Emergency Triad

Three subsystems are critical to the mission, in that their individual failures would cause the other subsystems to become useless; they are COMS, OBDH and PSU. Therefore, we plan to allow these three systems to cycle each others power. This will resolve control issues caused by random events, because we will know through testing that the subsystems do function on intitial power up.

  • OBDH will send a reset signal to PSU during recovery interrupt if it detects a power anomaly
  • PSU will cycle the power of COMS if it does not detect a certain background level of radiation for a certain amount of time
  • COMS will reset OBDH on receiving a signal to do so from the ground

This should ensure that the mission can always recover from control failures in these subsystems, except in the highly unlikely case of them all failing simltaneously.

COMS independent reset capability

We are currently considering giving COMS and independent power supply, and the capability to reset the OBDH board on its own.

Firstly, this would require that the board's +5V power supply be provided by the PSU directly instead of via the OBDH board. We have confirmed with Pumpkin Inc. that it is quite possible to do this using the same pin, without harming the hardware. This would also have no bearing on operations, as there is no worthwhile mode of the satellite in which the COMS subsystem is turned off.

Secondly, it would require adding electronics to the COMS board to trigger a reset using pin H1.29 upon receiving a special signal. This processes would be controlled by a specially programmed PIC, distinct from the one already used on the COMS board. Whilst this adds an extra capability that will allow us to rescue the satellite from some failure modes, it will introduce a new failure mode where the PIC malfunctions in such a way as it constantly signals the board to reset, thus permanently disabling the OBDH subsystem.

Deciding whether this is a good idea will require a risk assessment.

