The following techniques and safety measures may be useful for improving independence of function when using the TMS320F2837xD/S and TMS320F2807x MCU:
- Hold peripherals clocks disabled if the available peripherals are unused (CLK14-Peripheral Clock Gating (PCLKCR)).
- Hold peripherals in reset if the available peripherals are unused (SYS7-Peripheral Soft Reset (SOFTPRES)).
- Power down the analog components cores if they are not used.
- When possible, separate critical I/O functions by using non adjacent I/O pins/balls.
- Partition the memory as per the application requirements to respective processing units and configure the Access Protection Mechanism for Memories, for each memory instance such that only the permitted masters have access to memory.
- Dual Zone Code Security Module (DCSM) can be used for functional safety as firewall to protect shared memories, where functions with different safety integrity levels can be executed from different security zones (zone1, zone2 and unsecured zone) thus mitigating risk originating due to interference among these.
- Disabling of SOC Inputs to ADC can help avoid interference from unused peripherals to disturb functionality of ADC. Disabling of unused DMA trigger sources will help minimize interference caused by unintentional DMA transfers.
- Disabling of Unused CLA Task Trigger Sources and Disabling of Unused DMA Trigger Sources will mitigate risk of interference caused due to the trigger events.
- When IPC is used in safety critical application, IPC1-“Information Redundancy Techniques Including End to End Safing” can detect failure of interference to CPU due to unintentional interrupts form IPC module.
- To avoid interference from spurious activity on MCU’s debug port, JTAG1-“Hardware Disable of JTAG Port” will be helpful in preventing this interference.
- Safety applications running on the CPU can be interfered by unintentional faulty interrupt events to PIE module. PIE7-“Maintaining Interrupt Handler for unused interrupts” and PIE8- “Online Monitoring of Interrupts and Events” will detect such interfering failures.
- MCU resources in supporting CPU execution such as memory, interrupt controller, and so forth could be impacted by resources from lower safety integrity safety function coexisting on same MCU. Safety mechanisms such as CPU9-“External watchdog”, RAM16 –“Information Redundancy Techniques”, SRAM17-“CPU handling of Illegal Operation, Illegal Results and Instruction Trapping” will be able to detect such interference.
- Critical configuration registers could be victim of interference from bus masters on MCU which implements lower safety integrity functions. These can be protected by SYS1-“Multi-Bit Enable Keys for Control Registers”, SYS2-“Lock Mechanism for Control Registers”, SYS8-“EALLOW and MEALLOW Protection for Critical Registers”.