification results.

Physical testing of the manufactured hardware to verify that it meets its requirements and performs correctly under specified operating conditions. Hardware testing includes unit testing of individual components or modules, integration testing of assembled hardware, and environmental testing across the specified operating envelope.

The process of evaluating electronic design automation (EDA) tools used in the DO-254 hardware lifecycle to determine whether their output can be trusted without independent verification, or whether additional measures are needed to mitigate tool-related risks. Tool assessment considers the tool's potential to introduce errors and the ability of subsequent activities to detect such errors.

The primary planning document for DO-254 hardware certification, establishing the agreement between the applicant and the certification authority on the hardware design assurance approach. The PHAC identifies the hardware items requiring design assurance, their design assurance levels, the lifecycle processes to be applied, the standards and guidance to be followed, and any deviations or alternative methods of compliance.

The final summary document for DO-254 hardware certification, providing evidence that all planned hardware design assurance activities have been completed and that the hardware item satisfies its requirements and is safe for its intended function. The HAS is submitted to the certification authority as part of the final certification data package.