• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 1645 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

questions about the certification for TMS570LS20X/10X microcontrollers by exida

user4074391
Intellectual 410 points

in the certifiaction TI 1294973 C001 (show in the pic below),the failure rate in FIT is given, i have two questions about the data form:

1 the first part is the "die failure Rate for TMS570 subsystem common to SIF" , what is the TMS570 subsystem , is it includes the SCR ,ccm-r4f ,stc ,L2RAMW,L2FMC and other modules show in the Technical Reference Manual,or only one special  module?

2 in IEC 61508-1 table 3 , the difference for system of sil3 and sil4 is the propability of a dangerous failure per hour. taking care of propability of a dangerous failure per hour ,in  certification data form,  i only have to care the "failsafe undetect ","faildangerous undetect ",“annunciation undetect” these three parts,because for the parts that can be detected,after the failure be dectected, actions can be done to make safety。am I right?if we just care about the “propability of a dangerous failure per hour”in  IEC 61508-1 table 3, the TMS570 can be sil4 capability,am i right?

  • 0
    TI__Mastermind 23000 points

    Hello,

    As documented in the assessment report from exida, the functions common to all SIF include:  Cortex R4, CCM-R4, internal flash, internal SRAM, clocking (including oscillator and PLL), system module, DMA, SCR (L2 interconnect), PCR (L3 interconnect), ESM, RTI, and VIM.

    Regarding the second question, IEC 61508 limits any single component to SIL3 capability.  SIL4 capability must be realized at system level with system level hardware fault tolerance, typically as two independent SIL 3 channels.

    Best Regards,

    Karl

  • 0 in reply to KGreb
    Intellectual 410 points

    dear Karl,

                   thanks for you reply。

                   just as you say,EC 61508 limits any single component to SIL3 capability.  SIL4 capability must be realized at system level with system level hardware fault tolerance, typically as two independent SIL 3 channels. the probalilty of a dangerous per hour for TMS570 MCU is ok for sil4 system application,to construct a sil4 system i only need to add another channels(for example, hot standby,and one channel is  enough ) to increase the availability。  the structure show below。is that correct?

    , 

             another issule i want to ask is,in the sil3 certification of product RM46x TMS570LS12x/11x  , the standerd is IEC 61508 -1,IEC 61508-2;  while for TMS570LS20x/10x MCUs, the the stander is IEC 61508 1-7; what are the differences?i think the main difference maybe the  IEC 61508 -3 Software requirements,is the logic process in tms570 is treated as software,why the  RM46x TMS570LS12x/11x do not include this part?thanks a lot!

    jianlei

  • 0 in reply to user4074391
    TI__Mastermind 23000 points
    Hello,
    Regarding the system architecture shown, this might be possible but it is best to discuss and align with the group who will be providing your assessment and certification services. As the TI product is the component, we are limited in the recommendations we can make at the system level.
    The differences in the certificates come down to differences in the policies of the assessors who issue the certificate. Exida took the approach that all applicable parts of standard were addressed, and thus noted certification to all parts. TUEV SUED took the approach that only the applicable normative parts of the standard should be noted on the certificate, and thus certified to IEC 61508 -1 and -2. Note that in both cases the focus of assessment was TI's safety management (IEC 61508-1) and TI's hardware development (IEC 61508-2). No software (IEC 61508-3) was included in either assessment, as stated in the reports which accompany the certificates.

    Best Regards,
    Karl
  • 0 in reply to KGreb
    Prodigy 15 points
    Dear Karl,

    TI have a certificate Z10 16 0184071 014 the issued TÜV SÜD in Europe. It is issued based on the researches Exida as far as I understood.
    Ask to confirm its reality.
    My regulator doesn't trust words and doesn't trust the website until receives confirmation of action of the certificate.

    Best Regards,

    Vjatseslav Ivanov
    Firestop Ltd
  • 0 in reply to Vjatseslav Ivanov
    TI__Guru 59540 points
    Hello Vjatseslav,

    Exida issues the certificates for our TMS570LS20xx and TMS570LS10xx devices which were certified to IEC61508 up to SIL3. TUEV SUED was not involved with certification of those devices. This certificate image is available for download from this link: www.ti.com/.../TI_1204073_C001.jpg (just the certificate image). The full certification report is available through our SafeTI Private Forum via this link: e2eprivate.ti.com/.../238.aspx
    Note that the SafeTI Private Forum requires membership and a SafeTI NDA on file to get access to the information posted there.

    The specific certificate you mentioned Z10 16 01 84071 014 has been issued by TUEV SUED based on extensive work and evaluation of evidence and testing by TUEV SUED and TI. This certificate is available for download via this link: http://www.ti.com/lit/spnq005. This certificate applies to TMS570LS31xx/21xx devices (complete list included in the certificate report included with the download).

    Certainly, if there are continued questions of validity of the certificates, your assessor is welcome to check the Exida and/or TUEV SUED websites for the confirmation of the validity of the certificates (this is common practice). If there are still questions, please let me know and I will work with you to discuss this with your assessor.