ESA

1
ESAs view strategy regarding Actel RTSX-S
antifuse reliability problem

Agustin Fernandez Leon ESA/ESTEC/TEC-EDM
2
Collecting / Assessing / Distributing info
USA projects reported failures 11 ?

ACTEL tests
NO ESA tests
ITT tests
NASA tests
ACTEL briefings / White Papers
NASA OLD News on-line info
NASA GSFC Advisories
Monthly ESA-NASA (NEPAG) teleconfs
ESA projects reported failures 2 ?
ESA Problem Notifications (20-9/15-10-04)
ESA Alert EA-2004-EEE-07-A (12-11-2004)
CNES, EADS, EU Industry analysis
3
ESA alert EA-2004-EEE-07-A

• Issued 12 Nov 2004 by ESA/ESTEC TEC-Q
• Sent to all ESA Projects PA and all ESA staff,
  European Space Agencies and Industry in ESA
  Alert system (http//www.estec.esa.nl/qq/alerts/)
  .
• Contained problem description, suspected cause,
  ESA recommended actions, manufacturer (Actel)
  reply,etc.
• Preceded by earlier Problem Notifications,
  distributed only internally. ESA Projects were
  informed and feedback requested.

4
HERSCHEL
ESA RTSX-S failure cases
CRYOSAT

• 1 RT54SX72S in the MMFU failed after extensive
  AIT test. Slower antifuse line (from a nominal
  delay of 4 ns to 400 ns). ACTEL FA still
  on-going.

• 1 RT54SX32S suddenly failed after a few hours in
  FM board tests. Failure signature currently
  being investigated.

5
ESA recommendations (1/2)

• Completely in line with NASA
  advisories
• Do not use RT54SX32-S nor RT54SX72-S in QM or FM
  units. RT54SX32-SU and RT54SX72-SU are valid
  alternatives.
• If RTSX-S devices have to be flown, assess
  impact of potential antifuse failures on mission.
  Define / implement mitigation plans.
• Use latest available programming SW 3.81/4.44
  or higher, log all programming activity, follow
  calibration routines.

6
ESA recommendations (2/2)

• Maximize hours/test coverage of on ground
  system test
• Test at high T (to accelerate any infant
  mortality)
• Test at full speed / F margins (to unmask long
  delay paths)
• Respect manufacturer datasheet, special care to
  I/O V limits.
• 
  Stay informed of on-going
  tests (ACTEL, ITT and NASA), as the antifuse
  reliability problem is not yet fully understood,
  and new data could lead to new guidelines for
  safer use of the old and new components/programmin
  g SW.

7
ESA Projects whats happening

• Widespread concern (RTSX-S antifuse failure
  cause/signature is not well understood, risks
  cant be eliminated completely RTSX-SU new
  components, uncertainty over parts availability,
  higher ESD sensitivity)
• Every project is assessing its own situation and
  adopting solutions, on a system-by-system,
  unit-by-unit basis.
• Primes, sub-contractors and ESA PA and technical
  officers are involved in the analysis /
  discussions / decision making.

8
Tailoring ESA recommendations for each ESA
project

• components/board/unit spares?
• Redundancy/Fault tolerance at any levels?
• Anti-fuse failure potential impact on mission.
  Criticality?
• New risks if replacing MEC by UMC? (board
  damage)
• Additional costs / time (procuring new parts,
  new tests)

9
ESA Projects whats happening

• Only a few projects not affected (ATV, METOP,
  MSG and VEGA) However, in most new ESA projects
• Many RTSX-S FPGAs are being used in various
  control units/instruments (Aeolus, GOCE, Cryosat,
  Herschel, Galileo, SMOS,VenusX) ( 10 /80 parts
  per project)
• Additional testing and selective use/replacement
  (UMC instead of MEC). First UMC parts have
  already been procured, and many more are expected
  in following months.

10
Thanks to all teams doing tests and sharing the
results

ACTEL tests
ITT tests
NASA tests
Thanks to NASA Office of Logic Design for
organizing this briefing