Preface
Safety Manual for MPC5777M, Rev. 1.1
NXP Semiconductors 3
1Preface
Assumption: This document provides guidelines for the proper use of the MPC5777M Microcontroller
Unit (MCU) in ASIL D applications. It will help guide the user with the steps necessary to integrate the
MPC5777M into their application.
Assumption: The MPC5777M will be used as a component within a safety related application. To allow
an analysis of the MCU's capability to reach the required safety level, assumptions have been made
(following the concept of SEooC described in the ISO26262). These assumptions are on the scope of the
MCU (for example, including external components interacting with the MCU) and on its usage by
application software. The FMEDA provided with the MPC5777M was conducted under inclusion of these
assumptions.
Assumption: [SCG18.098]A typical safety function operates by reading input from the MPC5777M's I/O
facilities (including network connections), processing this input possibly using, generating, and storing
results valid for several calculation cycles, and sending output to other system components (for example,
actuators or other MCUs) again using the MPC5777M's I/O facilities [end].
This document considers:
• The system assembly that contains the MPC5777M MCU
• The “Safety Element out of Context” section in the “Road vehicles - Functional safety - Part 10:
Guideline [ISO 26262-10:2012]” standard
• Certain assumptions about the assembly's functional safety needs based on that standard
and determines whether a measure is an assumption or not based on these factors.
What this means for designers using the MPC5777M is that if they don’t fulfill a specific Safety Manual
(SM) assumption they have to show that their alternative solution is similarly efficient concerning the
safety requirement in question (for example, provides the same coverage, avoids Common Cause Failure
(CCF) as effectively, and so on), show that the particular issue is irrelevant for their application (for
example, the module is not used), or estimate how much the failure rate increases and the failure metrics
(SPFM/LFM) decrease due to the deviation. Otherwise, the FMEDA provided with the MPC5777M is not
valid.
This document also contains guidelines on how to configure and operate the MPC5777M for ASIL D
applications. These guidelines are preceded by one of the following bold text statements:
• Implementation hint
• Recommendation
NOTE
Further information about safety configuration and operation can be found
in the MPC5777M Reference Manual’s “Functional Safety” chapter.
These guidelines are considered to be useful approaches for the specific topics under discussion, but are
not mandatory. The user will need to use discretion in deciding whether these measures are appropriate for
their applications.
This document is only valid under the assumption that:
To Next Page
Loading...
Need help?
General
