

# Flight Computer Initialisation Sequence GenericSpecification(Overview of the modifications)

Version number: *issue 2, revision 1* 

David Perillo, ESA/ESTEC

ESA-ADCSS2021 | November 2021 | Slide 1

ESA UNCLASSIFIED - For ESA Official Use Only

#### 

# Objective



## To update the Flight Computer Initialisation Sequence Generic Specification to

cover multicore architectures.

| SAVOIR.BOOTSW.BIN.242                                         |                                                                                                                                                                                                                            |  |  |  |  |
|---------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|
| Initialisation by a Single Core                               |                                                                                                                                                                                                                            |  |  |  |  |
| In case of multi-core proces sequence.                        | ssors, only one core must be responsible for the initialisation                                                                                                                                                            |  |  |  |  |
| OptionInfo:                                                   | OBC; PLM                                                                                                                                                                                                                   |  |  |  |  |
| Requirement Rationale:                                        | Ensuring a deterministic and easy to test behaviour. In<br>case other cores would be active and executing SW or<br>interacting with HW in other way, it could be difficult to<br>demonstrate this deterministic behaviour. |  |  |  |  |
| Verification Method:                                          | T                                                                                                                                                                                                                          |  |  |  |  |
| SAVOIR.BOOTSW.BIN.245                                         |                                                                                                                                                                                                                            |  |  |  |  |
| Secondary core(s) states                                      |                                                                                                                                                                                                                            |  |  |  |  |
| In case of multi-core proces<br>all time during the boot soft | ssors, secondary core(s) shall be disabled (i.e. powered-down)<br>tware execution.                                                                                                                                         |  |  |  |  |

| <u>OptionInfo</u> :    | OBC; PLM                                                                                                                                                                                        |
|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Requirement Rationale: | Only one core must be responsible for the initialisation sequence.                                                                                                                              |
| Note:                  | initialisation of the secondary core(s) is performed by the<br>ASW after it is started on the primary core. This<br>requirement is applicable only if such feature is available<br>in the Chip. |
| Verification Method:   | T                                                                                                                                                                                               |

Work Logic





# Iterations to reach out all stakeholders

- 1. Internal to TEC-SWF
- 2. Extended to other TEC

sections:

- TEC-EDD
- TEC-SWT
- TEC-QQS

• SAG

# Changes triggered by reviewers

esa

- FPGAs in the initialisation chain (observations)
- Autonomous hosted payloads (observations)
- To standardize document styles
- To include interface requirements (PUS-C services)
- To improve descriptions of **BITE and self-test**
- Inconsistencies, definitions, ...

|                                                     | total | accepted | rejected |
|-----------------------------------------------------|-------|----------|----------|
| SECONDARY COREs                                     | 7     | 6        | 1        |
| GENERAL ( figures, inconsistencies, definitions)    | 15    | 10       | 5        |
| I/F Reqs (PUS)                                      | 8     | 7        | 1        |
| OTHER (future arch., bite,<br>referenced documents) | 6     | 0        | 1        |
| Totals                                              |       | 23       | 8        |
|                                                     | 36    | 64%      | 22%      |



When FPGAs are used to initialise the OBC (e.g. it includes the management of interfaces), they are expected to be configured either:

- prior the initialisation of the main processing core (e.g. by loading predefined configuration).
- Otherwise, by the ASW.



# Standardizing document styles



each requirement section has its own style

(this somehow simplifies the import procedure of the spec. to IBM Doors)

|                                                       |             |                                                 | eesa                                                                                                                                  |
|-------------------------------------------------------|-------------|-------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
| Styles                                                | ×           | SAVOIR.BOOTSW.BEF 10<br>Boot software execution |                                                                                                                                       |
| ReqHardwareAssumption<br>ReqNote                      | $\sqrt{2}$  | The Boot SW shall be execu<br>watchdog reset).  | ted on processor reset (power-on reset, SW reset, error reset,                                                                        |
| ReqNote + Not Italic<br>ReqOptionInfo<br>ReqParameter |             | Note:                                           | the handling of cold or warm restart conditions depend on<br>project-specific requirements and are not described in this<br>document. |
| RegRationale                                          |             | OptionInfo:                                     | OBC; PLM                                                                                                                              |
| RegReference                                          |             | Hardware Assumption:                            | Boot memory                                                                                                                           |
| ReqText                                               |             | Parameter:                                      | ColdWarm                                                                                                                              |
| ReqTitle                                              |             | Rationale:                                      | the requirement constrains Boot SW entry point and its                                                                                |
| ReqVerification                                       | $\langle  $ |                                                 | allocation in memory (i.e. start from address 0x0000000, no other SW executed before).                                                |
|                                                       |             | <ul> <li>Verification Method:</li> </ul>        | D; T                                                                                                                                  |

# *emerging HW assumption:* Autonomous hosted payloads



observation: hosted payloads might be independent from OBC to exchange TCs with Ground. In this case, the Standby scenario of the Payload Computer is treated similarly to the one of the OBC.



#### → THE EUROPEAN SPACE AGENCY

# **General observations**



- 1. missing definitions of <Parameter> and <Hardware Assumption>
- 2. inconsistent requirement's rewording
- 3. detailing Fast Boot initialisation sequence

## SAVOIR.BOOTSW.BEF.22

### **Fast Boot Path sequence**

When Fast Boot Path is selected, the Boot SW Fast Sequence shall execute a subset of the step of the nominal sequence.

Note:

The selected subset of nominal sequence's step is defined following mission constraints.



### Service ST[01] - Request verification

acceptance and reporting subservice execution reporting subservice

Service ST[03] - Housekeeping

housekeeping reporting subservice

#### Service ST[05] - Event reporting

event reporting subservice

Service ST[06] - Memory management

raw data memory management check raw memory data

#### Service ST[17] - Test

test subservice

Service ST[20] - Parameter management

parameter management subservice

set parameter values

# **PUS-C ST[17] Test subservice**





| system | interface | message type |                                          |                   |
|--------|-----------|--------------|------------------------------------------|-------------------|
| 6.17.3 | 8.17.2.1  | TC[17,1]     | perform an are-you-alive connection test | minimum           |
| 6.17.3 | 8.17.2.2  | TM[17,2]     | are-you-alive connection test report     | TC[17,1] response |

10

## Conclusions



Discussed the main changes of the:

SAVOIR Flight Computer Initialisation Sequence Generic Specification

addressing multi-core and emerging hardware architectures

Several comments received and addressed (i.e. to formalise the PUS-C subservices expected by a Boot SW).

For existing Boot SW based on PUS-A, it is advisable to report on any deviation to PUS-C requirements.



# Thank you for listening! Questions?

💳 🔜 📲 🚍 💳 🛶 📲 🔚 🔚 🔚 🔚 🔚 🚍 👬 🚍 🛶 🔯 🍉 📲 💥 🖬 🖬 📾 🍁 🔹 🗰 🔶