• Collect every alarm signal generated from safety mechanisms and security mechanisms

  • Process safety alarms with redundant safety alarm handlers

  • Each safety alarm handler can be configured to activate a number of internal reactions

    :

    • Generate an interrupt request to any of the CPUs. Concurrent interrupts to several CPUs can be configured

    • Generate a Non-Maskable Interrupt (NMI) request to the System Control Unit (SCU)

    • Generate a reset request to the System Mode Management (SMM)

    • Activate the Port Emergency Stop signal controlling the safe state of output pads

    • Generate a CPU module reset request

    • Generate a PPU module reset request

  • Each safety alarm handler can be configured to report internal faults to the external environment using the Fault Signaling Protocol (FSP)

    . The following FSP modes are available:

    • Bi-stable single pin output, also called ErrorPin

    • Timed dual rail coding using two inverted values on the ErrorPins

    • Single-bit timed protocol using the ErrorPin

  • Each safety alarm handler can be configured to trigger emergency stop request to the PORTS

  • Diverse processing of safety alarms generated by certain safety mechanisms (voltage, clock, and temperature monitors) detecting potential common cause faults

  • Process security alarms with security alarm handler

  • Security alarm handler can be configured to activate internal reactions

    :

    • Generate an interrupt request to any of the CPUs including CPUcs if present

    • Generate a NMI request to the SCU

    • Generate a reset request to the SCU

    • Locking KEYS request to the Cyber Security Satellite (CSS)

  • A subset of safety and security alarms can be configured to be processed either by safety alarm handler or security alarm handler

  • Monitor correct internal reaction execution by watchdog timers

  • Test alarm handlers reaction generation by software based alarm emulation

  • Control the test mechanism available for safety flip-flop instances within the microcontroller and capture the error condition during the test

  • Protect configuration registers against unintended accesses using a diverse hardware access protection mechanism