SLVUC32B June   2021  – February 2022 DRA829J , DRA829J-Q1 , DRA829V , DRA829V-Q1 , TDA4VM , TDA4VM-Q1 , TPS6594-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2Device Versions
  4. 3Processor Connections
    1. 3.1 Power Mapping
    2. 3.2 Control Mapping
  5. 4Supporting Functional Safety Systems
    1. 4.1 Achieving ASIL-B System Requirements
    2. 4.2 Achieving up to ASIL-D System Requirements
  6. 5Static NVM Settings
    1. 5.1  Application-Based Configuration Settings
    2. 5.2  Device Identification Settings
    3. 5.3  BUCK Settings
    4. 5.4  LDO Settings
    5. 5.5  VCCA Settings
    6. 5.6  GPIO Settings
    7. 5.7  Finite State Machine (FSM) Settings
    8. 5.8  Interrupt Settings
    9. 5.9  POWERGOOD Settings
    10. 5.10 Miscellaneous Settings
    11. 5.11 Interface Settings
    12. 5.12 Multi-Device Settings
    13. 5.13 Watchdog Settings
  7. 6Pre-Configurable Finite State Machine (PFSM) Settings
    1. 6.1 Configured States
    2. 6.2 PFSM Triggers
    3. 6.3 Power Sequences
      1. 6.3.1 TO_SAFE_SEVERE and TO_SAFE
      2. 6.3.2 TO_SAFE_ORDERLY and TO_STANDBY
      3. 6.3.3 ACTIVE_TO_WARM
      4. 6.3.4 ESM_SOC_ERROR
      5. 6.3.5 PWR_SOC_ERROR
      6. 6.3.6 MCU_TO_WARM
      7. 6.3.7 TO_MCU
      8. 6.3.8 TO_ACTIVE
      9. 6.3.9 To Suspend-to-RAM (TO_S2R)
  8. 7Impact of NVM Changes
  9. 8References
  10. 9Revision History

4.2 Achieving up to ASIL-D System Requirements

For ASIL-C or ASIL-D systems, the following features in addition to the ones described in Section 4.1 can be used:

  • PMIC current monitoring on all output power rails
  • Isolation of processor MCU and Main power domains
  • SoC error monitoring
  • SoC reset

The current monitoring is enabled by default for all BUCKs and LDOs for the TPS6594-Q1 devices. Additionally, Figure 3-1 shows that the MCU domain of the processor is powered by different power resources of the PMICs than the main power domain of the processor. SoC error signal monitoring can be utilized if GPIO_3 of TPS65941111-Q1 is available to be reconfigured as nERR_SoC. This feature is enabled through I2C using the ESM_SOC_EN register bit. The SoC reset functionality is supported through the connection of GPIO_11 on the primary TPS6594-Q1, configured as nRSTOUT_SoC, to the PORz pin of the processor.

Table 4-1 System Level Safety Features
ASIL-B ASIL-D
Safety Monitoring Processor External SW Wdog External Wdog COMM & INTn

Safety MCU Processing ESM

Safety MCU Reset

 Safety Status Signal System Input Voltage Monitoring

SoC Main Processing ESM

SoC Main Reset

SoC: MCU Island

R5 Cores

 TPS65941212-Q1: Q&A Watchdog

TPS65941212-Q1: I2C2

TPS65941212-Q1 and TPS65941111-Q1: nINT

TPS65941212-Q1: nERR_MCU connected to SOC:MCU_SAFETY_ERRz

TPS65941212-Q1: nRSTOUT connected to MCU_PORz_1V8

 TPS65941212-Q1: ENDRV TPS65941212-Q1: VSYS_SENSE -OV with Safety FET OVPGDRV

TPS65941212-Q1 and TPS65941111-Q1 with VCCA OV & UV and SoC (VMON1) -UV

TSP65941212-Q1: nERR_MCU connected to SOC: SOC_SAFETY_ERRz

TPS65941212-Q1: nRSTOUT_SOC connected to SOC_PORz_1V8
Table 4-2 Monitoring Safety Features
ASIL-B ASIL-D Adds
Device Power Resource PDN Power Rail Safe State Power Group1 Supply Voltage Monitoring Supply Current Monitoring
TPS65941212-Q1 (PMIC-A) BUCK1-3 VDD_CPU_AVS SOC PMIC-A - OV & UV PMIC-A -CM
BUCK4 VDD_MCUIO_0V8 MCU PMIC-A - OV & UV PMIC-A -CM
BUCK5 VDD_PHY_1V8 SOC PMIC-A - OV & UV PMIC-A -CM
LDO1 VDD1_LPDDR4_1V8 SOC PMIC-A - OV & UV PMIC-A -CM2
LDO2 VDD_MCUIO_1V8 MCU PMIC-A - OV & UV PMIC-A -CM
LDO3 VDA_DLL_0V8 SOC PMIC-A - OV & UV PMIC-A -CM
LDO4 VDA_MCU_1V8 MCU PMIC-A - OV & UV PMIC-A -CM
TPS65941111-Q1 (PMIC-B) BUCK1-4 VDD_CORE_0V8 SOC PMIC-B - OV & UV PMIC-B -CM
BUCK5 VDD_RAM_0V85 SOC PMIC-B - OV & UV PMIC-B -CM
LDO1 VDD_SD_DV SOC PMIC-B - OV & UV PMIC-B -CM
LDO2 VDA_USB_3V3 SOC PMIC-B - OV & UV PMIC-B -CM
LDO3 VDD_IO_1V8 SOC PMIC-B - OV & UV PMIC-B -CM
LDO4 VDA_PLL_1V8 SOC PMIC-B - OV & UV PMIC-B -CM
TPS22965W-Q1 Ld Sw A VDD_MCUIO_3V3 MCU SoC (VDDSHV0_MCU) - OV & UV NA
TPS22965W-Q1 Ld Sw B VDD_IO_3V3 SOC PMIC-B (FB_B4) - OV & UV7 NA34
TPS62813-Q1 Buck A VDD_LPDDR4_1V1 None PMIC-A (FB_B3) - OV & UV5 NA2
TLV73318P-Q1 LDO-A VDD_EFUSE_1V8 None NA6 NA6
  1. Rail Group settings for the TPS65941212-Q1 and TPS65941111-Q1 are found in Table 5-7.
  2. Power rails VDD_DDR_1V1 and VDD1_LPDDR4_1V8 are safety critical but do not required direct voltage or current monitoring since other means are available (for example, SoC internal timeout gaskets and ECC checkers) provide diagnostic coverage to detect faults in the DDR voltage.
  3. Power rails VDD_IO_1V8/3V3 and VDD_GPIORET_1V8/3V3 are typically not safety critical since other means are available (for example, black-channel checkers) to provide diagnostic coverage to detect faults in SoC signaling interfaces (for example, CAN, UART, and SPI).
  4. If an SoC GPIO control signal is used in a safety critical interface, then adding voltage and current monitoring to specific VIO power rail may be needed per customer's end product design.
  5. PMIC resource, FB_B3 is used to monitor both OV and UV of VDD_DDR_1V1. This PMIC monitor is not associated with a Power group, but can be added to a group by software.
  6. Power rail VPP_EFUSE_1V8 is not safety critical since Efuse programming does not occur during safety critical processing.
  7. PMIC-B, Buck3 and 4 have unused remote sense feedback inputs that can be assigned to provide OV and UV voltage monitoring after SoC SW boot for 2x external power rails per desired functional safety needs. Optional OV/UV monitoring of VDD_DDR_1V1 and VDD_IO_3V3 power rails are examples.