In space missions, boot software is in charge of the initialisation sequence of flight computers. The processor module in which it runs has a high tolerance to radiation, although not all devices have the same tolerance level. A boot software design capable of recovering from errors in the most vulnerable devices shall provide greater system reliability. This work has been carried out in the context of the boot software development for the control unit of the Energetic Particle Detector instrument on-board the Solar Orbiter mission. This mission operates close to the Sun where high-energy particles can cause single event effects on electronic devices, especially SDRAM and EEPROM, which show lower radiation tolerance than the other devices. This fact motivates this work, where a sensitivity analysis of the incidence of single event effects on the behaviour of the boot software is carried out. Specifically, a fault injection environment has been used to analyse the effect of “stuck-at” bits on the boot software ability to deploy and pass control to the application software. The results show the boot software vulnerability to this kind of permanent effects and have led to the implementation of a reliability-oriented design, presented in this paper.

在太空飞行中，启动软件负责飞行计算机的初始化顺序。尽管并非所有设备都具有相同的公差级别，但运行该处理器模块的处理器模块对辐射具有较高的公差。能够从最易受攻击的设备中的错误中恢复的引导软件设计应提供更高的系统可靠性。这项工作是在“太阳轨道”飞行器任务中为高能粒子检测仪仪器的控制单元启动软件开发的过程中进行的。此任务在靠近太阳的地方进行，在太阳附近，高能粒子会对电子设备（尤其是SDRAM和EEPROM）造成单事件影响，这些电子设备的辐射耐受性比其他设备低。这个事实激励着这项工作，其中对单个事件的发生率对引导软件的行为的影响进行了敏感性分析。具体来说，故障注入环境已用于分析“卡住”位对引导软件部署和将控制权传递给应用软件的能力的影响。结果表明，引导软件容易受到这种永久性影响，并导致了本文介绍的面向可靠性的设计的实现。