SBC Safety Initialization

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

SBC Safety Initialization

557 次查看
amato_massara
Contributor I

Hello,

The safety manual of SBC indicates a summary of steps to prepare the SBC for Safety purpose. We refers to the Safety Manual for FS6500 and FS4500, Rev. 2.0 54 NXP Semiconductors, 6.1 INIT phase.

The driver we used does not implements completely the sequence as described in the Safety Manual of SBC. To have the SBC driver safety compliant we should be sure that the SBC is used in the Safety way.

Below our questions:

 

  • Is the “1- Verify” phase only the check of the registers indicated? Or does it include also their configuration?
  • Could be the “1- Verify” phase moved after the “2- Configure” phase?

 

At the moment the driver implements in the INIT phase only a part of the “2-Configure”, and after that the sbc passes in the Normal Mode.

0 项奖励
4 回复数

544 次查看
r40959
NXP Employee
NXP Employee
Hello, please find the answer from the Safety architect: "Verify phase" is only for checking the registers indicated. (Verify LBIST and ABIST1 are pass. • Verify VPRE buck or buck boost configuration. • Verify VCCA and VAUX voltage configuration (3.3 V or 5.0 V). • Verify debug mode is not activated. • Verify deep Fail-safe configuration.) This phase is not about configuration. Verify phase can be moved after Configure phase. No problem. It is just more logical to do the verification before the configuration. If something wrong is detected during the verification phase, it may not be worth to perform the configuration. Let us know if our answer is clear to you. thank you Best regards Valerie Bernon
0 项奖励

547 次查看
r40959
NXP Employee
NXP Employee
Hello, we have well received your question. We will come back to you with answer and guidance in the coming days. Thank you best regards Valerie Bernon
0 项奖励

535 次查看
amato_massara
Contributor I

dear , I have some additional question 

  • Do you mean it is not safety relevant the order of the operations described in Init phase? We are anyway safety compliant using a different order?
  • The driver in the INIT phase performs only the “configure” steps. After that the WD pass in NORMAL MODE. Only in this moment, we can use a custom implementation to check the Registers indicate in the “Verify” phase (like BIST…). For the Safety is it ok? Is not too late?
  • The “configure” phase does not follow the sequence indicates in the Safe Manual. In particular it is not possible to configure the WD_WINDOW before the INIT phase is terminated( “Configure the WD window period and the WD counters. Ensure the configuration does not violate the FTTI requirement at the system level” is not performed.)
  • The order of the configuration step in the driver is different of the Safety Manual description. It could be a problem? The order is mandatory?
  • In the Execute phase the ABIST2 test are not performed, so these test could be executed only in NORMAL MODE after the Initialization is terminated.
  • In the Execute phase the first good WD refresh before leave the INIT phase is not done This operation can be done in NORMAL MODE?
  • Before to send the WD_ANSWER no check of error bits ERR_INT_SW, ERR_INT_HW, FSO_G is done.

Thanks a lot for your support

Tito

0 项奖励

533 次查看
r40959
NXP Employee
NXP Employee
The Configuration phase (in INIT_FS) is done while FS0B is asserted, therefore the system is in safe state. The Verification phase must be done before releasing FS0B. Therefore, if there are constraints to do the Verification phase after the Configuration phase, it is OK if it is done before releasing FS0B. Thank you Best regards V Bernon (& M Clairet)
0 项奖励