2019-05-02 09:03 AM
We use a STM32F0 in an application with increased safety requirements. The power supply is secured by a simple fuse and we have to assure that the STM32F0 is in reset state when the fuse is blown (EN60335).
Since we have a second power supply in the system, the STM32F0 might be supplied by energy passing the protection diodes of the GPIOs, if these GPIOs are connected to devices supplied by the second power supply. The STM32F0 might work even if the fuse is blown in these cases.
Ok, we could place resistors in every signal connected to the STM32F0, limiting the current. But is there a simpler solution? As far as I see the device does not have a brownout detection...?
2019-05-03 02:17 AM
ATTINY414 would be a good start. And it hardly sounds like the OP is pushing the performance envelope in any case. But it does have all the things the OP is asking for.
2019-05-03 02:24 AM
Working with safety-related SW, I am pretty sure "FT" in ST's datasheets means NOT "fault tolerant".
And no STM32 GPIO tolerates 5V in analog mode.
To contribute to the MCU wars, there are some vendors that have Cortex M working with 5V VDD. Like Spansion/Cypress devices.
2019-05-03 03:01 AM
The simplest way to force the chip in reset is to keep power on the chip, and use a voltage monitor on the fused line to pull reset low.
There is no way from inside to the chip to prevent it being powered from it's diodes. Even the POR won't work reliably, since power is unpredictable.
This should have been mitigated in circuit design stage already. Either with resistors or gates.
As bugfix you could load the outside Vdd net so the voltage drop over the diodes is to high for the chip to turn on. This probably goes over current spec.
2019-05-07 03:11 AM
Thank you all for the helpful hints!
I agree now that we need to add some external components to ensure that the STM32F0 is in reset state when the fuse is blown.