Piss Poor On-Board Switching Power Supply - How not to design a Switching Supply

[daveyk]

Take a look at this snippet from a schematic.  It is the on-board +3.3volt power supply derived from 12volts BATT (actually a Lambda Power Supply).

I think this would be a great video for Dave to show how not to design an on-board supply for your FPGAs, D/A's, PowerPCs and what-not.  If one of three components fails (N64, V79 or V80, everything on the +3.3v rail then received +12volts and none of the parts likes that.  It basically destroys the board and makes it non-repairable.

I wish I could insert and images of the schematic in the message rather than having to have you download the PDF, but if there is a way, I dunno it.

Would there be anything that could be done to instruments to protect against this failure?

[langwadt]

it is just a standard synchronous buck converter, what do you suggest instead?

[xavier60]

When I used to repair laptop computers I noticed that many Buck controllers had built in Crowbar protection.
They were capable of leaving the low-side MOSFETs on when output over voltage is detected.
Not sure if it would always be effective.

[BreakingOhmsLaw]

A fuse and a clamp (hefty 3V6 zener diode for example) on the 3,3V rail would fix this.
Tranny fails short -> 12V into 3V3 rail -> Zener short circuits it down to 3,6V -> mucho current -> fuse blows -> lights out.

Or you can use some schottky diodes in series of you want it faster.

[daveyk]

it is just a standard synchronous buck converter, what do you suggest instead?

I dunno, that's why I am here.  It seems pretty bad when a single component failure can destroy all the +3.3volt parts on a PCB. 

There should be a design that if the switcher chip fails, it just doesn't generate any voltage?  That would require a switching transformer I guess.

[daveyk]

When I used to repair laptop computers I noticed that many Buck controllers had built in Crowbar protection.
They were capable of leaving the low-side MOSFETs on when output over voltage is detected.
Not sure if it would always be effective.

In this case, I think it is the LTC1148 that fails and when it does, the P-Drive goes LOW and shunts the input 12volts to the output.  Dumb.  Maybe use N-CH to switch?  That way when the LTC burns up, its low output shuts all power off?  I dunno, I'm not an engineer.  It just doesn't seem right without a fail-safe method to keep from blowing a NETWORK interface chip, and FPGA (unobtainium now) and two unabotainium DSP chips, and A/D Cvtr and some other support chips.

Obviously this was a cheap solution to keep from needing to use a small switching transformer (which may have radiated a lot of RF noise).  Then the damn transformer would have shorted and they would be unabtainium, but at least that would possibly provide another repair path than detroying all the +3.3v parts.

[daveyk]

A fuse and a clamp (hefty 3V6 zener diode for example) on the 3,3V rail would fix this.
Tranny fails short -> 12V into 3V3 rail -> Zener short circuits it down to 3,6V -> mucho current -> fuse blows -> lights out.

Or you can use some schottky diodes in series of you want it faster.

Here is a nice one: https://www.digikey.com/en/products/detail/fairchild-semiconductor/BZX85C3V6/12599277

I wonder if would act fast enough in the event the LTC1148 fails (which is common on the +5volt rail for some reason (luckily there are only 7 TTL chips that fry)? 

Can you help me understand how adding a Shottky diode to a zener would help make it faster?

Thanks much.

[langwadt]

A fuse and a clamp (hefty 3V6 zener diode for example) on the 3,3V rail would fix this.
Tranny fails short -> 12V into 3V3 rail -> Zener short circuits it down to 3,6V -> mucho current -> fuse blows -> lights out.

Or you can use some schottky diodes in series of you want it faster.

Here is a nice one: https://www.digikey.com/en/products/detail/fairchild-semiconductor/BZX85C3V6/12599277

I wonder if would act fast enough in the event the LTC1148 fails (which is common on the +5volt rail for some reason (luckily there are only 7 TTL chips that fry)? 

Can you help me understand how adding a Shottky diode to a zener would help make it faster?

Thanks much.

that little zener is not going to keep the voltage down supplied from 12V and shortly after it tries it'll explode

[Gyro]

that little zener is not going to keep the voltage down supplied from 12V and shortly after it tries it'll explode

The secret is to size it so that it fails short rather than exploding (and doesn't clamp too high while it's in the process).

[daveyk]

"that little zener is not going to keep the voltage down supplied from 12V and shortly after it tries it'll explode"

Yea, but there would be a fast acting 1AMP fuse (or 1amp polyfuse) in the +3.3volt line before the zener.

It may be ideal that the zener would short.  My guess is that it would open.  Would it explode before the fuse can blow?

[T3sl4co1l]

Note that low voltage zeners aren't much better than 5-6V zeners, due to the softness of the knee.  The clamping voltage will still be in the 7-10V range, give or take.  The main difference then, is the extra leakage that low-voltage types have.

The preferred LV clamping solution is a crowbar.  SCRs capable of sinking the brunt of that, are readily available.  Maybe not DPAK size, but D2PAK/TO-220 certainly.

The 12V supply then needs a fuse, which can be a PolyFuse type.  Check fusing I^2t against SCR, and consider input supply rating.  If the supply is capable of several times the fuse rating, it's probably worthwhile using a fuse.  If not, then the crowbar likely browns out the supply, rather than clearing the fuse; it'll sit there in current limit or hiccup, while the SCR remains latched on, never blowing the fuse, and potentially putting the supply in danger.  (Hiccup is usually a low-power condition, so, safe to sit in for extended periods of time.  Current limit, depends; it may get hot, it may not last forever; sometimes current limits are more of an afterthought unfortunately.)  In that case, you may prefer a supply with latched overload (stays off), and the fuse won't really matter.

Or the hiccup mode stays off for long enough that the SCR clears, and the cycle repeats from a higher turn-on voltage.  Which I guess puts some wear on the SCR, but it should actually be fine with that, it's not much of a wear item within ratings.  Thermal cycling maybe?

Other options include:
- A second pass device, as an electronic fuse.  Could be a TI e-Fuse, could be anything else, could be a custom solution, whatever you like.
- Modify operation of the controller.  Example: add series gate resistor to PMOS, and hard clamp G-S when fault conditions are detected (Vout > threshold, high side pulse width too long, etc.).  Tweaks like this depend on likelihood of failure modes; you're not fixing the underlying problem (the PMOS could still fail), but addressing one of the effects that could lead to that end (controller failure cascading into load or PMOS failure).
- Note that the crowbar fits into this list as a "modify operation of the load" option.  You can open-circuit or short-circuit the input or output, to remove the hazard condition.  Whatever works, really.
- Just Don't Break It(TM).  More specifically: address environmental stresses that are likely to cause failure.  Clamp overvoltage transients, use conformal coating over the IC, mount the board firmly to avoid fracture of capacitors, solder joints, etc.; maybe mechanically isolate it, or fully encapsulate (pot) it.  It still has the internal single-failure-point condition, but you can do everything possible to prevent those failures from occurring.  Thermal cycling and aging/wear (semiconductors are nearly unlimited-life devices, except for a handful of effects which may still be relevant: electromigration, and hot-carrier injection in CMOS circuits, for example) can still occur, but they can be managed with suitable design.

And don't forget that it's always a value proposition.  If all it's protecting is a handful of TTL chips, or jellybean MCU or whatever, pfft, who cares, let 'em cook.  (TTL might even survive the 12V, crazy at that is...)  Maybe if it's a vintage unit with hard-to-find parts, and it's more than just obscure TTL, but rare ASICs or whatever too, you'd like to add such precautions.  Or it's a whack of high-performance FPGAs, and board failure means scrapping five digits USD of components.

By and large, PoL (point of load) converters are not exposed to stresses, at least beyond the occasional overcurrent (heavy/shorted load, should the supply be available on connectors, say), and have very little reason to fail suddenly.  And, by and large, commercial equipment isn't concerned with FMEA, so a single point of failure is acceptable.  And indeed, the billions of machine-hours these devices rack up, speaks testament to this judgement call.  So, you really need additional justification for taking such measures -- whether it's just very rare or expensive, or it's medical or military (critical life systems), or aerospace (where maintenance is patently impossible).

Tim

[daveyk]

Hi there, that was a beautiful details explanation. 

The main =12volt supply is NOT fused at all.  It comes direct from a LAMBDA off the shelf (no longer available) caged 12volt power supply.  I don't know what happens when a switching power supply such as that starts to fail.

The 5volt supply failing in this manor has not been a problem before.  There are not that many TTL chips (all SMT), but not real difficult to change and are jelly bean easy to get.  I have seen this supply pump through 12 volts three times before.

This is the first I found the +3.3volt supply, but it failed in the exact same manor pumping the 12volts straight through.  There is no fixing the damage.  The PowerPC Module is ~$1000 from the MFG and can only be programmed by them, the DSPs and FPGA are no longer available.  The D/A is.  The L80227 Ethernet chip only seems available from China and they are probably pulls.  So the large board is destroyed by this failure.  This is an industrial instrument no longer made. The company did want $10,800 for the PCB, if they have any left.

When I have seen the 5volt or the 3.3volt power supply fail, it has been the LTC1148 chip, or at least it is a consequence of what really failed.

I had a scrapped parts PCB that I put all the stolen parts from and fix it.  It is working perfect, but I have no more for the customer if this occurs again.

I didn't design the instrument and it is getting long in the tooth (first introduce in 2000 and sold until the beginning of this year).  It was a battery operated design (which never happened exactly) that was adapted to a 19" rack mains operated instrument operating off that Lambda switching A/C to 12volt frame supply.  They never really adapted it correctly as there are only mains fuses (that don't even blow when the Lamda supply dies).  Maybe it is spikes or surges coming in from that Lambda.  I don't know and will never know.

It doesn't sound like there is an easy retrofit for existing units to be at P.M.. 

[daveyk]

It seems to me if you have to have a 3.3volt on-board power supply that you wouldn't design it so that if the FETS fail or the switching chip smoked that you pass 12 volts to the 3.3v rail.  That is a very critical power supply.  I wonder how other instruments do things like that?  If you have an instrument that can potentially be operated from a +12volt power supply and need 3.3volts for you processor and other parts, how is it normally done?  A linear regular might be the best, but I think this draws just shy of 1 amp when running (but I am not 100% certain of that).  An ob-board 3.3volt supply with a switching transformer I would think would be better??

[Fraser]

In your situation I would recommend scrapping the 3.3V power supply section completely and using a high quality stand alone 3.3V SMPSU. It could be a open chassis type or an encased type as seen for laptops etc. There are manufacturers of such power supplies who will be able to supply the correct type for your application, complete with fail-safe protection on the output. While you are at it, you could consider replacing the 5 V rail supply as well. Basically you are removing the most likely cause of catastrophic failure for a reasonable sum of money. As these PCB’s are so expensive and have unobtainium components on them, this is investing in the machines operational future, so is money well spent. Upgrading the current design to use a better 3.3V and 5V power supply is simply a case of isolating the ‘on-PCB’ Buck converters and connecting the output from the new supplies to the PCB at the appropriate point. This approach will use approved power supplies of good quality so is preferable to a PCB ‘bodge’, no matter how well intentioned.

Fraser

[daveyk]

That's an excellent suggestion and there is room inside for that.  I will start investigating what power modules or frame supplies I can find.

[daveyk]

It would be nice if I could find one that can output +12volts, +5volts and +3.3 volts.  There are other power supplies (+1.5, +2.5 that run off the 12volts but they use a different switcher IC and I have never seen them fail.    There is also a +12volt switcher, on board that runs off the raw +12volts (weird).  I have seen that one fail due to the cheap German electrolytics, but it has never damages anything when it burned up other than itself.

Still looking....  I have a test/loaner unit of my own that can be a ginny pig.  I just need to find a supply
.  If nothing else, I can get one that just does 5volt and 3.3 volts.  It would be nice to have one that does all three.

[daveyk]

https://www.trcelectronics.com/View/IPD/GRN-110-4001.shtml

  I've asked for a quote for that in a Chassis/Cover version along with the mating connectors and crimp pins.  It is a Power Supply that their site states in made in the USA.  About $100 for the board version.  I'm kind of concerned about the 12volts being 2 amps, but I think that is enough.  On that board that has the failures, only about two other minor power supplies are derived from it.  There is a second board in the system that uses the 12 volts too, and derives +6/-6, 12volts, and 5 volts from the 12 volts, a few other minor voltages, but I have never ever seen any of those fail and destroy parts.  When those fail, then go to nothing.  A different set of engineers designed that board.  There is also another one at their site that has the same +5, +3.3volts and +12volts with higher current on the 12v for about $150 (still cheap) that I asked for a quote with cover and connectors and pins. 

When I get a chance, I will get my loader/test system out and check how much current is being drawn from the 12volts currently (that all the other supplies derive from).  I really doubt it's that much.

[langwadt]

"that little zener is not going to keep the voltage down supplied from 12V and shortly after it tries it'll explode"

Yea, but there would be a fast acting 1AMP fuse (or 1amp polyfuse) in the +3.3volt line before the zener.

It may be ideal that the zener would short.  My guess is that it would open.  Would it explode before the fuse can blow?

fuses are slow.

isn't the 3.3V substantially more than 1A, why else would they bother with a synchronous buck and paralleled FETs?

[T3sl4co1l]

Ah, semi-vintage industrial kit of obscure provenance, delightful...

Yeah, substituting the problem sections with something more modern and reliable, seems like a promising start as far as rework/mitigation goes.

Could add some protection or monitoring, to see if the power supply is doing weird things.  Or inspect it in the same way, it's nothing more than circuits after all.  Or replace it wholesale with a known-good unit of comparable spec.

BTW, as for other topologies, you'd get passive-fail behavior from a SEPIC for example, or a non-isolated (common ground) flyback or forward converter (same thing, without coupling capacitors, and with whatever other ratios).  These use a transformer to supply/ground, so there's simply no DC path through them, period.  Voltage might rise or fall under extreme conditions (error amp latching high would be the worst case, i.e. commanding full throttle; a shorted switch can dump maximum energy into the transformer only once).  And in any case, output voltage/current is constrained by design parameters, so is easier to clamp/crowbar in case that's used with it too.

Tim

[daveyk]

fuses are slow.

isn't the 3.3V substantially more than 1A, why else would they bother with a synchronous buck and paralleled FETs?
[/quote]

You may be right, but this board isn't real high power.  3.3volts: Motorola PowerPC Module, two DSPs, one FPGA, one Ethernet IC.  A few minor opamps too.  I will make some tests with my loaner/test unit.  I also have another "scrap" PCB that almost works.

This unit can draw a lot of current from the 12volt Lambda when it is configured in to a version with a 10" screen and ETX computer modules.  That puppy draws a lot from the +5volt power supply (which has the same double P-CH FET configuration.

I really do not think this eithernet rack version of the instrument used that much power.  The Motorola PowerPC modules would be the biggest draw.  So maybe an amp and a half at most........  I will check.

Dave

[daveyk]

This design is also on the same PCB and on another PCB in the same instrument.  Over they years, I have seen the LTC1771 pop, and that design never feeds 12 volts to the rail.  In the case of the one attached, it is a +2.5volt supply, that as far as I can tell is only feeding the FPGA on the other PCB.  That other "analog" pcb as the exact same supply two times, for + and - 6 volts.  Within the last year, I had to fix those and again, zip output, sometimes 3 volts out but never the 12 volts input.  Those are not supplying nearly the current that the +5v and +3.3volts are designed to supply.

It just seems like such a piss poor design on those 5 and 3.3 volt supplies without OVP.  They never expected them to fail.  In reality those LTC chips are unreliable in my experience.

Now, of course, I only ever see the broken ones and ones for calibration.  There are a hell of a lot of them out there that have not broken.  A lot more than I see for repair, I am sure.  They are in work all over the globe.

[BreakingOhmsLaw]

Can you help me understand how adding a Shottky diode to a zener would help make it faster?
Thanks much.

Of course, my pleasure.
It's not adding a schottky to the zener, but use several schottky diodes in series instead.
Explanation: Zener diodes are operated in reverse direction. The forward voltage will be standard 0,6V, the reverse breakdown is the zener voltage designed into the part.
Ideally, a perfect 3,6Volt zener diode would not conduct at 3.5999 Volts, and starts conduction at >=3,6V. In reality, the curve has a "knee" to it and the transition between the states is gradual.
Now, instead of using a zener, you would place six schottky diodes in series forward (if, for arguments sake, we assume a perfect 0.6V forward voltage drop for each diode, so 6x0,6V = 3,6V).
Schottky diodes are much closer to an ideal diode. Still far from it, but their curve is much steeper than that of the zener diode and has less "knee". Schottky diodes are considered "fast" diodes, broadly speaking, though the subject is very deep and there are even faster acting diodes specifically designed for clamping. These are called suppressor diodes or Transient Voltage Suppressors (TVS). These make use of the so-called avalanche effect. Basically it's like a snowball causing an avalanche, only here the snowball is an electron and the diodes starts conduction extremely fast.
Mind you, there is a difference between clamping and crowbarring. The first will limit the voltage to a certain voltage. The latter will short the voltage in case of failure. However, this requires more parts and considerations.
There are many other ways of clamping a voltage. If you do not already own it, buy the book The Art of Electronics right now. It contains a lot of information on the subject. It's a must-have book for both EEs and hobbyists alike.
In practice, hardly anyone would use series Schottky diodes, mainly because it eats too much space on the PCB and cost.

[DavidAlfa]

The datasheet recommends a crowbar detection circuit to turn the lower fet on, shorting the output to gnd.
Definitely a poor design if it's part of something expensive.

[Pinkus]

You can always add extra safety in every aspect. And then, when added, there will be room for even more safety....
Suppose:
1) The probability of failure of this component (DCDC regulator) within the period of use is 1:100.000 (US: 100,000).
2) The cost (components, fuse, fuse holder, placement, additional space required) to avert the problem is 1 euro per assembly.
3) The replacement of an assembly (including additional costs) is calculated at 1.000 euros.
4) You are planning of selling 500.000 boards.
So the cost of 5.000 euros is offset by a saving of 500.000 euros if the additional safety is dispensed with.

What do you think will be chosen?

P.S. I am not propagating the abandonment of security here. Of course, additional (also expensive) safety is necessary if personal injuries are possible. I would just like to address the aspect of economy as well.

[daveyk]

"buy the book The Art of Electronics right now"

Thank you.  Ordered:

1. The Art of Electronics, Horowitz, Pau
2. The Art of Electronics: The x Chapters, Horowitz, Paul
3. Learning the Art of Electronics: A Hands-On Lab Course, Hayes, Thomas C

Never too old to refresh knowledge and learn something new.  I would in this business for 37 years before my company was closed down in June of 2018 and moved overseas, and then on my own since then.  In all that time, I never really worked with switching supplies.  The past few years, I have been self-teaching myself these beasties.    I understand the concept (to a certain point) of what is happening in the schematic I upload.  It isn't all that complicated; I just see the lack of OVP a really bad design.