5.3 Safety and IEC 60730 Features
| Peripheral | Component | Fault/Error/Feature | Requirements for Class B IEC 60730(1) |
General Safety |
|---|---|---|---|---|
| PMC | Clock | MCK frequency
monitor - MCK out-of-range operation |
– | X |
| 32.768 kHz
crystal oscillator frequency monitor - Abnormal frequency deviation |
X | X | ||
| Main crystal
oscillator failure detector - Crystal failure detection |
X | X | ||
| System Controller | All | Safety critical
peripherals and/or counters are fed by the always-on slow RC oscillator - WDT, RSTC, startup counters, timeout counters, etc. |
– | X |
| PIOC | I/O lines | Digital I/O - Plausibility check |
X | – |
| ADCC | Analog I/O and
ADC converter - Plausibility check |
X | – | |
| NAND Flash Controller ECC | Memory | Non-volatile
memory - Multiple error detection (2 to 24) |
– | X |
| WDT, RSTC |
Watchdog | Watchdog is
driven by an internal always on clock - Program counter stuck at faults |
X | X |
| Watchdog
configuration can be locked until the next reset - Errant writes (programming errors, errors introduced by system or hardware failures) |
– | X | ||
| Watchdog overflow generates a system reset | X | X | ||
| ARM926EJ-S MMU | Memory Management Unit | ARM926EJ-S Memory Management Unit | – | X |
| MATRIX, AIC, RTC, RTT, RSTC, SHDWC, SDRAM, PMC, PIOC, MPDDRC, SMC, CLASSD, SSC, FLEXCOM, QSPI, TC, I2SMCC, ADC | Peripherals | Configuration,
Interrupt Enable/Disable, Control registers can be independently
write-protected - Errant writes (programming errors, errors introduced by system or hardware failures) |
– | X |
| AES, TDES, SHA, PIT64B, TC, SDRAMC, MPDDRC | Peripherals | Embedded integrity checker with reports in status registers | – | X |
Note:
- Class B IEC 60730 Requirements. Annex H - Table H.1 (H.11.12.7 in Edition 3).