You dont need an external microcontroller… Some watchdog from Texas do a good job like the uccx946.
The UCCx946 is designed to provide accurate microprocessor supervision, including reset and watchdog functions. During power up, the device asserts a reset signal RES with VDD as low as 1 V. The reset signal remains asserted until the VDD voltage rises and remains above the reset threshold for the reset period. Both reset threshold and reset period are programmable by the user.
The UCCx946 is also resistant to glitches on the VDD line. Once RES has been deasserted, any drops below the threshold voltage need to be of certain time duration and voltage magnitude to generate a reset signal. These values are shown in Figure 1. An I/O line of the microprocessor may be tied to the watchdog input (WDI) for watchdog functions. If the I/O line is not toggled within a set watchdog period, programmable by the user, WDO is asserted. The watchdog function is disabled during reset condition
Hi,
The difference is in the price UCC2946 3.35 EUR and PIC10F200T-I/OT 0.462 EUR
And microprocessor can be programmed just like I need…
Last time we bought MSP430G2553’s we paid $1.35 USD each for 10. Right now, it lots of 1ku they sell for around $1 USD each. So I would imagine $2 USD each for lots less than 100 would not be unreasonable.
So, I do not know what the UCCx946 is capable of. But we looked into using an external watch dog, and it was not good enough.
#1 a watch dog can not tell if input power is 5V or not.
#2 You need to completely disconnect power, especially when having a battery hooked up. To get the beaglebone to “hard reset”. A watch dog can not do this.
#3 perhaps a watch dog can toggle reset, but either way this is required.
Exactly. These cheap external chips have a rc time constant and are pulsed by a GPIO . Output can generate an Interrupt back to Bbb to save important data.
not enough time for a clean shutdown
The thing is: The PMIC already sends an interrupt when input voltage drops under 5V. Same as when the power button is pressed. Aside from losing USB until you reboot, this is not the problem. Then problem is when you have power connected, and issue a shutdown now -h( or halt ). The board will be stuck until it is hard reset. This also occasionally happen when issuing shutdown now -r( reboot ). There is no pin out for the hard reset line on the processor. So we’re forced to make due by completely disconnecting power.
In cases where power goes away all together, this again is not a problem. But when one uses a battery, the board will have power for hours. So a bullet proof solution needs a GPIO + power relay to completely disconnect power good for a few seconds. Otherwise you’ll be stuck for up to several hours without a running system.
So again, the smart move is to use a low cost, low power MCU to handle all of this automatically. For remote applications. If the board is sitting on your desk, then the application is no big deal anyway, as well as giving you the ability to physically remove power yourself. At a remote site however . . .
Anyway, you all can debate all this until you’re blue in the face. I know what the issues are because we’ve discussed, and have tested for all these situations. So do as you please.
And so does the AM3358, so I’m not sure whats your point? If it is a micro-controller, it is not guaranteed to boot up successfully every time, given an unstable power supply. To start with, you need to make the power supply more predictable so that brown outs, dips and sags are not seen by the micro-controller and that power down only occurs if the input power fails for more than a specified time. Also, if you do start a shutdown, then a full power cycle is needed in a controlled manner. When input power returns, don’t boot until the input power looks reliable.
This is where you need an understanding of how the power utility network operates, which includes understanding how protection operates, what an ARC (Automatic Reclosure Relays) do, etc. For example, when a large breaker trips due to a protective signal, the ARC will attempt to reclose that breaker, sometimes more than once. At night, in a storm, you will see your lights dim for a second or two; that is an ARC operation. When a transformer has water in the oil or when a insulator is arching, or a power line is arching on the ground, these all result in very strange power behavior. In summary, power failure isn’t just an on or off problem, but a multitude of more problematic cases.
Regards,
John
Gerald what is your opinion on this subject ?
I guess it is all about prospective. Perhaps for your application you are right. However, if you have 10K or 100K or more devices installed, and now you have to recall them all because they keep on going offline, then it isn’t a $5 problem.
Regards,
John
Add a a battery or super CAP. When the DC voltage goes away, the processor gets and interrupt. When SW get interrupt unmount the Flash and power down.
Invest in a real 5V power supply.
Gerlad
This what you need is this, A small micro (stm8 is cheap and do just fine) … which talks to the BBB over the serial port, so you can send/receive commands/status…(pick your test) load info… etc…
this small micro is always power cyclical s once every 2 mints lets say… you can never prevent the small micro from being power cycled.
It save’s what is was doing… and wake’s up on the next power up… check to see what test it was running… lets say CPU load on the BBB, if outside of allowed… time… load… etc…
your reset’s the BBB, or power cycle, you can also check for correct power up of the BBB, and switch it too a diff-ant boot source etc…
so… if the small micro git hit my a cosmic ray… for example if will always power cycle… of and on… clear the error… and recover.
you can also setup long path check’s… so a token is send to the BBB which has to come back in some time frame etc… if out side the test range… your BBB task is frozen and needs a reset… etc…
Pick you test…
Lachlan.
yes correct. but as for powering the BBB back on you need a bit more
there than a user pressing the power button
a nice external micro works great. Remember if you have a LIPO battery
the BBB will not repower on after power is reapplied.
Add a a battery or super CAP. When the DC voltage goes away, the processor gets and interrupt. When SW get interrupt unmount the Flash and power down.
When a battery is connected to the battery test points, this is exactly what happens now when you have the debian package acpid installed( sudo apt-get install acpid )
Invest in a real 5V power supply.
Would you mind elaborating further on what you mean by that Gerald ?
Gerlad
There are a lot of cheap power supplies out there that do not like any drops on the mains, not very well filtered or robust. These can play havoc on the HW.
The BBB is a low cost board, with people trying to make it cheaper all the time. To make it cheap something had to go. What you are talking about here, is one of the things that went. An Atmel Tiny would be perfect as a power monitor. It can shut it down and wake it up once the power comes back. Even if it goes down for a moment, you can play it safe and shut it down and wait a while. Your call
All you have to do is add it to the board.
Gerald
There are a lot of cheap power supplies out there that do not like any drops on the mains, not very well filtered or robust. These can play havoc on the HW.
The BBB is a low cost board, with people trying to make it cheaper all the time. To make it cheap something had to go. What you are talking about here, is one of the things that went. An Atmel Tiny would be perfect as a power monitor. It can shut it down and wake it up once the power comes back. Even if it goes down for a moment, you can play it safe and shut it down and wait a while. Your call
All you have to do is add it to the board.
Gerald
Yeap, exactly our thoughts here. The Micro used is really inconsequential. So long as it does everything you want it to do. I do not know Atmel parts well at all, but I do know several MSP430’s. ST Micro MCU’s would probably work too, as well as NXP’s LPC800.
I picked the MSP430G2553, again, because I know the MCU better than most others. It also has hardware on chip ADC which I wanted to monitor input power. No other micro that I’ve looked at in the same price range had everything I wanted.
@other nay sayers.
Also as I stated before the MSP430G2* series has very robust PoR / BoR internal circuitry. It may lose power, but you’re never( very unlikely ) going to stop it coming back up again exactly as planned. Unless power is removed gain . . . this is not some embedded linux system that can have its disk corrupted. This is a very robust, bare metal MCU that is meant to be used in conditions like these.
Additionally. In our case we have ~1000ma 3.7v LiPO batteries hook up to a couple of our BBB’s here. The board shuts down almost immediately( cleanly ). So the BBB will only probably run off this battery for a couple hours, but the MSP430G2* could run off that battery for years. Assuming te battery did not self discharge long before that. Which is probably exactly what it’d do.
Hey y’all (yes, I’m in Texas),
I have really appreciated all of the good ideas and thoughtful design ideas here. There are some apples and oranges being discussed at times because the problem of BBB reliability is not single-fold. In the hopes of providing a clearer “Big picture” of the issue, as well as to summarize some of my own research on the topic, I’ve attempted to capture the main points in this thread into an outline format. If it is convenient, you can refer to specific problems/solutions/caveats by the outline number, ie ( III.A.1 ) in any subsequent discussions – this kind of shorthand might clarify the issues that are being discussed, rather than having to spell this stuff out (or omit it) when talking about a point.
Is there a good spot on a WIKI for this somewhere?
Enjoy, and thank you!
ST
-------------------- DOCUMENT IS BELOW HERE
SUMMARY BBB RELIABILITY PROBLEMS & FIXES:
I. Problems:
A. System/Client Software Problems:
1. Problem: Incomplete system/client sw startups ( why? – can damage result with this? )
2. Problem: Incomplete system/client sw shutdown
a. Can cause system corruption
3. Client or system software freeze-up (it can happen!)
a. Can freeze device operation even in absence of power issues
B. Hardware Problems:
1. Problem: BBB doesn’t always restart without a hard-disconnect of power (known hardware issue)
a. Always - when shutdown/halted (ie shutdown/halt)
b. Sometimes - when hard cycled (ie power removed, reset button pushed)
C. Power problems
2. Problem: Mains power can’t be relied upon
a. Power loss (ie blackouts)
b. Partial power loss (ie brownouts)
II. Requirements:
A. A “Reliability System” to address above problems.
III. Needs:
A. Backup power source for
1. BBB until complete shutdown
2. Additional components of reliability system
B. Hard-Reset Circuit: to completely remove, and re-add power to the board (for I.B.1 above)
C. Sensing: Need to detect
1. Power off: both presence and duration (ie detect/differentiate I.C.2.a and I.C.2.b)
2. System soft-freeze up (detect I.A.3)
3. Power on: both present, and “Good” (ie good enough for full reboot + protected powerdown)
D. State Machine to enforce guaranteed order, no matter what
1. “Protected Shutdown”: Complete shutdown after it has been initiated
a. even if power up is specified during shutdown (in which case protected startup begins thereafter)
2. “Protected startup”: Complete startup once it has been initiated
a. even if power is removed during startup (in which case protected shutdown follows)
3. “Power Good” before Startup: Power remains detached until enough backup power for Protected Startup + Protected Shutdown
4. “Complete” Power off after shutdown: Complete detachment of power from BBB to solve (I.B.1)
5. Others?
IV. Solution Design Components/Approaches
A. Backup power
1. Li-po Battery backup
a. Pros:
i. Long lasting
ii. Relatively simple circuitry to support
iii. Greatest capacity
b. Cons:
i. “Dangerous”, thus travel/shipping restrictions
ii. Limited recharge cycles
2. Super capacitor-based Backup Power
a. Pros:
i. No practical recharge cycle-limit
ii. “Safe” enough for restrition-free transport/shipping
b. Cons:
i. Increased circuit complexity, esp for 2-cell systems needed to produce 5v
3. Coin-cell (to power Reliability System only)
a. Pros:
i. Cheap
ii. Long-lasting (10+ years)
iii. "Safe"
b. Cons:
i. Only powers reliability system, need additional solution for BBB
B. Hard Reset Circuit (Pretty well known problem with solutions out there)
1. Relay (physical, or solid state)
2. Some kind of transistor switch
C. Sensing
1. Mains Power off
a. Voltage comparator of some sort
2. System "Soft-freeze"
a. BBB On-board software-controlled watchdog timer initiates reboot
3. System initiated shutdown
a. GPIO pin connected to Reliability System, change state on start
4. System completed shutdown
a. heuristic delay after final GPIO pin state change on end (from IV.C.3.a just above)
5. System initiated startup
a. Implied action on “Power Good” (add’l sensing not needed)
6. System completed startup
a. GPIO pin connected to Reliability System changes state on "Startup complete"
7. Mains Power On
a. Voltage comparator of some sort
8. Mains Power “Good” (enough backup power available for Protected Startup + Protected Shutdown
D. State Machine
1. An MCU of some sort
a. MSP430 series (William Herman/Wulfmans’s recs)
i. Pros:
* very low power + coin cell battery == >10 years backup life
* onboard ADC for voltage measurement/sensing
* inexpensive
b. ST Micro series (ie STM8)
c. NXP’s LPC800 series
2. Discrete logic state machine
a. Pros
i. More tolerant of brownouts(?) than unprotected MCU
b. Cons
i. Lots of soldering!
3. Hybrid Technology - Programmable Mixed Mode Circuits
a. Silego GreenPak (John3909’s rec)
i. Pros
* Nice dev kit ( < $60 )
* Very inexpensive ( < $0.40 )
* More tolerant of brownouts(?) than unprotected MCU (John can you comment on this?)
V. Commercially Available Solutions
A. Andice Labs Power Cape (Available for BBB/RaspberryPi)
http://andicelabs.com/beaglebone-powercape/
Li-Po Battery Backup, with software readable battery voltage and current
~ $65 (with headers)
B. Juice4Halt (Built for RaspberryPi, not BBB, but could be repurposed, one would assume)
http://juice4halt.com
Dual Super-capacitor Backup, with State Machine implemented
~ $85 (5V, all told shipped to US)
C. Others?
You can sum it all up into this; The problem is completely solved by using a battery and having acpid installed. Except you need a way to completely disconnect power, from the BBB’s input, for a single, or perhaps two corner cases that would otherwise require a hard reset.
All these fancy high cost solutions are honestly ridiculous, and if you can just use an OTS UPS . . .
Hey y’all (yes, I’m in Texas),
I have really appreciated all of the good ideas and thoughtful design ideas here. There are some apples and oranges being discussed at times because the problem of BBB reliability is not single-fold. In the hopes of providing a clearer “Big picture” of the issue, as well as to summarize some of my own research on the topic, I’ve attempted to capture the main points in this thread into an outline format. If it is convenient, you can refer to specific problems/solutions/caveats by the outline number, ie ( III.A.1 ) in any subsequent discussions – this kind of shorthand might clarify the issues that are being discussed, rather than having to spell this stuff out (or omit it) when talking about a point.
Is there a good spot on a WIKI for this somewhere?
Enjoy, and thank you!
ST
-------------------- DOCUMENT IS BELOW HERESUMMARY BBB RELIABILITY PROBLEMS & FIXES:
I. Problems:
A. System/Client Software Problems:
1. Problem: Incomplete system/client sw startups ( why? – can damage result with this? )
2. Problem: Incomplete system/client sw shutdown
a. Can cause system corruption
3. Client or system software freeze-up (it can happen!)
a. Can freeze device operation even in absence of power issues
B. Hardware Problems:
1. Problem: BBB doesn’t always restart without a hard-disconnect of power (known hardware issue)
a. Always - when shutdown/halted (ie shutdown/halt)
b. Sometimes - when hard cycled (ie power removed, reset button pushed)C. Power problems
2. Problem: Mains power can’t be relied upon
a. Power loss (ie blackouts)
b. Partial power loss (ie brownouts)II. Requirements:
A. A “Reliability System” to address above problems.
III. Needs:
A. Backup power source for
1. BBB until complete shutdown
2. Additional components of reliability systemB. Hard-Reset Circuit: to completely remove, and re-add power to the board (for I.B.1 above)
C. Sensing: Need to detect
1. Power off: both presence and duration (ie detect/differentiate I.C.2.a and I.C.2.b)
2. System soft-freeze up (detect I.A.3)
3. Power on: both present, and “Good” (ie good enough for full reboot + protected powerdown)D. State Machine to enforce guaranteed order, no matter what
1. “Protected Shutdown”: Complete shutdown after it has been initiated
a. even if power up is specified during shutdown (in which case protected startup begins thereafter)
2. “Protected startup”: Complete startup once it has been initiated
a. even if power is removed during startup (in which case protected shutdown follows)
3. “Power Good” before Startup: Power remains detached until enough backup power for Protected Startup + Protected Shutdown
4. “Complete” Power off after shutdown: Complete detachment of power from BBB to solve (I.B.1)
5. Others?
IV. Solution Design Components/Approaches
A. Backup power
1. Li-po Battery backup
a. Pros:
i. Long lasting
ii. Relatively simple circuitry to support
iii. Greatest capacityb. Cons:
i. “Dangerous”, thus travel/shipping restrictions
ii. Limited recharge cycles2. Super capacitor-based Backup Power
a. Pros:
i. No practical recharge cycle-limit
ii. “Safe” enough for restrition-free transport/shippingb. Cons:
i. Increased circuit complexity, esp for 2-cell systems needed to produce 5v
Most supercaps have similar travel restrictions as they contain hazardous material and can only be transported via ground.
3. Coin-cell (to power Reliability System only)
a. Pros:
i. Cheap
ii. Long-lasting (10+ years)
iii. “Safe”
b. Cons:
i. Only powers reliability system, need additional solution for BBBB. Hard Reset Circuit (Pretty well known problem with solutions out there)
1. Relay (physical, or solid state)
2. Some kind of transistor switchC. Sensing
1. Mains Power off
a. Voltage comparator of some sort2. System “Soft-freeze”
a. BBB On-board software-controlled watchdog timer initiates reboot
3. System initiated shutdown
a. GPIO pin connected to Reliability System, change state on start4. System completed shutdown
a. heuristic delay after final GPIO pin state change on end (from IV.C.3.a just above)5. System initiated startup
a. Implied action on “Power Good” (add’l sensing not needed)6. System completed startup
a. GPIO pin connected to Reliability System changes state on “Startup complete”7. Mains Power On
a. Voltage comparator of some sort8. Mains Power “Good” (enough backup power available for Protected Startup + Protected Shutdown
D. State Machine
1. An MCU of some sort
a. MSP430 series (William Herman/Wulfmans’s recs)
i. Pros:
* very low power + coin cell battery == >10 years backup life
* onboard ADC for voltage measurement/sensing
* inexpensiveb. ST Micro series (ie STM8)
c. NXP’s LPC800 series
2. Discrete logic state machine
a. Pros
i. More tolerant of brownouts(?) than unprotected MCUb. Cons
i. Lots of soldering!3. Hybrid Technology - Programmable Mixed Mode Circuits
a. Silego GreenPak (John3909’s rec)
i. Pros
* Nice dev kit ( < $60 )
* Very inexpensive ( < $0.40 )
* More tolerant of brownouts(?) than unprotected MCU (John can you comment on this?)
Correct. GreenPAK will always startup correctly. Micro-controllers, even those with brownout detections and power on reset can be shown to fail when the power does not startup cleanly.
Cons
Small SMD package require PCB to use, but the GreenPAK development system can be used for prototyping.
V. Commercially Available Solutions
A. Andice Labs Power Cape (Available for BBB/RaspberryPi)
http://andicelabs.com/beaglebone-powercape/
Li-Po Battery Backup, with software readable battery voltage and current
~ $65 (with headers)B. Juice4Halt (Built for RaspberryPi, not BBB, but could be repurposed, one would assume)
http://juice4halt.com
Dual Super-capacitor Backup, with State Machine implemented
~ $85 (5V, all told shipped to US)
This looks like a good solution.