FW15 Power Distribution Design

Purpose (from IV):

A power distribution board is necessary to supply power to the various subsystems in the vehicle, including other microcontrollers. This board performs distribution, startup, shutdown and emergency shutdown as required in regulations. In addition to supporting powering the boards, it also powers components directly, such as telemetry, the camera and others.

Essentially, power distribution has a set of outputs which it can turn on or off based on the state of the system. It maintains a power state, regulated by the power FSM which takes one of two states:

POWER_OFF

This is the first state of the car, when the AUX battery is initially connected. We must power:

Power distribution (this is on by default, we don’t have to use the board to power itself on)
BMS (DCDC enable only)
Centre console

POWER_ON

In this state the relays are closed and the main batteries are connected. The motors are not connected so we are not able to drive. We transition to this state upon receiving a message from centre console with a POWER_EVENT_BTN or POWER_EVENT_BRAKE_AND_BTN. This state is mainly used for charging

We must power:

BMS (DCDC Enable + Aux Enable)
Centre console
Pedal (for brake readings)
Steering (for indicators)
Solar 1 and 2

POWER_DRIVE

In this state, we complete MCI precharge, connect the motors, and indicate we are ready to drive:

We must power (in addition to the board above):

BMS (DCDC Enable + Aux Enable)
Pedal (for brake readings)
Steering (for indicators)
Solar 1 and 2
MCI
DRL lights
Camera
RPI Display
Driver Fans
Telemetry

POWER_FAULT

Must have BMS relays (BMS_AUX_EN) disabled, and MCI turned off. We should have access to our indicators and brake lights:

BMS (DCDC Enable)
Centre console
Pedal (for brake readings)
Steering (for indicators)

Additionally PD controls a few other outputs separate from the main power states:

Left/right turn signals:

Monitors steering messages and centre console message for turn signals and hazard indicator

Brake Light

On when brake reading from pedal > 0

BPS Fault Indicator

When BPS Fault occurs

Lights FSM

The lights FSM is responsible for handling the indicator light functionality for the turn signals, hazard lights and the fault indicators. Its inputs are indicator states, received in CAN messages from the steering board, hazard value from Centre console. It has the following state diagram:

Note: The BPS fault indicator is no longer handled by Lights FSM

Transition events:

Left signal event (OFF/ON)
- Triggered by left turn indicator on steering
Right Signal event (OFF/ON)
- Triggered by Right turn indicator on steering
Hazard Event (OFF/ON)
- Triggered by hazard button on Centre Console

States:

Init State
- FSM is initialized into this state, and it it the default state of operation
- It does not transition unless it received a steering event or a fault event
Left Signal
- Periodically toggle left signal output light
Right Signal
- Periodically toggle right signal output light
Hazard
- Periodically toggle both right and left signal output lights
BPS Fault (No Longer Handled in lights FSM)

Power Sequence FSM

The Power Sequence FSM is responsible for power states of the car. It maintains a signal called power_state which it transmits continuously BMS/MCI, its value dependent on which state we are currently in:

enum {
POWER_OFF,
TRANSMIT_BMS_CLOSE_RELAYS
POWER_ON,
TURN_ON_DRIVE_OUTPUTS,
POWER_DRIVE,
} PowerFSMState;

Fault Conditions

We can enter a fault under 3 conditions, and we should be checking these conditions in every state:

Loss of communication with BMS
Receive a non-zero fault value from BMS
Soft-Short Fault
- Current values received from BMS/MCI/Solar do not match within ~2A

In a fault condition, we need to

Cut the power to the BMS relays (turning off BMS_AUX_EN)
Make sure MCI is off
Turn on the BPS fault indicator

State Diagram

POWER_OFF:

Output:

Update power state CAN message
Set Output State to be POWER_OFF (only BMS + Centre Console Powered)
- Cut power to BMS relays (BMS_AUX_ENABLE not enabled), which is handled by above

Input:
Check for the following Transition Criteria

POWER_BTN or POWER_BTN_AND_BRAKE event received from Centre console

TRANSMIT_BMS_CLOSE_RELAYS

Output:

Sets Output Group to POWER_ON
- Connects power to BMS relays (Enables BMS_AUX_EN) so that bms can close them
Update power state CAN message, which BMS will use to update the relay state

Input:

Waits for reply message from BMS with relay state closed, times out if not received
- If above message received, confirm that power distribution is now using DCDC supply from batteries, if correct, transition, otherwise go back to POWER_OFF

POWER_ON

Output:

Sets Output Group to POWER_ON (if we’ve transitioned from POWER_DRIVE or TURN_ON_DRIVE_OUTPUTS)
Update power state CAN message

Input:

Checks for POWER_BTN_AND_BRAKE event to start transition to POWER_MAIN
Checks for POWER_BTN event to transition back to OFF

TURN_ON_DRIVE_OUTPUTS

Output:

Turns on the output group for POWER_DRIVE, namely MCI

Input:

Waits for a response back from MCI with a relay state == Closed, times out if it doesn’t arrive
- On receiving power, MCI will begin precharge and close relays, and send a CAN message with the relay state

POWER_DRIVE:

Output:

Updates drive state in output CAN message

Input:

if (POWER_BTN or POWER_BTN_AND_BRAKE) transition back to POWER_ON

FAULT:

Output:

Disable BMS Relays
Set Output Group POWER_ON
- Namely, this will disable MCI and other unecessary inputs
Start BPS Strobe

Broadcaster

Module to broadcast relevant information from power distribution to Centre Console for error tracking

TBD