Design and validation of the boot software for the instrument control unit of the PLATO mission

PLAnetary Transits and Oscillations of stars (PLATO) is a mission belonging to the European Space Agency Cosmic Vision program which objective is to find and study extrasolar planetary systems. PLATO is composed of 26 telescopes which will observe uninterruptedly Sun like stars in order to identify a periodic decrease of the star brightness indicating the possible transit of an exoplanet. The PLATO on-board Data Processing System (DPS) consists of an Instrument Control Unit (ICU) and several distributed Digital Processing Units (DPUs) connected together by a SpaceWire network. The ICU collects and compresses scientific data from the DPUs and it implements the main data interface towards the satellite for telemetry and telecommands. The focus of this paper is on the Boot Software (BSW) of the ICU. The BSW is executed on a LEON3FT processor to perform system initialization, hardware checks, telecommand/telemetry management and the start of the ICU Application Software (ASW) responsible of the PLATO sub-system management necessary for the mission objectives. ICU BSW is the only boot software on-board PLATO and its high criticality level requires stringent verification/validation activities and a high-quality control of the software product which is achieved through extensive quality plans, multi-level testing and static analysis of software code. This paper describes the BSW dependable architecture along with the methods used to achieve the required performances, including FDIR techniques. Two engineering models of the ICU are going to be developed and the foreseen functional and performance tests will be presented in this paper.