• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 63 subscribers
  • Views 270 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TPS65381A-Q1: Status bits in registers and standby mode

user4210659
Prodigy 20 points
Part Number: TPS65381A-Q1

I am working on a project that has TPS65381A-Q1 power supply with Hercules MCU, project needs to be ISO26262 certified.

As one of the safety features I am required to check various over and under-voltage conditions, all of which the TPS65381A-Q1 has status bits in the SPI registers. But for some of those conditions the datasheet claims that the power supply will enter STANDBY state if the condition becomes active. For example in case of VCP17_OV there is a status bit in register VMON_STAT_1 (5.5.4.1). However in table 5-2 is stated that TPS65381A-Q1 will enter STANDBY state when VCP17_OV condition is detected. As far I can see, SPI in power supply is not powered in STANDBY state, MCU is not powered and registers are re-initialized after wakeup from STANDBY state. Therefore it seems impossible to read active VCP17_OV status bit in SPI registers.

VCP17_OV is not the only one, others I found:

  •  VCP12_OV 
  •  AVDD_VMON_ERR 

Why are these status bits in registers when they are seemingly impossible to read when active?

From safety point of view, should I still check these register bits in software or is it enough to assume that power supply will handle it by powering down the MCU and entering STANDBY state?

  • 0
    TI__Mastermind 20590 points

    Hello Raimo,

    Several of the features of the device will cause immediate state machine action to the device including the VCP17_OV you have mentioned.  For some of them, yes the device will be transitioned to STANDBY state and the MCU and device would be un-powered, and for this specific protection mechanisms there would be no way to read the status back. For some others that cause transition to SAFE state or are just indicator flags, the bits will be readable until they are cleared (some are self clearing when the fault is removed and others latch and have a read or write to clear them).  

    The diagnostic coverage levels for single point failure and latent failure metrics are summarized in the Safety Analysis Report (FMEDA) so as long as this meets your applications safety requirements it should be acceptable unless your system has specific requirements to know what faults cause a transition to STANDBY state after a reboot (assuming the fault is transient and the device can re-start after an event that caused STANDBY state). 

    These bits are listed since they correspond to a signal and may be used by TI in production test or by the LBIST for built in self test.

    The software should check all the status bits listed as needed in the Safety Manual and the Safety Analysis Report as part of the assumed use case and diagnostic coverage from the safety mechanism (SM).  There is a Safety Mechanisms summary in the Safety Analysis Report (available under NDA, request access via the product folder at www.ti.com/.../TPS65381A-Q1) that indicates these assumptions.  

  • 0 in reply to Scott Monroe
    Prodigy 20 points
    Hi Scott,

    Thank you for the quick answer, this answers my questions.