(no title)
sillywalk | 6 days ago
"..the critical FPGA which is always on for the duration of the mission, the radiation tolerant ProASIC3 is chosen with the military temperature grade (-55 C to 125 C) and -1 speed grade to mitigate the degradation in the propagation delay caused by the total dose radiation. The single-event upset (SEU) is mitigated with triple module redundancy (TMR) in the FPGA design.
...
The FPGA device is a military-grade version of MicroSemi’s ProASIC3L, which uses the same silicon as the radiation-tolerant device from the same family."[0]
The specs from [1] say there is also a specific radiation-tolerant variant.
So it looks like the CPUs themselves have dual lock-stepped cores, and the CPU checks for errors each cycle. If there's an error it flags the FPGA, which switches to the other CPU.
[0] https://rotorcraft.arc.nasa.gov/Publications/files/Balaram_A...
[1] https://ww1.microchip.com/downloads/aemDocuments/documents/F...
adrian_b|5 days ago
The high-level control and data processing is done by a now very old smartphone Snapdragon 801 CPU, which has no redundancy and it runs Linux. That CPU uses 4 custom 32-bit Qualcomm Krait cores, which were extremely fast in comparison with the radiation-hardened CPUs available at that time, but which are very slow in comparison with the current automotive CPUs or smartphone CPUs.
Nowadays there are automotive redundant CPUs, using high-performance automotive-enhanced ARM cores like Cortex-A78AE or Neoverse V3AE, which are far more suitable for a space mission than a smartphone CPU.
Because Snapdragon does not have the right hardware, approximate redundancy is achieved by software, i.e. by running multiple times each algorithm and comparing the results, and also by periodic self tests.
This is better than nothing, but a hardware-redundant CPU would have provided much better performance.