1.10.3 Safety and IEC 60730 Features
| Peripheral | Component | Fault/Error/Feature | Requirements for Class B IEC 60730(1) | General
Safety |
|---|---|---|---|---|
| PMC | Clock | MCK frequency
monitor - MCK out-of-range operation | – | X |
| 32.768 kHz
crystal oscillator frequency monitor - Abnormal frequency deviation | X | X | ||
| Main crystal
oscillator failure detector - Crystal failure detection | X | X | ||
| System Controller | All | Safety critical
peripherals and/or counters are fed by the always-on slow RC oscillator - WDT, RSTC, start-up counters, timeout counters, etc. | – | X |
| PIOC | I/O lines | Digital I/O - Plausibility check | X | – |
| ADCC | Analog I/O and
ADC converter - Plausibility check | X | – | |
| NAND Flash Controller ECC | Memory | Non-volatile
memory - Multiple error detection (2 to 24) | – | X |
| WDT, RSTC | Watchdog | Watchdog is
driven by an internal always on clock - Program counter stuck at faults | X | X |
| Watchdog
configuration can be locked until the next reset - Errant writes (programming errors, errors introduced by system or hardware failures) | – | X | ||
| Watchdog overflow generates a system reset | X | X | ||
| Arm926EJ-S MMU | Memory Management Unit | Arm926EJ-S Memory Management Unit | – | X |
| MATRIX, AIC, RTC, RTT, RSTC, SHDWC, SDRAM, PMC, PIOC, MPDDRC, SMC, CLASSD, SSC, FLEXCOM, QSPI, TC, I2SMCC, ADC | Peripherals | Configuration,
Interrupt Enable/Disable, Control registers can be independently
write-protected - Errant writes (programming errors, errors introduced by system or hardware failures) | – | X |
| AES, TDES, SHA, PIT64B, TC, MPDDRC | Peripherals | Embedded integrity checker with reports in status registers | – | X |
Note:
- Class B IEC 60730 Requirements. Annex H - Table H.1 (H.11.12.7 in Edition 3).