ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

TTTech/S32G3: NCF[87] analysis and clarification

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 
解決済み
ソリューションへジャンプ

TTTech/S32G3: NCF[87] analysis and clarification

ソリューションへジャンプ
‎10-10-2025 03:09 AM
2,232件の閲覧回数
KrishnaTirumalaraju_FAE
NXP Employee
NXP Employee

Hello Safety Experts, 

Device: S32G398

TTTech auto has observed NCF[87] in their Safety Application. As part of Analysis, safety architect from TTTech has given below justification about disabling NCF[87] and requires clarification if the justification is acceptable as per NXP safety standards. Please provide your inputs for Q1 and Q2 below.

Here is the overview and analysis from TTTech safety team: 

NCF[87]: This is related to topic Network-on-Chip (NoC). Following is the description of NCF[87]

NCF_87.png

Following is the high level diagram of NoC:

NCF_87_Block.png

From the above block diagram, it is clear that,  Accelerator Interconnect NoC is interfaced with System Interconnect NoC.

Q1: As per our knowledge , Accelerator Interconnect NoC is only used for the communication over PCIE, PFE and USB and it’s not used for any other communication. We would like to understand from NXP whether the above statement highlighted in bold is correct.

Justification for disabling this NCF in FCCU config:

From the below table we can see that Accelerator Interconnect NoC is having diagnostic coverage as Medium. And with reference to the NXP assumption(snippet added below), we should have E2E protected communication to claim the functionality as safety relevant.

NOC_Table.png

NXP_SafetyAssumption.png

This means , if Accelerator Interconnect NoC is only used for communication over PFE then we can claim the communication as safety relevant based on E2E protection.

Question related to safety impact:

Q2: When considering the below mentioned safety mechanism(Refer snippet below) with respect to NOC, we would like to understand the safety impact of disabling NCF[87] on the coverage of SM1.NOC.PKT_PROT. Also we would like to understand whether the below mentioned mechanism is only for  “Accelerator NOC” or its for the entire NoC which includes “System Interconnect, Memory Interconnect, Peripheral Interconnect, Debug Interconnect, Accelerator Interconnect”  

Safety Mechanism.png

S32G3 

Regards

Krishna

S32G3
S32G3
S32G Vehicle Network Processors
ストア内を閲覧
ラベル(1)
ラベル
0 件の賞賛
返信
1 解決策

ソリューションへジャンプ
‎10-30-2025 02:52 AM
1,889件の閲覧回数
nxa11829
NXP Employee
NXP Employee

Hi Krishna,

Yes that is correct, but only in this use case where the PFE is the only IP in the ACCEL partition used for safety-related communication. And as stated previously, E2E protection must be applied to safety-related data in the ASIL partition before it travels through the ACCEL NOC and PFE.

Best regards,

Alison

元の投稿で解決策を見る

返信
5 返答(返信)

ソリューションへジャンプ
‎10-20-2025 03:49 AM
2,092件の閲覧回数
nxa11829
NXP Employee
NXP Employee

Hi Krishna, I believe this topic was discussed in a call on Monday 13th Oct. Were these questions answered during that call or are there still open points?

Many thanks, Alison

0 件の賞賛
返信

ソリューションへジャンプ
‎10-21-2025 01:28 AM
2,075件の閲覧回数
KrishnaTirumalaraju_FAE
NXP Employee
NXP Employee

Hello @nxa11829 

Unfortunately its still not clarified in the meeting, if NCF 87 can be disabled with justification. Could you please provide your inputs on this in Safety Architecture perspective. 

Mean while in a different threads we are trying to find the root cause of this NCF 87. 

 

Regards

Krishna.

0 件の賞賛
返信

ソリューションへジャンプ
‎10-22-2025 06:11 AM
2,053件の閲覧回数
nxa11829
NXP Employee
NXP Employee

Hi Krishna,

From the Teams discussion on this topic that I've seen, I think there was one question still open for me to confirm:

 

Question: Disabling NCF[87] and applying just E2E protection, coverage impact

 

Answer: I agree with Tomas's statement in the discussion thread:

"If you only use PFE from the ACCEL partition for safety relevant communication and the safety-related data are already traveling from the ASIL partition through the ACCEL NOC to the PFE with E2E protection already applied, then you can consider both ACCEL NOC and PFE as QM peripherals and NCF[87] as well as other NCFs from PFE can be disabled."

 

The extract from the Safety Manual below is stating that HW mechanisms within the ACCEL NOC are not sufficient for ASIL D safety-related data. 

 

"If ASIL D data does need to be transferred through the implemented medium diagnostic NoC, end-to-end protection should be used [1391838]."

If E2E protection is applied within the ASIL partition then the NOC can be considered QM.

Best regards,

Alison

0 件の賞賛
返信

ソリューションへジャンプ
‎10-28-2025 01:49 AM
1,967件の閲覧回数
KrishnaTirumalaraju_FAE
NXP Employee
NXP Employee

Hello @nxa11829 

Thanks for the response and clarification!

So the summary is that, as we have E2E protection applied for the communication happening over PFE , NCF[87] can be disabled and still we can claim that communication is ASIL D.

Please confirm if the understanding is correct. 

Regards

Krishna

0 件の賞賛
返信

ソリューションへジャンプ
‎10-30-2025 02:52 AM
1,890件の閲覧回数
nxa11829
NXP Employee
NXP Employee

Hi Krishna,

Yes that is correct, but only in this use case where the PFE is the only IP in the ACCEL partition used for safety-related communication. And as stated previously, E2E protection must be applied to safety-related data in the ASIL partition before it travels through the ACCEL NOC and PFE.

Best regards,

Alison

返信