EIR-OPS-024: Boot Into OBC Image

Objective

To boot into a specific image.

Introduction

Using this procedure, the Operator will define the nextBootImage that the OBC will load on reboot.

Note

There are 3 images that the OBC can boot into at any one time. These are the failsafe image, the primary1 image and the primary2 image. For an image to be considered for boot, it must be marked as VALID. From the list of valid images, only the images marked as STABLE will be considered for boot. From the list of images that are valid and stable, the image booted will be the one with the HIGHEST PRIORITY.

Information on all 3 images is generally stored within the rows of a single parameter, where First row and Last row are used to access information on all images (First row = 0, Last row = 2) or just the image of interest (First row = Last row = 0, 1 or 2). The rows corresponding to each image are given in the table below.

Image

Parameter row/Image index

failsafe

0

primary1

1

primary2

2

Procedure

This procedure contains the following sub-procedures:

A. Set Up Next Boot Image
B. Boot into New Image
C. Verify Successful Booting into New Image

A. Set Up Next Boot Image

Important

You are about to send the first TC of this procedure - Have you completed the EIR-OPS-003: Start a Communication Pass procedure? A Communication Pass must be started prior to carrying out the operations planned for the pass. Don’t forget to open and set-up the parameters/actions that will be required before the pass starts!

A.1.

If the Operator intends to reboot into the image that is currently operating:
- Invoke the action platform.obc.OBC.markCurrentImageStable
- Then, skip to Step A.10.
Else proceed directly to Step A.2.

TC Details
MCS Operation	`Invoke`
Action/Param Name	`platform.obc.OBC.markCurrentImageStable`
Data Expected with TC	No
TM Details
Data Expected from TC	No ( + ACK )

A.2.

If the image the Operator intends to boot is failsafe, skip to Step A.7 (as the failsafe image is hardcoded as valid and stable).
Else, proceed to the next step.

A.3.

To verify that the image you intend to load on next boot is marked as valid, Get the platform.obc.OBC.imageValid parameter, specifying the appropriate First row and Last row parameters.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.imageValid`
Data Expected with TC	Yes
Data Size	Boolean
Data Info	`First Row = Last Row =` Number of image
Allowed Value(s)	0-2, 0-2
Expected Value(s)	1 or 2, 1 or 2
TM Details
Data Expected from TC	`Image Valid` ( + ACK )
Data Size	Boolean
Data Info	If the image queried is valid (01) or invalid (00)
Allowed Value(s)	0 or 1
Expected Values(s)	1

Where …

Image	Parameter row/Image index
primary1	1
primary2	2

Caution

To proceed, the image you intend to load on next boot must be valid (i.e. imageValid = 1). If the image is marked as invalid, the image CRC stored on-board with the image is likely incorrect and must be updated via a new upload

A.4.

To ensure the image you intend to load on next boot is marked as stable Get the platform.obc.OBC.imageIsStable parameter, specifying the appropriate First row and Last row .

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.imageIsStable`
Data Expected with TC	Yes
Data Size	4 bytes, 4 bytes
Data Info	`First Row = Last Row =` Number of image
Allowed Value(s)	0-2, 0-2
Expected Value(s)	1 or 2, 1 or 2
TM Details
Data Expected from TC	`imageIsStable` ( + ACK )
Data Size	Boolean
Data Info	If the image queried is stable (01) or not stable (00)
Allowed Value(s)	0 or 1
Expected Values(s)	1

A.5.

If the above step returned 0 for the image of interest, set platform.obc.OBC.imageIsStable = 1 now, using the appropriate First row and Last row.
Else, proceed to the Step A.7.

TC Details
MCS Operation	`Set`
Action/Param Name	`platform.obc.OBC.imageIsStable`
Data Expected with TC	4 bytes, 4 bytes, boolean(s)
Data Size	Boolean
Data Info	`First Row = Last Row =` Number of image, `imageIsStable` = 1
Allowed Value(s)	0-2, 0-2, 0-1
Expected Value(s)	1 or 2, 1 or 2, 1
TM Details
Data Expected from TC	No ( + ACK )

A.6.

Confirm the Set from the previous step with a Get (i.e. Confirm the value was set successfully).

A.7.

To ensure the image you intend to load on next boot is marked as the highest priority image, Get the platform.obc.OBC.imagePriority parameter for all three images, setting First row = 0 and Last row = 2.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.imagePriority`
Data Expected with TC	Yes
Data Size	List [0:2] of integers 32 (2 hex values)
Data Info	`First Row` = 0, `Last Row` = 2
Allowed Value(s)	0-2, 0-2
Expected Value(s)	0, 2
TM Details
Data Expected from TC	List of `imagePriority` ( + ACK )
Data Size	List [0:2] of integers 32 (2 hex values)
Data Info	List of integers with highest priority image indicated by largest value

Note

The priority of the failsafe image cannot be modified and is hard coded as 1. The highest priority image is the image with the largest imagePriority value assigned to it w.r.t. to the imagePriority values for the other images e.g to boot into the primary1 image, set First row = Last row = 1 of this parameter to a number greater than 1 (i.e. to be a larger number than the failsafe image priority).

A.8.

Given the platform.obc.OBC.imagePriority values for all three images, Set the imagePriority parameter for the image you intend to load on next boot to be the highest priority/value , e.g:
- If primary1 is the intended next boot image, ‘1, 2, 0’ would be a valid input.
- If primary2 is the intended next boot image, ‘1, 0, 2’ would be a valid input.

Note

Row 0 of this parameter, which corresponds to the failsafe image, is hardcoded and cannot be set. Attempts to set imagePriority[0] will return a NACK.

TC Details
MCS Operation	`Set`
Action/Param Name	`platform.obc.OBC.imagePriority`
Data Expected with TC	Yes
Data Size	List [0:2] of integers 32 (2 hex values)
Data Info	`First Row = Last Row =` image number, `ImagePriority=` Larger integer than the values for remaining images
Allowed Value(s)	1-2, 1-2, 0-FFFFFFFF (hex)
Expected Value(s)	1-2, 1-2, 0-FFFFFFFF (hex)
TM Details
Data Expected from TC	No ( + ACK )

A.9.

Confirm the Set from the previous step with a Get (i.e. Confirm the value was set successfully).

A.10.

To ensure that the next boot image has been successfully set-up as the image of interest, Get the platform.obc.OBC.nextBootImage parameter.
Confirm the returned TM matches the index of the intended next boot image.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.nextBootImage`
Data Expected with TC	No
TM Details
Data Expected from TC	`nextBootImage` ( + ACK )
Data Size	Integer 8 (1 hex value)
Data Info	Index of SW image to execute on next boot
Allowed Value(s)	`nextBootImage` = 0, 1 or 2

B. Boot into New Image

B.1.

If the nextBootImage parameter obtained in the previous step is set to the image of interest, Invoke the platform.obc.OBC.reset action.
This invoke triggers a hard reset of the OBC.

TC Details
MCS Operation	`Invoke`
Action/Param Name	`platform.obc.OBC.reset`
Data Expected with TC	No
TM Details
Data Expected from TC	TIMEOUT

Warning

No ACK TM will be returned from this TC as the OBC will be busy resetting!

B.2.

Wait ~30 seconds to allow the reboot to complete.
While the reboot is completing, load the appropriate SCDB into MCS for the image being booted.

C. Verify Successful Booting into New Image

C.1.

To determine which image is now executing on the OBC after the reboot, Get the platform.obc.OBC.currBootImage parameter.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.currBootImage`
Data Expected with TC	No
TM Details
Data Expected from TC	`currBootImage` ( + ACK )
Data Size	Integer 8 (1 hex value)
Data Info	Index of currently executing SW image
Allowed Value(s)	`currBootImage` = 0, 1 or 2

C.2.

Get the parameter Version.version .
Check with the Software Engineer that the version number matches what was set on the ground.

TC Details
MCS Operation	`Get`
Action/Param Name	`Version.version`
Data Expected with TC	No
TM Details
Data Expected from TC	`Version.version` ( + ACK )
Data Size	Integer 32
Data Info	Full version number

C.3.

If not in failsafe, get the mission.ModeManager.Mode parameter and
Check it is equal to 0x04, confirming the satellite is in Safe Mode

TC Details
MCS Operation	`Get`
Action/Param Name	`mission.ModeManager.Mode`
Data Expected with TC	No
TM Details
Data Expected from TC	`Mode` ( + ACK )
Data Size	1 byte
Data Info	the current Operational Mode of EIRSAT-1
Allowed Value(s)	4 (Safe Mode)
Expected Values(s)	4 (Safe Mode)

C.4.

The Operator should now consider what aspects of the EIR-OPS-006: Commissioning procedure need to be carried out to commission this image following boot.
To do this, the Operator must consider whether:
- This is the first time booting into this image
- This is a new image uploaded to the spacecraft during flight
- This image differs from a previously booted image and if so, how does it differ?
All of these considerations will impact the amount of and type of commissioning that is required

Warning

In particular, note that TC authentication is disabled at boot. Therefore, the Operator should now consider following the EIR-OPS-009: Enable TC Authentication procedure to enable this feature.

END OF PROCEDURE