DO-254 — Design Assurance for Airborne Electronic Hardware
DO-254 (RTCA DO-254 / EUROCAE ED-80), titled “Design Assurance Guidance for Airborne Electronic Hardware,” is the internationally recognized standard for developing complex electronic hardware installed in aircraft and airborne systems. It is the hardware counterpart to DO-178C (software) and is required by aviation authorities EASA (Europe), FAA (USA), and Transport Canada for airworthiness certification.
Key Facts
| Detail | Information |
|---|---|
| Full title | Design Assurance Guidance for Airborne Electronic Hardware |
| Published by | RTCA (US) / EUROCAE (Europe) |
| EASA reference | AMC 20-152A |
| Applies to | Complex electronic hardware: FPGAs, ASICs, CPLDs, and custom SoCs |
| Not for | Simple COTS ICs (managed under DO-160 environmental testing) |
| Complementary standard | DO-178C (airborne software) |
Design Assurance Levels (DAL)
DO-254 defines five Design Assurance Levels based on the severity of failure:
| Level | Failure Condition | Examples | Rigor |
|---|---|---|---|
| DAL A | Catastrophic | Flight control computers, primary navigation | Highest — formal methods encouraged |
| DAL B | Hazardous | Engine control (FADEC), auto-flight systems | Very high — independence required |
| DAL C | Major | Communication systems, weather radar | High — structured coverage |
| DAL D | Minor | Cabin lighting, entertainment systems | Moderate |
| DAL E | No effect | Non-safety display elements | Minimal — documentation only |
Most FPGA designs for avionics target DAL A or DAL B, which require the most rigorous verification, configuration management, and independent review.
DO-254 Process Lifecycle
DO-254 follows a V-Model structure with four core processes:
1. Planning Process
- Plan for Hardware Aspects of Certification (PHAC) — The primary planning document.
- Hardware Design Plan — Coverage objectives, tools, and configuration management.
- Hardware Verification Plan — Test strategies, coverage metrics, review procedures.
2. Design Process
- Requirements capture and traceability
- Conceptual design (architecture, partitioning)
- Detailed design (RTL, schematics)
- Implementation (synthesis, place & route, PCB layout)
3. Verification Process
The most demanding phase, requiring:
| Activity | DAL A/B | DAL C | DAL D |
|---|---|---|---|
| Requirements-based testing | Required | Required | Required |
| Structural coverage analysis | Required | Required | Not required |
| Robustness testing | Required | Recommended | Not required |
| Timing analysis | Required | Required | Required |
| Tool qualification | Required | Conditional | Not required |
4. Configuration Management
- Version control of all design data (RTL source, constraints, testbenches)
- Problem reporting and change impact analysis
- Baseline establishment at each lifecycle phase
DO-254 for FPGA Development
For FPGA-based avionics hardware, DO-254 imposes specific requirements:
- No unverified third-party IP — All IP blocks must be fully verified to the target DAL.
- Synthesis tool qualification — Tools must be qualified or their output independently verified.
- Netlist-to-RTL traceability — Ensuring synthesis faithfully represents the RTL intent.
- Errata management — FPGA vendor errata must be tracked and mitigated.
- Environmental qualification — Per DO-160G for temperature, vibration, altitude, EMI.
Common Challenges
- Verification cost — DAL A/B verification can consume 60–70% of total project effort.
- Tool qualification — Synthesis and simulation tools must meet DO-330 objectives.
- COTS device management — Using commercial FPGAs requires errata tracking and lifecycle planning.
- Retrofit projects — Applying DO-254 to legacy designs (reverse engineering existing hardware).
Related Terms
- FPGA — The primary target device for DO-254 certified designs.
- V-Model — The methodology mandated by DO-254.
- RTL Design — The implementation phase of DO-254 compliant hardware.