ST STM32F2 Series User Manual page 9

3.2.4 Reference safety architectures - 1oo2
1oo2 reference architecture (shown in below
implemented in the same way of 1oo1 reference architecture. Safety integrity of each channel is guaranteed by
the combination of STM32F2 Series internal processes (implemented safety mechanisms) and external
processes WDTe and VMONe. Safety integrity of overall compliant item is guaranteed by the external voter PEv
allowing to claim HFT=1. Achievement of higher safety integrity levels as per IEC61508-2 Table 3 is therefore
possible. Appropriate separation between the two channels (including power supply separation) should be
implemented in order to avoid huge impact of common-cause failures (refer to
analysis). βD computation is anyway required.
Target for 1oo2 reference architecture is SIL3.
Sensors
UM1845 - Rev 4
Figure 4.) is composed by two separate channels, each of them
Figure 4. 1oo2 reference architecture
VMONe WDTe
PEi PEc
PEd
PEi PEc
PEd
VMONe WDTe
Section 4.2 Dependent failures
PEo
PEv
PEo
UM1845
Compliant item
Actuators
page 9/108