Figure 4-5 shows the logic table of the safety subsystem. STO_1 and STO_2 are active low signals. Logic levels valid for state changes > 1 ms.

The 24-V isolated digital input receiver ISO1211 converts the STO_1 input signal to a 3V3 CMOS level signal. The STO_1 signal from the output of the ISO1211 then pass through low pass RC filter to remove 1ms diagnostics pulses present on STO_1 signal. The output of ISO1211 (MCU_STO_1_In) is also monitored by the MCU (SIL 1) for stuck high faults. The low-pass filtered STO_1 signal is ANDed with MCU diagnostic signal (MCU_Diag_Cntrl_Out1) to generate load switch STO1_EN signal. The STO1_EN signal is used to enable (logic high) and disable (logic low) the load switch, which in turn control the supply voltage VCC of the isolated gate driver ISO5852S (or ISO5452) logic input supply VCC1. Dual redundant PNP bipolar junction transistors Q2 and Q3, actively clamp the logic side gate drive supply VCC to GND when STO_1 is activated. This prevents reverse bias of the VCC supply through the CMOS input gate driver ISO5852S (or ISO5452) in case the PWM signals are still active high (3V3). The STO_1_FB signal used by the STO_FB logic to monitor the state of the drive.