Diagnostic Description Rank Perm Trans
Controller area network (bxCAN)
CAN_SM_0 Periodic read-back of configuration registers ++ X X
CAN_SM_1 Protocol error signals ++ X X
CAN_SM_2
Information redundancy techniques on messages,
including end-to-end protection.
++ X X
Universal serial bus full-speed device interface (OTG_FS)
USB_SM_0 Periodic read-back of configuration registers ++ X X
USB_SM_1 Protocol error signals ++ X X
USB_SM_2 Information redundancy techniques on messages ++ X X
USB_SM_3
Information redundancy techniques on messages,
including end-to-end protection.
+ X X
Part separation (no interference)
FFI_SM_0 Disable of unused peripherals ++ - -
FFI_SM_1 Periodic read-back of interference avoidance registers ++ - -
Arm
®
Cortex
®
-M4 CPU
CoU_1
The reset condition of Arm
®
Cortex
®
- M4 CPU must be
compatible as valid safe state at system level
++ - -
Debug
CoU_2
Device debug features must not be used in safety
function(s) implementation.
++ - -
Arm
®
Cortex
®
-M4 / Supply system
CoU_3
Low-power mode state must not be used in safety
function(s) implementation.
++ - -
Device peripherals
CoU_4
End user must implement the required combination of
safety mechanism/CoUs for each STM32 peripheral used
in implementation of safety function(s).
++ X X
Flash memory subsystem
CoU_5
During Flash memory bank mass erase and
reprogramming there must not be safety functions(s)
executed by Device.
++ - -
CoU_6
On‑field Application software live update by dual‑bank
Flash memory system must include the execution of
code/data integrity check through methods such as
FLASH_SM_0
++ X X
CPU subsystem
CoU_7
In case of multiple safety functions implementations,
methods to guarantee their mutual independence must
include use.
++ - -
Clock recovery system (CRS)
CoU_8
CRS features must not be used in safety function(s)
implementation.
++ - -
Device
DUAL_SM_0 Cross-check between two STM32 MCUs o X X
1. To achieve on the single MCU local safety metrics compatible with SIL2 target , method CPU_SM_6 could
be sufficient. Anyway, to understand the rationale behind "++" classification for both methods, refer to the
“Recommendations” row of related description in Section 3.6 Hardware and software diagnostics for more
details.
UM2305
Conditions of use
UM2305 - Rev 10
page 89/110
To Next Page
Loading...
Need help?
General
