Skip to content

EV Active ChecklistΒ #565

Description

@nicholasching

πŸ”Œ EV Active Inspection

This issue tracks every item from the 2025 EV Active Inspection Form (Pages 3–4). Each checklist item is accompanied by its firmware and signals dependencies so the team can verify implementation completeness before inspection.

⚠️ Note: The car must be jacked up with driven wheels removed before high-voltage tests.


πŸ“‹ Demonstration

  • Energy meter installed in vehicle (Confirm with team)
    • Firmware/Signals: Energy meter must be powered from the GLV system. Firmware must establish CAN (or equivalent) communication with the energy meter and confirm a live heartbeat/status response on startup.
  • No TS components or wiring present below the frame (Visible check)
    • Firmware/Signals: No direct firmware dependency; however, routing of any signal harnesses (e.g., TSMP sense leads) must not violate this constraint β€” review wiring harness layout against firmware connector pinout documentation.

πŸ“ Measurements

  • Energy meter installed in vehicle (Visible check)
    • Firmware/Signals: Same as above β€” energy meter CAN node must appear on the bus. Firmware should log an error/fault if the energy meter is not detected at boot.
  • GLVS ground to conductive surface <100mm from TS component: < 300 mΞ© @ 1A (or 5 Ξ© for carbon fiber)
    • Firmware/Signals: No direct firmware dependency. Ensure no ground loops are introduced by MCU chassis ground references. Review grounding topology in the firmware PCB schematic.
  • Discharge Circuit and Body Protection Resistors (BPR) β€” measure resistance between TSMP HVβˆ’ and TSMP HV+
    • Vmax < 200V β†’ β‰₯ 10 kΞ© + discharge
    • 200V < Vmax < 400V β†’ β‰₯ 20 kΞ© + discharge
    • 400V < Vmax < 600V β†’ β‰₯ 30 kΞ© + discharge
    • Firmware/Signals:
      • Firmware must control the active discharge circuit (digital output to discharge relay/MOSFET gate).
      • Discharge must be triggered on any shutdown event (AIRs open, fault condition, GLVS off).
      • TS voltage measurement signal (via voltage divider or energy meter) must be available to confirm voltage decays below 60 VDC within 5 seconds post-shutdown.
  • Insulation Measurement Test β€” isolation between TSMP and chassis ground β‰₯ 500 Γ— TS Voltage + BPR (250V or 500V test probe)
    • Firmware/Signals:
      • IMD (Insulation Monitoring Device) output signal must be wired to a digital input on the MCU.
      • Firmware must read the IMD status line and incorporate it into the shutdown circuit logic.
      • HV+ and HVβˆ’ isolation values are hardware measurements, but the IMD fault threshold configuration (if software-configurable on the IMD module) must be validated.

⚑ High Voltage Tests

CAR MUST BE JACKED UP WITH DRIVEN WHEELS REMOVED

IMD and Tractive System Status Indicator (TSSI)

  • IMD indicator light inside cockpit is marked "IMD" (Visible check)
    • Firmware/Signals: Firmware must drive the cockpit IMD indicator output (digital output). Confirm GPIO pin assignment and that the label on the physical indicator matches.
  • IMD trips shutdown circuit within 30 seconds of isolation fault; TS voltage drops below 60 VDC within 5 seconds (Test HV+, Test HVβˆ’)
    • Procedure:
      1. Activate Tractive System β†’ IMD indicator OFF, TSSI GREEN
      2. Connect IMD test box between TSMP and GLVS Ground
      3. IMD must trip within 30 s β†’ TS voltage < 60 VDC within 5 s β†’ IMD indicator ON (red), TSSI flashing red
      4. Remove IMD test fault, wait 30 s β†’ TS stays off, IMD indicator stays on, TSSI stays flashing red
    • Firmware/Signals:
      • IMD fault signal (digital input) must trigger shutdown circuit open within the IMD's response window.
      • TSSI must implement three distinct states driven by firmware:
        • Solid green: TS active, no faults
        • Flashing red: IMD fault latched
        • Off: TS inactive
      • Shutdown circuit latch logic: once IMD fault is detected, firmware must not allow TS re-activation until fault is cleared (non-resettable without driver action).
      • AIR open command (digital output) must be issued immediately on fault detection.
      • TS voltage sense line must confirm < 60 VDC discharge within 5 s.
  • Energy meter is wired to GLV and TS connections properly (Visual check of status LED)
    • Firmware/Signals: Firmware must verify energy meter CAN heartbeat and that reported voltage/current values are non-zero and within expected range when TS is active. Status LED on energy meter module should reflect active communication.

Master Switches, Shutdown Buttons, BOTS, and Interlocks

  • TS Master switch OFF β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals: TS Master switch hardwired into shutdown loop; firmware must detect shutdown circuit open (digital input), immediately command AIRs open, and activate discharge circuit.
  • GLV Master switch OFF β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals: GLV Master switch cuts power to MCU; ensure discharge circuit is hardware-latched to fire on power loss, independent of firmware execution.
  • Left shutdown button OFF β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals: Left shutdown button wired into shutdown loop. Firmware monitors shutdown circuit continuity signal.
  • Right shutdown button OFF β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals: Right shutdown button wired into shutdown loop. Same as above.
  • Cockpit shutdown button OFF β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals: Cockpit E-stop button wired into shutdown loop. Digital input to MCU for state monitoring/logging.
  • Brake-over-travel switch (BOTS) OFF β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals:
      • BOTS is a digital input (NC switch) in the shutdown loop.
      • Firmware must detect BOTS open and open AIRs.
      • Signal: BOTS GPIO β†’ shutdown circuit monitor input.
  • Open interlock(s) of outboard wheel motor (if applicable) β†’ TS voltage < 60 VDC in 5 s
    • Firmware/Signals: Motor interlock signals (digital inputs) must be in the shutdown loop. Firmware must detect interlock open and command AIR open.
  • OK To Energize sticker present on vehicle
    • Firmware/Signals: No firmware dependency; physical sticker required post-inspection sign-off.

πŸš— EV Active β€” Page 2

Inertia Switch

  • Inertia switch activates β†’ TS voltage < 60 VDC in 5 s
    • Procedure: Unmount inertia switch, activate TS, measure HV voltage, shake switch and verify TS shuts down.
    • Firmware/Signals:
      • Inertia switch is hardwired into the shutdown loop (NC configuration).
      • Firmware must detect shutdown circuit break and open AIRs.
      • Discharge circuit must activate on shutdown event.
      • TS voltage sense must confirm < 60 VDC within 5 s.

Ready-To-Move Light (RTML)

  • RTML flashes amber when GLV is on and voltage outside accumulator container exceeds 60 VDC (Visible check)
    • Firmware/Signals:
      • TS voltage sense signal (analog input via resistor divider or energy meter CAN value) must be available to firmware.
      • Firmware compares TS voltage against 60 V threshold; if exceeded, drives RTML output (PWM digital output, amber LED/lamp) in flashing pattern.
      • RTML must activate independent of TS state (GLV-only power).
  • RTML complies with DOT FMVSS 108 (Visible check)
    • Firmware/Signals: Flashing frequency and duty cycle must comply with FMVSS 108 (typically 1–2 Hz). Confirm PWM parameters in firmware match the standard. Amber color compliance is a hardware concern.

Ready-To-Drive Mode

  • Ready-To-Drive mode sequence verified:
    1. Enable TS
    2. Press accelerator β†’ motors must NOT spin
    3. Press brake + start button
    4. Press accelerator β†’ motors must spin
    5. Press shutdown button
    6. Release shutdown button, enable TS
    7. Press accelerator β†’ motors must NOT spin
    8. Press brake + start button
    9. Press accelerator β†’ motors must spin
    • Firmware/Signals:
      • APPS (Accelerator Pedal Position Sensor): Two independent analog inputs (APPS1, APPS2) read by ADC. Firmware must transduce raw ADC values to a 0–100% pedal position value. Signals must agree within Β±10% to be considered plausible.
      • Brake pedal switch / pressure sensor: Digital or analog input. Firmware detects brake application (above threshold) as a prerequisite for RTD entry.
      • Start button: Digital input (momentary NO). Firmware detects rising edge as RTD activation trigger.
      • TS enable / AIR control: Firmware controls precharge relay and both AIRs (digital outputs) to energize TS.
      • RTD state machine: Firmware must implement a state machine: TS_OFF β†’ TS_ACTIVE β†’ RTD_PENDING (brake+start required) β†’ RTD_ACTIVE. On any shutdown event, state must fall back to TS_OFF and require full RTD sequence to re-enter RTD_ACTIVE.
      • Torque command output: CAN message to motor controller(s) carrying requested torque (0 Nm until RTD_ACTIVE).

Ready-To-Drive Sound (RTDS)

  • Car emits a characteristic sound once (1–3 seconds, β‰₯ 80 dBA at 2 m) upon entering RTD mode
    • Firmware/Signals:
      • Digital output (GPIO or PWM) drives buzzer/speaker relay or amplifier.
      • Firmware fires RTDS output for a fixed duration (e.g., 1.5 s) exactly once on transition to RTD_ACTIVE state.
      • Firmware must not re-trigger RTDS on subsequent accelerator presses or spurious events.
      • Sound duration timing implemented via a hardware timer or RTOS task with a one-shot flag.

Brake Light

  • Brake light activates with sufficient brightness visible in bright sunlight upon brake press
    • Firmware/Signals:
      • Brake pedal sensor (analog pressure transducer or digital switch) β†’ ADC or digital input.
      • Firmware reads brake input; above a defined threshold, drives brake light output (digital output to relay or LED driver).
      • Threshold value must be defined and validated in firmware configuration.

APPS / Brake Pedal Plausibility Check

  • Torque stops when accelerator (>25%) and brake are pressed simultaneously; torque remains off until APPS < 5%
    • Procedure:
      1. Press accelerator β†’ confirm axle spins
      2. With APPS > 25%, press brake β†’ axle must stop
      3. Keep APPS > 25%, release brake β†’ axle must remain stopped
      4. Slowly release APPS β†’ axle may resume rotation once APPS < 5%
    • Firmware/Signals:
      • APPS1 & APPS2: Dual analog inputs (ADC channels); firmware averages or validates both, producing a single pedal % value.
      • Brake pressure sensor / switch: Analog or digital input; firmware detects any brake application above threshold as "brake active."
      • Plausibility logic: If APPS > 25% AND brake active β†’ set torque request to 0 Nm. Latch this condition.
      • Release logic: Torque request remains 0 Nm until APPS drops below 5% (hysteresis), even if brake is released.
      • Torque command: CAN message to motor controller must reflect 0 Nm during latched condition.

APPS Implausibility Check

  • Torque stops if APPS sensors are implausible (single sensor unplugged)
    • Procedure:
      1. Press accelerator β†’ confirm axle spins
      2. Unplug all but one APPS β†’ press accelerator β†’ axle must NOT spin
      3. Repeat for each APPS sensor
    • Firmware/Signals:
      • APPS1 & APPS2: Both analog inputs must be continuously read and compared.
      • Out-of-range detection: If any APPS signal is outside its valid voltage window (e.g., < 0.5 V or > 4.5 V for a 0.5–4.5 V sensor), firmware must flag it as implausible.
      • Deviation detection: If both sensors are in range but disagree by more than Β±10% for more than 100 ms, firmware must flag implausibility.
      • Response: On any implausibility condition, torque command set to 0 Nm immediately. Must not self-reset until both sensors return to valid/agreeing state.
      • CAN output: Motor controller receives 0 Nm torque request.

Brake System Plausibility Device (BSPD)

  • BSPD shuts off TS within 0.5 s when brake is pressed and motor power exceeds 5 kW
    • Procedure:
      1. Enable TS
      2. Press and hold brake
      3. Ramp simulated current to 5 kW at nominal voltage
      4. TS must shut off within 0.5 s
      5. Release brake and turn off current β†’ TS must NOT auto-recover; driver must not be able to reactivate TS
    • Firmware/Signals:
      • BSPD hardware circuit: Typically implemented as a dedicated hardware comparator circuit (not purely firmware). Firmware must not interfere with this circuit's ability to open the shutdown loop.
      • Brake sense signal: Analog or digital brake input used by both firmware and BSPD circuit.
      • Current/power sense: Energy meter current reading (CAN) or a dedicated current transducer (analog input). Firmware monitors power = V Γ— I; BSPD hardware independently compares against 5 kW threshold.
      • Shutdown loop: BSPD output hardwired into shutdown circuit. Firmware detects resultant shutdown circuit open.
      • Non-resettable latch: Firmware must not allow TS re-activation after a BSPD fault without an explicit driver reset sequence (e.g., cycle the TS master switch and repeat RTD sequence). Auto-reset is not permitted.

Energy Meter β€” Post-Test Data Verification

  • Energy meter functional: voltage, current, and temperature data downloaded and verified as reasonable
    • Firmware/Signals:
      • Energy meter CAN node must have been transmitting continuously during all high-voltage tests.
      • Firmware (or a CAN data logger) must have captured voltage, current, and temperature frames.
      • Download interface must be accessible (USB, SD card, or CAN sniffer).
      • Verify: voltage β‰ˆ expected pack voltage, current β‰ˆ expected draw during motor tests, temperature within safe operating range.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Fields

No fields configured for Task.

Projects

Status
No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions