FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K3xx - SM4, SAF, and ASIL-B vs ASIL-D mechanisms

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K3xx - SM4, SAF, and ASIL-B vs ASIL-D mechanisms

‎09-02-2025 09:15 AM
1,217 Views
nsiegel
Contributor V

Hi Safety team,

We have a major mm customer using the S32K341/311, and have asked additional Safety Manual questions.  They are developing both ASIL B and ASIL D applications:

Q1:  For AOU_GEN_FOLLOW_ARM_M7_DOC, can you confirm the text "this chip's Safety Manual" is referring to the Arm Cortex-M7 Safety Manual or the safety manual of the S32K3xx?

Q2:  What is comm safe prot (like in SM4.COMM_SAFEPROT)?  Customer cannot find information about this.

Q3: Is it possible to clarify which SMs and AoU are exclusive to ASIL D, and which are also necessary for ASIL B?

Q4:  The  documentation for SM2 shows that SAF mechanisms are relevant for variant S32K311, which is ASIL B. Why is SAF needed for this chip if SAF is targeting ASIL D only?

Q5:  The documentation for SM2 shows that SAF mechanisms bring DC of associated failure modes to 90%. What happens if these SAF mechanisms, DC goes down to 60% (acceptable for ASIL B) or 0% (which would be a gap for ASIL B)?

 

Thanks!

Tags (1)
0 Kudos
Reply
2 Replies

‎10-06-2025 04:57 AM
891 Views
Yashwant_Singh
NXP Employee
NXP Employee

Hello,

Apologies for the delay.

Q1: If you refer the ARM CM7 safety manual assumptions quoted within the rationale for this AOU (AD-1.1 and AD-1.2) it requires both CM7 AoUs from ARM as well the MCU AOUs from NXP to be fulfilled by the integrator.

Q3: 

Most of the AoU are applicable to both the ASIL-B/ASIL-D. In case any AoU is specific to ASIL-B or ASIL-D, it is clearly mentioned in that SM. For e.g. see the snippet below:

Yashwant_Singh_0-1759749255284.png

Also, the safety manual addendum has categorized all the AoUs on the bases of the S32K3xx products that they apply to:

Yashwant_Singh_1-1759749360090.png

It seems the other questions have already been answered. Thanks @RadoslavB for your input.

Thanks!
-Yashwant 

0 Kudos
Reply

‎09-10-2025 01:59 AM
1,109 Views
RadoslavB
NXP Employee
NXP Employee

Hi @nsiegel 

I can cover partially your questions:

Q4: SAF for S32K3 is developed for all derivatives, with priority to cover ASIL D derivatives. So if same SAF tests and checks are applicable for ASIL B derivatives we reuse same implementation of the code, therefore it might be overrated but that's not violation of anything.

Q5: Requirement for SAF is to meet ASIL D coverage, so there is no intent to goes down with DC. If it is not possible for some sCheck test to achieve DC of 90%, there is in S32K3_SAF_sCheck_FaultCoverage_Estimation.xlsx document (part of Safety Package) commenting what to do in addition to achieve this.
Also, combination with BIST can cover eventual gap for LFM.


Q2: I think it is mentioned in HW Safety Manual that this is about applying End-to-End protection, which is general SW mechanisms described in the HW Safety Manual chapter: 7.11.3 Communication peripherals safety measures.
This SW measure is also very well described generally beyond NXP documentation scope.
Exact implementation is Application Dependent as only customer knows his communication protocol and how exactly cover all relevant failure modes.


Kind Regards,
Radoslav

Reply