Can you automatically switch between a main and backup battery power supply?

[bdunham7]

I think your idea of boosting the opamp power to 15V might work well.  Then he could still use the N-channel mosfets with their vanishingly low RDSon values.  Or, maybe redesign it for low-side switching using these same mosfets.  Then the 5V supply would work.

I still think going to 2S2P 18650s, without all this backup stuff, would serve him better.  And to get 8 amps, he may have to do that anyway.

We don't know what his load is or what the backup battery does, exactly.  It might be very intermittent and the backup is just to retain memory or something.  I don't think low-side switching is an option in his case.

Actually I think these "magic MOSFETS" would save the day at a reasonable price:

https://www.mouser.com/ProductDetail/Diodes-Incorporated/DML3006LFDS-7?qs=YCa%2FAAYMW01AVvNLyFJLCQ%3D%3D

They have logic and a charge pump to boost the gate drive all built into one 67-cent package and they run on 5 volts.  It appears they would work with the current circuit he has laid out.

Otherwise, yes, boosting the gate voltage seems to be the only sane way to do high-side switching, unless someone with more experience has a different idea.

[Peabody]

Those magic mosfets look very interesting.  Do you know of any that come in a more hobbyist-friendly package?

[logancane]

Thanks for the suggestions everyone!

Let me add some context if I may. The whole system is for a high altitude balloon that will be carrying some potentially expensive equipment. For this reason, my role in the project is to create an absolutely bulletproof reliable power supply. This is only one part of the larger system which includes a whole lot of independently regulated outputs, each with their own protection and redundancy.

I am also trying to build everything solid-state because it is not yet clear what effect the low pressure environment will have on the system. There will be low temperature too but that is taken care of with both the electronics dissipated heat plus an external heater.

The loads themselves include sensitive devices such as MCU's and radios, that's why I think it has to be high-side.

In reality, the power supply will likely be nowhere near 8A most of the time. There are three things that throw a spanner in the works. First, we must power an unknown payload that could be up to 25W. Secondly, there is a balloon termination system (detaches the parachute from the balloon prematurely if needed) which can draw up to 2A for about 15s and thirdly, there is a heater with bang-bang control (which as we do more research on this, the more unlikely it seems we are going to need it). Nevertheless, I am designing for a worst-case current situation where everything is on at the same time.

The reason for the backup battery is that it must be a physically separate power source. If the main battery fails or runs flat, we can terminate the balloon, switch off non-essential loads and bring it down safely. It was an oversight on my behalf to think I could do that with a standard 9V Lithium battery, or even a couple in parallel. I think what I might do is just use more 18650's unless anyone can think of a more energy dense battery that could be used (bearing in mind weight)?

If I swap the LDO out for a 15V boost converter, will this work?

Alternatively, I found this magic mosfet! And it has easy to use leads! (https://www.digikey.co.nz/product-detail/en/infineon-technologies/BTS6142DAUMA1/BTS6142DAUMA1CT-ND/3819676)
It's perhaps a little overkill being rated to 33A, and it is pretty expensive (4.26NZD) but it has some protection features which can act as a redundancy to Efuses I am already using elsewhere in the circuit. When I searched for magic mosfets (or load switches as they are officially names) this was the cheapest >10A rated one I could find that was in stock, had a minimum order of 1 and wasn't a QFN type package. I think for a one-off highly critical application such as this, it is worth it. One question I have about it though. The description of the input pin says "activates the power switch if shorted to ground". Does this mean that this is an active-low device? Also would I still need diodes given the power supplies are still facing each other?

Anyway, you have been an enormous help so far. Really keen to hear your suggestions.

Cheers!

[james_s]

That context is useful here.

IMHO the best way to get reliability is redundancy. If I were trying to do this, I would look at having 2 or 3 completely independent power supplies each consisting of a battery, regulator, etc, each capable of carrying the entire load on its own, that each connect separately to the DC bus powering the equipment via isolating Schottky diodes. You don't necessarily need to wait for one power source to fail for another to kick in, you just have them all feeding the bus at once and if one drops out for some reason the others will just keep carrying the load. There are methods you can use to load share between multiple power sources but it shouldn't really matter in this case, whichever one is producing a slightly higher voltage at the time will carry the load, it doesn't matter which one when they are all capable of doing the job on their own.

I'm sure you are already aware of this but a significant challenge of high altitude is that it is very cold, which is especially challenging in regards to batteries but other parts can have thermal issues too so be mindful of temperature ratings. Everything should be well insulated and you may even want to have heating elements that can be energized to keep the equipment bay from getting too cold.

[logancane]

That context is useful here.

IMHO the best way to get reliability is redundancy. If I were trying to do this, I would look at having 2 or 3 completely independent power supplies each consisting of a battery, regulator, etc, each capable of carrying the entire load on its own, that each connect separately to the DC bus powering the equipment via isolating Schottky diodes. You don't necessarily need to wait for one power source to fail for another to kick in, you just have them all feeding the bus at once and if one drops out for some reason the others will just keep carrying the load. There are methods you can use to load share between multiple power sources but it shouldn't really matter in this case, whichever one is producing a slightly higher voltage at the time will carry the load, it doesn't matter which one when they are all capable of doing the job on their own.

I'm sure you are already aware of this but a significant challenge of high altitude is that it is very cold, which is especially challenging in regards to batteries but other parts can have thermal issues too so be mindful of temperature ratings. Everything should be well insulated and you may even want to have heating elements that can be energized to keep the equipment bay from getting too cold.

Great suggestions, thanks for the response!

It will have a heater on it, though after talking to some people who have done this before, it actually sounds like cooling might be more of an issue. The electronics can generate a lot of heat and because it is in an enclosed space and because at high altitude there is almost no convection, getting the heat out can be a challenge. Anyway, that is the job of another team member to sort out. I think they are looking at wax motors and some really good heat sinking for that.

As for your suggestion, thank you for re-framing my initial assumptions. I guess there is no need for a switch per se. That said, there is no way I can have multiple power sources, all capable of driving the load for the full flight-time. That would be simply too much weight. Instead the goal is to have a power source that can power the load for the entire mission and a backup that has only enough power to terminate the balloon and then drive the essential loads (location updates and heater) and only for the time it takes to descend back to earth (+ slow location updates once there).

If I were to have both connected to the DC bus through a Schottky as you suggested, but have the backup at a lower voltage, is it true that the backup would only contribute power once the main battery cuts out either through failure or depletion? Also, I would need to look into ways of making the battery cut out instead of continuing to discharge.

Cheers

[james_s]

Yes, that was my next thought while reading your reply. If you have a backup source that is lower voltage but still high enough to keep the load operating then it will sit there and do nothing until the voltage of the primary source drops below what it is producing. You could monitor the current out of the backup supply (they make inexpensive high-side current measuring ICs for just this sort of thing) then you can tell when the main supply is having issues. You can also easily monitor the voltage on the primary and backup batteries to get an indication that there may be trouble brewing.

[bdunham7]

Yes, I think it will work if you have 15 volts--somebody correct me if they see a problem.

I think what you have found would work although I didn't scour the details.  Don't worry about the high current rating, it's not excessive overkill.  Components often have high ratings that while not fake, are unrealistic due to other constraints.  In this case, that would be heat dissipation and at 10A and 10mR, you have 1 watt.  A bigger package is a bit easier to design for.

As for whether you need to even do all this, I'm not sure I fully understand your load situation.

Is the main battery jettisoned or does the whole thing come back together?

Is it accepted that once the main battery is depleted or fails, the high-power functions will become unavailable and the backup battery will only power certain lower-power things?

Does everything need to be on the same power bus?

How cost-constrained are you?  What is your weight budget for the batteries and this controller?  How long does the balloon stay up and at what altitude?

[Peabody]

If you use diodes, the battery with the highest voltage will always power the load.  That's because the diode of the other battery will be reverse-biased, so no current will flow through it.  If the primary battery fails suddenly, then the transition will take place quickly.  But if it's just that the primary is depleting normally, then there will be a point at which the voltages are equal, and I think from that point on, both batteries will be supplying current, and both will be depleting together.  I'm not sure that would work for you.

You also have to consider that you will always have some voltage drop with diodes - at least 0.3V - and if you're passing amps of current the heat generated could be significant.  And of course the heat is just wasted battery power.  But mosfets can drop voltage too even with ultra-low RDS if the current is high enough.

The other thing is that you will also need to know that the backup has started supplying current so you can take whatever shutdown action is needed at that point.  So in addition to the diodes, you will need some way to read the voltages of the two batteries.

And while I'm thinking of it, I'm gonna suggest that you consider using unprotected 18650s.  The problem is that anything that causes even a temporary high current could trip the protection circuit, and that would completely shut off the battery.  I know there are reasons to use protected batteries, but you'll just have to consider what the risks are each way.  I believe quadcopter jocks use unprotected batteries so the drone won't suddenly fall from the sky because it has tripped the overdischarge protection.  Better to limp home and ruin a battery by overdischarge than lose the aircraft.

[james_s]

Monitoring current out of the backup battery will also tell you when something is drawing from it. That's a good point about both batteries draining at the same time once the voltage is equal, I don't think that is undesirable though as long as you know the backup battery is being loaded it makes sense to still keep extracting what you can from the primary battery.

Yes RC aircraft including multirotors use unprotected batteries, usually li-ion pouch cells usually called LiPos. I fly electric model airplanes that use the same sort of batteries and even a smallish plane can pull 30-40 amps from the battery continuously at full throttle, a protection circuit that could handle that would be bulky and heavy, and it would be another potential single point of failure. For a lower draw protection should not really be a problem, I think some protected cells will auto-reset as soon as the overload is removed. Might make sense to build a custom battery pack that has its own BMS chip in it, or repurpose an off the shelf laptop battery. Lots of battery options that would work.

[Peabody]

But if the primary and backup are going to discharge together, you're better off just adding 18650s in parallel to the primary, and doing away with the diodes.  They still discharge together, but you have longer battery life because you aren't dissipating heat in diodes.

Every time you add a protection or safeguard, that's another potential point of failure, and another opportunity to abort the mission prematurely.  So suppose some function switches on and there's an inrush current that temporarily drops the primary battery voltage below the switchover level.  Are you going to abort because of that?

This brings up another issue the OP mentioned originally, and that's not wanting to use a processor to control this stuff.  I think something like an ATTiny85 8-pin controller could read the battery voltages and make decisions that include the passage of time, and control the mosfets or magic mosfets, and send a signal to the main controller (assuming there is one) to abort if that's needed.  And I don't think it would be any less reliable than the opamps or comparators.

I don't know how much leeway he has with what has to be included.  If it were up to me, I think if I couldn't provide a redundant full power supply because of weight, I would just make the power supply a simple and foolproof as possible and hope for the best.  I might, however, power the locator function completely separately to give it the best chance of working no matter what else happens.

[JustMeHere]

Take a look at the schematic for Sparkfun's ESP32 Thing.  It has an answer.

[logancane]

Sorry I disappeared for a bit there, had more urgent things to work on. Anyway, I went away and worked on a new version and then only saw your replies just now. It seems I have implemented some of the things mentioned here already.

I have decided to use the "magic mosfets" mainly because they also have some monitoring functionality (such as battery voltage) and because they don't require a boost converter to turn them on.

As far as the type of 18650's is concerned. It was always my intention to use unprotected cells for the very reasons suggested here. Both this circuit and the others that come after it have multiple levels of protection with my goal being to time grade it, meaning that the POL protection will trigger before the protection further upstream. The idea is that if any of the separately regulated multiple loads that faults, its protection will trip and take it out before the main protections trips and takes the whole system out.

Ultimately I couldn't make the diode idea work because once I added up the worst-case voltage drops across the components on the main battery side it would require too low of a backup battery voltage, plus as I mentioned earlier I don't want to rely on an MCU to control anything (in this case to stop the main battery from overly discharging).

With that said, in the new design I have used the signals from an MCU as a backup which can take over control of battery selection. The way it works is that if a signal is sent from the MCU, the NOR gates will go low at the output causing the AND gates to also go low, which via the BJT's will cut Vcc to the opamps and thus kill the circuit. The backup load switches which are also controlled by the MCU will turn on and current will continue to flow. I figure this will happen slightly before the circuit turns off due to the signal delay through the gates but I think it will be ok, the load switches will just share and possibly circulate current momentarily.

I haven't calculated all of the values yet but I think in principle it should work. Keen to hear what you think, can you see any glaring mistakes?

[bdunham7]

Without component part numbers and values, nobody can really examine it.  Not that I'm promising to do so if you provide them--this is the next level of complexity and you're going to have to breadboard it.  Frankly I think you may have just introduced a lot of new ways that the circuit can fail.

If you look back a few posts, I asked a few questions about your requirements.  I actually think the the whole switchover thing may not be the best way to design your power supply.  Energizer L91 AA lithium primary batteries have about half the energy of a good 18650 Li-ion battery--3000mAh+ and 1.7 volts.  It takes two AA in series to come pretty close to matching a single 18650, but the L91AA weighs 15g, while a typical 18650 is 45-48g.  Thus the L91 AA gives you 50% more energy per unit weight.  They also have the additional benefit of working down to 40 degrees below zero.

I still don't know the details of your expected max power and energy requirements, but a 2SxP Li-ion pack would be 90x grams in cell weight, the equivalent 4SxP AA L91 pack would be 60x grams cell weight.  The AA L91s have a max discharge rate of 2.5A, so calculate from there and see if they work.

https://data.energizer.com/pdfs/l91.pdf

[Peabody]

Well, first a couple questions.

So the backup battery is a pair of 18650s - the same as the primary?

What magic mosfets are you using?  Are you sure they need the blocking diodes?

Are you going to simulate this circuit in LTspice?

I'm having trouble understanding the logic of all the BJTs and boolean stuff.  It seems T7 and T8 are switching ground into the LDO.  Shouldn't their emitters be connected to something high?  Also, you seem to  be missing series base resistors on T2, T3, T5, T6, T7 and T8.  And I'm not sure what R15 and R18 do.

Well, I'm glad you've decided on such a simple, reliable circuit like this rather than using an MCU.  Let's see.  Two opamps, two NOR gates, two AND gates, an LDO, four diodes, four NPNs and four PNPs.  What could possibly go wrong?

Edit:  You have the NOR and AND ICs powered from the load.  I guess that's ok, but would want to think about it.  And what's powering the backup MCU?

[logancane]

Unfortunately it seems the AA's wouldn't have the current capability. We are looking at potentially topping out at 9-10A in the most extreme case. I also need separate batteries for the situation that one fails. I don't know why it would but that is the design criteria. Although the have the same voltage, the main batteries will have more in parallel so they will definitely do the bulk (hopefully all) of the work.

Anyway I read the suggestions and came up with a circuit that seems to work on LTSpice (attached). As it was alluded to, the BJT stuff was complete nonsense. I thought I was going to have to drive more current than I actually was and as was pointed out I had half of them connected to the wrong place. The new circuit doesn't have any of that except a FET to drive the N-channel load switch I ended up going with.

I've also attached two plots that demonstrate what I'm trying to achieve.

One shows the automatic transition from main to backup during normal discharge (albeit in 30sec) by using the comparator circuit. You can see the Schmitt trigger working by the difference in crossover voltage during discharge and charging. I found that without it, there was in fact some jitter as the load voltage crossed the threshold.

The other plot demonstrates a MCU's ability to take authority if need be (perhaps it notices some curly behaviour going on). In this one, I set the "GPIO pin on the MCU" that is associated with the backup battery to logic high, thereby turning off the output of the NOR gate and thus turning off the LDO. You can see however that it actually tracks the main battery voltage first until it reaches the voltage of the backup battery. I'm not entirely sure why it does that. If anyone knows that would be handy. I think LTSpice treats 0V and GND as seperate things, because when I do a DC operating point analysis on it, it says the output from the gate is 0V, not ground. So perhaps I need to have a transistor switch with pull-down resistor? idk

Anyway, I guess the next step would be to build it in real life. Given that there are a few IC's on it,  I don't think I can breadboard the whole thing, but perhaps small parts of it like the comparator and logic circuitry?

To end on a question, how accurate are these LTSpice simulations? Do people actually rely on them enough to skip straight to ordering PCBs? I did have to lower the settings a few times on the way to getting one that would converge every time.

[Peabody]

I've just started using LTspice, so I don't know how reliable it is.  But I assume it has to make assumptions about typical values (gate threshold voltage, for example), while in reality individual parts will vary.  So it may be that to get some comfort with the results, you have to simulate with a variety of settings to make sure you aren't on the edge of something that could trip you up.

I haven't really studied the whole circuit, but I'm concerned about mosfets M1 and M2.  If the LDO is powered down, and the opamps are powered down, are the mosfet gates left floating?  Also, what is the state of the IN input of the magic mosfet if it is floating?  Is this possibly related to the issue about the output not switching over to backup when the MCU says it should?  Or did I misinterpret what you said?  If I understand correctly, you want the MCU, if it chooses, to dictate which batteries are used regardless of their voltage levels.

And again I would ask what's powering the MCU.

You might post the .asc file if convenient.

[logancane]

Thanks for that Peabody! I just added pull down resistors at the output of each opamp and sure enough it has fixed the issue.

Powering the MCU? Well that depends how much faith I have in this thing. The way I see it is that I have two options:

• I could trust the system to keep itself powered and power the MCU off of it, or
• I could power it using the highest voltage source using blocking diodes

I guess option 2 would be the sensible thing to do since the whole point of the MCU is to take over control when it is malfunctioning.

I will post the asc file when I get some spare time. I've used the manufacturer's SPICE models so I think you would need those too right?

[Peabody]

A third option would be to power the MCU from it's own battery.  Possibly a coin cell if the voltage is high enough.

I'm glad the pulldown resistors worked.  Don't bother with the .asc.  I was just curious.

[Peabody]

I wonder if there isn't a way to greatly simplify this.  Perhaps you could have only two magic mosfets, which would be directly controlled by boolean outputs.  The LDO would stay on, and the boolean inputs for each magic mosfet would be two GPIO lines from the MCU (so you would need four in total), and the output of the opamp.

So if GPIO1 is high, the mosfet would be on no matter what.  If GPIO2 is high, it would be off no matter what.  If both are low, the opamp would decide.  If both are high, that could be an illegal state, or the same as both low.  I don't have time now to work on this, but you might make up a truth table that reflects what you want, and then find the right logic chip that provides it - a dual something or perhaps a quad something.  Anyway, then you wouldn't need the mosfets either.

[Peabody]

Let's suppose you have only two power switches, one for the primary batteries, and the other for the backups.  The LDO stays on.  Each switch is powered by an N-channel mosfet or NPN transistor which grounds the IN pin to turn on the switch.  The gate/base of the transistor is connected through a resistor to the output of a CD4051 analog multiplexer (available in DIP, SOIC and TSSOP).  That chip has three selection inputs, 8 analog inputs, and one analog output.  Based on the selection, one of the inputs is connected to the output.

The selection inputs are GPIO1, which goes high if GPIO2 is to determine the state of the switch regardless of the opamp outouts, the GPIO2 line itself, and the opamp output.  For each possible combination of these selection inputs, you decide what the output should be, and then tie the corresponding input pin to Vcc or ground.

So for the entire circuit you would need two CD4051's and four GPIO lines, but only two magic mosfets, and you wouldn't need the NOR gates.