SPRAD57 August   2022 AM67 , AM67A , AM68 , AM68A , AM69 , AM69A , DRA829J , DRA829J-Q1 , DRA829V , DRA829V-Q1 , TDA4AEN-Q1 , TDA4AH-Q1 , TDA4AL-Q1 , TDA4AP-Q1 , TDA4VE-Q1 , TDA4VEN-Q1 , TDA4VH-Q1 , TDA4VL-Q1 , TDA4VM , TDA4VM-Q1 , TDA4VP-Q1

 

  1.   Abstract
  2.   Trademarks
  3. 1Jacinto™ 7 Safety Architecture Concepts
    1. 1.1 Safety Architectural Overview: MCU Island and Extended MCU Island
    2. 1.2 Implementing Mixed Criticality - Freedom from Interference (FFI)
  4. 2Overview of Safety Mechanisms
  5. 3Implementation of Safety in Your System
    1. 3.1 Hardware Collateral
    2. 3.2 Software Support

1.2 Implementing Mixed Criticality - Freedom from Interference (FFI)

When mixed ASIL components co-exist in a system, ISO26262 mandates freedom from interference. This prevents cascading faults from lower criticality elements from affecting higher criticality elements. The Jacinto family of products implement several architectural features to facilitate FFI.

  • HW Isolation: The MCU Safety Island is an independent domain with a high degree of FFI from the rest of the SoC. This is accomplished via separate voltage, clock, and reset domains as well as its own dedicated set of peripherals and resources. The MCU domain can still continue to operate on safety critical functions if the main domain crashes, hangs, or needs to be reset.
  • Firewalls: A Firewall is a module that restricts access of incoming bus transactions based on configuration settings. Firewalls can be configured for certain policies to ensure that non-safe or less safe components will not be able to access or manipulate safety critical cores, peripherals, or memory. Policies can be set to monitor an incoming transaction’s address and attributes (Read, Write, Secure, etc.) to either block or allow access.
  • Isolation Gaskets: The MCU island and extended MCU island have isolation gaskets in place which serve as fault tolerant connections to less safety critical resources that are shared throughout the SoC.
  • PVU/MMU: In addition to enabling features like virtualization, MMUs help separate memory paths via memory mapping to allow mixed criticality use cases. The module can be configured to ensure that less safety critical cores can only access its own address space and peripherals.