3 Targeting Safety-Critical Applications

AM62Ax is ASIL-B/SIL-2 (Automotive Safety Integrity Level B/Safety Integrity Level 2) functional safety compliant device and supports several functional safety features such as a dedicated safety domain called the MCU domain which integrates the Cortex-R5F MCU. Freedom from interference and isolation features are provided to isolate the MCU domain from the main domain. The AM62Ax component is targeted at general-purpose functional safety applications. Development is done as Safety Element out of Context (SEooC) according to the automotive specification ISO 26262-10:2018, for example, the designer of the safety device can refer to the assessment report of the purchased component and must adhere to safety assumptions of use (AoU) and guidelines provided in the safety manual of the SEooC. This method is also used to meet the related requirements of the industrial specification IEC 61508 at the semiconductor level.

AM62Ax achieves systematic integrity of ASIL-D/SIL-3 and includes sufficient functional safety mechanisms for random fault integrity requirements of ASIL-B/SIL-2 for the entire device. The Cortex R5 MCU channel can be used to provide a CPU core and associated peripherals to monitor the primary function such as driver monitoring systems and transition the system to the safe state in the case a fault is detected. AM62Ax devices target a Safe Failure Fraction (SFF) of 90% - 99% (SIL-2) and a Single Point Fault Metric (SPFM) of 90-99% (ASIL-B) in the entire device. The MCU domain includes dedicated peripherals such as I2C, SPI, UART, and GPIOs that are supplied by an independent voltage domain within the MCU domain. The device contains an Error Signaling module (ESM) that collects error flags from the different device domains. When a fault is reported through the ESM, this is considered to be a fault detected state. If the system is in a fault detected state, software may attempt to recover from the fault before a safety goal is violated.