Safety features
Lynx implements multiple functions to enhance operational safety.
/safetyopts Parameter
This bitwise parameter controls the enabling/disabling of safety features.
| Bit | Description |
|---|---|
| 0 | Permanently disarms from accelerator signal (sig_acc) if NaNWithout this setting, NaN on accelerator still disarms but allows rearming once NaN clears. |
| 1 | Disarms from brake signal (sig_brake) if NaN |
| 2 | Forces brake mode and prevents acceleration if sig_brake is NaN |
| 3 | Prevents recovery from timeout on CAN msg 0x5FF |
| 4 | Disables timeout on CAN msg 0x5FF |
Disarming Block
The built-in safety system monitors various inputs and can disable the accelerator signal path (before entering the driver) and cruise function when safety risks are detected. This ensures the motor won't accelerate from accelerator input and cruise remains deactivated during potential safety risks. The system structure is illustrated below.
Disarm Reasons
Various sources can trigger safety risk conditions, resulting in device disarming. The following list details potential sources:
- Positive values: Device will recover from disarm state
- Negative values: Device remains disarmed until reboot
/disarm_reason value | Description |
|---|---|
| 0 | Device armed |
| 1 | Initial state after device boot |
| 2 | Accelerator signal (sig_acc) is NaN |
| 10 | Seat switch activated |
| 11 | Reverse activation disarm |
| 12 | Map change disarm (mapopts&4) |
| 13 | BMS state disarm (undervoltage and others) |
| 14 | BMS charging indication |
| 15 | BMS error |
| 16 | Device shutdown in progress |
| 17 | Identrun in progress |
| 18 | Accelerator signal (sig_acc) NaN - permanent disarm (safetyopts&1) |
| 19 | Geofence message timeout |
| 20 | Geofence message disarm command |
| 21 | Driver error state |
| 23 | Step-up charging active |
| 24 | Device in slave configuration |
| 25 | Accelerator disarm braking (drvopts&128) |
| 26 | Brake signal (sig_brake) NaN (safetyopts&2) |
| 27 | Brake signal disarm !(drvopts&1) |
| 28 | Driver override |
| 29 | Device locked |
While most input reactions are hardcoded, the disarming block can be customized through the safetyopts, drvopts, and mapopts parameters.