Functional safety requirements for application software
Safety Manual for MPC5777M, Rev. 1.1
NXP Semiconductors 27
Assumption: [SM_FMEDA_059]To avoid incorrect remapping due to non-initialized remap descriptors,
unused PFLASH remap descriptors shall be initialized to an unused logical address[end].
NOTE
Remapped PFLASH regions are initialized by configuring
PFLASHC_PFCRDE and PFLASHC_PFCRDn registers.
If flash memory remapping is used during safety-relevant application execution, safe calibration needs to
be enabled via PFCRCR[SAFE_CAL]. After reset, calibration overlay regions are considered to be
safety-relevant (PFCRCR[SAFE_CAL] = 0, see section “e2eECC and Calibration Accesses” of chapter
“e2eECC and Calibration Accesses” in the MPC5777M Reference Manual for details).
3.2.19 Wake-Up Unit (WKPU) / External NMI
Assumption: [SM_FMEDA_167] NMI will only be used for error notifications or other uses where all
dangerous failures are latent failures.
Assumption: [SM_FMEDA_168] Application shall check the WKPU configuration and its functionality
at once after the boot. [end]
NOTE
The configuration can be verified by reading the configuration registers and
comparing them with the expected values.
Functionality can be tested by triggering the external NMI and check for the
expected reaction. Reset request to the MC_RGM can be reconfigured to
generate a SAFE mode or interrupt request.
3.2.20 Cache
Assumption: [SM_FMEDA_130] ECC/EDC protection of caches is assumed to be enabled (setting of the
Data Cache Error Checking Enable field in the L1 Cache Control and Status Register 0,
L1CSR0[DCECE] = 1). It is also assumed that ECC/EDC errors are handled by correction and
invalidation.
Handling ECC/EDC errors by a machine check is also possible if the machine check handler initiates
appropriate SW countermeasures (to achieve the former, L1CSR0[DCEA] = 01b). The handling of the
errors is assumed to occur as soon as the caches are enabled (see “Core Complex Overview” and
“e200z425Bn3 Core Description” chapters in the MPC5777M Reference Manual). [end]
3.2.21 Software Watchdog Timer (SWT)
Assumption: [SM_FMEDA_104] These requirements apply to the SWT for ASIL D applications: [end]
• The SWT shall be enabled and configuration registers have to be protected against undesired
accesses using one or more hardware mechanism implemented (for example, SMPU,
REG_PROT).
To Next Page
Loading...
