FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Safety RTD Requirement [EA_RTD_00058]

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Safety RTD Requirement [EA_RTD_00058]

‎04-13-2023 08:43 AM
449 Views
POD_MicheleP
Contributor I

Hi,

Can you provide more detail regarding the following requirement:

"[EA_RTD_00058] The SEooC is called by components with the same or higher ASIL only."?

Which is the impact for the SW architecture? If we have 5 ASIL domains (QM, ASIL A, ASIL B, ASIL C, ASIL D), do we need to replicate the library 5 times in order to have exclusive usage of the library? 

Or is the requirment requiring only that a SW module ASIL y cannot use the library to satisfy safety functions ASIL x (with x > y) (even if the library is qualified up to ASIL D)?

 

@Pod_LucaL 

Preview file
9 KB
0 Kudos
Reply
1 Reply

‎05-25-2023 05:24 AM
348 Views
frantisekdobes
NXP Employee
NXP Employee

Hi,

in a system where we have multiple ASIL level components that are not isolated, the full cluster is going to have the ASIL level of the lowest component. This is explained in safety concept and safety manual.

To interact with from an ASIL level lower without affecting the ASIL level of the higher component it is required to be implemented a “proxy” that rises the path of communication with the lower ASIL level component to the higher level, or option that was already presented by you, to have separated instances of the library for each level of ASIL.

Each RTD driver is a software SEooC. It is a system architecture decision on if/how the ASIL decomposition is done on the system side, from SW SEooC this is an assumption that can be validated during integration as per ISO26262 process.

Best Regards,

Frantisek

0 Kudos
Reply