Embedded Files
The following requirements relate to flight software and software integration. In this page, "should"s and "shall"s are not used in the context of requirements.
R-ARC-BUS-005 - System reliability of 80%
Software system needs to handle and mitigate system failures
R-ARC-BUS-011 - Concurrent testing of subsystems independent of whole assembly
Develop unit testing programs/routines to verify subsystem performance independently
R-ARC-BUS-013 - Comply with ISED radio communication requirements
R-ARC-BUS-015 - Collect telemetry for health monitoring
Develop a uniform telemetry standard to be implemented on all controller subsystems
R-ARC-BUS-021 - Transmit data to licensed ground stations
Similar to Iris, transmit data to the ground using radio frequencies
R-ARC-BUS-022 - Receive telecommands from licensed ground stations
Similar to Iris, receive data from the ground using radio frequencies
R-ARC-BUS-023: Autonomously enter appropriate power mode for off-nominal power conditions
Similar to Iris, shed load / change operations based on bus power.
Review power modes, possible changes compared to Iris
R-ARC-BUS-036: Decrimental power mode transitions autonomously
Related to R-ARC-BUS-023.
R-ARC-BUS-042: Communicate with the ground for commands and software updates in case of checkout failure
Add sequential checkout activities, compare with expected value.
R-ARC-BUS-047: Follow LEOP activities as per the ConOps or the nominal and off-nominal operations
R-ARC-BUS-055: Begin commissioning activities within TDB after detumbling from initial TBD hold
R-ARC-BUS-057: Communication during normal operations shall be automated
Developments to the ground station to automanously communicate with satellite while overhead
R-ARC-BUS-061: Maintain all components within their operational temperature limits in standard operating mode
Monitor temperature and control heaters via software
R-ARC-BUS-066: Bus should be single fault tolerant
Software will be able to recognize single faults and adapt using predefined contingencies
R-ARC-BUS-069: Autonomously and sustainable generate power
R-ARC-BUS-095: Receive software updates via ground commands
Similar to Iris, be able to upload new binary files to the satellite using radio frequencies.
Satellite will have a golden copy, programmed before integration, to fall back to in case of a bad upload
R-ARC-BUS-167: Dump all processed data to the ground station at every pass
Using autonomous communication via R-ARC-BUS-057, autonomously transmit data to ground.
Data format needs to be optimzied to reduce unnessecary data/power use
Data format needs to have error checking and handling to ensure correct data
R-ARC-BUS-175: Be capable of transmitting payload data to the ground station
Similar to R-ARC-BUS-167
R-ARC-BUS-178: Transmit health telemetry to ground every pass
Related to R-ARC-BUS-057 and R-ARC-BUS-167
R-ARC-BUS-179: Store health telemetry until ground transmission
Flight software design
Flight software design
Design 001 - Command limit validation
Design 001 - Command limit validation
All commands received from ground are checked against read-only limits stored in the program memory. This prevents accidental ground commands from exceeding the spacecraft's limits.
Design 002 - Checkout activities and LEOP scheduler
Design 002 - Checkout activities and LEOP scheduler
Tasks are added to the time-tagged task queue upon first boot.
As the checkout activities and LEOP plan are further defined, it is easy to add additional activities to this queue.
Design 003 - Software protections and recovery
Design 003 - Software protections and recovery
Software watchdog timer
Each operating system routine has an independent software watchdog that will reboot the routine if it hangs.
Hardware watchdog timer
The CDH and power control units have hardware watchdogs that will reset the processor if the processor hangs.
Data integrity
LittleFS provides data error checking and management of bad sectors in the data flash, as well as providing redundant data storage for flight-critical data.
LibCSP network stack provides packetization and data integrity validation of packets transmitted between CDH, power, and ADCS processors.
The EnduroSat radio transceiver provides error checking and recovery for transmitted data from ground.
Design 004 - Remote update design and procedure
Design 004 - Remote update design and procedure
The flight software remote update routine executes as follows:
Flight software stores two images in the program memory. One image is uploaded prior to integration, and is known as the "golden image". This golden image is read-only, and cannot be overwritten from the ground station. The second image is uploaded from the ground station for remote updates. The bootloader is configured to boot into the upgrade image, and fall back to the golden image if any hard-faults or errors are trapped in the update image. Also, the bus will fall back to the golden image after a pre-defined length with no received commands from the ground.
Page updated
Google Sites
Report abuse