5.3 Safety and IEC 60730 Features

Table 5-1. Safety and IEC 60730 Features List
Peripheral	Component	Fault/Error/Feature
PMC	Clock	CPU clock monitoring - Overclocking detection
32.768 kHz crystal oscillator frequency monitoring - Abnormal frequency deviation
Main crystal oscillator - Crystal failure detection
PIOC	I/O Periphery	Programmable configuration lock (active until next V_DDCORE reset) to protect against further software modifications (intentional or unintentional)
Digital I/O - Plausibility check
ADCC	Analog I/O and ADC converter - Plausibility check
ICM (SHA)	Memory and Internal Data Path	All internal and external memories such as SMC, DDR, internal SRAM and QSPI
NAND Flash Controller ECC	Nonvolatile memory - Mutiple error detection (2 to 32)
System Controller	Supply Monitor	Power supplies - VDDCPU, VDDCORE, VBAT abnormal levels
WDT, RSTC	Watchdog	Watchdog can be fed by an internal always on clock - Program counter stuck at faults.
Watchdog configuration can be locked (write-protected until next reset) - Errant writes (Programming errors, errors introduced by system or hardware failures)
Watchdog overflow generates a system reset
Cortex MMU	Memory Management Unit	Cortex-A7 Memory Management Unit
MATRIX, SYSC, ACC, PMC, PIO, SMC, SSC, I2SMCC, FLEXCOM, QSPI, TC, PDMC, ADC,ASRC, EIC, PWM, PIT64B, SPDIFRX, SPDIFTX, TZAESB, TZAESBASC, UHPHS	Peripherals	Configuration, Interrupt Enable/Disable, Control registers can be independently write-protected - Errant writes (Programming errors, errors introduced by system or hardware failures)
AES, TDES, SHA, PIT64B	Peripherals	Embedded integrity checker with reports in status registers.
AES, TDES	Peripherals	Immediate clear of keys in case of tamper detection. Immediate stop of processing in case of tamper detection
PWM, PIO	PWM	Fault inputs can be configured to put the PWM outputs in Safe mode - Programming errors, errors introduced by system or hardware failures
PIO controller can lock the PWM I/O - Programming errors, errors introduced by system or hardware failures
Fault inputs can be external (IO) or internal (ADC, TIMER, ACC, etc.) - Programming errors, errors introduced by system or hardware failures

PMC

Clock

CPU clock monitoring

- Overclocking detection

32.768 kHz crystal oscillator frequency monitoring

- Abnormal frequency deviation

Main crystal oscillator

- Crystal failure detection

PIOC

I/O Periphery

Programmable configuration lock (active until next V_DDCORE reset) to protect against further software modifications (intentional or unintentional)

Digital I/O

- Plausibility check

ADCC

Analog I/O and ADC converter

- Plausibility check

ICM (SHA)

Memory and Internal Data Path

All internal and external memories such as SMC, DDR, internal SRAM and QSPI

NAND Flash Controller ECC

Nonvolatile memory

- Mutiple error detection (2 to 32)

System Controller

Supply Monitor

Power supplies

- VDDCPU, VDDCORE, VBAT abnormal levels

WDT, RSTC

Watchdog

Watchdog can be fed by an internal always on clock

- Program counter stuck at faults.

Watchdog configuration can be locked (write-protected until next reset)

- Errant writes (Programming errors, errors introduced by system or hardware failures)

Watchdog overflow generates a system reset

Cortex MMU

Memory Management Unit

Cortex-A7 Memory Management Unit

MATRIX, SYSC, ACC, PMC, PIO, SMC, SSC, I2SMCC, FLEXCOM, QSPI, TC, PDMC, ADC,ASRC, EIC, PWM, PIT64B, SPDIFRX, SPDIFTX, TZAESB, TZAESBASC, UHPHS

Peripherals

Configuration, Interrupt Enable/Disable, Control registers can be independently write-protected

- Errant writes (Programming errors, errors introduced by system or hardware failures)

AES, TDES, SHA, PIT64B

Peripherals

Embedded integrity checker with reports in status registers.

AES, TDES

Peripherals

Immediate clear of keys in case of tamper detection.

Immediate stop of processing in case of tamper detection

PWM, PIO

PWM

Fault inputs can be configured to put the PWM outputs in Safe mode

- Programming errors, errors introduced by system or hardware failures

PIO controller can lock the PWM I/O

- Programming errors, errors introduced by system or hardware failures

Fault inputs can be external (IO) or internal (ADC, TIMER, ACC, etc.)

- Programming errors, errors introduced by system or hardware failures