BackupPower - only for developers
The name of the page is misleading, it should be data-integrity, consistent-write or something... Controlled power supply is only one solution.
About the Issue
If the power is removed when the ECU writes to internal EEPROM, the data can be corrupted.
This is not currently a problem since we only write to EEPROM when the laptop is connected:
- configuration change (mcs command)
- learnt values currently saved from menu only
Possible HW solution
- atomic commit : write the block of data to a secondary location and switch from first block to 2nd as the last step (writing the last byte of the flagword). Note that this does NOT require to double-store everything at the same time, only the size of the biggest block at a time (practically 256 bytes) is wasted. Perfect, software-only solution for all config data.
Possible SW solutions
- take care of bytes only : check supply before writing EEPROM. To make sure the given byte can be stored, we require about 30mA * 10msec / 2V = 150uF, not too bad. This is a primitive version of the above. There are more HW oriented solutions, read below.
- backup cap make it much more than 150uF so it's longer than 10msec. The benefit is that learnt data can be saved just at the last moment (preventing unnecessary writes, which is EEPROM-wear)
- backup Li Ion battery : service life = 10 years. Requires serious compromises for the board design.
- controlled supply : the ECU keeps itself powered via a switch for some time after the mains switched off.
- if the switch is a relay, it must NOT be the only supply of the ECU (just OR-ed with the mains), as such a relay would introduce about 10x more reliability problem than it would solve
- if the switch is Si, it drops some voltage, so (different reason though) the same applies as for the relay
- independent always powered board log to another computer via the network, TakeCareBoard that is always powered. At powerup the helper can be asked if there are any updates (that we started to save but yet to be finished)
more on the hardware solutions
Most of the time we only need 0.1 seconds of backup power, but if we want to update 1024 bytes of tables from SRAM to EEPROM on shutdown the worst case scenario is 9 seconds!
But this number is meaningless:
- in case of an emergency shutdown, learnt values can be lost anyway
- important data is written immediately (config and reference tables) anyway
Also, this assumes that 25% of AVR SRAM is used for such late-write (learnt) data (512 bytes of learnt data is probably more realistic. Many ECM's run on only 180 bytes of data altogether, 0 bytes of which is learnt).
ways to solve this:
A backup capacitor is a good way. In that case we only need to add the capacitor to +12v (the supply signal) and read the voltage on the +13.8v signal to know when to stop writing. We can also fit a supercap or similar capacitor to the VCC supply. We need to minimize power draw from these lines very quickly after the power is lost. The supercap capacitors is limited to 10mA current draw, a 1A version is also available but that is three to four times more expensive for the same capacitance (1F). If a +12v capacitor is used we need to limit draw since it is much lower capacitance then the supercap. If we could limit current draw to 10mA during the write we have 50seconds of backup power on a 1F supercap. Temp range can be a problem with the capacitor solution, the supercap is -25 to 70C. The capacitor solution will also protect against intermittent power connection and low battery while cranking.
An other way it to use a constant power line, this works well unless someone disconnect the battery at the wrong time. This is common on race cars where an external battery disconnect is specified in the rules, some people use this as a kill switch.
Supply links