GR712RC Boot SW

GR712RC Boot SW is a flight system software suite targeting GR712RC systems. The purpose of GR712RC Boot SW is to provide initialization, maintenance and application loading functionality to a payload or on-board computer. GR712RC Boot SW is an implementation of the ESA Requirements document Flight Computer Initialisation Sequence (TEC-SWS/10-373). The software is developed in accordance with European Space Agency software engineering standards ECSS-E-ST-40C and ECSS-Q-ST-80C, tailored software criticality category B, reviewed by ESA and third party (ISV&V).

GR712RC Boot SW is divided into thee main parts; Boot, Standby and Application loader. The Boot includes CPU initialization and self-tests. The Standby implements in-flight SW maintenance functions by means of PUS TM/TC over SpaceWire. This allows for example patching of application images in non-volatile memory. The application loader selects one out of two application images to load, verify and start with optional one of the images as fall back.

Features

  • Implements the ESA "Computer Initialisation Sequence" (TEC-SWS/10-373).
  • Developed in accordance with ESA software engineering standards ECSS-E-ST-40C and ECSS-Q-ST-80C, tailored software criticality category B.
  • DPU initialization: CPU, FPU, caches, peripheral functions, etc..
  • System self-tests: CPU, caches, external memory, etc..
  • Self-test results are recorded in a Boot report, available to loaded application and over SpaceWire.
  • Standby mode implements a PUS terminal operating on redundant SpaceWire links.
  • PUS services for managing on-board memory and to perform system specific operations and start applications.
  • SpaceWire Time Distribution Protocol for on-board time
  • Application loader is started when Standby Mode terminates (commanded or timeout).
  • Application images are stored in MRAM using a ELF-like format with support for in-flight patching.
  • Application images are CRC checked before execution, with failover on failure.
  • Multi-processor boot
  • Independent of application operating system (RTEMS, VxWorks, bare metal, ...)

GR712RC Boot SW also includes a library of drivers, also tailored criticality category B, for a selection of GR712RC peripherals for use in user applications. This includes zero-copy SpaceWire driver, SPI, UART and more.

Target hardware

GR712RC Boot SW was originally designed to operate on several of the ESA JUICE satellite payloads having different configurations but all based on the GR712RC, see following hardware configuration. The Boot SW has been designed to be reused on different GR712RC systems but adaptations can be made to to a specific board.

  • GR712RC Dual-Core LEON3FT Processor
  • 8-bit PROM as Boot Memory on GR712RC PROM bank
  • UT8MR8M8 or UT8MR2M8 MRAM as Application Storage Memory on GR712RC PROM bank
  • SRAM or SDRAM as main memory GR712RC Boot SW can be evaluated using the GR712RC Development Board.

Adoption

GR712RC Boot SW is used in 8 scientific instruments in the ESA JUICE satellite.

Test and validation

  • Unit tests executing on target hardware and in the TSIM2 LEON simulator.
  • Code coverage captured using TSIM2
  • Validation test suite executes on GR712RC. PC drives testing with PUS commanding and checking over SpaceWire.

Validation test setup

Figure: GR712RC Boot SW validation test setup

Availability

A software license for the GR712RC Boot SW can be acquired from us. It includes the software in source code, unit tests, validation tests, detailed documentation on requirements, specifications and implementation.

Contact sales@gaisler.com for more information about the GR712RC Boot SW product and licensing. The Standby component can be licensed separately.