Functional safety requirements for application software
Safety Manual for MPC5777M, Rev. 1.1
NXP Semiconductors 19
The STCU2 provides a key-based mechanism to prevent unauthorized write accesses to its register
interface. The integrity of such protection mechanism can be checked by running the following test: [end]
• Assumption: [SM_FMEDA_029] SW shall perform a write access to one of the STCU2 registers
without providing the requested key pair and check for the generation of the expected transfer error.
[end]
The STCU2 allows execution of logic and memory BIST also during runtime upon a SW request. If the
I/O (including FI[n]) pins need a defined state during on-line LBIST, the following is recommended:
• Reset SIUL prior to on-line LBIST (using the MC_RGM_PRST0[SIUL_RST] field).
• Set pins to a desired state (if the reset-state does not meet requirements).
The following Assumptions have to be satisfied when the on-line BIST feature is used:
• [SM_FMEDA_030] SW shall verify that STCU2 configuration is correct before triggering the
execution of on-line BISTs. [end]
• [SM_FMEDA_031] STCU2 status has to be checked after the execution of on-line LBIST/MBIST
to verify that all scheduled tests have been executed and completed successfully. [end]
• [SM_FMEDA_032] Software shall supervise the execution time of on-line self tests using the
SWT or any other available timer. The internal STCU2 WDT might suffer from CCFs causing
either no, or slower, test execution. This may mean that no WDT timeout occurs (as internal WDT
and STCU2 core logic share the same clock). [end]
NOTE
During start-up, no safety function is executed and the start up time is
supervised by the external WDT. The internal prescaler feeding both the
STCU2 WDT and core logic can be checked by running an on-line test and
checking its execution time.
• [SM_FMEDA_033] On completion of the on-line LBIST software shall check whether reset was
correctly applied to the partition(s) under test. This can be done by checking one or more registers
(at least 2 recommended) for their expected reset value. Testing is not necessary if a global system
reset is applied at the end of the test. [end]
• [SM_FMEDA_034] On exiting from a functional reset, software will check the status of the
STCU2 to verify there are no running BISTs nor any hardware aborted tests. [end]
NOTE
BISTs still running after a functional reset are the result of incorrectly
handled hardware abort requests by the STCU2 that occurred while on-line
BISTs were executing.
• [SM_FMEDA_035] If STCU2 interrupt capabilities are used to notify end of test session
execution, application will handle the case of missing interrupt(s) (for example, by supervising test
execution time or periodically polling STCU2 status (checking STCU2_RUNSW[RUNSW], or
STCU2_INT_FLG[MBIFLG] (for MBIST) and STCU2_INT_FLG[LBIFLG] (for LBIST)). [end]
To Next Page
Loading...
