X-CUBE-STL-H7 safety manual 安全手册

Introduction

This document applies to the X-CUBE-STL self-test library for the STM32H7 Series (order code X-CUBE-STL-H7).

X-CUBE-STL-H7, a software expansion package for STM32Cube, includes an application-independent software test library

released by ST to implement a relevant subset of safety mechanisms required by the safety concepts applicable to

microcontrollers of the STM32H7 Series.

Thanks to this software expansion package the end user can reduce the time and effort required to implement the conditions of

use needed to use the STM32H7 MCUs in safety applications up to SIL 2 hardware safety integrity level with a HFT=0 scheme.

The complex activity needed for the design and verification of the safety mechanisms has been carried out by ST on behalf of

its customers, and is guaranteed for completeness and accuracy.

User manual

1.1 Purpose and scope

This manual is to be used when X-CUBE-STL-H7 is re-used in development of systems based on

microcontrollers of the STM32H7 Series.

It provides a detailed description (comprising functions, constraints and evidence), to make possible an

assessment of the integrity of a specific safety function that depends (fully or partially) upon X-CUBE-STL-H7.

This manual has to be considered as the safety manual for X-CUBE-STL-H7 software, in compliance with

IEC61508-3, 7.4.2.12 clause b), and depending clauses.

This document applies to the X-CUBE-STL-H7 software test library (self-test library), and is intended for all people

(either internal or external to ST) who need to integrate it in a STM32H7 MCUs used in a wider system

implementing safety functions.

It is expected that readers of this document are familiar with the concepts and knowledge indicated in related

Section 2.2 Minimum level of competence.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

1.2 Terms and abbreviations

1.4 Reference normative

This document is written in compliance with the IEC61508 international norm for functional safety of electrical,

electronic and programmable electronic safety-related systems, – Part 3: Software requirements.

The version used as reference is IEC61508:1-7

IEC:2010.

1.5 Informative section

This document is the IEC61508-compliant safety manual for X-CUBE-STL-H7 software library. The safety

characteristics claimed for X-CUBE-STL-H7 are exposed in detail in Section 3.1 Development process and

Section 3.2 Diagnostic coverage:

• a software development process compliant to IEC61508-3 SC3 (systematic capability) – Section 3.1

To further clarify the relevance of X-CUBE-STL-H7 safety characteristic within the overall IEC61508 STM32H7

safety concept, it is worth to recap that:

• X-CUBE-STL-H7 achievable diagnostic coverage (as stated in Section 3.2 Diagnostic coverage) allows,

among other requirements at MCU level, the use of STM32H7 MCUs in systems implementing safety

functions with hardware safety integrity up to SIL2 for HFT=0 and up to SIL3 for HFT=1

• X-CUBE-STL-H7 SC3 software systematic capability allows the end user to integrate the X-CUBE-STL-H7

itself with application software having equivalent or lower systematic capability, excluding interferences

between the X-CUBE-STL-H7 and the application software.

Eventually, it is reminded that STM32H7 Series safety manual [1] is the main reference for the use of the

STM32H7 MCUs in systems implementing safety functions. End customers willing to use the STM32H7 MCUs in

2.1 Identification

The version of application-independent software test library, self-test library, available in the X-CUBE-STL-H7

software expansion package (and associated to this manual) is V1.0.0.

• concept of functional safety standards application to microelectronics devices and software applications (in

the specific, IEC61508)

• STM32H7 MCU IEC61508-compliant safety concept as described in the related safety manual (refer to [1])

• general STM32H7 MCU architecture, based on an Arm

Cortex

2.3

Purpose

X-CUBE-STL-H7 includes an application-independent software test library released by ST to implement a

relevant subset of safety mechanisms required by the safety concept of STM32H7 MCUs.

Thanks to this software the end user can save time and efforts required to implement the conditions of use

• RAM_SM_0

• FLASH_SM_0

• FLASH_SM_9

CoUs / safety mechanism implementation is available under the form of specific API calls included in the

relocatable object code included in X-CUBE-STL-H7. Refer to [2] for details.

The table below maps the characteristics required for the above mentioned safety mechanisms in the X-CUBE-

STL-H7 implementation. Reference is the safety mechanism description in [1].

Note: To better understand the relationship between X-CUBE-STL-H7 features and STM32H7 CoUs, it is

recommended to carefully read the contents of Section 1.5 Informative section.

Not needed X-CUBE-STL-H7 is configurable