Monitoring power supply with STM32 peripherals

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

The quality of the power supply is crucial for the reliability of electronic applications.

The purpose of this article is to propose solutions to detect in real-time a degradation in the quality of the power supply or a disturbance that could alter the proper functioning of the application or it reliability. These solutions are based on STM32 embedded peripherals, thus avoiding the addition of external components.

Embedded Monitoring

To serve as an educational support, I conducted a case study.

2. Case Study: Data Center Ventilation Management

The system studied is the management of the ventilation of a data center. This system is critical because a failure could lead to severe material damage or unnecessary electricity consumption. This system must be robust against potential failures and detect unexpected behaviors to report it to maintenance team.

2.1. Operation

File:case study block.png

Functional diagram of the case study

Temperature sensors transmit the measurements to the microcontroller via an analog signal. A state machine manages the turning on and off of the ventilation based on the sensor values. Additionally, the station sends operation logs and alerts of anomalies to a server. The functional diagram figure case_study_block illustrates the overall operation of the system.

The code includes a critical routine

Temperature measurement: A power supply disturbance can distort the measured value.

2.2. Risks and Threats

Power supply circuit alteration: Time, mechanical wear, and thermal cycles can lead to the failure of power supply circuit components. A failure can lead to a degradation of the power supply circuit's performance, a total shutdown, or even damage to the application. If it is possible to detect signs of degradation, maintenance can be planned and carried out to avoid a total and unexpected shutdown of the application. In our case study, the shutdown of the ventilation system presents a risk of server degradation or forced shutdown.
Measurement disturbance: The reliability and accuracy of analog measurements depend on a reference voltage that must be very stable and precise. The presence of fast transients on the power supply voltages can cause a disturbance of this reference voltage and disrupt the analog measurement. In our case study, the disturbance of the temperature measurement can alter the decision-making process.

2.3. Verifications to Implement

To ensure the proper functioning of the system, several types of verifications can be implemented:

Detect power supply loss: Monitoring upstream power source to detect loss of power supply and execute a shutdown routine.
Detection of temporary transients: Detecting transient to repeat potentially false analog measurements.
Detection of power supply voltage drifts: Prevent malfunction if the power supply can no longer provide the necessary energy.
Continuous measurements with the ADC: Use signal processing models to identify potential unexpected behaviors.

3. Power loss detection

This solution is designed to detect that the power source is dripping and probably shut down. Reflection is carried out to react as quickly as possible if actions are to be taken at the time of detection.

3.1. Operation

The

Use a comparator to compare the voltage with an internal reference voltage. The comparator's output is active as long as the monitored voltage remains above the defined threshold and is 0 when a transient occurs. When a falling edge occurs at the comparator's output:

An interruption is triggered

3.1.1. Extinction Detection

In our case study, we want to notify the central server that an unexpected extinction is in progress due to a voltage drop.

The source voltage is generally much higher than our system's operating voltage. In our case study, we consider it to be 12 V. This means that if we detect a voltage drop with a threshold of 10 V using our system, it provides anticipation to take action before the system's complete extinction. We need to design our power supply circuit with enough decoupling to ensure 300 µs of activity from the moment the source voltage drops below 10 V.

3.2. Reaction Speed

When detecting a phenomenon, the reaction speed can be critical, for example, to perform some actions when detecting power supply shutdown. The first step is detection; for this, it is preferable to prioritize asynchronous mechanisms and those independent of the CPU that trigger an interrupt, such as the comparator rather than the ADC. Then, the speed of information processing by the CPU is crucial. To develop STM32 code, the effective and recommended way is to use the software library provided by ST called HAL. The HAL simplifies the interaction between the user program and the STM32 hardware peripherals. It offers two elements that will attract our attention:

An interrupt management mechanism using "interrupt handlers" that automatically handle verification and flag lowering and then execute the corresponding user code.
A set of data structures and functions that simplify the configuration of peripherals and reading of useful data.

3.2.1. Interrupt Management

The NVIC is the hardware peripheral that handles interrupts. All interrupt signals from the various peripherals arrive directly at the NVIC. It is this that orders the CPU to interrupt the current program execution and provides it with the address of the IRQ Handler (Interrupt ReQuest Handler). The IRQ Handler (or ISR Interrupt Service Routine) is the function directly executed that must handle the interrupt.

Functional diagram of HAL interrupt management

As illustrated in figure interrupt_hal_block, the HAL provides a function called by the IRQ Handler, which checks all the configuration registers and interrupt flags to determine the source of the interrupt and handles lowering the corresponding flag. It then calls a callback function that contains the user code. Therefore, the first line of user code is executed only after 3 context saves and dozens of conditional tests.

Although offering many advantages such as ease of use, readability, and portability, these procedures are computationally expensive and can be too heavy in some cases. The solution is to specify that the interrupt handler should not be used and to write the content of the IRQ Handler yourself. In this case, it is necessary to remember the necessary verifications and to lower the interrupt flag.

4. Overshoot/Undershoot detection

This solution is designed to detect that a power supply voltage drops below a defined critical threshold. Reflection is carried out to react as quickly as possible if actions are to be taken at the time of detection. Mechanisms are put in place to measure the duration of the voltage drop and the frequency at which these events occur. This section describes the solution as a whole; it can be partially implemented if some features are not required. Additionally, it is possible to combine several comparators in parallel to detect multiple levels of voltage drop or monitor different power supplies.

4.1. Operation

Use a comparator to compare the voltage with an internal reference voltage. The comparator's output is connected to a timer, called the duration timer, which measures the transient's duration, and another timer, called the timestamp timer, which records the timestamp. The comparator's output is active as long as the monitored voltage remains above the defined threshold and is 0 when a transient occurs. When a falling edge occurs at the comparator's output:

An interruption is triggered
The duration timer's counter is reset and started.
A capture of the timestamp timer is made and transferred to memory by DMA

When a rising edge occurs at the comparator's output:

A capture of the duration timer and a DMA transfer of the capture to memory

The duration timer has two channels configured in output compare that trigger interruptions. The first detects if the transient is longer than a defined duration and takes appropriate action. The second manages the reactivation of the comparator's interruption in case of timer overflow, described in section gestion_overflow.

File:comp it tim bloc.png

Functional diagram of comparator timer interruption configuration

The functional diagram, figure comp_timer_func, shows the connections between the elements.

File:chronogramme 1.png

Chronogram of comparator timer interruption configuration

The chronogram, figure comp_timer_chr, illustrates the operation mode from a temporal perspective. The content of the interruption routines is detailed in section routine_interruption.

4.1.1. Overflow Management

The timer counter is not infinite. A channel configured in output compare triggers an interruption before the counter reaches its maximum value. In this interruption, the comparator's state is checked.

If it is low, the voltage drop is still ongoing. The timer is reset to avoid overflow, and an overflow counter is incremented, which will be interpreted later to calculate the total transient duration.
If it is high, the transient is over. Four actions are taken: the timer is disabled to prevent unnecessary interruptions (it will be automatically restarted at the next comparator trigger), the timer value is reset to 0, the comparator interruptions are reactivated to be notified of the next voltage drop, and finally, the data captured and recorded by the DMA is aggregated with the overflow counter to obtain the total voltage drop duration.

If the timer duration is sufficient to measure the targeted transients, implementing the overflow counter is unnecessary. However, it is essential to reactivate the comparator's interrupt.

4.2. Comparator Configuration

The STM32 has an internal reference voltage $V_{REFINT}$ of 1.25 V in the case of the STM32G4. This reference can be directly connected to the negative input of the comparator. The voltage to be monitored will be connected to the positive input of the comparator through a voltage divider, which defines the detection threshold.

When the monitored voltage drops below the threshold, a falling edge occurs at its output, triggering an interrupt. It is important to note that for some STM32 models, such as the STM32G4 family, the comparators are very fast, and the output may oscillate during the transition. It may be necessary to account for this when interpreting the data, particularly by temporarily disabling the comparator's interrupt on its first trigger.

File:chronogramme toggle.png

Chronogram of the comparator timer interruption configuration

The chronogram, figure comp_timer_chr_tog, illustrates the operation mode from a temporal perspective when the comparator's output oscillates. The content of the interruption routines is detailed in section routine_interruption.

4.3. Timer Duration Configuration

On our prototype, we will use timer 1. The selected timer must have the following characteristics:

Minimum 2 channels, ideally 4
Slave mode combined Reset Trigger
Trigger source from Comparator
Input capture remap from Comparator

As a reminder, the comparator transmits a falling edge at the beginning of the transient to be detected and a rising edge at the end. Therefore, we seek to measure the duration between the two edges. We will use the slave mode reset trigger, which resets the counter and starts the increment on a falling edge. A channel, configured in input capture, captures the counter value at the end of the transient. The captured value, corresponding to the transient duration, is recorded in a circular buffer by the DMA.

File:config timer duration.png

Timer duration configuration

Figure config_tim_duration highlights the elements and interconnections of the timer used in our configuration. The list below describes the timer configuration, and the indicated values are valid for the presented prototype. These values may vary depending on the chosen STM32, timer, and comparator, as well as the clock frequency, temporal resolution, and maximum transient duration.

Clock source: Internal clock, prescaler 164: The timer is clocked by the microcontroller's internal clock (165 MHz) divided by 164+1, resulting in 1 MHz, or a period of 1 microsecond.
Trigger Source: ETR1 through remap, trigger inverted: The trigger comes from the output of comparator 1, in our case ETR1 through remap. The inverted polarity allows triggering on the falling edge.
Slave mode: Combined Reset Trigger: When the trigger is activated, the counter is reset to zero, and the timer starts counting if it was paused.
Channel 1: Input capture, tim\_ti\_in1, rising edge, DMA: The channel captures the counter value when a rising edge comes from the comparator. A DMA transfer stores the value in a circular buffer in memory.
Channel 2-3: Output compare, interrupt: When the counter reaches the defined value, an interrupt is triggered.

4.4. Interrupt Routines

4.4.1. Protection Against Disturbances

As presented in the introduction, there are sensitive routines. Whether it is analog measurements or decision-making, a disturbance in the power supply voltage, analog or core, can disrupt the application's operation. The idea is to raise a flag if a detection occurs during a sensitive routine and to repeat the routine to ensure the result's reliability. A disturbance counter can detect "abnormal synchronization," indicating a potential attack attempt and alerting the central server.