diff --git a/doc/source/firmware/backup-ram.rst b/doc/source/firmware/backup-ram.rst index f24b189..48b9caa 100644 --- a/doc/source/firmware/backup-ram.rst +++ b/doc/source/firmware/backup-ram.rst @@ -16,7 +16,7 @@ The backup RAM contents are protected by a `CRC Checksum`_. The backup RAM is initialized and checked after boot. If the controller starts from a powered down state, the backup RAM is empty. This is detected by an invalid `Header`_ at the beginning of the backup RAM. If this is the case, the safety ocntoller -will create a valid backup RAM image with a `Header`_, empty `Status Flag Entries`_, empty `Config Overrides`_, an empty `Error Memory`_, and a valid `CRC Checksum`_. +will create a valid backup RAM image with a `Header`_, empty `Boot Status Flag Entries`_, empty `Config Overrides`_, an empty `Error Memory`_, and a valid `CRC Checksum`_. If the Header is valid during boot (verified by plausible values and correct magic numbers), the backup RAM is CRC checked and the error memory is checked for valid entries. @@ -52,13 +52,15 @@ The safety memory header magic is: .. doxygendefine:: SAFETY_MEMORY_MAGIC -Status Flag Entries -~~~~~~~~~~~~~~~~~~~ +.. _backup_ram_boot_flags: + +Boot Status Flag Entries +~~~~~~~~~~~~~~~~~~~~~~~~ Config Overrides ~~~~~~~~~~~~~~~~ -Config overrides are used to override persistance and flag weights dynamically. The safety controlelr will parse the entries on +Config overrides are used to override persistance and flag weights dynamically. The safety controller will parse the entries on startup. ======================= ============ ================= ===================== ===================================== diff --git a/doc/source/firmware/safety.rst b/doc/source/firmware/safety.rst index 5a7d945..e6684af 100644 --- a/doc/source/firmware/safety.rst +++ b/doc/source/firmware/safety.rst @@ -12,6 +12,9 @@ The controller stays in a usable state. After the errors have been cleared, norm On the other hand, fatal errors like an over-temperature error, or memory problem, lead to the activation of the :ref:`safety_panic`, which forces the output zero, but does not allow any further interaction. +On top of this, a :ref:`backup_ram` is implemented. It stores permantent errors, which are reset at a restart. On top of that, it stores the :ref:`backup_ram_boot_flags`, +which are used to retain boot information across resets, for example to communicate with the firmware updater etc. The RAM also contains entries, that allow overrides of flag weights and persistance. + .. toctree:: :maxdepth: 3