Hi Hunter,
Please find the relevant explanation regarding both the assumptions:
1) SM_116: This assumption requires one to check for:
Multibit errors introduced by permanent failure in flash controller
Perform flash integrity checks
Save safety-relevant code/data with CRC or hash signature to detect any Integrity violation
To address these issues we need to have the following safety mechanisms:
The Flash array integrity check as a safety mechanism. The array integrity self-check is used to detect possible latent faults affecting the flash array and can be initiated by the software. The flash array integrity check computes a MISR signature which the application software can then compare with a previously known value.
A safety mechanism for ensuring the pass status of previous flash operations. This safety mechanism gives information about the outcome of any program/erase operation. This mechanism is enabled by default and the relevant register bit must be checked by software after a program/erase operation.
For storing safety-relevant code/data the assumption advises using CRC/hash signatures.
2)SM_117: This assumption requires the use of a software safety mechanism to ensure the correctness of any write operation performed on flash. This assumption can be satisfied by using CRC checks.
For performing all CRC related checks the built-in hardware CRC module can be used.
To sum up, ECC checks aren’t sufficient to satisfy all the required conditions for SM_116 and SM_117 and some additional measures are required as stated above.
Hope this helps!
Thanks and regards,
Manibha
