Skip to main content
warning

🚧 This document is still being actively worked on and is subject to change. 🚧

Responsible
  • Sebastian Pfeiler
Last Updated10/12/2025, 12:48:54 PM
Last AuthorKai Berszin

This document describes the entire software controlled implementation of the NAND Flash System on the OBC. This includes:

  • Configuration of electrical Pins on the MCUs (.ioc file, generated .c files)
  • Any code Written directly interacting with those devices.

The devices controlled by this driver are:

  1. AS5F12G04SND
  2. TODO TRIKARENOS Flash?

Requirements

Functional​

  • Talk to AS5F series of NAND Flash chips

  • Exclusive access to the Hard QSPI interface connected to the flashes externally

  • Initialize flash chips and perform self tests necessary to continue operation.

  • Reporting of any errors reported by the device or during communication with the device.

  • Detection and correction of partial writes due to RSO

  • Activation and utilization of ECC functionality present in the Flash chips.

  • Notification of ECC errors and warning issued by the flash chips.

  • The driver should ideally not remember any state about transactions after the completion of a transaction. (This is worded loosely as RSOs might require some state to be kept)

  • The driver should be weary about the OTP feature and handle a FLASH WRITE to those regions using an ERROR when the OTP feature is either intentionally enabled, or accidentally.

  • All locks used by the driver should be superflous.

Non Functional​

  • Achieve at least 90% of read and write throughputs, as measured internally (excluding overheads caused by communication with the qspi task)
  • Guaranteed completion of requests within TODO ms
  • The stack space used by the driver is required to be less than 4KiB.
  • The entire ram footprint of the driver should far be less than 1 MiB.
  • The driver should use minimal mcu time when waiting for the nand flash operations to conclude.

Fault Model​

Devices are allowed to not respond.

Devices are allowed to corrupt data after reading it correctly initially.

  1. A write immediately followed by a read should return the correct values.
  2. A write followed by a read some long time later does not have to return the correct values (See TOOD bitflip analysis for NAND flash)

These events should be detected and corrected by the hardware, if they are not the APPLICATION needs to check for these larger corruptions.

Devices are not allowed to read wrong data during a FLASH WRITE from the BUS. Unless the FLASH WRITE is happening during an RSO, then all values written are unkown.

Interface​

  • Synchronous
  • Zero Copy
  • SBUS based
  • Serialized execution of all Requests.
  • Serialization point is before the driver's internal procedures are called (serialized in the communication interface to the nand flash driver)

Implementation Concerns

Glossary

APPLICATION: Refers to threads of execution communicating with the nand flash task.

RSO: Redundancy Switch Over, the duration of time, in which the active MCU is disabled and the supervisor MCU takes over the active role. See TODO for more information.

COMPLETION: A completion of a request is either a successful or erroneous conclusion to the request.

FLASH WRITE: A flash Write is the action of the MCU providing data to the nand flash which is then stored.

FLASH READ: A flash read is the action of the mcu asking the nand flash to provide data.