Power Tips #146: Design functional safety power supplies with reduced complexity

Many industrial applications in the automotive, automation, appliance, or medical sectors require power supplies that comply with functional safety standards. If the input voltage of such a power supply is not within its specification, the system to which it is supplying power is potentially operating in an unsafe state. Monitoring input and output voltages for faults such as undervoltage, overvoltage, and overtemperature may require resetting and transitioning the system to a safe state.

Defining the protections needed to comply with functional safety standards depends on the safety level, which the design engineer must determine in cooperation with a safety inspection agency such as Technischer Überwachungsverein. The engineer must also work on a time-consuming risk assessment of failures that address both safe and dangerous failures as well as random and systematic failures.

Functional safety in power supplies

Safety standards such as IEC 61508 or ISO 13849A specify the maximum allowable probability of dangerous failures per hour.

The requirements for a safe power supply as specified in IEC 61508, which covers functional safety in industrial manufacturing, include overvoltage protection with safety shutoff, secondary-side voltage control with safety shutoff, and power-down with safety shutoff. These protections require significant additional external circuitry around the switched-mode power supply (SMPS).

A safe power supply must also fulfill random hardware fault requirements. Using an integrated PG pin as the safety mechanism to monitor failures can be insufficient, because this pin is typically not independent; it shares the same internal band gap with all safety and monitoring features. A drifting band gap will cause the PG pin to fail. This is known as a common-cause failure, which does not meet functional safety requirements.

As shown in Figure 1, detecting any fault will also require additional supply-voltage supervisors as well as a switch connected in series to the input; alternatively, the switch could connect to the output. This switch disconnects the system from the source or load in case of a failure. Redundant supply-voltage supervisors monitor the input and output voltages. Typically, an industrial power supply is limited to less than a 60-V_DC input, even in the event of a fault, requiring an additional circuit with transient voltage suppression and a fuse, because not all devices are specified to 60 V.

Figure 1 An industrial safe power supply example block diagram. Source: Texas Instruments

The switch at the input, which is under the control of the monitor, can remove power in case of a failure. The input and output voltage are monitored continuously. As I mentioned earlier, to comply with functional safety standards, all parts must operate within a specified operating voltage. That is not an easy task, given the requirement to detect undervoltage and overvoltage events immediately.

Buck converter

Using a functional-safety-compliant buck converter with integrated safety features can greatly reduce the amount of external circuitry, as shown in Figure 2. An integrated redundant circuit, which replaces the external voltage supervisor, has a startup diagnostic check and can detect the failure of a FET. This implementation reduces the overall cost of designing a safe power supply.

Figure 2 Integrated functional safety features replace an external voltage supervisor, reducing circuit complexity. Source: Texas Instruments

The nFAULT pin in the converter is used for overvoltage protection and as a failure flag. Triggering the nFAULT pin disables a safety switch, which in this case is an ideal diode controller connected to the input. The Temp pin communicates the temperature to a microprocessor and forces a shutdown if the temperature is too high. The VSNS pin has feedback path failure detection, and there is another feedback divider for redundancy. During startup, the LM68645-Q1 buck converter checks the configuration on the RT, FB, and VSNS pins.

Figure 3 shows a block diagram of a universal board (configurable to meet different safety standards)—with an input voltage range of 19.2 V to 28.8 V and a maximum 60 V—for a safe power supply.

A synchronous buck converter generates a 5-V output with a maximum current of 3 A. Beside the buck converter is an ideal diode with back-to-back MOSFETs connected to the input. An ideal diode connects to the output. The nFAULT pin can control both switches. Two additional supervisors for redundant voltage monitoring on the input and output can disable both switches as well. The ideal diode controller has power-path control and overvoltage protection. The voltage supervisors also provide built-in self-test and overvoltage and undervoltage protection.

Figure 3 The TI Industrial 24 V to 5 V safe power supply reference design, where a number of redundant options on the board make it possible to comply with different functional safety standards. Source: Texas Instruments

A buck converter designed to help meet functional safety standards reduces the amount of necessary functional safety documentation, system cost, and time to market. Because all of the devices in the 24 V to 5 V safe power supply reference design are specified for ≥ 60 V, an input transient voltage suppressor or fuse is not necessary.

Upgrading a safe power supply

Although upgrading a safe power supply to a higher standard requires significant effort, it is possible to design a power supply that meets functional safety requirements but also decreases time to market and system cost. Using a buck converter with integrated safety features helps achieve systematic and random hardware metrics and reduces the needed external circuitry.

Florian Mueller is a systems engineer and Member Group Technical Staff in TI’s Power Supply Design Services group. He has a master’s degree in electrical engineering from the Technical University of Haag, Germany. Florian’s main focus lies on industrial high-voltage designs for different end equipment.

Related Content