Input voltage is between 0- and 24-V nominal with worst case of 3.6 V as logic low and 20.4 V as logic high. No intermediate voltage is expected.
The logic low (diagnostic pulse) in the STO signal is assumed either to be less than 1 ms or greater than 2 ms. No intermediate values are allowed.
Diagnostic coverage of STO_1 and STO_2 and STO_FB subsystems
The MCU and the related diagnostic software is excluded in the analysis and is assumed to be developed in accordance with functional safety requirements. The MCU is assumed SIL1 certified and the software implemented accordingly to meet at least SIL1.
Output signal STO_FB
The output voltage is assumed to be between 0- and 24-V nominal with worst case of 3.6 V as logic low and 20.4 V as logic high. The external supply voltage to the 24-V STO_FB is assumed to be protected against overvoltage and is required to remain within 24 V ±20% tolerance.
Power supply rails of STO_1 and STO_2 subsystem
P3V3 supply: Assumed to be protected against fault, remains within –20% tolerance (3.9 V max., 2.7 V min. If out of spec, it will be shut down to 0V. When a single protected power supply is used for both STO_1 and STO_2 subsystems, it shall employ two independent protection circuits (HFT = 1).
24-V supply: The 24-V input supply for the P24V is assumed to be protected against fault and remains within ±20% tolerance. If out of spec, it will be shut down to 0 V.
Isolated gate drive supply TIDA-00199
It is assumed that the quad output rails (VCC2 = +15, VEE2 = –8 V) decay to 0 V within less than 10 ms, after the P24V DC input voltage was disconnected.
It is assumed that all faults with TIDA-00199 are safe and yield to a 0-V output voltage for all quad output rails VCC2 and VEE2.
Temperature
It is assumed the components operate within the recommended operating temperature range. A temperature sensor is required to be added and if the ambient temperature is outside the recommended operating range all safety relevant supplies will be shutdown. This circuit is not part of concept.