SNVAA92 November 2023 LM63625-Q1 , TPS37-Q1 , TPS3703-Q1 , TPS3850-Q1
Functional safety is important in automotive applications such as advanced driver assistance systems (ADAS), battery management systems (BMS), digital cockpits, and instrument clusters. Designers often wonder how to design power supplies for safety microcontrollers (MCU) to achieve Automotive Safety Integrity Level (ASIL) B.
This article describes a TI design leveraging two TI Functional Safety-Capable devices – the LM63625-Q1 buck converter combined with the TPS37A-Q1 supervisor – to meet random hardware fault metrics for ASIL B in digital cockpit and cluster applications. This method can also be scaled to other automotive applications.
TI Functional Safety-Capable devices are not developed according to the requirements of any functional safety standard. TI provides failure-in-time (FIT) rate and failure mode distribution information to customers to aid in the calculation of random hardware fault metrics. TI recommends integrating these components into a system through the strategy of “evaluation of hardware element” (International Organization for Standardization [ISO] 26262-8:2018, clause 13).
Safety MCUs are widely used in safety-critical automotive systems such as digital cockpits and instrument clusters. The MCU collects safety-relevant information from various electronic control units and sensors through a Controller Area Network (CAN). The device then executes the corresponding signal processing and fault detection to achieve the system functional safety requirements. Keeping the power supply within the recommended operating range of the safety MCU is essential to prevent the MCU from running into an unsafe state.
There are four classifications of ASILs in the ISO 26262 standard based on the inherent safety risk: ASIL A, ASIL B, ASIL C, and ASIL D, with ASIL D being the most stringent requirement. The target for digital cockpit and cluster applications is typically ASIL B.