SMU
Safety Management Unit
AURIX™ TC2xx Microcontroller Training
V1.0 2019-03
Please read the Important Notice and Warnings at the end of this document
Key Features Customer Benefits
Unified fault management
Recovery timers
› Configurable internal and/or external
reaction for each individually alarm
› Enables monitoring of duration of internal
error handlers
SMU
Safety Management Unit
Key Features Customer Benefits
Highlights
The Safety Management Unit (SMU) is a
central hardware module that collects the
alarms from every hardware safety
mechanisms, as well as the error signals
related to the architecture.
The severity of each alarm can be configure
accordingly with the needs of the application.
SMU
Internal Alarm
Reaction
External
Alarm
Reaction
Alarm Sources/
Safety
Mechanisms
2
2019-03-27 Copyright © Infineon Technologies AG 2019. All rights reserved.
SMU
Unified fault management
› With the SMU, pre-defined reaction can be configured individually for each
alarm
› Whenever an input alarm event is detected and the SMU state machine is
in the RUN or FAULT state, the module checks what are the configured
actions to be done
External reaction
• Use Fault Signaling Protocol to
transition from “fault free state” to
“fault state”
• Request Emergency Stop to set
selected pins in reset state
Internal reaction
• Issue Non Maskable Interrupt to
all CPUs
• Issue interrupt to a configurable
set of CPUs
• Issue an application or system
reset
• Issue a CPU reset selectively
3
2019-03-27 Copyright © Infineon Technologies AG 2019. All rights reserved.
SMU
Recovery timer
› Recovery timers (RTs) are available to enable monitoring of the duration
of internal error handlers
› The recovery timer duration can be configured
› If a recovery timer is enabled and any of the configured alarm events
occurs, the recovery timer is automatically started by hardware
› Once a recovery timer event occurs, the recovery timer starts and counts
until software stops it
› If the timer expires, an internal SMU alarm (Recovery Timer Timeout) is
issued
4
2019-03-27 Copyright © Infineon Technologies AG 2019. All rights reserved.
SMU
System integration
› The SMU is connected to all
safety mechanisms that are
within the microcontroller
› It is also connected to the
System Control Unit, the Interrupt
Router and the Ports in order to
trigger the configured reaction
when an alarm is set
CPUs
SMU
Interrupt
Router
System
Control
Unit
Alarm
Sources/
Safety
Mechanism
Reset/
Emergency
stop
Ports
Interrupts
Alarms
FSP
5
2019-03-27 Copyright © Infineon Technologies AG 2019. All rights reserved.
Application Example
Failure reaction example with recovery timer
Overview
› Description of issue: An
alarm is triggered by a safety
mechanism (SM)
› Procedure: SMU triggers a
NMI and starts the recovery
timer
Advantages
› Granular reaction concept
› Direct connection to external
world via FSP Pin
› Possibility to recover from
alarm via RT
AURIX™
SM1
SMU
CPU2
NMI
P33.8
FSP
CPU0 CPU1
SCU
(reset)
External
Safe State
Support
RT
SM2
CPU
hangs,
fails to
clear RT
overflow
______
PORST
6
2019-03-27 Copyright © Infineon Technologies AG 2019. All rights reserved.
IMPORTANT NOTICE
The information given in this document shall in no
event be regarded as a guarantee of conditions or
characteristics (“Beschaffenheitsgarantie”).
With respect to any examples, hints or any typical
values stated herein and/or any information
regarding the application of the product, Infineon
Technologies hereby disclaims any and all
warranties and liabilities of any kind, including
without limitation warranties of non-infringement
of intellectual property rightsof any third party.
In addition, any information given in this
document is subject to customer’s compliance
with its obligations stated in this document and
any applicable legal requirements, norms and
standards concerning customer’s products and
any use of the product of Infineon Technologies in
customer’s applications.
The data contained in this document is exclusively
intended for technically trained staff. It is the
responsibility of customer’s technical
departments to evaluate the suitability of the
product for the intended application and the
completeness of the product information given in
this document with respectto such application.
For further information on the product,
technology, delivery terms and conditions and
prices please contact your nearest Infineon
Technologies office (www.infineon.com).
WARNINGS
Due to technical requirements products may
contain dangerous substances. For information
on the types in question please contact your
nearest Infineon Technologies office.
Except as otherwise explicitly approved by
Infineon Technologies in a written document
signed by authorized representatives of Infineon
Technologies, Infineon Technologies’ products
may not be used in any applications where a
failure of the product or any consequences of the
use thereof can reasonably be expected to result
in personal injury.
Edition 2019-03
Published by
Infineon Technologies AG
81726 Munich, Germany
© 2019 Infineon Technologies AG.
All Rights Reserved.
Do you have a question about this
document?
Email: erratum@infineon.com
Document reference
AURIX_Training_1_
Safety_Management_Unit
Trademarks
All referenced product or service names andtrademarks are the property of theirrespective owners.
Loading...