SPD/BIST

FabioG · ‎01-24-2024

Hi There,

1)Is it possible to call BIST_Run(BIST_SAFETYBOOT_CFG) at the end of bootloader (i mean object code other than application one), and checking the results ad the startup of application?

Figure 122 of par 30.4 "Reset and boot sequence" on Reference manual , it seems to be possible (but there is no separation lines from bootloader and application software domains).

2) In Satefy mechanisms list, i don't find any controindication and this case could be found in the types of faults faults mentioned in SM2.sBoot - Safety mechanism (page 39 safety manual) that reports:

"sBoot component in the S32 SAF checks the chip fault status
during Boot and after exiting Standby mode, and determine how
to execute a safety application"

Isn't it?

3) Also in case 2 , where il the demarcation line between Bootloader (object code) and Application object code when you talk about Boot ?

Best regards

Fabio

petervlna · ‎01-25-2024

Hello,

1)Is it possible to call BIST_Run(BIST_SAFETYBOOT_CFG) at the end of bootloader (i mean object code other than application one), and checking the results ad the startup of application?

Yes, you can basically call it whenever you like. After BIST you will have reset and you will need initialize at least RAM.

2) In Satefy mechanisms list, i don't find any controindication and this case could be found in the types of faults faults mentioned in SM2.sBoot - Safety mechanism (page 39 safety manual) that reports:

"sBoot component in the S32 SAF checks the chip fault status
during Boot and after exiting Standby mode, and determine how
to execute a safety application"

Isn't it?

Hmm, if the driver documentation states that. basically you only follow the standard recommendations. So if your target safety standard requires to have faults read at some event, you will make sure they are read.

3) Also in case 2 , where il the demarcation line between Bootloader (object code) and Application object code when you talk about Boot ?

During boot - it represents the part of code execution before application is called. You wont call safety task from application before tests are done and process is analyzed as safe. But that's general explanation. It is always best to consult with your safety expert which your target safety class standard demands.

Best regards,

Peter

在原帖中查看解决方案

petervlna · ‎01-25-2024

Hello,

1)Is it possible to call BIST_Run(BIST_SAFETYBOOT_CFG) at the end of bootloader (i mean object code other than application one), and checking the results ad the startup of application?

Yes, you can basically call it whenever you like. After BIST you will have reset and you will need initialize at least RAM.

2) In Satefy mechanisms list, i don't find any controindication and this case could be found in the types of faults faults mentioned in SM2.sBoot - Safety mechanism (page 39 safety manual) that reports:

"sBoot component in the S32 SAF checks the chip fault status
during Boot and after exiting Standby mode, and determine how
to execute a safety application"

Isn't it?

Hmm, if the driver documentation states that. basically you only follow the standard recommendations. So if your target safety standard requires to have faults read at some event, you will make sure they are read.

3) Also in case 2 , where il the demarcation line between Bootloader (object code) and Application object code when you talk about Boot ?

During boot - it represents the part of code execution before application is called. You wont call safety task from application before tests are done and process is analyzed as safe. But that's general explanation. It is always best to consult with your safety expert which your target safety class standard demands.

Best regards,

Peter