Safety
Lynx incorporates several functions for achieving higher safety.
/safetyopts parameter
This parameter is used for enabling/disabling safety features. If is bitwise parameter.
| Bit | Description |
|---|---|
| 0 | Forever disarm from throttle signal (sig_acc) if is NaNEven if this is not set, the NaN on throttle disarm, but after NaN is cleared, it allows arm. |
| 1 | Disarm from brake signal (sig_brake) if is NaN |
| 2 | If sig_brake is NaN, force brake mode and prevent any acceleration. |
| 3 | Do not recover from timeout on CAN msg 0x5FF |
| 4 | Disable timeout on CAN msg 0x5FF. |
Disarming block
In-built safety system. It can check several inputs and based on its values, the throttle signal path can be disabled (before entering the driver) together with the cruise function. This ensures that the motor will not accelerate from the throttle path and cruise is deactivated if there is a safety risk. The overall structure is shown in the picture below.
Disam reason
There are several sources, considered as potential safety risk initiators. These sources are result in the disarm state of the device. This is list of potential sources:
- If the value is positive, the device will recover from the disarm state
- If the value is negative, the device will stay in the disarm state until the reboot
/disarm_reason value | Description |
|---|---|
| 0 | Device is armed |
| 1 | Default value after device boot |
| 2 | Throttle signal (sig_acc) is NaN |
| 10 | Seat switch is active |
| 11 | Disarm from activating the reverse |
| 12 | Disarm from changing the maps (mapopts&4) |
| 13 | Disarm from BMS state (undervoltage and other states) |
| 14 | BMS is reporting charging |
| 15 | BMS is in error |
| 16 | Device is shutting down |
| 17 | Identrun is in the process |
| 18 | Throttle signal (sig_acc) is NaN - disarmed forever (safetyopts&1) |
| 19 | Timeout from geofence message |
| 20 | Disarm command from geofence message |
| 21 | Any error state of the driver |
| 23 | Step-up charging (using the controller) is active |
| 24 | Device is in slave configuration |
| 25 | Braking from throttle disarm (drvopts&128) |
| 26 | Brake signal (sig_brake) is NaN (safetyopts&2) |
| 27 | Brake signal disarm the device !(drvopts&1) |
| 28 | Driver is overriden |
| 29 | Device is locked |
Reaction of majority of these inputs is hardcoded, but there is also option for parametrization of disarming block by parameters safetyopts, drvopts and mapopts.