FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Questions Regarding Implementing Safety Mechanisms (Addendum_S32G2.xls) on S32G2 A53 Core

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Questions Regarding Implementing Safety Mechanisms (Addendum_S32G2.xls) on S32G2 A53 Core

‎02-12-2026 10:29 PM
1,212 Views
somemore
Contributor I

Hello NXP team,

I am currently working with S32G2 and implementing diagnostic tests on the A53 core (Application Processor).
For safety-related items, I am using the following documents:

  • sm793411 – S32G2xxx Safety Manual (1.1)
  • Addendum_S32G2.xls – Safety Mechanism List
  • S32G2 Reference Manual

While reviewing these materials, I found several points that I would like to clarify.

1. Safety Mechanisms Connected to FCCU (NCF) – Do I need additional SW diagnostic test code?

In Addendum_S32G2.xls, several safety mechanisms list a fault reaction routed to the FCCU NCF channel.
My understanding is that, for these items, the application software on the A53 core does not need to implement additional diagnostic test code, and the main tasks are:

  • Register configuration
  • FCCU reaction configuration
  • Enabling the related fault sources

Could you please confirm which official document explains the recommended configuration procedure?
Also, should this configuration be implemented through S32 Design Studio, or is there any other recommended workflow/tool?

 

2. Safety Mechanisms that Require Application-Level Diagnostic Software on A53

I want to understand which safety mechanisms must be implemented directly in A53 Application Software (i.e., not handled automatically by FCCU).
So far, I identified the following items:

  • SM4.STM.SWCHECK – Application checks and reports the STM timestamp progression
  • SM1.SWT – Application-level watchdog used for safety-related software health check
  • SM4.TIMESTAMP.APP_CHECK – Application monitors timestamp increment and reports error

Are there any additional safety mechanisms in Addendum_S32G2.xls that must be implemented directly by the A53 application?
(Again, scope is limited to A53 Application SW.)

 

3. FCCU Fault Source Documentation for S32G Series

For the MPC574xP series, there is a very helpful document:

  • AN5259 – MPC574xP FCCU Fault Sources

Is there a similar application note or document for the S32G family?
A consolidated list of FCCU fault sources for S32G would greatly help in understanding and implementing the safety mechanisms.

 

Thank you in advance for your support.
Any guidance or documentation references would be greatly appreciated.

 

0 Kudos
Reply
2 Replies

‎02-18-2026 07:32 AM
1,148 Views
Bio_TICFSL
NXP TechSupport
NXP TechSupport

Hello,

It sounds like you are deep into the safety integration of the S32G2, which is no small feat. Transitioning from the MPC series to the S32G involves a shift toward more complex hardware-software interaction, especially with the ARM Cortex-A53 clusters.
Here is a breakdown of your points to help clarify the safety workflow.

 

 
1. Safety Mechanisms Connected to FCCU (NCF)
Your understanding is mostly correct. If a safety mechanism (SM) is purely hardware-based (e.g., ECC on a memory array) and its output is hard-wired to an FCCU Non-Critical Fault (NCF) channel, you do not need "diagnostic test code" to detect the failure.
However, the "Main Tasks" you listed are missing one critical phase: Safety Integrity Validation (Diagnostic Testing).
  • The Gap: While the hardware detects the fault, ISO 26262 often requires you to verify that the hardware detection logic itself is still functional (Latent Fault Metric). For many FCCU-mapped SMs, you may still need to periodically trigger a "Software Test Trigger" (if available for that IP) to ensure the path to the FCCU is alive.
  • Documentation: The official procedure is found in the S32G2 Safety Manual. Specifically, look for the section titled "Fault Control Unit (FCCU) Integration" and the "Safety Concept" chapter for each specific IP.
  • Workflow:
    • Configuration: Usually handled via the S32 Configuration Tool (integrated into S32 Design Studio) or via the RTD (Real Time Drivers).
    • Implementation: The RTD provides the Fccu_Ip driver, which is the recommended way to initialize the reactions and mapping rather than manual register poking.
 
2. SMs Requiring A53 Application-Level Software
Beyond the timestamp and watchdog items you identified, the A53 requires manual software implementation for mechanisms that the hardware cannot "see" logically. In the Addendum_S32G2.xls, look for these additional areas for the A53:
  • SM_A53_01 (Software Countermeasures for Common Cause Failures): Since the A53 cores often run in Performance Mode (not lockstep), the app must handle logical consistency checks if being used for ASIL functions.
  • MMU Management: Hardware provides the MMU, but the A53 Application SW must implement the table parity/error handling and periodic software-based memory protection checks.
  • Register Integrity: Some configuration registers for A53-specific peripherals (like the GIC or Generic Timer) require periodic software read-backs to ensure no "bit flips" have occurred in static configurations.
  • E2E (End-to-End) Protection: Any data coming from the A53 to the M7 or external communication must be protected by the application (CRC/Sequence Counters), as the FCCU cannot validate the "correctness" of your data payload.
 
3. FCCU Fault Source Documentation
The S32G series handles documentation differently than the older MPC series. There isn't a 1:1 "AN5259" equivalent, but the information is consolidated in a more "database-centric" way:
  • The Reference Manual (RM): Look at the FCCU Chapter. It contains the table of "Non-Critical Fault Channels." This is the direct equivalent of the list in AN5259.
  • The Safety Manual (SM): This is your primary source. It maps the Safety Mechanisms (SM_xxx) to the FCCU channels.
  • The Hardware-Software Interface (HSI): This is often provided as part of the SafeAssure package.
 
Document Purpose for FCCU
S32G2 RM Defines the physical mapping of NCF[x] to the hardware source.
S32G2 Safety Manual Defines the "Safety Goal" and which NCF channel satisfies it.
RTD Documentation Provides the API usage for the Fccu_Ip driver.
 
 
Comparison Summary
 
Feature MPC574xP (Legacy) S32G2 (Current)
Primary Doc AN5259 S32G2 Safety Manual
Config Tool EB Tresos / Manual S32 Configuration Tool (RTD)
A53 Role N/A (M4/Z4) Complex (Requires MMU/Cache/Cluster SMs)
 
 
regards
Reply

‎02-19-2026 01:16 AM
1,139 Views
somemore
Contributor I
Hi Bio_TICFSL,
Thanks again for your detailed explanation — it was extremely helpful.
I have one additional question.
In the link below from the NXP community:
https://community.nxp.com/t5/SafeAssure-Community-Archived/Safety-Manual-Rev-7-Fault-Reaction/m-p/21...
I noticed that the S32K3xx family provides the document “S32K3xx Functional Safety Application Note”, which explains how Safety Mechanisms should be configured and what responsibilities the integrator must handle.
Is there a similar Application Note available for the S32Gxx family?
If such documentation exists but requires special access or permissions, could you please let me know. I will handle it.
Thanks again for your support!
Best regards,
0 Kudos
Reply