Achieving full ASIL-B level functional safety (FuSa) for Automotive Clusters

Traditionally, automotive cluster modules have not placed strong emphasis on functional safety (FuSa) measures for capturing and displaying data. Most cluster components are developed with a focus on Quality Management (QM) levels, and proprietary implementations are often used without adhering to standardized safety approaches. This paper highlights the need to bring certain cluster components under an Automotive Safety Integrity Level B (ASIL-B) context, proposing a standardized and structured methodology for their development — particularly by adopting Classic AUTOSAR frameworks. Several critical components within the cluster demand FuSa mechanisms to ensure reliable and safe operation. These components should be designed to comply with key safety principles, including freedom from interference, execution under privileged levels, and integrity verification. The FuSa goals for these components also extend to their configuration management and update strategies within the cluster system. Integrating AUTOSAR with Graphics Libraries or Tools (such as Qt or OpenGL) and deploying them over a Secure Operating System (OS) enables not only compliance with FuSa requirements but also provides a standardized foundation for communication, error handling, cybersecurity, and other essential AUTOSAR services. This structured approach promotes the establishment of industry best practices for achieving FuSa compliance in cluster modules. The end-to-end safety assurance begins from the moment a signal is received to its ultimate display on the screen. Application logic runs as Software Components, with the Graphics Library encapsulated as a Complex Device Driver (CDD). Critical signals and Protocol Data Units (PDUs) are safeguarded through end-to-end protection mechanisms, while Safe RTE (Runtime Environment) ensures strict isolation and no mixing of safety-critical and non-safety signals. Furthermore, cluster components are executed at distinct privilege levels within a safe and protected memory area also by explicitly assigning certain display hardware resources to ASIL. This design approach avoids interference, ensuring that safety-critical information is reliably displayed without compromise.