The S32K3 MCU family combines a robust safety architecture and multiple hardware safety mechanisms with a wide range of safety software, documentation and technical support.
Historically focused on vehicle dynamics systems such as braking, chassis and powertrain control, functional safety now extends across the vehicle application spectrum from body control modules and battery management systems (BMS) to zone and motor control ECUs. Central to this is the role of the MCU either as the primary safety and application processor or as a safety companion IC. To address this growing market need, NXP has enabled the S32K3 32-bit Arm® Cortex®-M7 based MCU family with robust hardware safety features and custom-made safety software that can be employed in both automotive as well as industrial designs.
Like many NXP automotive processors, the S32K3 MCU family has been developed as a safety element out of context (SEooC) following NXP's Automotive BCaM7 development process (certified by TÜV SÜD), ensuring its development is compliant with several safety standards including IATF 16949 (for automotive quality management systems) and ISO 26262 (a risk-based safety standard for electric and/or electronic systems in production vehicles, derived from IEC 61508). The process is based on best practices for policies, roles and responsibilities, procedures, templates, checklists and tools and applies CMMI maturity stages to improve overall performance. The BCaM7 development process helps in the avoidance of systematic faults.
S32K3 MCUs target applications up to ASIL D level and are built upon a safety architecture that spans power, clocking, reset, central processing unit (CPU), interconnect, memory (including internal flash and RAM) and multiple peripheral blocks. Together, these facilitate safe and secure external communication while enabling real-time applications. Multiple safety measures monitor different functions of the MCU, including power-supply monitors, clock and lockstep core monitors, internal watchdogs, memory access protection, ECC on memories, array integrity self-check for on-chip flash, end-to-end protection on interconnect and cyclic redundancy checking. The majority of these are implemented in on-chip hardware, helping to reduce the BoM cost for the system integrator.
NXP is certified by TÜV-SUD for safety-related projects up to ASIL D according to ISO 26262:2018 and up to SIL 3 according to IEC 61508:2010. View the certificate.
S32K3 MCUs support different Arm Cortex-M7 core configurations for balancing functional safety and performance requirements:
The technical safety concept of S32K3 MCUs has been verified through qualitative safety analysis via fault tree analysis (FTA) and dependent failure analysis (DFA), and through quantitative safety analysis using failure modes, effects and diagnostic analysis (FMEDA). The FMEDA is configurable according to the customer's application and the results of these analyses are available in the safety analysis report.
The safety manual provides the assumptions of use and corresponding recommendations to assist the developer in the integration of the MCU into the safety system. Customers can request access to NXP's SafeAssure NDA group to download available safety documentation: safety manuals, SEooC Standardized FMEDAs, analysis reports, assessment/confirmation measure reports and PPAPs. Additionally, customers can also receive expert technical support for their functional safety applications.
S32K3 MCUs are supported by a package of production-grade, safety-compliant software to ease application development. The S32 safety software framework (SAF) provides a comprehensive set of libraries for the detection of and reaction to single-point and latent faults and support the S32K3 family and other NXP Automotive processors. A structural core self-test (SCST) library supports the overall S32K3 safety concept while safety peripheral drivers (SPD) provide a starting point for developers who wish to develop their own safety framework. Finally, NXP provides a package of production-grade, safety-compliant real-time drivers (RTD) software for AUTOSAR and non-AUTOSAR applications.
The S32K3 MCU can be used with NXP's FS26xx system basis chip (SBC) to provide a system-level safety solution. The FS26xx offers stable input power supplied to the MCU with self-monitoring capability, external watchdog monitoring of the essential MCU computation function, monitors and controls the MCU's reset input/output and monitors its fault collection and control unit (FCCU) error indication outputs. The SBC triggers the system to enter a safe state if it detects any unrecoverable faults in the MCU.
The S32K3 MCU family combines a robust safety architecture and multiple hardware safety mechanisms with a wide range of safety software, documentation and technical support. Together with the FS26xx SBC, it delivers a comprehensive safety solution for evolving automotive and industrial applications.
NXP partnered with Mobile Knowledge to create an online Safety Academy that provides a modular approach for learning about functional safety to help simplify ISO 26262 compliance, whether you are a program manager or hardware/software/system engineer.
The Safety Academy has dedicated training materials to assist you in your role in the safety application development process. Enroll today and learn the art of safety through the online NXP Safety Academy!
Avni develops safe SoC architecture based on ISO 26262 standard as part of the NXP MCU MPU Safety Team. She is certified as an Automotive Functional Safety Professional by SGS TUV SAAR. Avni got her B.Tech. in Electronics and Communication Engineering (ECE) from the Netaji Subhas University of Technology, India.
