STCU2 and FCC interactions

FabioG · ‎02-22-2024

Hi There,

Reading User Manual i have understood that, please confirm or not (and, please, explain, if not):

1) Unrecoverable faults are configurable by the apposite ST32 studio Bist window (in peripherial view), isn't it?

3) Unrecoverable faults set STRU2_ERR.UFSF bit and a destructive reset reaction, isn't it?

4) Recoverable faults set STRU2_ERR.RFSF and triggers one of FCCU NCF5 group of faults, Isn't it?

5) in user manual, in STCU2_ERR description, it is said that also an unrecoverable fault, STRU2_ERR.UFSF=1, triggers FCCU, why? does it also triggers NCF5 group?

6) If SPD Bist_Run(BIST_SAFETYBOOT_CFG) is done prior to configure FCCU, at init phases, STRU2_ERR.RFSF is set but FCCU is not triggered, because it is not initializad yet, isn't it?

7) To validate STRU2_ERR.RFSF path is it necessary to inject in FCCU.NCFF one of the NCF5 fault numbers, for example, EMCEM_DCM_NCF_5_FAULT_MONITOR0 = 1, isnt'it ?

if it is injected EMCEM_DCM_NCF_5_FAULT_MONITOR0 = 1 in FCCU_NCFF is also set STRU2_ERR.RFSF for testing it ?

Best Regards,

Fabio

RadoslavB · ‎02-28-2024

Yes you can use eMcem_InjectFault() for fake fault injection into FCCU.
Reaction path can be tested by observing desired reaction:
- jump into Alarm interrupt handler (R1)
- jump into NMI (R1)
- triggering functional reset (R3)
- EOUT signaling in addition to R2 or R3

You can also use sCheck FCCU_NCF check, this is available in Premium SAF.

Kind Regards,
Radoslav

View solution in original post

RadoslavB · ‎02-27-2024

Hi Fabio,

ad 1)
Yes in the BIST configuration - Unrecoverable MBIST/LBIST tabs, you can set which LBIST/MBIST will be handled as unrecoverable.

ad 3)
Yes correct.

ad 4)
Yes, it sets the STCU2_ERR.RFSF flag and sets status flag for the NCF_5 channel – based on the NCF_5 channel setting it performs desired reaction.

ad 5)
Unrecoverable STCU2 faults don't trigger FCCU, there is a note in the RM:

ad 6)
Correct, by default after the reset FCCU NCF channels are disabled.
If you want to utilize FCCU reporting path or EOUT signaling from STCU2 please execute eMcem_init() beforehand.

ad 7)
STCU2 has no fault injection mechanism, you can only inject desired NCF_DCM fault ID and test the reaction path within FCCU.
ERRSTAT RFSF bit is not set when injecting fault into FCCU, this bit can’t be set by any fake injection.
STCU2 itself is mechanism to check latent faults in other peripherals or memories on the chip, checking latent faults in STCU2 (i.e. check latent faults in the HW STCU2 checker for checking other MCU latent faults) is beyond the scope of the metrics required by FuSa standards (that would lead to never-ending chain of check of the checkers).

Kind Regards,
Radoslav

FabioG · ‎02-28-2024

At point 7 you say

"STCU2 has no fault injection mechanism, you can only inject desired NCF_DCM fault ID and test the reaction path within FCCU."

I suppose this is performed by a fake fault injection in FCCU.NCFF (correct)? so, How can I check the "test rection path" you refer to ? How can I understand if the reaction path test result is correct, (after a FCCU.NCFF, NCF_DCM bit set)?

Best Regards,

Fabio

RadoslavB · ‎02-28-2024

Yes you can use eMcem_InjectFault() for fake fault injection into FCCU.
Reaction path can be tested by observing desired reaction:
- jump into Alarm interrupt handler (R1)
- jump into NMI (R1)
- triggering functional reset (R3)
- EOUT signaling in addition to R2 or R3

You can also use sCheck FCCU_NCF check, this is available in Premium SAF.

Kind Regards,
Radoslav