FS85 initialization for flash bootloader and application

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FS85 initialization for flash bootloader and application

Jump to solution
535 Views
PhanDoan
Contributor II

I'm using the FS85 in my project, which has flash bootloader and application software. My intended design for initializing FS85 is:

After a power-on reset, the bootloader software will run first, and the SBC shall be initialized with WDG disabled and release FS0B. After the application is verified successfully, the software will jump into the application and put the SBC to INIT_FS to reconfigure the FS85 again with a different configuration set, enable window WDG, and then go to NORMAL_FS.

  • Does FS85 have any documents as a recommendation for this case? 
  • Do we have safety application note for Fs85?
  • Does disabling WDG in the bootloader violate any point in the Fs85's safety application note?
  • Because the SBC shall be initialized twice after a power-on reset, any downside to this design? Such as, does FS85 have any register that can only be configured after a power-on reset and can not be changed afterward? or all of the registers (except for the OTP registers) can be configured as long as the SBC is in FS_INIT state? 

Thank you very much.

Labels (3)
0 Kudos
Reply
1 Solution
469 Views
TomasVaverka
NXP TechSupport
NXP TechSupport

Hello Phan,

If you mean the OTP registers, then please refer to the Main OTP_REGISTERS and Fail-safe OTP_REGISTERS tables in the datasheet.

BRs, Tomas

View solution in original post

3 Replies
513 Views
TomasVaverka
NXP TechSupport
NXP TechSupport

Hello Phan,

Yes, we provide detailed safety application notes and recommendations for the FS85 family. The key document to refer to is the "FS85 Functional Safety Manual" (classified as a secure file requiring an NDA) which outlines safety measures, including watchdog configurations, error handling and other functional safety mechanisms in compliance with ISO 26262 standards. It is important to review this manual as it covers safety requirements, including watchdog usage.

Screenshot 2024-09-30 193248.png

Temporarily disabling the watchdog during the bootloader phase is a common design choice to avoid interruptions. Disabling the watchdog should not inherently violate safety recommendations as long as it is explicitly managed and re-enabled before the application enters critical operational modes. 

Some registers with safety-critical configurations (overvoltage/undervoltage safety reactions, watchdog configuration) can only be changed as long as the FS85 is in the INIT_FS state, after that, they become read-only. For more details, please refer to the datasheet, section Register mapping. INIT_FS  state must be closed by the first good watchdog refresh before 256ms timeout. After INIT_FS closure, it is possible to come back to INIT_FS with the GoTo_INITFS bit in FS_SAFE_IOS register, from any FS_state after INIT_FS. 

BRs, Tomas

 

493 Views
PhanDoan
Contributor II

Hi TomasVaverka,

Thank you for your quick response, and it's very informative.

Is there any hint in the documents or table that lists the registers that cannot be changed once configured? I looked at the table below, but it only shows that the registers can be written to in the INIT_FS state.

PhanDoan_0-1727746429270.png

 

 

Thank you very much.

Tags (1)
0 Kudos
Reply
470 Views
TomasVaverka
NXP TechSupport
NXP TechSupport

Hello Phan,

If you mean the OTP registers, then please refer to the Main OTP_REGISTERS and Fail-safe OTP_REGISTERS tables in the datasheet.

BRs, Tomas