 Good evening, everyone. I will not take speaker time away, and we are starting on time. I would like to introduce you to our next speaker, Mark John Bestian. He is an experienced software engineer working in embedded systems. And he will tell us about concepts of hardware development and control in his talk, Radio Cheaps and Failure Modes, War Radio Spectrum Domination Through Silicon Control. Give a big applause to our next speaker, Mark John Bestian. Hello, welcome, everybody. Yeah, we'll give a quick outline about several things which I've experienced the last decade on embedded software development. We'll give a very quick overview about SPI signals. Maybe many people are known with those interfaces. It's been used a lot on the board itself. Talk a little bit about the role of patents in semiconductor and IP licensing. Actually, my name appears on a few patents, not related to radio, by the way. But there are a few concepts there that you have to understand while debugging hardware. We'll give one example, because it's very simple and analog, about the extension of the USB protocol. It's already very old. And after that, it will move into real radio chips, RF protocols, and specifically Direct Secret Spread Spectrum, one of the modulation ports that's used both in GPS and the variant of it as well in Wi-Fi. And after that, I will give a few remarks about things which you can do as an embedded developer to ensure success of your product. So maybe people have seen this. This is a screenshot from SLI as Logic Analyzer. You see here a very simple system with a rising clock edge. And on the bottom, you will see the digital signal and the dead-scene code to C7 hexadecimal. It's very simple. This is on one platform. And then on another hardware platform, if you try to output the same signal with a specific mode of that chip, then you'll obviously see this. And this is very interesting. Here we see five clock cycles with the same result. There's still C7. There's a lot of time without any clock cycles. And then all of a sudden, you see three bits. This is very curious. How could that happen? Well, I was looking into this. And, well, how can you develop silicon which outputs these patterns in a simple way? And what I have found is this, transaction level modeling. You can make a model of all the transactions that are being passed over SPI bus. For example, on an SPI flash chip read, write, and erase, those are separate commands. After that, there comes an address and a few other parameters. You can determine which patterns and sequence are normal. And you can see which patterns might need to be transformed. Then you can modify the confidence transaction that happens actually inside this silent period. And then you can, well, during that time, you have to hold back the clock that outputs this SPI transactions. And, well, you have to also optimize that logic. So we need a hardware proxy. You have to make specific RTL to actually, well, reduce the number of gates that are being used. And then you're having a successful hardware proxy. Well, what you can do with that, you can, for example, enforce a protocol license or a proprietary extension that needs to be part of a software that runs on this chip in order to make it all work. Yeah, well, why would you do that? Indeed, implement an extension or a variant of an existing protocol, enforcing licensing terms of revenue over specific software that you need to put on that sock to actually make it work properly. And also to maintain vendor control, so that's the chip vendor, of a software-updateable hardware platform. Well, software-updateable hardware platforms are everywhere. I mean, everybody here on the camp got their own one. It's a very nice one. It has both a USB interface and a Wi-Fi interface. And it would be nice if you can update your software, which you built or completely yourself, both Wi-USB and Wi-Fi. Yeah, well, for patents, I will give you a small example. Well, USB shareable bus is very well known. Billions of connectors. It's the best computer standard, well, I think of the whole computer industry, thanks to Apple and Microsoft, well, pushing that thing in the late 90s. The tests of the USB protocol are very well-specified, the USB IF. Back in the days, early USB days, I think it was Brad Hossler, who actually specified that. So electrical specification, the rise times of cables, control impedance traces, all this part was very well-specified and a romantic test available to really make sure that the USB became the most interoperable standard. Protocol test software is also freely available. There are many virtual machines and other ways to actually monitor on the host controller level or actually operating system level. But there's also a lot of hardware analyzers. For example, there is Alice in Switzerland, who is making lots of USB analyzers, which can decode almost all aspects of all the traffic over USB bus without actually interfering with the timing of the USB itself. So that's very important, because if you're deep into pieces of hardware talking together, well, you also want to make sure there's no nothing interfering with the timing to make sure you're not interfering with the process. But nevertheless, there are proprietary extensions, also USB. This is a proprietary extension that I found back in, well, was early, late around 2009. And the patent itself came from, was filed, I think, in 2005. There are several versions of the patent. Well, you can look it up. It will be in the next sheet. USB exists of two lines, basically, or four lines. One pair is power, five-fold, and ground. And the other one is differential, D plus and D minus. That's a 19 ohm differential pair. There are a few points in the protocol where the signal is not differential, but it becomes single-ended. That's during the end-of-packet symbol. And during a bus reset. And the bus reset is used for speed negotiation. So if you want to go for USB 1, then it's 12 megabits, or sometimes four megabits. If you depending on which line you pull up, that's a device. And for higher speed, you need different line drivers that drive more current through the bus. And there's a special protocol that's being played during that reset. The threshold voltages for those things are also very well-specified. But you can create additional threshold voltages, and that was made into a patent. This is a patent. I will not mention too many names in here, but there is a patent number here on the side, which you can look up, and then you can find all the names. But while this is on the left, you see the scale. There's 3.3 volts, 1 volt. And then that is not completely linear in the bottom. So there's 130 millivolts and 100 millivolts. And the difference of that is actually being used to signal or do a secret handshake between host controller and the device, which is quite curious. But it also means that if you have, for example, different length of cable or different thickness, you might have an influence on the result of that speed negotiation or the reliability of your device. So that's a very interesting patent. And if you see intermittent issues with USB, well, you might actually think, well, maybe I should use a shorter USB cable just to get things working. Well, and the host controller itself is also mentioned. Well, this is a later version of the patent. And here you see, well, the host controller itself says here, we'll select a lower zero-voltage threshold. So the op-amp protection has to compare the voltages. Will is actually being influenced here. Well, now let's go to the radio chips, because, well, there's nothing more analog than a radio single. Well, what is all in the radio chip that might not be completely known to everybody? There are many things there. There's low noise amplifiers. Sol filter, this is a surface acoustic wave that's a very narrowband filter, which is mainly, for example, used in GPS receivers. There are modulators, voltage-controlled oscillators, phase lock loops, and phase detectors. Well, that's all through creating a beautiful, clean carrier wave or local oscillator. There's analog device or analog to digital and DA converts, of course, which you also find in sound cards, except in radios. Usually, they have much more bandwidth. I mean, audio card stops at, well, 192 kilohertz. And AD converts and DA converters, which you can find in Wi-Fi transceivers, then can go up to 200 mega-sambles per second today. So those are significant bandwidths, which produce also a lot of data. I mean, if you get a 14-bit AD or a DA converter, those things can generate 800 megabytes per second, which is a bit difficult to process in software. But you can do it in hardware. Because you have all the multipliers close by. And, well, that comes all. There's also other analog things, very old ones. There's a bank and reference. That's something to get a stable voltage for all the other analog parts. Crystal drivers, that's something which is used as a power control. Because crystal takes power. Good clocks also take quite a bit of power. And you all you want to have some choice in that. So that's also the reason the power consumption to having a 32 kilohertz and, well, a tens of megahertz clock in your chip. And those crystals are being turned on and off all the time just to conserve power. There's automatic gain control. That's basically analog amplifier or voltage gain amplifier. There are power amp controllers for all, if you want to transmit also with it. There are specific drivers which actually push in enough current in it. And there's lots of interfacing circuitry for your analog sections. So, well, these are all things which are usually abstracted by many people that develop device drivers. But that's all part of the chip. And there's a lot of IP in this area. Then we have the digital section. Well, typically, it's all done in the CMOS process. There's preamble detection, the clock recovery. Demodulation and modulation, well, those things for data signaling can usually be done all in digital hardware. Well, preamble detection is usually kind of a correlator-like approach. So if you use a correlation process, that way you can easily track, well, what is this packet for me? Or is it just noise, which is found on the radio? Well, the clock generation and modulation, well, sometimes you need to have a calculated clock offset. Well, for that, you also have to do some calculations. Well, the modulator and power amp control, that's power amp control, digital pre-distortion, envelope tracking, those are things very specific for transmission. And these are also made to actually make the hardware as cheap as possible. Because, well, a power amp in a mobile phone, you only have a 4.2 voltage of the lithium-ion battery. And you want to put as much power of that into your antenna. And for that, you need some local optimizations to actually push this amplifier into distortion. It's a bit like a Gitter amplifier. If you push it into distortion, it sounds much nicer. But for digital communications, that's not good. Because if you get distortion, you get more harmonics. And your signal is not, your system is not linear anymore. So you have to pre-distort it. And then, well, you get a more linear output. And that way, you get a better output. Yeah, there's some audio code action, encryption, acceleration as well. Well, this is then a few things that you will also find in the radio chips. I will skip a bit through this. Because, well, this is all about removing DC components, analog transceivers. You cannot send a very long one string to them. They will need some 1 to 0 transitions to recover the clock and keep synchronized with the receiver synchronized with the transmitter. Same you find the P-Share Express, which is also serial signal, which such as similar properties. Oh, yeah, and you also get a few K symbols. So if you program FPGA, you also have serdes interfaces. And there you have actually access to all the K symbols, which are inside those things. So that's always very nice to actually look into both the specification of the protocol and the specification of the FPGAs if you can actually accommodate all those protocols. Yeah, then there's a lot of software in the radio based band, all about power management. So we want to spend as much time in low power modes, just turn off the clocks, turning off low noise amplifiers. Those things are all very, quite power hungry. Oh, yeah, and you also want to reduce leakage current. Of course, while modern chips giving so much logic that the total amount of leakage current of those orders, this big plane of CMOS logic, is getting significant. So in that case, you also want to power off parts of that as well. Yeah, well, then the radio IP. Well, just like you saw in USB, in the radio IP, there will also be proprietary extensions. Sometimes those extensions do not provide a clear benefit. But sometimes you just must license additional things just to get that part of the radio working. Plant obsolescence is also an issue, of course, for all the many consumer electronics while having those kind of things in there, just having a little bit slower of all the protocols. So it breaks a bit of compatibility. And yeah, then I give you new licensing terms of software. And then I'll provide a quick simple example for radios. Well, GPS is, I think, the most compatible radio system ever invented, I think. It was designed by the US Air Force. It was a very nice system. It's an open specification, thanks to Ronald Reagan's response to our Cold War incidents. So yeah, I think that's very, very beneficial for everyone and also a big market for consumer applications. Everyone with GPS can determine their own location. You don't have to reveal it to others. You just have to, well, measure all the clocks of all the ones. And it's also very power efficient. I mean, every power, if you look only at the L1 band, there's around 27 watts per satellite beaming to Earth. So in total of 24 satellites, there's around 400 watts of power being beamed up to Earth. And with that amount of power, you can, everybody on Earth can determine their own location. It's a very good, cool feature. Receive level on Earth is then very low. I mean, most Wi-Fi receivers, you're having a level of minus 100 dBm, which is basically the noise floor. On GPS, it's minus 128 dBm. And the only way you can receive that signal is by just generating the same signal and then correlating it with the noise you receive. And then you get a correlation peak. And at the correlation peak, you can track. That system is called CDMA or DSSS. Well, the term CDMA isn't a bit confusing in the US, because CDMA is also a mobile phone standard there. The direct sequence spread spectrum is, I think, the best specification for such kind of modulation. Well, GLONASS is a Russian system. Well, you have your own frequency. Well, that's completely independent. And you see also our nations making their own navigations. For example, AU has a Galileo, which is using exactly the same frequency. And that's also a nice property of DSSS. You can put multiple signals in the same frequency and then still receive them all at the same time, just by the power of correlation. You should not put too many in there. But well, if you have good negotiations, then that should all work. Yeah, well, the most common GPS band is the L1. It's 1575.42 megahertz. It's around 5 megahertz wide. It must be very quiet. So yeah, you don't want to have too many mobile phones transmitting in the frequency in a few megahertz within that frequency. There are satellite phones, which are a little bit below it. Well, that's about it. And almost everybody will use only the L1 band. And yeah, the other nice thing about CDMA and DSSS is they are relatively resistant to CW interference. CW stands here for carry wave. So it's a strong genocidal signal. For example, a sideband of a transmitter on the lower band, which can interfere with a GPS signal. Yeah, well, to actually make the correlation work better, there's also CW filters in most digital hardware that uses DSSS. But its output is usually not output to the end user. So there are some tracking and filtering for it. But usually it's not output to the user. Of course, you can use open source hardware. And there's a receiver from SwiftNet which actually uses FPGA for the correlation and a Maxima reference for digitization. And then you can actually program that stuff yourself. You also need a specific ADC. Well, it needs to be having a one or two bit resolution with well-defined levels. So yeah, the decision between what is a 1 and a 0, it's much more well-defined on those low resolution ADCs than on the higher precision ones. And you also need a very stable clock, because well, you have to generate exactly the same clock as used at the GPS receiver satellite to actually generate the signal and do the correlation. And you have quite a long integration time. So during the correlation time, you have to make sure this clock stays aligned with the other clocks. Well, the way to actually make a GNSS or Global Navigation Satellite Systems like GPS, Galileo, Baidu, GLONUS, well, you can track and log CW interference yourself. You can implement your own correlators and trackers. Well, you can, for example, also track direct and reflected signals from, because well, modern receivers, they can trace the GPS signals down to 160 dBm, minus 161 dBm. So there is quite a lot of range also getting, well, track and reflected signal. That's possible these days. You can also use SDRs with more precise clocks. There's lots of open source software available. A nice thing is also you can calculate your own clock offset. And with that, you can make your own time receiver. For example, there are special OCXOs, which you can then control by a GPS signal. And that way, you're having a globally synchronized clock that's used a lot with radio astronomy applications, where you have two stations on one side, on the other side, looking at the same stars. And they want to sometimes look for weeks at the same part of the sky and then do resets for that. For that, they also use GPS to synchronize their clocks. Yeah, well, and there's also, well, the signals that I just mentioned, CW interference, they can come from a lower frequency, and which is, well, it has some side bends in a higher frequency. But what is also possible is that there's, well, military applications that actually jambers and spoofers or, well, those kind of things. Well, you can also try to pinpoint those using an antenna array. That's, well, there's not a nice application. I don't see, haven't seen a complete application for that yet, but well, that's definitely something to, interesting to research. Then on the IP side, and that's a few concluding remarks, always ask your supplier or supply chain to actually get full control of the RTL, so the registered transfer level logic that goes into their chip so that you know how to test whether you have a real chip or a clone chip. Ask which patents, revisions, and claims are applicable so that you can actually verify if, well, if there is something going on there or whether there's something that you might have forgotten. Well, you can also, of course, check your serial SPI and digital interface time is very easy, I mean, SELIA logic analyzer, cost only, well, a few hundred euros, and then, well, then you're having a very good timing interface, timing log. What you can also do is ask a very local VHDL model while some vendors already are doing this, and with that you can, well, you can actually verify whether your chip meets the specification. And so now I'm open for questions. A big applause for Mark-John, please. So are there any questions for him? Oh, okay. No questions. Do you want to tell us something else? You can still use eight minutes of your time. Eight minutes? Oh, well, there's plenty of time, yeah. Yeah, well, this is a small radio tube, which I found at the Ham Radio Show in Friedrichshaven. I thought it was very nice, because, well, there's a very old radio tube, and it takes each exercise for better reception, so I think it's applicable for this talk. So I'm not sure how many people using a tube-based radio here, but I wish everybody has the best reception for their radio signals as possible, so. This hasn't inspired any question for the audience. Well, right. No one wants to have a world-controlled domination of radio-enabled systems. Wow, that's your problem. Well, so. Thank you very much, Mark-John. And again, a big applause for him. Thank you.