SFFS948 May   2025 MSPM0L1227-Q1 , MSPM0L1228-Q1 , MSPM0L2227-Q1 , MSPM0L2228-Q1

 

  1.   1
  2. 1Introduction
    1.     Trademarks
  3. 2 MSPM0Lx22x-Q1 Hardware Component Functional Safety Capability
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
    2. 3.2 TI Functional Safety Development Process
  5. 4 MSPM0Lx22x-Q1 Component Overview
    1. 4.1 Targeted Applications
    2. 4.2 Hardware Component Functional Safety Concept
    3. 4.3 Functional Safety Constraints and Assumptions
  6. 5Description of Hardware Component Parts
    1. 5.1  ADC
    2. 5.2  Comparator
    3. 5.3  CPU
    4. 5.4  RAM
    5. 5.5  FLASH
    6. 5.6  GPIO
    7. 5.7  DMA
    8. 5.8  SPI
    9. 5.9  I2C
    10. 5.10 UART
    11. 5.11 Timers (TIMx)
    12. 5.12 Power Management Unit (PMU)
    13. 5.13 Clock Module (CKM)
    14. 5.14 Events
    15. 5.15 IOMUX
    16. 5.16 VREF
    17. 5.17 WWDT and IWDT
    18. 5.18 CRC
  7. 6 MSPM0Lx22x-Q1 Management of Random Faults
    1. 6.1 Fault Reporting
    2. 6.2 Functional Safety Mechanism Categories
    3. 6.3 Description of Functional Safety Mechanisms
      1. 6.3.1  ADC1, COMP1, DMA1, GPIO2, TIM2, I2C2, IOMUX1, SPI2, UART2, SYSCTL5, CPU4, CRC1, EVENT1, REF1, WDT1, VBAT2:Periodic Read of Static Configuration Registers
      2. 6.3.2  ADC2: Software Test of Functionality
      3. 6.3.3  ADC3: ADC Trigger Overflow Check
      4. 6.3.4  ADC4: Window Comparator
      5. 6.3.5  ADC5: Test of Window Comparator
      6. 6.3.6  ADC6: ADC Trigger, Output Plausibility Checks
      7. 6.3.7  COMP3: External Pin Input to COMP
      8. 6.3.8  COMP4: Comparator Hysteresis
      9. 6.3.9  WDT: Windowed Watchdog Timer
      10. 6.3.10 WDT2: WWDT Counter Check
      11. 6.3.11 WDT3: WWDT Software Test
      12. 6.3.12 WDT4: Redundant WDT
      13. 6.3.13 IWDT: Independent Watchdog Timer
      14. 6.3.14 REF2: VREF to ADC Reference Input
      15. 6.3.15 CPU1: CPU Test Using Software Test Library
      16. 6.3.16 CPU2: Software Test of CPU Data Busses
      17. 6.3.17 CPU3: Software Diversified Redundancy
      18. 6.3.18 SYSMEM1: Software Read of Memory, DMA Write
      19. 6.3.19 SYSMEM2: DMA Read from SRAM, CPU Write
      20. 6.3.20 SYSMEM7: ECC Protection on SRAM
      21. 6.3.21 SYSMEM8: ECC Logic Test
      22. 6.3.22 SYSMEM9: RAM Software Test
      23. 6.3.23 FLASH1: Flash Single-Error Correction, Double-Error Detection Mechanism
      24. 6.3.24 FLASH2: Flash CRC
      25. 6.3.25 FXBAR2: Periodic Software Read Back of Flash Data
      26. 6.3.26 FXBAR3: Software Test of ECC Checker Logic
      27. 6.3.27 FXBAR4: Write Protection of Flash
      28. 6.3.28 DMA2: Software Test of DMA Function
      29. 6.3.29 DMA3: Software DMA Channel Test
      30. 6.3.30 DMA4: CRC Check of the Transferred Data
      31. 6.3.31 GPIO1: Online Monitoring Using I/O Loopback
      32. 6.3.32 GPIO3: GPIO Multiple (Redundant) Inputs/Outputs
      33. 6.3.33 TIM1: Test for PWM Generation
      34. 6.3.34 TIM3: Test for Fault Generation
      35. 6.3.35 TIM4: Fault Detection to Take the PWMs to Safe State
      36. 6.3.36 TIM5: Input Capture on Two or More Timer Instances
      37. 6.3.37 TIM6: Timer Period Monitoring
      38. 6.3.38 I2C1: Software Test of I2C Function Using Internal Loopback Mechanism
      39. 6.3.39 I2C3, SPI4, UART3, MCAN2: Information Redundancy Techniques Including End-to-End Safing
      40. 6.3.40 I2C4, SPI5, UART4: Transmission Redundancy
      41. 6.3.41 I2C5, UART5: Timeout Monitoring
      42. 6.3.42 I2C6: Test of CRC Function
      43. 6.3.43 I2C7: Packet Error Check in SMBUS Mode
      44. 6.3.44 IOMUX2: IOMUX Coverage as Part of Other IP Safety Mechanisms
      45. 6.3.45 SPI1: Software Test of SPI Function
      46. 6.3.46 SPI3: SPI Periodic Safety Message Exchange
      47. 6.3.47 UART1: Software Test of UART Function
      48. 6.3.48 UART6: UART Error Flags
      49. 6.3.49 UART7: UART Glitch filter
      50. 6.3.50 SYSCTL1: MCLK Monitor
      51. 6.3.51 SYSCTL2: HFCLK Start-Up Monitor
      52. 6.3.52 SYSCTL3: LFCLK Monitor
      53. 6.3.53 SYSCTL8: Brownout Reset (BOR) Supervisor
      54. 6.3.54 SYSCTL9: FCC Counter Logic to Calculate Clock Frequencies
      55. 6.3.55 SYSCTL10: External Voltage Monitor
      56. 6.3.56 SYSCTL11: Boot Process Monitor
      57. 6.3.57 SYSCTL14: Brownout Voltage Monitor
      58. 6.3.58 SYSCTL15: External Voltage Monitor
      59. 6.3.59 SYSCTL16: External Watchdog Timer
      60. 6.3.60 CRC: CRC Checker
      61. 6.3.61 VBAT1: VBAT Supply Monitor
      62. 6.3.62 Safety Mechanisms Covering PIN Failures
      63. 6.3.63 Safety Mechanisms Covering Common Cause Failures
  8.   A Summary of Recommended Functional Safety Mechanism Usage
  9.   B Distributed Developments
    1.     B.1 How the Functional Safety Lifecycle Applies to TI Functional Safety Products
    2.     B.2 Activities Performed by Texas Instruments
    3.     B.3 Information Provided
  10.   C Revision History

5.13 Clock Module (CKM)

The clock module provides the following oscillators:
  • ​LFOSC​​: Internal, low-frequency oscillator (32kHz)
  • SYSOSC​​: Internal, high-frequency oscillator (4MHz or 32MHz with factory trim, 16MHz or 24MHz with user trim)
  • LFXT/LFCKIN ​​: Low-frequency, external, crystal oscillator or digital clock input (32kHz)
  • HFXT/HFCKIN​​: High-frequency, external, crystal oscillator or digital clock input (4MHz to 32MHz)

The following clocks are distributed by the clock module for use by the processor, bus, and peripherals:​

  • MCLK​​: Main system clock for PD1 peripherals, derived from SYSOSC, LFCLK, or HSCLK, active in RUN and SLEEP modes
  • CPUCLK​​: Clock for the processor (derived from MCLK), active in RUN mode
  • ULPCLK​​: Ultra-low power clock for PD0 peripherals, active in RUN, SLEEP, STOP, and STANDBY modes
  • MFCLK​​: 4MHz fixed, mid-frequency clock for peripherals, available in RUN, SLEEP, and STOP modes
  • MFPCLK​​: 4MHz fixed, mid-frequency, precision clock, available in RUN, SLEEP, and STOP modes
  • LFCLK​​: 32kHz fixed, low-frequency clock for peripherals or MCLK, active in RUN, SLEEP, STOP, and STANDBY modes
  • ADCCLK​​: ADC clock, available in RUN, SLEEP and STOP modes
  • CLK_OUT​​: Used to output a clock externally, available in RUN, SLEEP, STOP, and STANDBY modes
  • HFCLK​​: High-frequency clock derived from HFXT or HFCLK_IN, available in RUN and SLEEP mode
  • HSCLK​​: High-speed clock derived from HFCLK or the SYSPLL, available in RUN and SLEEP mode

The following tests must be applied for the targeted ASIL as functional safety mechanisms for this module (to provide diagnostic coverage on a specific function):

Table 5-16 CKM Safety Mechanisms
Safety Mechanism Description Faults | Failure Modes
CPU3 Software diversified redundancy Targeted toward faults which can result in incorrect clock frequency (resulting in some computation failures) or failure to do a reset when required, and so forth.
SYSCTL1 MCLK monitor This safety mechanism is targeted toward faults which result in MCLK frequency going very low or MCLK not toggling.
SYSCTL11 Boot process timeout This safety mechanism can detect faults in logic which interacts with the boot software to indicate boot completion, boot failures, and so forth.
SYSCTL2 HFCLK start-up monitor This safety mechanism can be used to check if HFCLK is functioning before switching the clock source to HFCLK.
SYSCTL3 LFCLK monitor This safety mechanism is used detect failures on LFCK.
SYSCTL5 Periodic software read back of static configuration registers Targets the static configuration registers in SYSCTL.
SYSCTL9 Clock frequency measurement This safety mechanism can be used to do a periodic check of the clock frequency.
WDT Windowed watchdog event Targeted toward faults which result in incorrect clock frequencies and covers faults in various clocking components.
WDT (latent fault coverage) Windowed watchdog event This mechanism also acts as a backup in case the MCLK monitor malfunctions, for example.