• Menu
  • Product
  • Email
  • PDF
  • Order now
  • Safety Manual for TPS65381-Q1 and TPS65381A-Q1 Multirail Power Supply

    • SLVA528D September   2012  – August 2021 TPS65381-Q1 , TPS65381A-Q1

       

  • CONTENTS
  • SEARCH
  • Safety Manual for TPS65381-Q1 and TPS65381A-Q1 Multirail Power Supply
  1.   Trademarks
  2. 1Introduction
  3. 2Product Overview
    1. 2.1 Safety Functions and Diagnostics Overview
    2. 2.2 Target Applications
    3. 2.3 Product Safety Constraints
  4. 3Development Process for Management of Systematic Faults
    1. 3.1 TI New-Product Development Process
  5. 4TPS65381x-Q1 Product Architecture for Management of Random Faults
    1. 4.1 Device Operating States
    2.     Device Operating States (continued)
    3. 4.2 NRES (MCU Reset) Driver and ENDRV (SAFING Path Enable) Driver
  6. 5TPS65381x-Q1 Architecture Safety Mechanisms and Assumptions of Use
    1. 5.1 Power Supply
    2. 5.2 Regulated Supplies
      1. 5.2.1 VDD6 Buck Switch-Mode Supply
      2. 5.2.2 VDD5 Linear Supply
      3. 5.2.3 VDD3/5 Linear Supply
      4. 5.2.4 VDD1 Linear Supply
      5. 5.2.5 VSOUT1 Linear Supply
      6. 5.2.6 Charge Pump
    3. 5.3 Diagnostic, Monitoring, and Protection Functions
      1. 5.3.1 External MCU Fault Detection and Management
        1. 5.3.1.1 External MCU Error Signal Monitor (MCU ESM)
        2. 5.3.1.2 Watchdog Timer
      2. 5.3.2 Voltage Monitor (VMON)
      3. 5.3.3 Loss-of-Clock Monitor (LCMON)
      4. 5.3.4 Junction Temperature Monitoring and Current Limiting
      5. 5.3.5 Analog and Digital MUX (AMUX and DMUX) and Diagnostic Output Pin (DIAG_OUT)
      6. 5.3.6 Analog Built-In Self-Test (ABIST)
      7. 5.3.7 Logic Built-In Self-Test (LBIST)
      8. 5.3.8 Device Configuration Register Protection
  7. 6Application Diagrams
    1. 6.1 TPS65381x-Q1 With TMS570
    2. 6.2 TPS65381x-Q1 With C2000
    3. 6.3 TPS65381x-Q1 With TMS470
  8. 7TPS65381x-Q1 as Safety Element out of Context (SEooC)
    1. 7.1 TPS65381x-Q1 Used in an EV/HEV Inverter System
    2. 7.2 SPI Note
  9. 8Revision History
  10. IMPORTANT NOTICE
search No matches found.
  • Full reading width
    • Full reading width
    • Comfortable reading width
    • Expanded reading width
  • Card for each section
  • Card with all content

 

FUNCTIONAL SAFETY MANUAL

Safety Manual for TPS65381-Q1 and TPS65381A-Q1 Multirail Power Supply

Trademarks

C2000 and Hercules, are trademarks of Texas Instruments.

All trademarks are the property of their respective owners.

1 Introduction

The system and equipment manufacturer or designer (as user of this document) is responsible to ensure that their systems (and any TI hardware or software components incorporated in their systems) meet all applicable safety, regulatory, and system-level performance requirements. All application and safety-related information in this document (including application descriptions, suggested safety measures, suggested TI products, and other materials) is provided for reference only. Users understand and agree that their use of TI components in safety-critical applications is entirely at their risk, and that user (as buyer) agrees to defend, indemnify, and hold harmless TI from any and all damages, claims, suits, or expense resulting from such use.

This safety manual provides information to help system developers create safety-related systems using the supported TPS65381x-Q1 multirail power supply. This document contains:

  • An overview of the product architecture
  • An overview of the development process used to reduce systematic failures
  • An overview of the safety architecture for management of random failures
  • Assumptions of Use (AoU) that the system integrator may consider to use this part in an ISO26262-compliant system.
  • The details of architecture partitions, and implemented safety mechanisms

Separate documents provide the following information, not covered in this document:

  • Failure rates estimation
  • Qualitative failure analysis (design FMEA)
  • Quantitative failure analysis (quantitative FMEDA)
  • Safety metrics calculated per targeted standards per system example implementation

TI expects that the user of this document has a general familiarity with the TPS65381x-Q1 device. This document is intended to be used in conjunction with the pertinent data sheets and other documentation for the products under development. This partition of technical content is intended to simplify development, reduce duplication of content, and avoid confusion as compared to the definition of safety manual in IEC 61508:2010.

2 Product Overview

The TPS65381x-Q1 device is a multirail power supply designed to supply microcontrollers (MCUs) in safety-relevant applications, such as those found in automotive and industrial markets. The device supports Texas Instruments’ Hercules™ TMS570 MCU and C2000™ families, and various other MCUs with dual-core lockstep (LS) or loosely-coupled architectures (LC).

The TPS65381x-Q1 integrates multiple supply rails to power the MCU, transceiver (CAN or other), and an external sensor. An asynchronous buck switch-mode power-supply converter with internal FET converts the input supply (battery) to a 6-V preregulator output. This 6 V supplies the other regulators.

The integrated 5-V linear regulator with internal FET is typically used to supply a transceiver or other peripheral. A second integrated linear regulator, also with internal FET, regulates to a selectable 5-V or 3.3-V MCU I/O voltage.

The TPS65381x-Q1 includes the VDD1 voltage-regulator controller, typically used to supply the MCU core rail. This linear regulator controller uses an external FET and resistor divider (for adjustment). It regulates the 6 V to an adjustable voltage of between 0.8 V and 3.3 V for the core.

The device includes a sensor supply, VSOUT1.

The device has an integrated charge pump to provide an overdrive voltage for the internal regulators. One option for reverse-battery protection uses the charge-pump output to control an external NMOS transistor. This solution allows for a lower minimum battery voltage operation compared to a traditional reverse-battery blocking diode because there is less voltage drop across the transistor.

The device monitors undervoltage and overvoltage on all regulator outputs, battery voltage, and internal supply rails. A second band-gap reference, independent from the main band-gap reference, monitors for undervoltage and overvoltage, to avoid any drifts in the main band-gap reference being undetected. In addition, the device implements regulator current limits and temperature protections.

The TPS65381x-Q1 functional safety architecture features a watchdog configurable for question and answer (Q&A) mode or trigger mode, MCU error-signal monitor (ESM), diagnostic check for the MCU ESM, clock monitoring on internal oscillators, self-check on clock monitor, CRC on internal nonvolatile memory (EEPROM), CRC for configuration registers, diagnostic multiplex output to route internal analog (AMUX) and digital (DMUX) signals out through the DIAG_OUT pin, and a reset circuit for the MCU. A built-in self-test (BIST) allows for monitoring the device functionality at power up.

GUID-CC311C02-638D-4097-949C-7E247F307374-low.gifFigure 2-1 TPS65381x-Q1 Architecture Overview

 

Texas Instruments

© Copyright 1995-2025 Texas Instruments Incorporated. All rights reserved.
Submit documentation feedback | IMPORTANT NOTICE | Trademarks | Privacy policy | Cookie policy | Terms of use | Terms of sale