• State
  • Locked Locked
  • Replies 8 replies
  • Subscribers 98 subscribers
  • Views 246 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

DRA829V: PCB Layout Guidance for Functional Safety Feature

Jack
Mastermind 9075 points
Part Number: DRA829V
Other Parts Discussed in Thread: DRA829

Tool/software:

Hi DRA829V Champ !

My customer wants to use a part that supports R5F lockstep core to use DRA829V and is considering a separate power design between MCU domain and Main domain to implement Functional Safety system.
In terms of power design including GND, I think that special circuit design is needed to isolate the MCU and MAIN domain and protect the MCU domain safely even in the event of a large electrical shock, and I am looking for a part where protection is important in PCB design.

I would like to know if there are any design standards or guides that are independent of MCU and MAIN domains from a functional safety perspective.

Customer would like to check the following topics especially for DRA829V, 

---------------------------------------------------------------------------------------------------------

When using an SoC like the TI DRA829, which integrates the Main Domain and MCU Domain, implementing functional safety requires careful PCB hardware design. Below are key guidelines for ensuring the safety and reliability of your system.

1. Power Supply and Ground Design

  • Separate Power Rails: Main Domain and MCU Domain should operate independently with separate power rails. Critical safety functions should maintain power even in fault conditions, and the power supply should be designed to avoid interference between domains.
  • Power Filtering and Protection: Add filtering and protection circuits to the power supply to prevent noise and abnormal conditions that could affect system operation.
  • Ground Separation: Physically separate the ground planes for Main Domain and MCU Domain, or use isolation techniques to reduce electrical interference. Grounding strategies must ensure the safety of both domains during fault conditions.

2. Reliable Data Transmission

  • Isolated Data Paths: Ensure that data paths between the Main Domain and MCU Domain are isolated to allow independent operation. Error detection mechanisms, such as CRC (Cyclic Redundancy Check), can be used to ensure reliable data transmission.
  • Redundant Signal Paths: For critical data, use redundant signal paths. In case of failure in one path, data can be transmitted through the other, increasing the system's fault tolerance.

3. Safe Reset and Fault Handling

  • Hardware Reset Circuit: Design hardware reset circuits to safely recover from abnormal conditions. This includes separate reset circuits for the MCU Domain to ensure safe recovery in the event of an error in the Main Domain.
  • Fail-Safe Circuit Design: The system should return to a safe state in case of a fault. Redundant designs can be used so that if one function fails, another can take over to maintain safety.

4. Fault Detection and Monitoring

  • WATCHDOG Timer: Use WATCHDOG timers for both the Main and MCU Domains to monitor if the software is running correctly. If a fault occurs, the watchdog timer will trigger a reset to recover the system safely.
  • Fault Injection Testing: Perform fault injection testing to simulate faults and ensure that the system responds correctly to them. This helps validate the functional safety design.

5. Safety in Inter-Domain Communication

  • ISOLATORS: Use isolators (e.g., optical or digital isolators) for communication between the Main and MCU Domains to prevent electrical interference. This isolation helps maintain functional safety during faults.
  • Multi-Channel Communication Systems: For higher reliability, use multiple communication channels to transmit critical data. If one channel fails, another can take over, preventing data loss or corruption.

6. Integration of Safety in Hardware and Software

  • Compliance with Functional Safety Standards: Ensure compliance with functional safety standards such as ISO 26262. This standard provides a framework for the safe design and operation of systems, and both hardware and software must meet its requirements.
  • Synchronization between Hardware and Software: Ensure the hardware and software work together to maintain functional safety. Software errors should not affect hardware operations, and safety functions should be integrated at both levels.

7. Diagnostic and Logging Capabilities

  • Diagnostic Circuits: Design diagnostic circuits that can monitor the health of the system in real time. This helps in detecting faults early and understanding the root cause.
  • Logging and Alerts: Implement logging mechanisms to record critical errors and provide alerts when faults occur. These logs help to troubleshoot issues and improve system reliability.

8. EMI/EMC Protection

  • Signal Integrity: Carefully design the PCB layout to ensure signal integrity, especially for high-speed signals. Use proper isolation, shielding, and routing techniques to reduce electromagnetic interference (EMI).
  • Circuit Protection: Design protection circuits to safeguard against high-voltage or high-frequency interference that could affect the system's performance. Filters and snubber circuits can help protect sensitive components.

Conclusion

To implement functional safety with the TI DRA829 SoC, you need to focus on ensuring power and signal integrity, isolating critical systems, and designing fault detection and recovery mechanisms. Each domain (Main Domain and MCU Domain) should be independently designed to ensure that any fault in one domain does not affect the other, and that the system as a whole remains safe even during failures. By following these guidelines, you can build a system that meets functional safety requirements and operates reliably in critical applications.

---------------------------------------------------------------------------------------------------------

Thanks.

Best Regards, Jack

  • 0
    TI__Guru 51545 points

    What level of functional safety are you required to implement?  Are you asking if a DRA829 system can achieve that level of safety?

  • 0 in reply to Robert Eschler
    Prodigy 90 points

    Hi, Rebert!

    This question is how to seperate gnroud plane between Main domain and MCU domain for dra829!

    Actually on SIL4 Certification we need to devide power sources incuding  PWR and GND signals because of electric interference.

    Any documents I read there is no explanations for it!

    So it is possble to seperate GND plane between each domains? if possible let us know how to design!

  • 0 in reply to Robert Eschler
    Mastermind 9075 points

    Hi Robert

    The DRA829 should support SIL3 or higher, and for applying Functional Safety features, more attention needs to be given to the power supply design and EMI/EMC protection circuits for the Isolated MCU domain compared to the circuits for General Purpose Devices. I am requesting the PCB design guide for TI's Functional Safety devices.

    Thanks.

    Regards, Jack

  • 0 in reply to Jack
    TI__Guru 51545 points

    I am still researching to see if I can get additional information.  To my knowledge, our devices support up to SIL3.  I'm not familiar with higher levels of FuSa. Our devices/designs typically don't target FuSa levels above that - thus don't have any additional information/design guidance I can share.

  • 0 in reply to Robert Eschler
    Prodigy 90 points

    To achieve SIL4, it is possible to use SIL3 hardware combined with software diagnostic functions.
    Using SIL3 hardware means that it must be electrically isolated from other hardware.
    In the case of DRA829, I understand that FFI is isolated, and power is supplied separately, which enables SIL3 compliance. However, as far as I know, the GND plane is shared across all domains.
    We would like to separate the GND plane as well.
    If the GND plane is not separated, all IOs used by the Main Domain must be isolated, which adds complexity.
    So, my question is: Is there a way to separate the GND planes of the Main Domain and the MCU Domain?

  • 0 in reply to Jongduk Kim
    TI__Guru 51545 points

    The DRA829 has a single combined GND within the device across both MCU and MAIN domains - thus I don't think it would be wise to separate GNDs on the PCB. 

    Can you provide additional information on "If the GND plane is not separated, all IOs used by the Main Domain must be isolated, which adds complexity"?  What are you referring?

  • 0 in reply to Robert Eschler
    Prodigy 90 points

    When obtaining SIL certification, if there are circuit parts A and B,
    part A is considered the Safe zone, while part B is regarded as the Non-Safe zone.
    Assuming that A and B communicate with each other, any electrical faults or failures in the circuit of the Non-Safe zone (B) must not have any impact on the Safe zone (A).
    To ensure this, electrical isolation is applied to the circuits, and seperate Power and GND. also defined as a Black Channel Interface.
    If separate CPUs are applied to each zone, the Power and GND of each would naturally be separated, eliminating any issues.
    However, since the DRA829 consists of a single CPU in a multi-core configuration, I assumed that each domain would have separate Power and GND.
    If that is the case, the MCU Domain (SIL3) can be considered the Safe zone, while the Main Domain (SIL2) can be classified as the Non-Safe zon and Mailboxes are defined as a black channel,
    then electrical isolation would not be required when designing the circuits in the Non-Safe (Main Domain) zone.
    However, if the domains share a common GND, then even if Mailboxes are defined as a black channel,
    it cannot be considered a completely electrically isolated Safe and Non-Safe system.
    Therefore, any interface used in the Non-Safe zone must be electrically isolated.

  • 0 in reply to Jongduk Kim
    TI__Guru 51545 points

    I have no additional information on this topic.  Do you have any additional questions?