• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 31 subscribers
  • Views 2023 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Claiming compliance for ISO 26262 ASIL D

Saraschadra Madem
Prodigy 20 points
Other Parts Discussed in Thread: HALCOGEN

Hi,

I understand from SafeTI documentation for TMS570 that this micro-controller is certified for ISO 26262 ASIL D. In this regard, I have the following question to ask:

TMS570 employs Safe Island design approach. This concept requires implementation of hardware and software diagnostic measures.

Since the micro-controller is developed as SEooC, and no application has been realized yet, there are no software diagnostic measures in place. Without these diagnostic measures, can you explain me what argument makes you to still claim that the micro-controller complies to ASIL D?

Regards,

Saraschandra

  • 0
    TI__Mastermind 22715 points

    Saraschandra,

    I have forwarded your post to our safety experts. They will get back with you shortly.

    Thanks and regards,

    Zhaohong

     

  • 0 in reply to Zhaohong Zhang
    TI__Mastermind 23000 points

    Hi Saraschandra,

    To be clear, no TMS570 product is presently claimed certified compliant to ASIL D.  The older TMS570LS20x/10x is certified IEC 61508 SIL 3 compliant.  The current products are undergoing formal certification at present and we expect to have multiple certifications complete before end of year.  If you are registered for the SafeTI private E2E forum we can share more details under NDA.

    I'd recommend that you take a look at the functional safety manual for the Hercules device you are considering.  Note that we have extensive hardware diagnostics on board but we also make recommendations on software diagnostics and system level diagnostics to be implemented.  TI also has a software library available which can assist in implementing some of the recommended software diagnostics, as well as complementary devices which can implement many of the system level diagnostic recommendations.

    A well known external assessor has also reviewed the concept architecture of the Hercules TMS570LSx products for ISO 26262 ASIL D compliance.  If you are registered for the SafeTI private E2E you can download the report and ask further questions on that forum.

    Best Regards,

    Karl 

  • 0 in reply to KGreb
    Prodigy 20 points

    Dear Karl,

    thanks for the prompt answer. Your response answered my question. However, this response makes me to ask the following further more questions:

    1) Coupled with my additional reading in this community on the subject "Microcontroller for SIL2 specification", one understands that it is the responsibility of the end user to analyse the target system for potential hazards and risks. If this is the case, in what way TI's claim "Hercules TMS570 family suitable for IEC 61508-3" is useful to the end user.

    In other words: TI can still support the end user with all the necessary analyses, documentation, the device with built in diagnostics without claiming compliance for a particular safety standard, as it is the responsibility of the end user to prove compliance for the designated safety integrity

    2) Does TI software diagnostics library comply to all the software safety life cycle requirements to the extent required for IEC 61508 SIL 3 (part 3)?

    3) I also assume that the end user receives the device drivers for various peripherals of TMS570 family. Would you please write me if these drivers comply to all the software safety life cycle requirements to the extent required for IEC 61508 SIL 3 (part 3)?

    Thanks,

    Saraschandra

  • 0 in reply to Saraschadra Madem
    TI__Mastermind 23000 points

    Dear Saraschandra,

    Regarding point 1), IEC 61508 has the concept of a compliant item, which is an element which complies to all applicable requirements of the standard which can be applied to that element.  There are several hardware and software component suppliers who have certified their elements as compliant items - whether sensors, actuators, MCUs, operating systems, etc.  The concept is well established and many 3rd party assessors have certified a number of compliant items according to IEC 61508.

    The value add for a hardware compliant item MCU under IEC 61508 is basically:

    • Supplier has done through technical analysis of the MCU at a level of detail which is typically not possible to be done by a system integrator, including evaluation of diagnostic coverage, failure rate estimation, etc.  All of these elements can make the system level analysis performed by the system integrator easier, more accurate, and lead to faster completion.
    • Supplier has applied recommended measures against systematic failure, which can reduce the number and complexity of measures necessary to be implemented at the system level by the system integrator.

    From a support perspective we do support customer questions and integration via this forum and the SafeTI private E2E forum.  If the support need goes beyond what TI can provide, we can put you in touch with third party consultants who are familiar with our product and can provide additional technical support.  Ultimately TI cannot be responsible for the safety or certification of the end product, but we do as much as we can to support our customers in this exercise.

    Regarding point #2), TI is developing the software diagnostics according to IEC 61508 SIL 3 and ISO 26262 ASIL D.  We make the standard software deliverable available freely online and  the IEC 61508/ISO 26262 supporting evidence available as a separate package under specific license.  

    Regarding point #3), TI provides example drivers configured via the HALCoGen tool.  I will check with the development team whether these software units are also developed according to the enhanced IEC 61508/ISO 26262 development process. 

    Regards,

    Karl

  • 0 in reply to KGreb
    TI__Mastermind 23000 points

    Dear Saraschandra,

    Our software team confirms the HALCoGen drivers are also developed as software units according to IEC 61508 SIL 3 and ISO 26262 ASIL D.  A compliance package should be available similarly to the diagnostic library.

     

    Regards,

    Karl