EIR-OPS-030: Power-cycle the Spacecraft

Objective

To power-cycle the spacecraft.

Introduction

Using this procedure, the Operator will power-cycle the spacecraft. Assuming the power-cycle is not due to a fault that limits communication with the spacecraft, steps have also been provided for the Operator to set-up the desired next boot image configuration and to prepare the payloads for power OFF.

Procedure

This procedure contains the following sub-procedures:

A. Pre-Power-cycle Preparation
B. Power-cycling the Spacecraft
C. Post Power-cycling Verification
D. Resuming Nominal Operations

Note

A communication pass is required for all sections in this procedure.

A. Pre-Power-cycle Preparation

Important

You are about to send the first TC of this procedure - Have you completed the EIR-OPS-003: Start a Communication Pass procedure? A Communication Pass must be started prior to carrying out the operations planned for the pass. Don’t forget to open and set-up the parameters/actions that will be required before the pass starts!

A.1.

Get the platform.obc.OBC.nextBootImage parameter to check which image will be loaded following the spacecraft power-cycle.
If the TM returned is not as desired, follow Section A of EIR-OPS-024: Boot Into OBC Image .
Else, proceed directly to the next step of this procedure.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.nextBootImage`
Data Expected with TC	No
TM Details
Data Expected from TC	`nextBootImage` ( + ACK )
Data Size	Integer 8 (1 hex value)
Data Info	Index of SW image to execute on next boot
Allowed Value(s)	00, 01 or 02

Where…

`currBootImage`	Image
00	Failsafe
01	Primary 1
02	Primary 2

A.2.

If possible (i.e. if time/circumstances permit), Get the platform.EPS.actualSwitchStates parameter with First row = 2 and Last row = 9 to assess whether the payloads are powered on.
If PDMs 3, 6, 9 and 10/rows 2, 5, 8 and 9 are 0/off, both GMOD and EMOD are off and so the Operator should now skip ahead to Section B.
Else, use the information in the table below to determine which payloads are powered on and proceed to the next step.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.EPS.actualSwitchStates`
Data Expected with TC	Yes
Data Size	4 bytes, 4 bytes
Data Info	`First row`, `Last row`
Allowed Value(s)	0-9, 0-9
Expected Value(s)	2, 9
TM Details
Data Expected from TC	`actualSwitchStates` ( + ACK )
Data Size	List[2:9] of Booleans
Data Info	List of switch states
Allowed Value(s)	0 (PDM off) or 1 (PDM on) for each switch

Rows of `actualSwitchStates`	Payload ON
2, 5, 8	GMOD
9	EMOD

A.3.

If actualSwitchStates from the previous step indicates that either payloads are powered on, Get the payload.XXXX.XXXXMode parameter for the payload, where XXXX = GMOD or EMOD.

TC Details
MCS Operation	`Get`
Action/Param Name	`payload.XXXX.XXXXMode`
Data Expected with TC	No
TM Details
Data Expected from TC	`XXXXMode` ( + ACK )
Data Size	1 byte
Data Info	Payload Mode
Allowed Value(s)	1 - 4 (GMOD). 0 - 1 (EMOD).

Where…

`XXXX`	`XXXXMode`	Mode
GMOD	1	Idle
GMOD	2	Experiment
GMOD	3	CPLD
GMOD	4	Safe
EMOD	0	Idle
EMOD	1	Experiment

A.4.

If the TM returned in the previous step is not equal to 1, in the case of GMOD, or 0 in the case of EMOD, Set the XXXXMode parameter to 1 (for GMOD) or 0 (for EMOD).

TC Details
MCS Operation	`Set`
Action/Param Name	`payload.XXXX.XXXXMode`
Data Expected with TC	Yes
Data Size	1 byte
Data Info	Payload mode to be set
Allowed Value(s)	1 - 4 (GMOD). 0 - 1 (EMOD).
Expected Value(s)	1 for GMOD / 0 for EMOD
TM Details
Data Expected from TC	No ( + ACK )

A.5.

Confirm the Set in the previous step with a Get (i.e. confirm the value was set successfully).

Important

Ensure to complete Steps A.3 - A.5 for both payloads if both are powered ON.

B. Power-cycling the Spacecraft

B.1.

Invoke the platform.EPS.cycleBus action with 0x0F as the action argument (i.e. to cycle all buses - see the table below).
Note the time this action is invoked.

Warning

No ACK TM will be returned from this TC.

TC Details
MCS Operation	`Invoke`
Action/Param Name	`platform.EPS.cycleBus`
Data Expected with TC	Yes
Data Size	1 byte
Data Info	Buses to cycle
Allowed Value(s)	00 - 0F (hex)
Expected Value(s)	0F (hex)
TM Details
Data Expected from TC	TIMEOUT

Where the action argument bitmask elements correspond to the following buses…

Bit of Argument	Bus to Cycle
bit 0	BatteryV bus
bit 1	3.3V bus
bit 2	5V bus
bit 3	12V bus

B.2.

Wait ~30 seconds to allow the reboot to complete.
While the reboot is completing, load the appropriate SCDB into MCS for the image being booted.

Note

If the OBC reboots into a primary image, Safe Mode will be the Operational Mode following the power-cycle.

C. Post Power-cycling Verification

C.1.

To determine which image is now executing on the OBC, Get the platform.obc.OBC.currBootImage parameter.
Ensure that the TM returned matches what was expected given nextBootImage from previous steps.

TC Details
MCS Operation	`Get`
Action/Param Name	`platform.obc.OBC.currBootImage`
Data Expected with TC	No
TM Details
Data Expected from TC	`currBootImage` + (ACK)
Data Size	Integer 8 (1 hex value); 11 bytes
Data Info	Index of currently executing SW image
Allowed Value(s)	`currBootImage` = 0, 1 or 2

Warning

TC authentication is disabled at boot to reduce the risk of loosing communication with the spacecraft. Therefore, TC authentication is now disabled after the reboot. The operator should consider following the EIR-OPS-009: Enable TC Authentication procedure to re-enable TC authentication to prevent replay attacks.

Important

Ensure the correct SCDB is loaded into MCS given the currBootImage before proceeding to the next steps.

C.2.

To verify that a full S/C power-cycle has occurred, follow the EIR-OPS-011: Downlink Data From Storage procedure to downlink data from the Event Log.
Using this data, confirm that an ‘EPSInitialised’ event was raised/logged at approximately the time at which Step B.1 was performed.

C.3.

If the spacecraft power-cycle was performed due to a fault, data can be downlinked using the EIR-OPS-011: Downlink Data From Storage procedure to perform an analysis (based on your knowledge of the fault) to assess the health of the spacecraft/subsystems following the reboot.
The Fault Analysis Procedures: EIR-OPS-027: Reboot Fault Analysis and EIR-OPS-026: Low Battery Fault Analysis may also be useful in this scenario.

D. Resuming Nominal Operations

D.1.

Depending on the current Operational Mode and/or boot image of the spacecraft, the Operator should follow the EIR-OPS-007: Operational Mode Change and/or EIR-OPS-024: Boot Into OBC Image procedures, along with additional procedures in this manual (e.g. see EIR-OPS-012: Set Up Nominal Operations ), to resume nominal operations (i.e. Nominal Mode with the experiment running and data logging on-going) once the anomaly investigation, if any, in Step C.3. is complete.

END OF PROCEDURE