SLVUCF3 March   2022 DRA829V , LP8764-Q1 , TDA4VM , TPS6594-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2Device Versions
  4. 3Processor Connections
    1. 3.1 Power Mapping
    2. 3.2 Control Mapping
  5. 4Supporting Functional Safety Systems
    1. 4.1 Achieving ASIL-B System Requirements
    2. 4.2 Achieving up to ASIL-D System Requirements
  6. 5Static NVM Settings
    1. 5.1  Application-Based Configuration Settings
    2. 5.2  Device Identification Settings
    3. 5.3  BUCK Settings
    4. 5.4  LDO Settings
    5. 5.5  VCCA Settings
    6. 5.6  GPIO Settings
    7. 5.7  Finite State Machine (FSM) Settings
    8. 5.8  Interrupt Settings
    9. 5.9  POWERGOOD Settings
    10. 5.10 Miscellaneous Settings
    11. 5.11 Interface Settings
    12. 5.12 Multi-Device Settings
    13. 5.13 Watchdog Settings
  7. 6Pre-Configurable Finite State Machine (PFSM) Settings
    1. 6.1 Configured States
    2. 6.2 PFSM Triggers
    3. 6.3 Power Sequences
      1. 6.3.1 TO_SAFE_SEVERE and TO_SAFE
      2. 6.3.2 TO_SAFE_ORDERLY and TO_STANDBY
      3. 6.3.3 ACTIVE_TO_WARM
      4. 6.3.4 ESM_SOC_ERROR
      5. 6.3.5 TO_ACTIVE
      6. 6.3.6 TO_RETENTION
  8. 7Application Examples
    1. 7.1 Initialization
    2. 7.2 Moving Between States; ACTIVE and RETENTION
      1. 7.2.1 ACTIVE
      2. 7.2.2 RETENTION
    3. 7.3 Entering and Exiting Standby
    4. 7.4 Entering and Existing LP_STANDBY
    5. 7.5 Runtime Customization
  9. 8References

4.2 Achieving up to ASIL-D System Requirements

For ASIL-C or ASIL-D systems, the following features in addition to the ones described in Section 4.1 can be used:

  • PMIC over-voltage monitoring and protection on the input to the PMIC (VCCA)
  • PMIC current monitoring on all output power rails
  • SoC error monitoring
  • Switch short-to-ground detection on BUCK regulator pins (SW_Bx)
  • Residual Voltage Monitoring
  • Read-back of Logic Output Pins
    • nINT of both PMICs
    • nRSTOUT and nRSTOUT_SOC of the primary PMIC

The current monitoring is enabled by default for all BUCKs and LDOs for the TPS6594-Q1 and LP8764-Q1 devices.

GPIO_3 of the primary TPS6594-Q1 PMIC is configured as the SoC error signal monitor. Similar to the MCU error signal monitor, this feature is enabled through I2C using the ESM_SOC_EN register bit. The SoC reset functionality is supported through the connection of GPIO_11 on the primary TPS6594-Q1, configured as nRSTOUT_SoC, to the PORz pin of the processor.

Table 4-1 System Level Safety Features
ASIL-BASIL-D
Safety Monitoring ProcessorExternal SW Wdog INTn

Safety MCU Processing ESM

Safety MCU Reset

Safety Status Signal with IO Read-Back featureSystem Input Voltage Monitoring

SoC Main Processing ESM

IO Read-Back Feature

SoC: MCU Island

R5 Cores

PMICA: Q&A Watchdog and I2C2

PMICA1 and PMICB2 : nINT

PMICA: nERR_MCU connected to SOC:MCU_SAFETY_ERRz

PMICA: nRSTOUT connected to MCU_PORz_1V8

PMICA: ENDRVPMICA: VSYS_SENSE -OV with Safety FET OVPGDRV

PMICA and PMICB with VCCA OV & UV and SoC (VMON1) -UV

PMICA: nERR_SoC connected to SOC: SOC_SAFETY_ERRz

PMICA: nINT, nRSTOUT, nRSTOUT_SOC

PMICB: nINT

  1. PMICA = TPS65941213-Q1
  2. PMICB = LP876411B4-Q1
Table 4-2 Power Monitoring Safety Features
ASIL-BASIL-D Adds
DevicePower ResourcePDN Power RailSafe State Power Group1Supply Voltage MonitoringSupply Current MonitoringResidual Voltage Monitoring
TPS65941213-Q1 (PMIC-A)BUCK1-3VDD_CPU_AVSSOCPMIC-A - OV & UVPMIC-A -CMPMIC-A -RVM
BUCK4VDD_MCU_0V85MCUPMIC-A - OV & UVPMIC-A -CMPMIC-A -RVM
BUCK5VDD_PHY_1V8SOCPMIC-A - OV & UVPMIC-A -CMPMIC-A -RVM
LDO1VDD1_LPDDR4_1V8SOCPMIC-A - OV & UVPMIC-A -CM 3PMIC-A -RVM3
LDO2VDD_IO_1V8MCUPMIC-A - OV & UVPMIC-A -CMPMIC-A -RVM
LDO3VDA_DLL_0V8SOCPMIC-A - OV & UVPMIC-A -CMPMIC-A -RVM
LDO4VDA_LN_1V8MCUPMIC-A - OV & UVPMIC-A -CMPMIC-A -RVM
LP876411B4-Q1 (PMIC-B)BUCK1-4VDD_CORE_0V8SOCPMIC-B - OV & UVPMIC-B -CMPMIC-B -RVM
TPS22965W-Q1Ld Sw BVDD_IO_3V3NonePMIC-A or PMIC-B (FB_B3) - OV & UV6NA45
TPS62813-Q1Buck AVDD_DDR_1V1NoneSoC2NA26
TLV73333-Q11 LDO -C VDA_USB_3V3 None NA3 NA3
TLV7103318-Q1 LDO-B VDD_SD_DV_REG None NA3 NA3
TLV73318P-Q1LDO-AVDD_EFUSE_1V8NoneNA3NA3
  1. Rail Group settings for the TPS65941213-Q1 and LP876411B4-Q1 are found in Table 5-7.
  2. Power rail VDD_DDR_1V1 is safety critical but do not required direct voltage or current monitoring since other means are available (for example, SoC internal timeout gaskets and ECC checkers) provide diagnostic coverage to detect faults in the DDR voltage.
  3. Power rails VDDSHV5, VPP_CORE, VPP_MCU, VDDA_3P3_USB, and VDD1_LPDDR4_1V8 are not safety critical.
  4. Power rails VDD_IO_1V8/3V3 are typically not safety critical since other means are available (for example, black-channel checkers) to provide diagnostic coverage to detect faults in SoC signaling interfaces (for example, CAN, UART, and SPI).
  5. If an SoC GPIO control signal is used in a safety critical interface, then adding voltage and current monitoring to specific VIO power rail may be needed per customer's end product design.
  6. PMIC-B, Buck3 and 4 have unused remote sense feedback inputs that can be assigned to provide OV and UV voltage monitoring after SoC SW boot for 2x external power rails per desired functional safety needs. Optional OV/UV monitoring of VDD_DDR_1V1 and VDD_IO_3V3 power rails are examples.