If the ignition unit dies, the car will just turn off. I did add the power supply hardening, am using automotive rated components, and I'm actually able to ignore one of the three engine speed/TDC sensors in the car upon failure and still run, but other than that no redundancy. The original boxes do not have any redundancy either, so I'm still providing a "like OEM" solution.
I know at least one Ford ECU (1996 Ford Escort ZETEC) which has a limp-mode backup controller if the main ECU processor dies, so no, at least some ECUs have redundancies inside.
I definitely gave hardening and redundancy some thought when designing. Just because the originals didn't have it doesn't mean it wouldn't be a nice thing to add. So I think it's a fair question to ask. But I decided it was mostly impractical for my design goals and price point.
My experience with cars is not very deep but I did hear a lot about redundancy, isolated systems, real time requirements and automotive grade components.
Also I would say that controlling the ignition is very critical to a car.
technothrasher|2 years ago
bayindirh|2 years ago
Zemtomo|2 years ago
I'm in Munich close to Bmw etc and whenever I did something with automotive it would say 'automotive grade components '.
I would not have assumed this would just work.
Is this also connected to can? Or is this only for old cars? So what inputs does it use?
Gordonjcp|2 years ago
The original system hasn't got any.
technothrasher|2 years ago
Zemtomo|2 years ago
Also I would say that controlling the ignition is very critical to a car.