X CUBE STL: Supporting more STM32s and sharing resources to demystify functional safety

X-CUBE-STL now supports the STM32MP1, the STM32U5, the STM32L5, the STM32H5, and the STM32WL. In essence, the most extensive family of general-purpose microcontrollers capable of running Safety Integrity Level 2 and 3 certified systems continues to grow, and teams needing to meet IEC 61508, ISO 13849, and IEC 61800 requirements can do so on our latest devices. Additionally, the Functional Safety page will make finding the various ST resources that will assist developers striving for industrial or household electrical appliance certifications easier. It also lists the ST Authorized Partners providing real-time operating systems, development tools, engineering services, and training to ensure teams can cross the bridge from proof-of-concept to commercial products.

• Watch our Webinar on functional safety

The International Electrotechnical Commission defines safety as the "freedom from unacceptable risk of physical injury or of damage to people's health." When designing an embedded system, functional safety covers the various aspects of safety that depend on that system. For instance, in a manufacturing plant, functional safety ensures that in case of an internal failure, the circuit controlling a robot fails gracefully instead of harming its operators. In a medical application, standards guarantee that users are aware of malfunctions by the use of an alarm, among other things, to prevent detrimental usage. And since our STM32 microcontrollers are everywhere, we needed to see that they all had a straightforward path to IEC 61508 for industrial applications.

Before X-CUBE-STL: How to start working on an IEC 61508 certification

A robot arm in an industrial setting

The IEC 61508 governs functional safety for electrical and electronic systems in all sorts of industries and applications. However, many STM32 users seek this certification when working in an industrial setting where risks are higher and requirements more stringent. The first significant aspect of the standard is the safety life cycle. Before anything else, engineers must document all the steps and measures they will take to accomplish functional safety, from the first design operations to the product's decommissioning. The process includes risk analysis, safety protocols, and validations, maintenance, etc.

Our Functional Safety page is a great starting point for engineers because it provides a "safety manual" for nearly all STM32 microcontrollers, thus ensuring that teams can begin working on defining their product's life cycle. Most documentation focuses on IEC 61508 compliance. However, we recently published an application note (AN5698) to help engineers adapt what's in the X-CUBE-STL package to other safety certifications, such as ISO 13849, for safety of machinery. We also provide a failure mode and effect analysis (FMEA), which lists all the MCU failure modes and how to mitigate them. Similarly, the failure mode effect and diagnostic analysis (FMEDA) extends the former and computes failure rates for the MCU at the function level.

X-CUBE-STL: Self-test libraries to more rapidly obtain SIL 2 or SIL 3 certifications

Understanding Safety Integrity Levels

The second aspect of IEC 61508 is the assignment of a Safety Integrity Level (SIL). After a hazard analysis determines what can go wrong and how badly it can damage a person or the environment, there's a risk assessment to determine how often or how likely a hazard can occur. From these analyses, functional safety standards draw safety requirements or SIL.

There are four levels, the first being the laxest and the fourth representing the strictest standard. SIL 4 is traditionally for railway or nuclear applications. SIL 1 is looser and tends to apply to monitoring/information devices like CCTV, while SIL 2 and 3 are much more common in hardware designed for industrial applications. The main difference is the requirement to perform redundant measurements in SIL 3.

Knowing how to get started

To start working toward SIL 2 or SIL 3 certifications, teams begin by selecting an STM32 with the hardware safety features that match their application's requirement. For instance, all our MCUs have a dual watchdog, but only the STM32G0, STM32G4, STM32H5, STM32H7, STM32L4/L4+, STM32L5, STM32U5, STM32WB/A, and STM32WL have ECC Flash memory, and out of them, only the STM32H7, STM32H5, and STM32U5 have ECC SRAM, which is traditionally only a requirement for high-performance applications.

Teams can also use the self-test libraries available in the X-CUBE-STL to start implementing failure detection mechanisms. For instance, they can help spot random failures in the CPU, the SRAM, or the Flash. The diagnostic capability of X-CUBE-STL is verified by fault injection methodology to improve the customers' confidence in our solutions. To make these libraries more accessible, we offer them as object code, meaning that they can be integrated into any application, and developers can use any compiler.

X-CUBE-STL provides object code to help developers run self-tests on STM32 MCUs. Consequently, because we deliver an object code, developers can integrate it into their software, certify one object, and reuse it multiple times since it doesn't depend on the compiler version or other dependencies. It greatly facilitates the process when applying to certification bodies.

X-CUBE-CLASSB and why an ecosystem matters

Sharing resources

Recently, ST updated its X-CUBE-CLASSB, which targets electrical household appliances, to align it with X-CUBE-STL. Put simply, while they have different user manuals and different purposes, the selt-test libraries share the same code base with X-CUBE-STL. Hence, it becomes much easier to obtain more than one certification on the same hardware platform. Additionally, since these certifications are much less stringent than IEC 61508, the ability to use the same object code as the X-CUBE-STL provides greater assurance. The software package currently supports the STM32U5, STM32G0, STM32C0, STM32L4, STM32G4, STM32WL, STM32MP1, STM32H5, STM32F7, and STM32H7. Support for the STM32H7R/S, STM32U0, and STM32F4 will arrive by the end of the year.

Optimizing functional safety

All these packages turn our STM32 general-purpose microcontrollers into great candidates for the most complex protocols. Traditionally, MCUs aimed at these standards are custom products, which means that they are much more expensive and use hardware specifications that are sometimes more prohibitive in one way or another. ST's approach is thus unique because we make these standards more accessible and provide an essential network of partners. In many instances, using two STM32s is still more cost-effective than using one MCU sold specifically for safety.

As great as the documentation and self-test libraries are, we know that they represent only the first steps in a long process. Many teams often underestimate the difficulties associated with getting a certification. Hence, we also have ST Authorized Partners who know our devices and can ensure engineers cross the finish line by shipping a certified product.

What's Next?

• Join Our Webinar on Functional Safety
• Learn more about our functional safety initiative
• Discover X-CUBE-STL
• Download X-CUBE-CLASSB

Public link

Please use the above public link if you want to share this noodl on another website.