I'm using the FS85 in my project, which has flash bootloader and application software. My intended design for initializing FS85 is:
After a power-on reset, the bootloader software will run first, and the SBC shall be initialized with WDG disabled and release FS0B. After the application is verified successfully, the software will jump into the application and put the SBC to INIT_FS to reconfigure the FS85 again with a different configuration set, enable window WDG, and then go to NORMAL_FS.
Thank you very much.
Solved! Go to Solution.
Hello Phan,
If you mean the OTP registers, then please refer to the Main OTP_REGISTERS and Fail-safe OTP_REGISTERS tables in the datasheet.
BRs, Tomas
Hello Phan,
Yes, we provide detailed safety application notes and recommendations for the FS85 family. The key document to refer to is the "FS85 Functional Safety Manual" (classified as a secure file requiring an NDA) which outlines safety measures, including watchdog configurations, error handling and other functional safety mechanisms in compliance with ISO 26262 standards. It is important to review this manual as it covers safety requirements, including watchdog usage.
Temporarily disabling the watchdog during the bootloader phase is a common design choice to avoid interruptions. Disabling the watchdog should not inherently violate safety recommendations as long as it is explicitly managed and re-enabled before the application enters critical operational modes.
Some registers with safety-critical configurations (overvoltage/undervoltage safety reactions, watchdog configuration) can only be changed as long as the FS85 is in the INIT_FS state, after that, they become read-only. For more details, please refer to the datasheet, section Register mapping. INIT_FS state must be closed by the first good watchdog refresh before 256ms timeout. After INIT_FS closure, it is possible to come back to INIT_FS with the GoTo_INITFS bit in FS_SAFE_IOS register, from any FS_state after INIT_FS.
BRs, Tomas
Hi TomasVaverka,
Thank you for your quick response, and it's very informative.
Is there any hint in the documents or table that lists the registers that cannot be changed once configured? I looked at the table below, but it only shows that the registers can be written to in the INIT_FS state.
Thank you very much.
Hello Phan,
If you mean the OTP registers, then please refer to the Main OTP_REGISTERS and Fail-safe OTP_REGISTERS tables in the datasheet.
BRs, Tomas