Aug 10, 2001
App Note 101: Using the Secure Microcontroller
The Secure Microcontroller Family (DS5000FP, DS5001FP, DS5002FP, and
associated modules) integrate an internal watchdog timer to prevent code
execution errors. The watchdog timer uses the high precision crystal oscillator that
is also used by the microcontroller. This eliminates the need for a RC oscillator
while providing greater accuracy.
Microcontrollers are often used in harsh environments where power supply transients, electromagnetic
interference (EMI), and electrostatic discharge (ESD) are abundant. Program corruption caused by bus
corruption and electromagnetic discharges can cause a microprocessor to execute erroneous
instructions. In these environments, a watchdog timer is a useful peripheral that can help catch and
reset a microcontroller that has gone "out of control."
A watchdog timer is a simple countdown timer which is used to reset a microprocessor after a specific
interval of time. In a properly operating system, software will periodically "pet" or restart the watchdog
timer. After being restarted, the watchdog will begin timing another predetermined interval. When
software or the device is not functioning correctly, software will not restart the watchdog timer before it
times out. When the watchdog timer times out, it will cause a reset of the microcontroller. If the system
software has been designed correctly and there has been no hardware failure, the reset will cause the
system to operate properly again. The reset condition must be a "safe" state. For instance, it would not
be wise to have the reset state of a magnetic stripe card reader enabling the write head.
Many systems have been designed using an external watchdog timer. The Secure Microcontroller family
eliminates the need for external components by incorporating an internal watchdog timer. By moving the
watchdog timer inside the microcontroller, the number of devices in the system is reduced, increasing
the overall system reliability. The watchdog timer can take advantage of the high-precision crystal
oscillator used by the microcontroller, rather than the imprecise RC oscillator used by most independent
watchdog timers. The operation of the watchdog timer is independent of the microcontroller, unless
specifically addressed via the Timed Access procedure. The possibility of an out-of-control
microcontroller accidentally disabling the watchdog timer is less than 1 in 7.2 X 1016. This application
note describes the features and use of the Secure Microcontroller’s watchdog timer.
General Use of a Watchdog Timer
The primary application of a watchdog timer is as a system monitor to detect and reset an "out of
control" microprocessor. When program execution goes awry it will not properly execute the code that