A correctable or catastrophic error is categorized as a safety error. As a result of a catastrophic safety error, the system needs to be reset to a safe state.
A safety-compliant system is required to detect and react to an error in less than 10 ms. It is also required to put itself into a safe state as a result of an error.
A safe state is one where the following occurs.
•Error manager is informed.
•Failure is isolated.
•If possible, high-level software (safety operating system) gets an indication of the error.
•Indicate error to outside world.
•Store error source and context for diagnostic purpose.
The hardware error status is sent to the platform management unit (PMU) as interrupts. Based on the error source, the user-programmable software on the PMU should determine the type of reset (PS-only reset, full-power domain reset, or RPU reset).
For some of the errors (e.g., a power failure that is both security and safety related) the action can be configured in the configuration security unit (CSU) for a security lockdown. However, you should only configure one or the other (depending upon the specific system requirement). Various enable registers for power-on reset (POR), system reset, and PS error are provided in the PMU_GLOBAL register set, which can be configured to trigger the respective action.
The PMU is responsible for capturing all errors within the device, reporting these errors to the outside world, and taking the appropriate action with respect to each error. The PMU includes the necessary registers, logic, and interfaces for handling these functions.
Refer to Platform Management Unit for further details on error handling and reporting.