Safety Functional Global reset and FS26 and S32K344

FabioG · ‎07-18-2024

Hi There,

I have a system equipped by FS26 SBC and FCCU configured on a S32k344-based system.

FCCU NCF lines are configured as short reset function and EOUT signalling to FS26 for global recovery, so a fault triggered to a NCF lines performs a funcional reset and FS26's fail-stafe state machine (in normal mode) asserts FS0B. isn't it (MFS2621AMDABAD)?

My problem is to manage SW faults, out of FCCU NCF domain that I need to perform a global safety reset (FS0B asserted ). My Idea is to avoid a MCU-driven reset and use A SW_NCF FCCU trigger:

for example ,instead of using a MCU-driven reset, I call:

eMcem_AssertSWFault(EMCEM_DCM_NCF_7_SW_NCF_0)

so: (1)EMCEM_DCM_NCF_7_SW_NCF_0 triggers a FCCU short reset with a EOUT signalling to FS26 and a consequent FS0B assertion. Is it the right way?

Another (2) Hypothesis was to send an SPI command to FS26 directly for ASSERT FS0B and perform a MCU-driven reset, but It seem to me to have a lot of drawbacks.....

Is the first mode (1) Ok or (2) or do you suggest some other mechanisms?

Best Regards

Fabio

antoinedubois · ‎07-25-2024

Hi Fabio,

Yes asserting the SW triggered fault like in (1) was the main idea. The (2) is more complex and potentially longer for your fault reaction time interval but also possible. In any case if your SW fail, the PMIC watchdog should also trigger and assert Safe state in case 1 or 2 fails.

在原帖中查看解决方案

antoinedubois · ‎07-25-2024

Hi Fabio,

Yes asserting the SW triggered fault like in (1) was the main idea. The (2) is more complex and potentially longer for your fault reaction time interval but also possible. In any case if your SW fail, the PMIC watchdog should also trigger and assert Safe state in case 1 or 2 fails.