1.10.3 Safety and IEC 60730 Features

Table 1-2. Safety and IEC 60730 Features List
Peripheral	Component	Fault/Error/Feature
PMC	Clock	CPU clock monitoring. - Overclocking detection.
32.768 kHz crystal oscillator frequency monitoring. - Abnormal frequency deviation.
Main crystal oscillator. - Crystal failure detection.
PIOC	I/O Periphery	Programmable configuration lock (active until next V_DDCORE reset) to protect against further software modifications (intentional or unintentional).
Digital I/O. - Plausibility check.
ADCC	Analog I/O and ADC converter. - Plausibility check.
ICM (SHA)	Memory and Internal Data Path	All internal and external memories such as SMC, DDR, internal SRAM and QSPI.
NAND Flash Controller ECC	Nonvolatile memory. - Mutiple error detection (2 to 32).
System Controller	Supply Monitor	Power supplies. - VDDCPU, VDDCORE, VBAT abnormal levels.
DWDT, RSTC	Watchdog	Watchdog can be fed by an internal always on clock. - Program counter stuck at faults.
Watchdog configuration can be locked (write-protected until next reset). - Errant writes (Programming errors, errors introduced by system or hardware failures).
Watchdog overflow generates a system reset.
Cortex MMU	Memory Management Unit	Cortex-A7 Memory Management Unit.
MATRIX, SYSC, ACC, PMC, PIO, SMC, SSC, I2SMCC, FLEXCOM, QSPI, TC, PDMC, ADC,ASRC, EIC, PWM, PIT64B, SPDIFRX, SPDIFTX, TZAESB, TZAESBASC, UHPHS	Peripherals	Configuration, Interrupt Enable/Disable, Control registers can be independently write-protected. - Errant writes (Programming errors, errors introduced by system or hardware failures).
AES, TDES, SHA, PIT64B	Peripherals	Embedded integrity checker with reports in status registers.
AES, TDES	Peripherals	Immediate clear of keys in case of tamper detection. Immediate stop of processing in case of tamper detection.
PWM, PIO	PWM	Fault inputs can be configured to put the PWM outputs in Safe mode. - Programming errors, errors introduced by system or hardware failures.
PIO controller can lock the PWM I/O - Programming errors, errors introduced by system or hardware failures.
Fault inputs can be external (IO) or internal (ADC, TIMER, ACC, etc.). - Programming errors, errors introduced by system or hardware failures.

PMC

Clock

CPU clock monitoring.

- Overclocking detection.

32.768 kHz crystal oscillator frequency monitoring.

- Abnormal frequency deviation.

Main crystal oscillator.

- Crystal failure detection.

PIOC

I/O Periphery

Programmable configuration lock (active until next V_DDCORE reset) to protect against further software modifications (intentional or unintentional).

Digital I/O.

- Plausibility check.

ADCC

Analog I/O and ADC converter.

- Plausibility check.

ICM (SHA)

Memory and Internal Data Path

All internal and external memories such as SMC, DDR, internal SRAM and QSPI.

NAND Flash Controller ECC

Nonvolatile memory.

- Mutiple error detection (2 to 32).

System Controller

Supply Monitor

Power supplies.

- VDDCPU, VDDCORE, VBAT abnormal levels.

DWDT, RSTC

Watchdog

Watchdog can be fed by an internal always on clock.

- Program counter stuck at faults.

Watchdog configuration can be locked (write-protected until next reset).

- Errant writes (Programming errors, errors introduced by system or hardware failures).

Watchdog overflow generates a system reset.

Cortex MMU

Memory Management Unit

Cortex-A7 Memory Management Unit.

MATRIX, SYSC, ACC, PMC, PIO, SMC, SSC, I2SMCC, FLEXCOM, QSPI, TC, PDMC, ADC,ASRC, EIC, PWM, PIT64B, SPDIFRX, SPDIFTX, TZAESB, TZAESBASC, UHPHS

Peripherals

Configuration, Interrupt Enable/Disable, Control registers can be independently write-protected.

- Errant writes (Programming errors, errors introduced by system or hardware failures).

AES, TDES, SHA, PIT64B

Peripherals

Embedded integrity checker with reports in status registers.

AES, TDES

Peripherals

Immediate clear of keys in case of tamper detection.

Immediate stop of processing in case of tamper detection.

PWM, PIO

PWM

Fault inputs can be configured to put the PWM outputs in Safe mode.

- Programming errors, errors introduced by system or hardware failures.

PIO controller can lock the PWM I/O

- Programming errors, errors introduced by system or hardware failures.

Fault inputs can be external (IO) or internal (ADC, TIMER, ACC, etc.).

- Programming errors, errors introduced by system or hardware failures.