Part Number: TMS320F280039
The existing product needs to meet the functional safety requirements of IEC 60730 Class B. After reviewing TI's related documentation, I intend to use Flash ECC and RAM ECC to fulfill the functional safety monitoring items for data/address, etc. However, I have some doubts about whether fault injection simulation is required during initialization and runtime. The specific implementation process is described as follows:
Question 1 - For the Flash-related detection process, which of the following methods is required to meet the IEC 60730 Class B requirements at minimum:
A1) Enable only the Flash ECC function during initialization. If related error mechanisms occur during runtime, ensure system safety through Flash ECC interrupt/NMI interrupt handling.
A2) On the basis of A1), simulate fault injection during initialization to ensure SECDED functions properly, then proceed with normal program execution as in A1).
A3) On the basis of A2), periodically simulate fault injection during normal program execution and periodically verify that SECDED functions properly.
Question 2 - For the RAM-related detection process, which of the following methods is required to meet the IEC 60730 Class B requirements at minimum:
B1) Automatically enable RAM ECC detection. If an ECC error occurs, ensure system safety through RAM ECC interrupt/ITRAP/NMI interrupt handling.
B2) On the basis of B1), simulate a 32-bit data-related RAM data/address/ECC error during initialization to ensure SECDED functions properly, then proceed as in B1).
B3) On the basis of B2), perform fault injection testing across the entire RAM region during initialization, then proceed as in B2).
B4) During normal operation, periodically simulate fault injection to ensure SECDED functions properly. If this operation is required, is it sufficient to inject only one data point as in B2), or must fault injection be simulated across the entire RAM region as in B3)?
