Dual inputs
In microcontroller-based embedded systems, it is imperative to provide a means of triggering system reset to take care of software runaways. Many such remedies involve the implementation of an external watchdog timer, software watchdog timer, or some other software strategies while others use power on reset (POR) as the best alternative.
In automotive systems, however, fault conditions in which a signal shorts to ground, even if only momentarily, are common enough that depending on a watchdog signal for system reset is risky. A power-up reset would be more reliable, but removing and reconnecting the battery supply to the automotive electronic control unit (ECU) can be laborious and take considerable time. An alternative approach leverages the inhibit input of an automotive system’s power-supply regulator circuit to provide a reset mechanism.
The heart of the automotive reset circuit is transistor Q1 (BC817B), which is used as a switch to provide a control signal to the system power-supply chip’s inhibit (RESET) input (see the figure). (The power-supply regulator chip used in this design was the Infineon TLE7272B.) For the power-supply chip to be in active condition, this inhibit signal should be high (+4 to +20 V).
Two signals, from different sources, drive transistor Q1 in a wired-OR configuration. One signal is the external watchdog, which is normally +5 V but turns low if the CPU enters a runaway condition. The other signal comes from SW1, a normally open momentary contact switch for a user to press. There is no upper limit on the duration of this press, but the contact should last for at least 50 ms to ensure the power-supply chip responds reliably.
Switch signal SW1 is not neccessarily meant to be a dedicated input. But it can be tapped from any existing inputs coming to the electronic control unit, as long as it has a monentary switch, a low active level, a a 20-mA maximum current. This switch can be used for other functionality as well, and it will be used for POR only when SW2 is turned LOW (CPU rnaway condition).
Under normal operation, pull-up resistor R2 keeps transistor Q1 turned OFF, with current-limiting resistor R3 maintaining the minimum voltage drop from base to collector. With Q1 OFF, pull-up resistor R1 keeps the power-supply chip in active condition by holding the RESET pin at the battery voltage. R1 has a value of 100 kΩ to keep the current into the pin below 1 mA.
During software runaway, the watchdog timer signal goes LOW. However, the wired-OR also requires SW1 to be pressed for anything to happen. This dual-action requirement ensures that a short to ground on one signal does not trigger an undesired system reset, nor will pressing the switch when the watchdog timer indicates normal software operation.
When the watchdog timer is LOW and the user presses SW1, however, transistor Q1 will turn ON, pulling the power-supply reset pin low and shutting off power to the ECU. Releasing SW1 then turns the Q1 back OFF, restoring power to the ECU and triggering the power-on reset cycle.
The only requirement on the PNP transistor used for this design is that it should have good collector current characteristics. The transistor’s hfe is not very critical. Bias components are sized for operation with VBAT1 between 9 V and 16 V dc.