The following techniques and safety measures shall be used as applicable for improving independence of function when using the TMS320F28003x MCU:
- Hold peripherals clocks disabled if the available peripherals are unused (CLK14-Peripheral Clock Gating (PCLKCR)).
- Hold peripherals in reset if the available peripherals are unused (RST9-Peripheral Soft Reset (SOFTPRES)).
- When possible, separate critical I/O functions by using non adjacent I/O pins/balls.
- Partition the memory as per the application requirements to respective processing units and configure the Access Protection Mechanism for Memories, for each memory instance such that only the permitted masters have access to memory.
- The Dual Code Security Module (DCSM) can be used for functional safety where functions with different safety integrity levels can be executed from different security zones (zone1, zone2, and unsecured zone), acting as firewalls and thus mitigating the risk due to interference from one secure zone to another. For more information, see Achieving Coexistence of Safety Functions for EV/HEV Using C2000™ MCUs
- TMS320F28003x supports SYS11-Peripheral access protection - Type 1. After
programming peripheral access protection registers, each master can exclusively
control the peripheral to safeguard usage by particular application against
errant writes or corruption by other masters in the system. This is enabled
using the dedicated access control bits per peripheral which allow or protect
against the access from given master. Each peripheral has two bit qualifier per
master to decode the access allowed. For more details, see the PERIPH_AC_REGS
Registers in TMS320F28003x Technical Reference
Manual.
- Disabling of SOC Inputs to ADC can help avoid interference from unused
peripherals to disturb functionality of ADC.
- DMA9-Disabling of Unused DMA Trigger Sources will help minimize interference caused by unintentional DMA transfers.
- CLA11-Disabling of Unused CLA Trigger Sources will mitigate risk of interference caused due to the trigger events.
- To avoid interference from spurious activity on MCU’s debug port, JTAG1-Hardware Disable of JTAG Port can be used.
- Safety applications running on the CPU can be interfered by unintentional faulty interrupt events to PIE module. PIE7-Maintaining Interrupt Handler for Unused Interrupts and PIE8-Online Monitoring of Interrupts and Events will detect such interfering failures.
- MCU resources in supporting CPU execution such as memory, interrupt
controller, and so forth could be impacted by
resources from lower safety integrity safety
functions coexisting on same MCU. Safety
mechanisms such as SRAM11-Access Protection Mechanism for
Memories, SRAM16–Information Redundancy Techniques,
SRAM17-CPU Handling of Illegal Operation, Illegal
Results and Instruction Trapping will be
able to detect such interference.
- Critical configuration registers could be victim of interference from bus
masters on MCU which implements lower safety
integrity functions. These can be protected by
SYS1-Multibit Enable Keys for Control
Registers, SYS2-Lock Mechanism for Control Registers,
SYS8-EALLOW and MEALLOW Protection for Critical
Registers.