A satellite spacecraft is generally composed of a central Control and Data Management Unit (CDMU) and several instruments,\neach one locally controlled by its Instrument Control Unit (ICU). Inside each ICU, the embedded boot software (BSW) is the\nvery first piece of software executed after power-up or reset. The ICU BSW is a nonpatchable, stand-alone, real-time software\npackage that initializes the ICU HW, performs self-tests, and waits for CDMU commands to maintain on-board memory and\nultimately start a patchable application software (ASW), which is responsible for execution of the nominal tasks assigned to the\nICU (control of the satellite instrument being the most important one). The BSW is a relatively small but critical software item,\nsince an unexpected behaviour can cause or contribute to a system failure resulting in fatal consequences such as the satellite\nmission loss. The development of this kind of embedded software is special in many senses, primarily due to its criticality, realtime\nexpected performance, and the constrained size of program and data memories. This paper presents the lessons learned in\nthe development and HW/SW integration phases of a satellite ICU BSW designed for a European Space Agency mission.
Loading....