AWS for Industries

TSMC certifies Siemens EDA tools on AWS for N2/N3 process node technology

The semiconductor industry continues to witness rapid technological advancements, requiring design workflows to evolve for better performance, efficiency, and scalability. A major milestone in this evolution is the Taiwan Semiconductor Manufacturing Company (TSMC) certification of Siemens electronic design automation (EDA) tools on the AWS Cloud, which brings profound benefits to semiconductor designers and engineers across the globe. This certification represents not only a stamp of approval from one of the most advanced semiconductor foundries in the world but also marks a shift toward cloud-enabled Siemens EDA workflows that deliver increased flexibility, performance, and innovation.

“AWS is pleased to work with Siemens EDA and TSMC on successfully certifying design solutions for TSMC’s advanced N2 and N3 process nodes for customers. This project enables customers to run EDA workloads, share data and collaborate with TSMC in a secure and trusted environment on AWS. The joint effort is testimony to the close collaboration and partnership between the three companies. TSMC advanced node certification is a significant milestone in the EDA on AWS journey.”
-Ravi Poddar, Principal Advisor Hi-Tech and Semiconductor Industry, Amazon Web Services.

This blog provides a technical overview of the secure, collaborative chamber on AWS that TSMC leverages to certify the N2/N3 process node technology using Siemens EDA tools. The initiative highlights the technical synergies between the involved parties and underscores the growing importance of cloud computing in the semiconductor industry.

Secure Cloud Chamber architecture for TSMC Certification Project

Figure 1: Secure cloud chamber architecture for TSMC certification project on AWS

Figure 1 depicts the overall secure cloud architecture deployed for this project using AWS industry solution Scale-Out Computing on AWS (SOCA). This custom architecture design was developed to meet specific project requirements from TSMC including a high performance compute (HPC) environment that is scalable to meet the infrastructure demands for the project as well as stringent security requirements to protect key assets and project IP. The architecture includes several AWS services and HPC components including the scheduler that orchestrates the jobs across various queues, the directory service (or LDAP) for user authorization and authentication, the license server to manage Siemens tool licenses, the autoscaling compute nodes, and the file systems. These components are encapsulated within the TSMC Open Innovation Platform (OIP) Virtual Design Environment (VDE). In addition to the VDE subnet, the secure file transfer subnet provides TSMC personnel access to the chamber to transfer the PDK (Process Design Kit) and other project files from on-premise servers. The DMZ (Demilitarized Zone) subnet provides the Siemens product engineers access to connect and work in the chamber through a virtual private network (VPN). Key data flows and functions supported by the chamber include:

  1. Secure File Transfer subnet for TSMC personnel to transfer the Process Design Kit (PDK), Graphic Design System (GDS), and other project files from the on-premise servers to Amazon S3 buckets on AWS.
  2. VDE chamber including the scheduler, the directory service (or LDAP), the license server, the autoscaling compute nodes and the file systems.
  3. DMZ subnet for the Siemens product engineers to connect and work in the chamber through VPN. This includes accessing the PDK and design data, running experiments using the Siemens EDA tools, and interactive sessions using NICE DCV Display servers.
  4. Automatic scanning to quarantine all files coming in and out of the chamber that are initially stored in a temporary bucket. Cybersecurity related checks are performed in the scan – such as malware detection, phishing and other forms of vulnerabilities. If the scan passes all security checks, the files go into the clean bucket for use within the chamber.

TSMC Security Requirements for Certification Project

TSMC key security objectives for the certification project on AWS includes: 1/ audit log and traceability, 2/ prevent unauthorized access, and 3/ data security, or more specifically, protecting the PDK. To achieve these objectives, we put together a set of security controls leveraging several AWS services and features. The key security services and controls implemented in the chamber include:

  1. Network Access Control (NACL): A feature part of Amazon VPC (Virtual Private Cloud), NACL is used to control and report traffic at IP and protocol level in a subnet within the virtual private cloud or VPC. In effect, the NACL works as a network firewall on AWS. By default, all inbound and outbound traffic is blocked by NACL except what is explicitly allow-listed by TSMC to access the secure chamber on AWS.
  2. Security Group: In addition to the NACL that acts as the network firewall, a security group serves as a virtual firewall for each instance to control inbound and outbound traffic on AWS.
  3. Virtual Private Cloud (VPC) Flow Logs: VPC flow logs capture information about the IP traffic going to and from network interfaces in the VPC. Flow log data publishes to Amazon CloudWatch logs for analytics. Flow logs monitor the traffic that is reaching the compute instances and also determines the direction of the traffic to and from the network interfaces. Flow log data is collected outside of the path of your network traffic and therefore does not affect your network throughput or latency.
  4. Observability and Monitoring: Amazon CloudWatch is used as an integrated, single-pane window for all monitoring to meet the logging and security objective. All logs generated in the project, including VPC flow logs, AWS CloudTrail, Amazon GuardDuty, Amazon S3 and application logs are all consolidated in Amazon CloudWatch with mechanisms to trigger alarms and workflows in case of suspicious activities. AWS EventBridge is used to keep track of all resources deployed in the chamber and any modifications to the resources is captured automatically with notification capability.
  5. Access Control: Amazon Identity and Access Management (IAM) is used to prevent unauthorized access. VPN is used to secure user permission from the end device, and multi-factor authentication acts as an additional layer of security to prevent unauthorized users from accessing these accounts, Open LDAP directory service that manages users with their respective credentials and privileges. Security groups and web application firewall (WAF) are used to implement network and application access controls at the IP, port, and protocol level.
  6. Data Protection: To prevent PDK leakage, we use permission and encryption controls at the storage level, including Amazon S3 and Elastic File Storage (EFS). In addition to the standard AWS network and security controls, we implemented an automatic scanning mechanism to quarantine all files coming in and out of the chamber that first goes into a temporary bucket, and then after all security checks are performed, goes into the clean bucket for use within the chamber.

Testing and results

The goal of the project was to take seven of TSMC’s sign-off Siemens EDA production flows and verify their results by comparing against TSMC’s golden values on sets of select testcases from TSMC’s 2 nanometer and 3 nanometer accuracy test suites. Test data and golden results were securely uploaded to the cloud test environment, and made accessible to technical stakeholders inside Siemens.

Methodology

The objective of the accuracy tests was to compare two identical runs – same version of the tool, same rules – with the only difference between the two runs being that one occurred inside TSMC’s secure on-premises chamber and the other occurred inside the secure AWS environment. The golden results were transferred as part of the test package including testcase data, setup files, design rules and so forth. Comparison of the two rules resulted in a report file which was reviewed by TSMC.

Test strategies varied. In some cases, tests were conducted on large numbers of test patterns or small cells, and in other cases tests were run on complete full-chip designs. In the case of full chip runs, the host machines were configured inside the AWS cloud environment to run in distributed mode, with communication between a primary host and multiple remote hosts. In cases of individual test patterns or cells, thousands of individual jobs were submitted to the compute environment. As part of the runs, we compared with TSMC’s golden values and automatically produced test reports which we made available back to TSMC.

We tested accuracy by comparing cloud results with the on-premises run, and also tested parallelism to ensure accuracy with parallel jobs running across multiple cloud hosts. The team ran multiple diverse testcases covering simulations across transient, AC, DC, RF, and aging analysis, as well as multi-simulations using Monte Carlo methods.

Results

For the Calibre nmDRC, SmartFill, nmLVS, PERC, xACT and mPower tests, we conducted a single run for the full chip with distributed processing. For the individual test cells, we ran multiple tests in parallel across multiple hosts. The results of these tests gave consistent and identical results on cloud and on-premises.

For the Solido Custom Variation-aware Design, IP Validation, Library Characterization & Simulation, Solido SPICE And AFS tests, we had two test suites: 1/Analog, standard cell and IO circuits in TSMC N2, and 2/ Element counts ranging from 3.3k to 11M. For analysis we ran: 1/ single simulations measuring AC, DC, transient, SHE, Aging, and phase noise, and 2/ multi-simulations measuring 2K Monte-Carlo transient, multi-core on a single machine, and multiple machines. To determine accuracy, we used the following metrics: 1/ Analog: BW, PM, DC gain, frequency, power, current, tmicoa / tmideg tables, phase noise. 2/ Stdcell: delay, setup, hold, slew, power, and 3/ IO: leakage, power, cell delay, slew. The results again showed consistent and identical results on cloud and on-premises.

“Siemens EDA is pleased this 3-way collaboration showed that AWS cloud meets TSMC’s stringent security requirements for protection of foundry and customer data – giving the fabless semiconductor ecosystem confidence to use the AWS cloud for their most sensitive workloads. This was also an excellent demonstration that the AWS cloud can be leveraged for high accuracy additional surge capacity to run the industry leading Calibre nmPlatform and Solido/AFS workloads.”
 – Michael White, Senior Director, Calibre Physical Verification.

Conclusion

The collaborative project between TSMC, Siemens EDA, and AWS demonstrates parity between the results from cloud environments versus on-premises setups, but with the added benefits of scalability, flexibility, and cost-effectiveness. The successful certification of Siemens EDA’s signoff flows on AWS provides high confidence in the cloud’s capabilities, paving the way for broader adoption in the semiconductor industry.

The journey of this project underscores the importance of collaboration and innovation in meeting the ever-growing computational demands of the semiconductor industry. As cloud computing continues to evolve, it promises to play a pivotal role in shaping the future of semiconductor design and manufacturing.

“Our recent collaboration with AWS and Siemens marks a major advancement in semiconductor design workflows in Cloud, enabling next-generation chip design using TSMC’s most advanced process technologies, while providing designers with enhanced efficiency and flexibility. We will continue to work closely with our EDA and Cloud partners to lower the barriers to semiconductor design, helping designers worldwide quickly launch their chip innovations.”
– Dan Kochpatcharin, Head of the Ecosystem and Alliance Management Division at TSMC
TAGS: , , , ,
Azim Siddique

Azim Siddique

Azim Siddique is a Senior Solutions Architect at AWS where he works with Enterprise customers on their Cloud adoption journey. Azim has 20+ years of experience working at large global organizations in the manufacturing and industrials domain, architecting and delivering innovative solutions at scale to generate business value. Azim is passionate about being part of transformational changes driven by technological innovation.

Chris Clee

Chris Clee

Chris Clee is a product engineer for Calibre Design Solutions at Siemens Digital Industries Software, with responsibility for cloud and high-performance compute solutions. His decades-long EDA career spans the gamut of the industry, from system-level design and functional verification to back-end physical IC tools and PCB design.

Kage Yang

Kage Yang

Kage Yang is a Sr. Solutions Architect at Amazon Web Services (AWS) with over 10 years of work experience in the IT industry. He specializes in supporting the semiconductor and manufacturing industry, dedicated to assisting enterprises in planning and implementing cloud solutions, as well as building secure, high-performance, flexible, and cost-efficient environments on AWS. Outside of work, Kage is passionate about snowboarding.

Pedro Gil

Pedro Gil

Pedro Gil is a Sr. Partner Solutions Architect for High Performance Compute (HPC) and scientific computing at Amazon Web Services (AWS). Prior to joining AWS, he was Lead CloudOps Engineer at Siemens Digital Industry Software where he implemented HPC clusters on AWS for multiple Siemens’ enterprise customers. He has 20+ years of experience in Software Design & Architecture, DB Administration, HPC, Data Analytics and Business Intelligence working for large corporations across EMEA, APAC and America regions.

Robert DeOliveira

Robert DeOliveira

Robert DeOliveira currently serves as the Principal Global Account Manager for Siemens EDA at Amazon Web Services (AWS) where he is responsible for the strategic engagements between AWS and Siemens EDA. With 22 years of experience in the semiconductor industry, Robert previously held leadership positions focused on the embedded systems segment. As Director of Global Strategic Sales, he led key partnerships with Freescale, NXP, Renesas, Atmel, and many other SoC companies in China, Taiwan, Japan, Korea and North America, driving business growth and innovation in the embedded systems space. Robert received his Bachelors of Business Administration from the Federal University of Rio Grande do Sul, Brazil.