What is DO-254?

DO-254, or "Design Assurance Guidance for Airborne Electronic Hardware", is a standard that provides guidance for the development of complex airborne electronic hardware, such as FPGAs, ASICs, and circuit boards. Like DO-178C for software, DO-254 ensures that hardware used in safety-critical avionics systems is developed to rigorous safety and reliability standards, with different assurance levels based on the potential impact of a hardware failure.

What is the purpose of DO-254?

Ensure hardware performs reliably and safely under all foreseeable conditions, including faults and failures.
Establish a rigorous design assurance process for complex electronic hardware (like FPGAs, ASICs, PLDs, circuit boards).
Support certification of airborne systems by showing that the hardware development followed a structured and traceable process consistent with the system’s Design Assurance Level (DAL).

What are the variants of DO-254?

DO-254 is the only variant as of today, but an updated DO-254A standard is in the work. It is important to know that DO-254 is supplemented with AC 20-152A and AC 20-193.

The purpose of AC 20-152A is to clarify how DO-254 should be applied and interpreted when used as a means of compliance with FAA regulations, especially 14 CFR Part 23, 25, 27, and 29 (airworthiness standards for aircraft). It helps manufacturers understand:

How DO-254 maps to FAA expectations
Which aspects of DO-254 are essential for certification
How to handle complex and simple hardware
The relationship between hardware assurance and system safety

AC 20-193 clarifies the standard when custom micro-coded components or multi-core procesors are involved.

Is your Hardware simple?

Hardware that is fully testable, through comprehensive and deterministic verification tests that address all foreseeable operating conditions, is classified as simple. The verification of simple hardware needs to demonstrate that the hardware has deterministic behavior and is free of anomalies.

Hardware is complex ... if it is not simple.

What are the different Hardware Levels of DO-254?

DO-254 uses the same Design Assurance Levels (DALs) as DO-178C, because both are aligned with the overall aircraft/system safety assessment process defined in documents like ARP4754A and ARP4761.

DAL A: Hardware failure could lead to a catastrophic failure condition for the aircraft, typically resulting in multiple fatalities. The most stringent level of assurance is required, with extensive formal reviews, rigorous traceability, independent verification and structural coverage analysis.

DAL B: Failure could lead to a hazardous or severe-major failure condition, potentially causing a large reduction in safety margins or serious injury. While still demanding, the verification requirements are slightly less stringent than Level A, but still require high levels of coverage and thorough testing.

DAL C: Failure could lead to a major failure condition, affecting the aircraft's operational capability and possibly leading to discomfort or minor injury to occupants. The requirements include less comprehensive verification activities compared to Levels A and B, but still necessitate significant assurance that the hardware performs as intended. It requires defined and documented processes, requirements traceability and verification, but not always independent or exhaustive.

DAL D: Failure could lead to a minor failure condition, slightly affecting the aircraft's operational capability without significantly reducing safety. It requires basic good engineering practices (documented design documentation, some verification).

DAL E: Failure has no effect on aircraft operational capability or safety. The least stringent level, Level E hardware does not require to follow DO-254 processes.