Introduction

This document must be read along with the technical documentation such as reference manual(s) and datasheets for the

STM32U5 series microcontroller devices, available on www.st.com.

It describes how to use the devices in the context of a safety-related system, specifying the user's responsibilities for installation

and operation in order to reach the targeted safety integrity level. It also pertains to the X-CUBE-STL software product.

It provides the essential information pertaining to the applicable functional safety standards, which allows system designers to

avoid going into unnecessary details.

The document is written in compliance with IEC 61508.

The safety analysis in this manual takes into account the device variation in terms of memory size, available peripherals, and

package.

STM32U5 series safety manual

UM2875

User manual

UM2875 - Rev 2 - October 2023

For further information contact your local STMicroelectronics sales office.

www.st.com

1 About this document

1.1 Purpose and scope

This document describes how to use Arm

Cortex

‑M33 -based STM32U5 series microcontroller unit (MCU)

devices (further also referred to as Device(s)) in the context of a safety‑related system, specifying the user's

responsibilities for installation and operation, in order to reach the desired safety integrity level.

It is useful to system designers willing to evaluate the safety of their solution embedding one or more Device(s).

For terms used, refer to the glossary at the end of the document.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

1.2 Normative references

This document is written in compliance with the IEC 61508 international norm for functional safety of electrical,

electronic and programmable electronic safety-related systems, version IEC 61508-1-7 © IEC:2010. The

compliance to other functional safety standards is considered in reference document [3].

The following table maps the document content with respect to the IEC 61508-2 Annex D requirements.

Table 1. Document sections versus IEC 61508-2 Annex D safety requirements

Safety

requirement

Section number

D2.1 a) Section 3 Reference safety architecture

D2.1 b) Section 3.2 Compliant item

D2.1 c) Section 3.2 Compliant item

D2.2 a)

General information are provided in Section 4.1 Random hardware failure safety results.

Detailed information on failure modes and related failure rates are included in other reference documents

[1], [2] referred in Section 1.3 Reference documents.

D2.2 b)

D2.2 c)

D2.2 d)

D2.2 e)

D2.2 f)

Useful information for DTI of each safety mechanisms are provided in related specification tables (filed

“Periodicity”) of Section 3.6 Hardware and software diagnostics. General guidance on DTI is included in

Section 3.3.1 Safety requirement assumptions.

D2.2 g)

Because of the software-based nature of Device safety concept, the outputs of the Compliant Item

triggered by internal diagnostics are decided at application software level, and so they cannot be

described in this manual.

D2.2 h) Periodic proof test is excluded by specific ASR3.1 in Section 3.3.1 Safety requirement assumptions

D2.2 i) Section 3.7 Conditions of use

D2.2 j) Section 3.2.3 Reference safety architectures - 1oo1, Section 3.2.4 Reference safety architectures - 1oo2

D2.2 k) Section 3.2.2 Safety functions performed by Compliant item

1.3 Reference documents

[1] AN5xxx: Results of FMEA on STM32U5 Series microcontrollers.

[2] AN5xxx: FMEDA snapshots for STM32U5 Series microcontrollers.

[3] AN5689: Adapting the X-CUBE-STL functional safety package for STM32 (IEC 61508 compliant) to other safety

standards

[4] AN5936 X-CUBE-STL: advanced topics

UM2875

About this document

UM2875 - Rev 2

page 2/128