SM CODE FFI_SM_1
Recommendations and known limitations Refer to NVIC_SM_0
3.7 Conditions of use
The following table provides a summary of the safety concept recommendations reported in Section
3.6 Description of hardware and software diagnostics. The conditions of use to be applied to STM32F2 Series
MCUs are reported in form of safety mechanism requirements. Exception is represented by some conditions of
use introduced by FMEA analysis in order to correctly address specific failure modes. These conditions of use are
reported at the end of Table 1
Rank column reports how related safety mechanism has been considered during the analysis, with following
meaning:
• M = this safety mechanism is always operating during normal operations – no end user activity can
deactivate it.
• ++ = Highly recommended being a common practice and considered in this Safety Manual for the
computation of the safety metrics to achieve SIL2 on a single MCU.
• + = Recommended as additional safety measure, but not considered in this Safety Manual for the
computation of safety metrics. STM32F2 Series users can skip the implementation in case it is in
contradiction with functional requirements or overlapped by another mechanism marked as “++”.
• o = optional, not needed or related to specific MCU configuration
The “X” marker in the “Perm” and “Trans” columns in Table 1, indicates that the related safety mechanism is
effective for such fault model.
Table 116. List of safety mechanisms
STM32F2 Series function Diagnostic Description Rank Perm Trans
Arm
®
Cortex
®
M3 CPU
CPU_SM_0
Periodical software test addressing permanent
faults in Arm
®
Cortex
®
-M3 CPU core
++ X -
CPU_SM_1 Control flow monitoring in application software ++ X X
CPU_SM_2 Double computation in application software ++ - X
CPU_SM_3
Arm
®
Cortex
®
-M3 HardFault exceptions
M X X
CPU_SM_4 Stack hardening for application software + X X
CPU_SM_5 External watchdog
+
(1)
X X
CPU_SM_6 Independent watchdog
++
(1)
X X
CPU_SM_7 MPU – Memory protection unit
++
(2)
X X
MPU_SM_0
Periodical read-back of MPU configuration
registers
++
(2)
X X
Embedded Flash memory
FLASH_SM_0 Periodical software test for Flash memory ++ X -
FLASH_SM_1 Control flow monitoring in application software ++ X X
FLASH_SM_2
Arm
®
Cortex
®
-M3 HardFault exceptions
M X X
FLASH_SM_3 Option byte write protection M - -
FLASH_SM_4 Static data encapsulation + X X
FLASH_SM_5 Option byte redundancy with load verification M X X
FLASH_SM_6 Flash unused area filling code + - -
FLASH_SM_8 Read/Write/Proprietary code protection + - -
UM1845
Conditions of use
UM1845 - Rev 4
page 77/108
To Next Page
Loading...
