DIY VCM
DIY VCM (Vehicle Control Module)
While re-using all power electronics components from the donor cars makes sense. My idea is to create a DIY version of what Nissan call a VCM, so I’ll stick with that nomenclature here as well. The VCM is the control unit that manage all main functions of the vecicle and control all other components.
The easiest way to follow the development is through this GitHub repository that will contain both the hardware and firmware.
Safety
Since this VCM will be used to control a car moving at high speeds and the electrical system contain dangerously high voltages, safety is very important. The VCM will support the overall safety. There are two major things that need to be managed by the safety system:
- Traction torque
- High voltages
Safe state
In case of a critical failure the car will be taken to a safe state by disconnecting the high power supply through the battery contactors and the 12 V logic feed to the traction inverter. This will both prevent the motor/inverter from producing torque and remove the risk of electrical injuries.
VCM safety design
The VCM will have dual microcontrollers where one will be running the main application and one will be responsible for monitoring critical signals and that the application in the main MCU is executing as expected. The main and monitor applications will also communicate through a serial connection.
- Both MCU’s will read and cross-check the dual channel input from the accelerator pedal
- The monitoring MCU will have read access to the EV-CAN bus and monitor that the torque request from the main application is reasonable
- The monitor MCU will control the high-side switch for the pre-charge- and main-contactors and the inverter logic power.
- The main MCU will controll the low-side switch of the pre-charge and main-contactors.
- The main MCU will send watchdog counters over the serial port
- The monitor MCU will be able to disable the EV-CAN transciever and as a final option reset the main MCU.
Hardware
The PCB is created in the open source KiCad software.
Enclosure
The idea is to use the pretty robust ModICE ME-MX 24 enclosure.
Microcontrollers
The main formware will run in an STM32F405RB microcontroller and there will be a smaller STM32F091CC for monitoring the main application.
I/O
The VCM have two 12-pin Molex MX-150 connectors
| Pin | Left | Right |
|---|---|---|
| 1 | GND | GND |
| 2 | CAN1 Low | CAN2 Low |
| 3 | CAN1 High | CAN2 High |
| 4 | BRAKE1 | TBD |
| 5 | BRAKE2 | TBD |
| 6 | +12V IN | CRANK |
| 7 | GND | GND |
| 8 | TBD | High side out |
| 9 | EXT 5V | EXT 5V |
| 10 | ACC1 | DIR_R2 |
| 11 | ACC2 | DIR_R1 |
| 12 | +12V IN | IGNITION |
CAN1 (high/low)
Used to communicate with EV-CAN nodes. This is available to both the main and the monitor microcontroller
CAN2 (high/low)
Used to communicate with auxillary CAN nodes like the instrument cluster. This is only avaliable to the main controller.
High side out
High side driver providing +12V to the high side of the main and pre-charge high voltage contactors.
+12V IN
Main feed from the 12V battery
Ignition
+12V when the ignition switch is in the ignition position.
Crank
+12V when the ignition switch is in the crank position.
Accelerator input (ACC1/ACC2)
Dual channel input from the accelerator pedals.
Brake input (BRAKE1/BRAKE2)
Dual channel input from the brake sensor
Direction input (DIR_F1/DIR_F2 and DIR_R1/DIR_R2)
Dual channel input from the direction selector. Forward/Reverse momentary switches mounted on the gear lever.
External 5V feed
5V output to accelerator pedal hall effect sensors and the momentary switches on the brake pedal and direction selector.
Firmware
The firmware will be developed using the Rust programming language. Both because it provides a lot of nice security features and it is very nice to work with.
Bootloader
At some point, I will create CAN-based bootloaders for both microcontrollers to enabling updating of them without opening the enclosure. One option could also be to use the builting ROM-bootloader in the STM32 parts. They should be connected so that the ROM-bootloaders configured CAN-bus in on CAN1 and CAN2 respectively.
Monitor application
The monitoring microcontroller will run a fairly simple application monitoring the functionality of the main application and with the possibility to disable the high voltage contactors if something goes wrong.
More information in this post.
Main application
TBD