AN4287 Datasheet, PDF(17/27 Page) STMicroelectronics – Safety application guide for SPC564Axx family

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

AN4287 Datasheet, PDF (17/27 Pages) STMicroelectronics – Safety application guide for SPC564Axx family

◁

AN4287

Functional safety requirements for application software

3.16

Peripheral Bridge (PBRIDGE)

Suggested: PBRIDGE shall be configured in order to ensure that all bus masters (Core,

eDMA and FlexRay) can access only their allocated resources according to their access

rights. The configuration and the correct working of the PBRIDGE shall be checked. These

specific software countermeasures can run once after the Power-On Reset (POR) before

running the SIF and/or once per FTTI.

Rationale: to avoid to give access to the device resources to unauthorized master and to

deny access to authorized master.

Implementation hint: e.g. the integrity of the PBRIDGE module can be checked calculating

the CRC of the configuration registers value of 3 IPs and comparing each one with the

expected one. Different IPs could be chosen for each FTTI.

3.17

Power Management Controller (PMC)

SPC564A7x/SPC564A80 devices use three supply voltages, nominally 5V, 3.3V and 1.2V.

The 5V supply voltage must be supplied from the outside while the other supply voltages are

supplied by internal regulators. Moreover, SPC564A7x/SPC564A80 devices embed LVI for

all supply voltages. The PMC controls the internal regulators and the LVI circuits.

Suggested: LVI failure reaction for all supply voltages shall be configured (system reset or

interrupt request). These specific software countermeasures can run once after the Power-

On Reset (POR) before running the SIF.

Rationale: to check if supply voltages are in the correct operation range.

Suggested: LVI circuits operation (for supply voltages generated by internal regulators, i.e.

3.3V and 1.2V) shall be checked. These specific software countermeasures can run once

after the Power-On Reset (POR) before running the SIF.

Implementation hint: the output of each internal regulator can be set to a value lower than

the LVI threshold value configuring the PMC_ TRIMR register. According to this, enabling

only the interrupt request as LVI failure reaction, the generation of the LVI interrupt requests

confirms the correctness of LVI circuits operation. Then, the correct value of the PMC_

TRIMR register can be restored.

Suggested: correct execution of Power-On Reset sequence shall be checked. These

specific software countermeasures can run once after the Power-On Reset (POR) before

running the SIF.

Implementation hint: e.g. reserved RAM is used to store a key which can be used if the

current reset is a POR or not according to the POR bit in the ECSM_MRSR register.

Moreover the default reset value of the registers of each IP can be checked.

3.18

Error Correction Status Module (ECSM)

The ECSM is able to detect data storage failures in memory (FLASH and SRAM) and

addressing these.

The ECSM can detect and correct single-bit errors, detect double-bit faults and detect faults

affecting more than two bits. ECC functionality concerns data and not the addresses. ECC

is automatically calculated on memory write accesses and is checked while read accesses

are executed on memory.

DocID024464 Rev 2

17/27

▷