A microcontroller system includes a processing unit, a first peripheral having a first set of registers, and an assurance module. The first peripheral is configured to receive a first reset signal that resets the first set of registers to a first actual reset value, which is expected to be a first expected value. The assurance module is configured to calculate a first signature value, which is based on the first actual reset value, in response to the first reset signal. The processing unit is configured to perform a first comparison between the calculated first signature value and a pre-determined first signature value to determine whether the microcontroller system is in a trusted safety state. The first comparison is performed in response to the first reset signal, and the pre-determined first signature value is based on the first expected value.