/
RZ/T2M Functional Safety (FuSa)

RZ/T2M Functional Safety (FuSa)

This page is not meant to describe all the details of FuSa but a brief and short introduction and guide to get user install and setup necessary items and get running as soon as possible.

 

What is FuSa?

Functional Safety system provides the necessary functionalities to safely stop motor operations and comply with strict SIL3 requirements. By applying already certified RZ/T2M and SIL3 libraries, users can save development resources and reduce certification time.

 

Why FuSa?

Below are short 5 second Videos to show some applications:

Complex Robotics:

Renesas RZ-T2M Quadruped Safety Demo.mp4

Critical Industrial Workplace:

RZ FuSa Video 01.mp4

 

Real world usage of E-button (red box) in industrial plant.

image-20260410-175519.png

 

Renesas FuSa system:

Renesas RZ/T2M FuSa Startup System with E-button: Code has been added to original firmware to use E-button using PMOD connected to RZ/T2L-B.

Video:

RZFuSaEButton.mp4

 

Hardware setup:

Below is more detailed hardware setup for our FuSa demo:

Hardware Setup

. Hardware and connectors need to be modified and cannot be used as is.

. Extra hardware is needed.

.. EtherCATCoupler: EK1100

.. EtherCATTerminal communication interface,

.. TwinSAFELogic:EL6900

.. Bus end cover for E-bus contacts:EL9011

 

Functional Safety operations available:

  1. Safe Torque Off (STO) is the foundational functional safety mechanism in drives and servo motors. It reliably disables the motor's power stage, preventing it from generating torque or restarting unexpectedly. When triggered, the motor "coasts" to a stop via natural inertia and friction.

  2. Safe Stop 1 (SS1): The drive performs a controlled, mechanically-braked stop before triggering STO to remove torque. SS1 provides the speed-reduction benefits of an active stop while ensuring that power is safely blocked at standstill.

 

Software setup:

Below is detailed software setup for client laptop with Windows OS.

. TwinCat: This TwinCAT3 (Ver 3.1.4026) will act as master in the network. In our case, this would be PLC that we could configure in EtherCAT network. Previous versions, we were able to download the software and run it but software TwinCat3 update version is not available as standalone program any longer.

 

Please note that Build 4026 can only be installed on existing Build 4024 systems by performing a migration. A guided migration is available via the TwinCAT Package Manager. If desired, engineering versions < Build 4026 can then be installed as Remote Manager (as before). Further information on migrating to Build 4026 can be found in the Information System.

https://www.beckhoff.com/en-us/support/download-finder/search-result/?download_group=97028248&download_item=650023470

 

So we would need to install TwinCAT Package Manager (TwinCAT 3.1 Build 4026) FULL (UI + Command line) 2.0.43.0 here: https://www.beckhoff.com/en-en/support/download-finder/search-result/?download_group=725136885

 

.. TwinCat needs to be setup as follows:

.. TwinCat solution setup file:

 

Below is the completed setup:

image-20260526-201200.png

 

If you have items missing then re-run the package manager and install the necessary items and simulate.

 

The provided FuSa system should have the necessary firmware and setup already prepared but if not, below is SSC setup you need. For details, refer to TwinCat setup pdf file above.

. SSC (Slave Stack Code) : This Slave Stack Code Tool (Ver 5.13) will implement the necessary protocols for our part RZ/T2M and RZ/T2L to act as EtherCAT slave device. Tool can be downloaded here with registered account: https://www.ethercat.org/en/downloads/downloads_01DCC32A10294F2EA866F7E46FB0285F.htm

.. Batch file: Script batch file is run once to compare and revise SSC related files.

.. SSC config esp file:

… ESI file:

 

. RZ/T2L Binary files (Optional): These files are needed if E-button is used.

Below are binary files of RZ/T2L-A and RZ/T2L-B Firmware with E-Button

Source code (IAR EWARM FS): System is partitioned to RZ/T2M and two RZ/T2L. Each RZ/T2L is separated to A and B. They have different peripherals connected and E-Button is added to PMOD which is RZ/T2L-B. But because functional safety needs to have same resources allocated to both A and B, both main and sub compiled with firmware and binaries are uploaded here. Commented with CL for changes.

RZ/T2L:

 

 

 

FuSa item from field with Jira system below.

MPU-4240: onefieldjira.renesas.com/browse/MPU-4240

 

Known issues: Following the manual and guide have shown information and steps missing that led to users confusion. Below are known issues.

  1. Users have found that single safety test passes but the whole system safety test fails.

    1. Solution:

  2. Users are not able to start FuSa system at the end of the procedure.

    1. Solution: System needs to be reset to sync with etherCAT process. To do this, click on the two buttons shown below.

    2. (Add photos here)