IP Catalog > Interface IP > Automotive IP > SafeSPI IP > SafeSPI Controller

SafeSPI Controller IP Core

Overview

The SafeSPI Controller core implements a versatile and highly reliable Serial Peripheral Interface (SPI) controller compliant with the SafeSPI specification. Offering maximum flexibility to the host system, a single instance of the SafeSPI Controller core can be programmed to act as a SafeSPI master, slave, or monitor, or as master or slave controller for conventional SPI. The core supports all SafeSPI frame formats and addressing modes and allows extended configuration options for conventional SPI, so it can communicate with any SafeSPI-compliant device as well as with devices implementing a wide range of SPI protocol variants or over-SPI protocols, such as xSPI.

The SafeSPI Controller core imposes minimum overhead on the host system. As a SafeSPI interface controller, it automatically generates and checks CRCs and implements the fault management processes provisioned by the SafeSPI specification. Furthermore, the core can automatically filter traffic based on address and CSN when operating as a monitor. The core can also be programmed to operate in autonomous bridging mode, where it will translate transactions on the local AXI4-Lite bus to transactions on the SafeSPI bus and vice versa without any firmware assistance.

The core can satisfy the requirements of the most stringent functional safety assurance levels by optionally implementing a series of hardware mechanisms. These include spatial redundancy for critical modules, data protection by CRC or parity in buffers and registers, and self-diagnostics with a real-time fault injection facility. A certification data package consisting of an FMEDA, and Safety Manual documents is also optionally available.

Consistent with CAST’s quality standards, the SafeSPI Controller core adheres to the industry’s best coding and verification practices to ensure easy integration and trouble-free implementation in ASIC or FPGA technologies. The interface controller core is highly configurable at synthesis time, allowing tuning of its supported features and size to each design’s needs. It uses 32-bit AXI4-Lite interfaces, which can optionally operate on a clock domain asynchronous to the serial clock. Technology mapping, constraining, and scan insertion are straightforward, as the LINT-clean RTL design contains no multi-cycle or false paths and uses only rising-edge-triggered D-type flip-flops, no tri-states, an asynchronous reset line per clock domain, and clean clock domain crossing modules. Its reliability and low risk have been proven through rigorous verification and FPGA validation.

Key Features

  • SafeSPI Features
    • Compliant to SafeSPI Rev 2.0.
    • Master, slave, or monitor roles
    • All frame formats
      • 32-bit and 48-bit frames
      • In-Frame or Out-of-Frame communication
      • Both fixed frames and flexible frames
    • Slave selection options
      • Chip-select pin(s), or
      • 10-bit source/target address
    • Automatic CRC inclusion and checking
    • Fault Management
  • Conventional SPI Features
    • Master or slave roles
    • Programmable parameters
      • Serial clock phase and polarity
      • Frame size (1 to 32 bits); multiple frames can be merged into a single frame exceeding 32 bits
      • Chip-select and inter-frame gap
  • Functional Safety Features (Optional)
    • Redundancy for critical modules
    • Data protection by means of CRC (for buffers) and parity (registers)
    • Self-diagnostics via fault injection and loop-back mode
    • FMEDA, SAM documents
    • Ready for certification up to ISO 26262 ASIL-D
  • Easy to Use & Integrate
    • Run-time configuration options include
      • Autonomous SafeSPI-to-AHB bridge, or firmware-assisted, interface controller function
      • SafeSPI role (master, slave, or monitor) role and parameters
      • SafeSPI or conventional SPI
    • Standardized AMBA interfaces
      • AXI4-Lite or AXIS Lit-Subordinate for register access
      • AXI4-Lite Manager (for autonomous/bridging operation for Slave or Monitor)
    • Independent clock for serial bus oversampling in Slave or Monitor mode
    • Fully synchronous, scan-ready, LINT-clean design
    • Synthesis-time configuration limits operation modes and features to optimize silicon resources usage

Block Diagram

SafeSPI Controller Block Diagram

Deliverables

  • The core as delivered is warranted against defects for ninety days from purchase. Thirty days of phone and email technical support are included, starting with the first interaction. Additional maintenance and support options are available.
  • The core is available in synthesizable RTL and FPGA netlist forms. It ships with everything required for successful implementation, including:
    • System Verilog RTL source code
    • Post-synthesis EDIF (netlist licenses)
    • System Verilog Testbenches
    • Simulation & Synthesis Scripts
    • Documentation
  • To facilitate ISO 26262 certification, the optional Functional Safety version also includes:
    • the Failure Modes, Effects and Diagnostic Analysis (FMEDA) report, and
    • the Safety Assessment Methodology (SAM) document.

 

Technical Specifications

Availability
Now
Request Info

Related IPs

×
Semiconductor IP