FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K388 FCCU EOUT mode configuration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K388 FCCU EOUT mode configuration

‎02-26-2025 12:40 PM
213 Views
WDENG
Contributor I

My application is ASIL D.

On the safety manual of S32K3xx, for FCCU EOUT, there are two modes: bistable fault output mode and the fault toggle mode.

On the safety manual of FS26, for FCCU, there are two configurations: by pair (ASIL D application?) and by single independent input with static error level (ASIL B application?).

I have the following questions:

  1. It Looks like S32K3xx requires using EOUT by pair, either bistable fault output mode or fault toggle mode. If we use the single independent input with static error level configuration on FS 26, does it still comply with the safety manual of S32K3xx?
  2. From 2.5.1 on the safety manual of S32K388, it looks like that you may have a dependent failure concern per your DFA, so the off-chip hardware mechanism is used to shut down the system together with the internal mechanism. If my understanding is correct, can I know what dependent failure concern(s) you may have?
  3. if the answer for question #1 is "no", and if I am not going to use FS26, do I have to use an external device that supports either bistable fault output mode or the fault toggle mode to comply with the safety manual of S32K388?

Thanks!

Labels (1)
Labels
0 Kudos
Reply
1 Reply

‎02-28-2025 01:25 PM
200 Views
antoinedubois
NXP Employee
NXP Employee

Hi Weijun,

1- in this configuration yo will have one latent failure mode in addition you will need to consider (Pin is stuck at No Fault, in case your pin is short to GND or VDD depending on the polarity. You can decide for your use case if this failure mode is acceptable or if you have system level mechanisms to detect it (toggle the pin at start-up).

2- This pretty common state of the art to require an external monitoring. Dependant failure can be link t power, clock, crack die, latch-up, systemtic development fault, high temperature. We try to address most of the DFA with safety measures in the microcontroller, but state of the art is to keep an external monitoring

3- you can do this external monitoring on another processor or with discrete logic. As I said there is still one FM that you not be cover with a single static pin, but if you find a system level safety mechanisms to address it it would be ok.

0 Kudos
Reply