Safety Features
119
SPRUH22I – April 2012 – Revised November 2019
Copyright © 2012–2019, Texas Instruments Incorporated
System Control and Interrupts
1.5.6.3
Handling of CNMI
User software must clear all the flag bits which are set in the CNMIFLG register before clearing the
NMIINT bit (bit 0) of the CNMIFLG register. If the user clears the NMIINT bit of the CNMIFLG register
before clearing all the individual flag bits, as soon as the NMIINT bit is cleared, it will be set back to "1"
again. If a user returns from the NMI handler without clearing the NMIINT bit of the CNMIFLG register,
then a reset is generated to the control subsystem when the CNMIWD counter value reaches the
programmed period value.
1.6
Safety Features
This section gives details on different modules or features that safe guard device operation during run time
and help catch serious errors that can occur. Also included are details on hardware behavior when any of
the serious errors occur in the device.
1.6.1 Write Protection on Registers
1.6.1.1
Master Subsystem Write Protection
1.6.1.1.1 MWRALLOW
To meet the requirements of safety-critical applications and to safeguard system control registers from
run-away software code in case of software design errors, hardware protection is provided to prevent
contents of critical registers from getting corrupted.
Write protection to critical registers is achieved by using a "double write" method. In this method there is a
MWRALLOW register, which if written with a value of 0xA5A5 A5A5, allows writes to all other
"PROTECTED" registers defined in this specification. The MWRALLOW register is only writable in M3
privileged mode.
1.6.1.1.2 MLOCK
The MLOCK register is required to prevent accidental writes to the MSxMSEL shared memory (S0 to S7)
RAM block mapping register.
This register lets users lock the configuration of Shared RAMs once configured by the master subsystem
application. This register is a write once register and once written, it cannot be cleared or re-written until
the respective reset that resets this register is generated. Refer to the
Internal Memory
chapter of this
document for more details on shared RAM configuration registers.
1.6.1.2
Control Subsystem Write Protection
Several control registers are protected from spurious CPU writes by the EALLOW protection mechanism.
The EALLOW bit in status register 1 (ST1) indicates the state of protection as shown in
.
(1)
The EALLOW bit is overridden via the JTAG port, allowing full access of protected registers during debug from the Code
Composer Studio interface.
Table 1-14. Access to EALLOW-Protected Registers
EALLOW Bit
CPU Writes
CPU Reads
JTAG Writes
JTAG Reads
0
Ignored
Allowed
Allowed
(1)
Allowed
1
Allowed
Allowed
Allowed
Allowed
At reset, the EALLOW bit is cleared, enabling EALLOW protection. While protected, all writes to protected
registers by the CPU are ignored and only CPU reads, JTAG reads, and JTAG writes are allowed. If this
bit is set, by executing the EALLOW instruction, the CPU is allowed to write freely to protected registers.
After modifying registers, they can once again be protected by executing the EDI instruction to clear the
EALLOW bit.