6.3 Safety and IEC 60730 Features
| Peripheral | Component | Fault/Error/Feature | Requirements for Class B IEC 60730(1) |
General Safety |
|---|---|---|---|---|
| PMC | Clock | CPU clock monitoring - Overclocking detection |
– | X |
| 32.768 kHz crystal oscillator frequency
monitoring - Abnormal frequency deviation |
X | X | ||
| Main crystal oscillator - Crystal failure detection |
X | X | ||
| PIOC | I/O Periphery | Programmable configuration lock (active until next VDDCORE reset) to protect against further software modifications (intentional or unintentional) | – | X |
| Digital I/O - Plausibility check |
X | – | ||
| ADCC | Analog I/O and ADC converter - Plausibility check |
X | – | |
| ICM (SHA) | Memory and Internal Data Path | All internal and external memories such as QSPI, DDR, and all memories on SMC | X | – |
| NAND Flash Controller ECC | Non-volatile memory - Mutiple error detection (2 to 32) |
– | X | |
| System Controller | Supply Monitor | Power supplies - VDDCORE, VDDIO, VDDANA, VDDBU abnormal levels |
– | X |
| WDT, RSTC |
Watchdog | Watchdog can be fed by an internal always ON
clock - Program counter stuck at faults. |
X | X |
| Watchdog configuration can be locked
(write-protected) - Errant writes (Programming errors, errors introduced by system or hardware failures) |
– | X | ||
| Watchdog overflow generates a system reset | X | X | ||
| Cortex MMU | Memory Management Unit | Cortex-A5 Memory Management Unit | – | X |
| MATRIX, AIC, RTC, SYSC, RXLP, ACC, PMC, PIO, MPDDRC, SMC, CLASSD, SSC, TWI, UART, SPI, FLEXCOM, QSPI, TC, PDMIC, ADC | Peripherals | Configuration, Interrupt Enable/Disable,
Control registers can be independently write-protected - Errant writes (Programming errors, errors introduced by system or hardware failures) |
– | X |
| PWM, PIO |
PWM | Fault inputs can be configured to put the PWM
outputs in Safe mode - Programming errors, errors introduced by system or hardware failures |
– | X |
| PIO controller can lock the PWM I/O - Programming errors, errors introduced by system or hardware failures |
– | X | ||
| Fault inputs can be external (IO) or internal
(ADC, TIMER, ACC, etc.) - Programming errors, errors introduced by system or hardware failures |
– | X |
Class B IEC 60730 Requirements. Annex H - Table H.1 (H.11.12.7 of edition 3).