Document number
205065
Version
Rev. N
Issue date
2019-02-04
Sirius OBC and TCM User Manual
Page
12
of
174
FPGA
FPU
OpenRISC
1200FT
I/D Cache
I2C
UART
GPIO
CCSDS
Memory
controller
System
flash
controller
Flash
controller
SpaceWire
DMA
Control
Watchdog
Debug
Unit
SCET
Error
manager
2x 64MB
SDRAM
2 GB System
Flash
R
ad
io
In
te
rf
ac
es
R
S4
2
2
/L
V
D
S
R
S4
2
2
/R
S4
8
5
JT
A
G
/D
EB
U
G
Pulse CMD
UMBI/EGSE
ETHERNET
GPIO
ADC
(Housekeeping)
Ethernet
10/100
ADC
controller
OBC / TCM
NVRAM
Analog inputs
NVRAM
TCM
TCM/OBC
Future option
16 GB Flash
OBC
PPS
Figure 2-1 - The Sirius OBC / Sirius TCM SoC Overview
2.2. Fault tolerant design
The Sirius OBC and Sirius TCM are both fault tolerant by design to withstand the
environmental loads that the modules are subjected to when used in space applications.
The following error mitigation techniques are used.
•
Continuous EDAC scrubbing of SDRAM data with at least 1 bit error correction and
2 bit error detection for each 16-bit word. Non-correctable errors cause a processor
interrupt to allow the software to handle the error differently depending on in which
section of the memory it appeared, unless the error appear in the execution path
(see below).
•
EDAC checking of instructions before execution and on data used in the instruction
(at least 1 bit error correction and 2 bit error detection as described in the previous
point). Non-correctable errors cause automatic reboot.
•
Parity checking of Instruction and Data caches when they are enabled. Errors
cause a processor interrupt with a cache reload as the default error handling.
•
Parity checking of peripheral FIFOs. Errors cause processor interrupt.
•
EDAC checking on system flash with double bit error correction and extended bit
error detection in combination with interleaving that corrects bursts with up to 16
bits in error.
•
Triple Modular Redundancy (TMR) on all FPGA flip-flops