FSD220: Hardware Schematic Review

Overview

See reference document ISO9000

Motivations

Motivation: Input voltage range MOTIVATION_220_001

status: PASS tags: fsd220, hw Source: DREQ_114A, DREQ_16C, DREQ_114C

(Page 8) The voltage divider for both CPUs divide the voltage to acceptable range for the ADC. Different divider ratios are used for the two CPUs to detect short circuits between them. CPU1: 3240/(3240+64900) = 0.0475 -> Theoretical max ~69V. CPU2: 510/(510+16000) = 0.030 -> Theoretical max ~106V.

Motivation: 14 SIO MOTIVATION_220_002

status: PASS tags: fsd220, hw Source: DREQ_114E, DREQ_115F

(Page 4) 14 SIOs (2 per nested sheet).

Motivation: Analog muxes MOTIVATION_220_003

status: PASS tags: fsd220, hw Source: DREQ_14A

(Page 4) all SIOs are connected to analog muxes (74HC4051) to both CPUs.

Motivation: Output control MOTIVATION_220_004

status: PASS tags: fsd220, hw Source: DREQ_115A

(Page 8) When controlling an output high, CPU1 changes the divider to be able to distinguish between an internal short circuit and an external short circuit.

Motivation: Redundant output transistors MOTIVATION_220_005

status: PASS tags: fsd220, hw Source: DREQ_115B

SIO power is controlled by CPU2 via the main transistor, and CPU1 via the individual transistor for each SIO.

Motivation: Transistor output control MOTIVATION_220_006

status: PASS tags: fsd220, hw Source: DREQ_115C

(Page 8) both CPUs measure the voltage on the outputs via the resistor dividers. CPU1 AD value gets changed when the output is controlled high.

Motivation: No external interface MOTIVATION_220_007

status: PASS tags: fsd220, hw Source: DREQ_15A, SWSREQ_019B

At the hardware level, outputs can only be directly controlled by the CPUs.

Motivation: Redundant relays MOTIVATION_220_008

status: PASS tags: fsd220, hw Source: DREQ_12A, DREQ_01E

Page 7.

Motivation: Relays in parallel/series MOTIVATION_220_009

status: PASS tags: fsd220, hw Source: DREQ_127A

(Page 1, J5) relays can be connected in series or parallel by connecting points 1A, 2A, 3A, 4A, and 16A, 15A, 14A, 13A according to the application requirements.

Motivation: Redundant CPUs MOTIVATION_220_010

status: PASS tags: fsd220, hw Source: DREQ_201A

(Page 2+3) CPU1 and CPU2 can read the ADC values from all SIOs. CPU1 controls the outputs and CPU2 monitors the outputs.

Motivation: crystal MOTIVATION_220_011

status: PASS tags: fsd220, hw Source: DREQ_27A

(Page 3) Crystal is 12MHz 50ppm.

Motivation: Memory card MOTIVATION_220_012

status: PASS tags: fsd220, hw Source: DREQ_10B

(Page 3) Memory card connector with half-duplex UART to CPU1.

Motivation: C2C duplex channel MOTIVATION_220_013

status: PASS tags: fsd220, hw Source: DREQ_C2C_1

(Page 2+3) C2C communication is done via a dedicated duplex channel between the CPUs. One 100 ohm resistor is used between the CPUs to handle short circuits in case a gpio is open drain.

Motivation: C2C white channel MOTIVATION_220_014

status: PASS tags: fsd220, hw Source: DREQ_C2C_2

Communication occurs directly on the PCB between the two safety CPUs. There is no way to access the C2C channel from the outside. Both CPUs send a packet every 1ms, and require timeliness within 62.5us for valid packet reception. The packets are specific size and are asymmetrical to guarantee that one CPU does not receive its own packet. A 32bit CRC and other checksums and magic values are used to ensure that the packets are valid. Some implicit data is used (firmware version, configuration, ID), which is synchronized and verified by both CPUs at startup.