The following techniques and safety measures
may be useful for improving independence of function when using the TMS320F28002x MCU:
- Hold peripherals clocks disabled if the
available peripherals are unused (CLK14-Peripheral Clock Gating (PCLKCR)).
- Hold peripherals in reset if the
available peripherals are unused (SYS7-Peripheral Soft Reset (SOFTPRES)).
- Power down the analog components cores if
they are not used.
- When possible, separate critical I/O
functions by using non adjacent I/O pins/balls.
- Partition the memory as per the application requirements to respective
processing units and configure the Access Protection Mechanism for Memories, for each memory instance such that
only the permitted masters have access to memory.
- The Dual Code Security Module (DCSM) can be used for functional safety
where functions with different safety integrity levels can be executed from different
security zones (zone1, zone2, and unsecured zone), acting as firewalls and thus mitigating
the risk due to interference from one secure zone to another. For more information, please
refer to Achieving Coexistence of Safety Functions for EV/HEV Using C2000™
MCUs
- TMS320F28002x supports master access control for each peripheral. After
programming peripheral access protection registers, each master can exclusively control
the peripheral to safeguard usage by particular application against errant writes or
corruption by other masters in the system. This is enabled using the dedicated access
control bits per peripheral which allow or protect against the access from given master.
Each peripheral has two bit qualifier per master to decode the access allowed. For details
refer to PERIPH_AC_REGS Registers in TMS320F28002x Technical Reference
Manual.
- ADC11-Disabling Unused Sources of SOC Inputs to ADC can help avoid interference
from unused peripherals to disturb functionality of ADC.
- DMA9-Disabling of Unused DMA Trigger Sources will help minimize interference
caused by unintentional DMA transfers.
- To avoid interference from spurious activity on MCU’s debug port,
JTAG1-Hardware Disable of JTAG Port can be used.
- Safety applications running on the CPU can be interfered by
unintentional faulty interrupt events to PIE module. PIE7-Maintaining Interrupt Handler for Unused Interrupts and PIE8-Online Monitoring of Interrupts and Events will detect such interfering
failures.
- MCU resources in supporting CPU execution such as memory, interrupt
controller, and so forth could be impacted by resources from lower safety integrity safety
functions coexisting on same MCU. Safety mechanisms such as SRAM16-Information Redundancy Techniques, SRAM11-Access Protection Mechanism for Memories
SRAM17-CPU Handling of Illegal Operation, Illegal Results and Instruction
Trapping will be able to detect such interference.
- Critical configuration registers could be victim of interference from
bus masters on MCU which implements lower safety integrity functions. These can be
protected by SYS1-Multi-Bit Enable Keys for Control Registers, SYS2-Lock Mechanism for Control Registers, SYS8-EALLOW and MEALLOW Protection for Critical Registers.