A satellite spacecraft is generally composed of a central Control and Data Management Unit (CDMU) and several instruments, each one locally controlled by its Instrument Control Unit (ICU). Inside each ICU, the embedded boot software (BSW) is the very first piece of software executed after power-up or reset. The ICU BSW is a nonpatchable, stand-alone, real-time software package that initializes the ICU HW, performs self-tests, and waits for CDMU commands to maintain on-board memory and ultimately start a patchable application software (ASW), which is responsible for execution of the nominal tasks assigned to the ICU (control of the satellite instrument being the most important one). The BSW is a relatively small but critical software item, since an unexpected behaviour can cause or contribute to a system failure resulting in fatal consequences such as the satellite mission loss. The development of this kind of embedded software is special in many senses, primarily due to its criticality, real-time expected performance, and the constrained size of program and data memories. This paper presents the lessons learned in the development and HW/SW integration phases of a satellite ICU BSW designed for a European Space Agency mission.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.