SFFS624B March   2024  – August 2025 MSPM0G3105 , MSPM0G3105-Q1 , MSPM0G3106 , MSPM0G3106-Q1 , MSPM0G3107 , MSPM0G3107-Q1 , MSPM0G3505 , MSPM0G3505-Q1 , MSPM0G3506 , MSPM0G3506-Q1 , MSPM0G3507 , MSPM0G3507-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2 MSPM0G3x0x-Q1 Hardware Component Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  5. 4 MSPM0G3x0x-Q1 Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1  ADC
    2. 5.2  Comparator
    3. 5.3  DAC
    4. 5.4  OPA
    5. 5.5  CPU
    6. 5.6  RAM
    7. 5.7  FLASH
    8. 5.8  GPIO
    9. 5.9  DMA
    10. 5.10 SPI
    11. 5.11 I2C
    12. 5.12 UART
    13. 5.13 Timers (TIMx)
    14. 5.14 Power Management Unit (PMU)
    15. 5.15 Clock Module (CKM)
    16. 5.16 CAN-FD
    17. 5.17 Events
    18. 5.18 IOMUX
    19. 5.19 VREF
    20. 5.20 WWDT
    21. 5.21 CRC
  7. 6 MSPM0G3x0x-Q1 Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1  ADC1, COMP1, DAC1, DMA1, GPIO2, TIM2, I2C2, IOMUX1, SPI2, UART2, SYSCTL5, MCAN3, CPU4, CRC1, EVENT1, REF1, WDT1: Periodic Read of Static Configuration Registers
      2. 6.3.2  ADC2: Software Test of Functionality
      3. 6.3.3  ADC3: ADC Trigger Overflow Check
      4. 6.3.4  ADC4: Window Comparator
      5. 6.3.5  ADC5: Test of Window Comparator
      6. 6.3.6  ADC6: ADC Trigger, Output Plausibility Checks
      7. 6.3.7  OA2: Test of OA Using Internal DAC as a Driver
      8. 6.3.8  OA3: ADC Monitoring of OA Output
      9. 6.3.9  COMP2: Software Test of Comparator Using Internal DAC
      10. 6.3.10 COMP3: External Pin Input to COMP
      11. 6.3.11 COMP4: Comparator Hysteresis
      12. 6.3.12 COMP5: Redundant Comparator
      13. 6.3.13 WDT: Windowed Watchdog Timer
      14. 6.3.14 WDT2: WWDT Counter Check
      15. 6.3.15 WDT3: WWDT Software Test
      16. 6.3.16 WDT4: Redundant WDT
      17. 6.3.17 REF2: VREF to ADC Reference Input
      18. 6.3.18 CPU1: CPU Test Using Software Test Library
      19. 6.3.19 CPU2: Software Test of CPU Data Buses
      20. 6.3.20 CPU3: Software Diversified Redundancy
      21. 6.3.21 SYSMEM1: Software Read of Memory, DMA Write
      22. 6.3.22 SYSMEM2: DMA Read from SRAM, CPU Write
      23. 6.3.23 SYSMEM3: Parity Logic Test
      24. 6.3.24 SYSMEM4: Parity Protection on SRAM
      25. 6.3.25 SYSMEM9: RAM Software Test
      26. 6.3.26 FLASH1: FLASH Single Error Correction, Double Error Detection Mechanism
      27. 6.3.27 FLASH2: Flash CRC
      28. 6.3.28 FXBAR2: Periodic Software Read Back of Flash Data
      29. 6.3.29 FXBAR3: Software Test of ECC Checker Logic
      30. 6.3.30 FXBAR4: Write Protection of Flash
      31. 6.3.31 DAC2: DAC Test Using Internal ADC as DAC Output Checker
      32. 6.3.32 DAC3: DAC FIFO Underrun Interrupt
      33. 6.3.33 DMA2: Software Test of DMA Function
      34. 6.3.34 DMA3: Software DMA Channel Test
      35. 6.3.35 DMA4: CRC Check of the Transferred Data
      36. 6.3.36 GPIO1: GPIO Test Using Pin I/O Loopback
      37. 6.3.37 GPIO3: GPIO Multiple (Redundant) Inputs/Outputs
      38. 6.3.38 TIM1: Test for PWM Generation
      39. 6.3.39 TIM3: Test for Fault Generation
      40. 6.3.40 TIM4: Fault Detection to Take the PWMs to Safe State
      41. 6.3.41 TIM5: Input Capture on Two or More Timer Instances
      42. 6.3.42 TIM6: Timer Period Monitoring
      43. 6.3.43 I2C1: Software Test of I2C Function Using Internal Loopback Mechanism
      44. 6.3.44 I2C3, SPI4, UART3, MCAN2: Information Redundancy Techniques Including End-to-End Safing
      45. 6.3.45 I2C4, SPI5, UART4: Transmission Redundancy
      46. 6.3.46 I2C5, UART5: Timeout Monitoring
      47. 6.3.47 I2C6: Test of CRC Function
      48. 6.3.48 I2C7: Packet Error Check in SMBUS Mode
      49. 6.3.49 IOMUX2: IOMUX Coverage as Part of Other IP Safety Mechanisms
      50. 6.3.50 SPI1: Software Test of SPI Function
      51. 6.3.51 SPI3: SPI Periodic Safety Message Exchange
      52. 6.3.52 UART1: Software Test of UART Function
      53. 6.3.53 UART6: UART Error Flags
      54. 6.3.54 UART7: UART Glitch filter
      55. 6.3.55 SYSCTL1: MCLK Monitor
      56. 6.3.56 SYSCTL2: HFCLK Start-Up Monitor
      57. 6.3.57 SYSCTL3: LFCLK Monitor
      58. 6.3.58 SYSCTL6: SYSPLL Start-Up Monitor
      59. 6.3.59 SYSCTL8: Brownout Reset (BOR) Supervisor
      60. 6.3.60 SYSCTL9: FCC Counter Logic to Calculate Clock Frequencies
      61. 6.3.61 SYSCTL10: External Voltage Monitor
      62. 6.3.62 SYSCTL11: Boot Process Monitor
      63. 6.3.63 SYSCTL14: Brownout Voltage Monitor
      64. 6.3.64 SYSCTL15: External Voltage Monitor
      65. 6.3.65 SYSCTL16: External Watchdog Timer
      66. 6.3.66 MCAN1: Software test of function using I/O Loopback
      67. 6.3.67 MCAN4: SRAM ECC
      68. 6.3.68 MCAN5: Software Test of ECC Check Logic
      69. 6.3.69 MCAN6: MCAN Timeout Function
      70. 6.3.70 MCAN7: MCAN Timestamp Function
      71. 6.3.71 CRC: CRC Checker
      72. 6.3.72 EVENT2: Interrupt Connectivity Check
      73. 6.3.73 Safety Mechanisms Covering PIN Failures
      74. 6.3.74 Safety Mechanisms Covering Common Cause Failures
  8.   A Summary of Recommended Functional Safety Mechanism Usage
  9.   B Distributed Developments
    1.     B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
    2.     B.2 Activities Performed by Texas Instruments
    3.     B.3 Information Provided
  10.   C Revision History

5.14 Power Management Unit (PMU)

The power management unit (PMU) generates the internally regulated core supplies for the device and provides supervision of the external supply (VDD). The PMU also contains the band gap voltage reference used individually by the PMU as well as analog peripherals. Key features of the PMU include: ​

  • Power-on-reset (POR) supply monitor
  • Brown-out-reset (BOR) supply monitor with early warning capability using three programmable thresholds
  • Core regulator with support for RUN, SLEEP, STOP, and STANDBY operating modes to dynamically balance performance with power consumption.
  • Parity-protected trim to immediately generate a power-on-reset (POR) in the event that a power management trim is corrupted.

The following tests must be applied for the targeted ASIL as functional safety mechanisms for this module (to provide diagnostic coverage on a specific function):

Table 5-18 PMU Safety Mechanisms
Safety Mechanism Description Faults | Failure Modes
CPU3 Software diversified redundancy Targeted toward faults which can result in incorrect clock frequency (resulting in some computation failures) or failure to do a reset when required, and so forth.
GEN_IP_READ_STATIC_CONFIGURATION Periodic software read back of IP static configuration registers Targeted toward logic which is used to enable and disable IPs. If a fault results in an IP not getting enabled, the software read of the configuration registers of the IP detects such failures.
SYSCTL10 External voltage monitor This is a system-level diagnostic to detect faults on the internal LDO.
SYSCTL14 Brownout voltage monitor This is a safety mechanism which monitors the power supply to the chip and can detect undervoltage conditions early (generates an NMI).
SYSCTL16 External watchdog timer This is a system-level diagnostic which can be used to cover faults in the reset generation logic (reset asserted when not required). In general, this diagnostic covers any fault which results in incorrect program execution timing.
SYSCTL16 (latent fault coverage) External watchdog timer This mechanism (if used) can also detect faults in the MCLK monitor circuit.
SYSCTL8 Brownout reset (BOR) supervisor This is a safety mechanism, which monitors the power supply to the chip and can detect undervoltage conditions (generates a reset).
This mechanism is triggered if the voltage falls below the specified range.
SYSCTL8 (latent fault coverage) Brownout reset (BOR) supervisor In case brownout supervisor is not functioning, this mechanism can trigger when the voltage falls below the specified range.