SFFSAY3 January   2026 F29H850TU , F29H859TU-Q1 , TMCS1123 , TMCS1123-Q1 , TPS650362-Q1 , TPS650365-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Background
    2. 1.2 HW/SW FuSa Analysis Process
      1. 1.2.1 Item Definition
      2. 1.2.2 Functional Safety Goal
      3. 1.2.3 Functional Safety Concept
      4. 1.2.4 Technical Safety Concept
      5. 1.2.5 HW/SW Safety Requirement
      6. 1.2.6 Dependent‑failure Analysis
    3. 1.3 TI Collaterals
      1. 1.3.1 TI Components Category
      2. 1.3.2 FuSa Collaterals for Safety MCU
  5. 2FuSa Concepts of OBC System
    1. 2.1 Item Definition
      1. 2.1.1 Item Functions
      2. 2.1.2 System Boundaries
      3. 2.1.3 External Interfaces
      4. 2.1.4 Operation Modes
    2. 2.2 Functional Safety Goal
    3. 2.3 Functional Safety Concept
    4. 2.4 Technical Safety Concept
    5. 2.5 HW/SW Safety Requirement
    6. 2.6 Dependent‑Failure Analysis
  6. 3FuSa Components of OBC System
    1. 3.1 Components Overview
    2. 3.2 Microcontroller
      1. 3.2.1 CPU
      2. 3.2.2 ADC Sample
      3. 3.2.3 PWM Generation
      4. 3.2.4 CMPSS
      5. 3.2.5 Data Transmission
      6. 3.2.6 Fault Signal Monitor and Safe State Control
    3. 3.3 Power Management IC
      1. 3.3.1 MCU Monitor
      2. 3.3.2 Shutdown Sequence
      3. 3.3.3 Power Supply
    4. 3.4 System Basis Chips
      1. 3.4.1 CAN Communication
      2. 3.4.2 Supply Voltage Rail Monitoring
      3. 3.4.3 SPI/Processor Communication
      4. 3.4.4 Device Internal EEPROM
    5. 3.5 Power Supply and Supervisor
    6. 3.6 Gate Driver
    7. 3.7 Voltage Sensor
    8. 3.8 Current Sensor
    9. 3.9 Temperature Sensor
  7. 4Summary
  8. 5References

1.2.2 Functional Safety Goal

The second step is to formulate the FuSa goal and the corresponding safe state for hazard events. A FuSa goal is a high‑level safety requirement that must be satisfied to prevent the occurrence of a hazard identified during the HARA. It is derived from a comprehensive analysis of all possible failure modes of the component or system. For every FuSa goal a corresponding safe state must be specified; the system must transition to that safe state whenever the associated hazard event occurs.

According to Table 1-3, each hazard assigned an ASIL from A through D requires at least one FuSa goal, whereas hazards classified as QM do not require a safety goal. When multiple hazards lead to similar safety goals but have different ASILs, they can be consolidated into a single goal using the highest ASIL among them.