Since we need to isolate the motor controllers from the main system CAN bus, we need two CAN controllers to handle each CAN bus. Unfortunately, the STM32F072 only has one CAN controller built in.

Options

Our goal is to use the most intuitive design that takes the least amount of development to bring up and maintain.

Option 1: External CAN Controller

Option 1 is to use an external CAN controller such as the MCP2515. This is relatively simple electrically, as it just requires a simple carrier board using a proven circuit. Since we're used these in the past, we have a circuit that we know will work. As a caveat, handling two different CAN controllers (external and native) will require restructuring how we design our CAN driver to support different controllers at runtime. We've also had issues with the MCP2515 dropping packets due to its shallow RX FIFOs.

Option 2: Two Controller Boards

Option 2 is to use two controller boards and have them communicate over something like UART. This is also simple electrically, as it really just requires connecting the mezzanines of the two boards. It also uses proven components, such as our native CAN and UART peripherals. The downside is that we'll need to manage two versions of the firmware for each board. We can use IO lines to allow the firmware to determine which side it's on at runtime, but we would need to be careful about how we designed the translation layer.

Option 3: STM32F4

Option 3 is to use an STM32F4 or similar chip with 2 CAN controllers. This is the most complex electrically, requiring the bringup of a new chip. We can use the regulator from a controller board, but the chip itself is unknown. Using a more powerful chip will allow us to keep all the firmware on one chip and have 2 native CAN controllers, along with a faster clock speed and FPU support. If we were to look into control algorithms, we'd probably want more power. It will require supporting the F4 series in our build system, but that should be relatively simple.