Artemis II’s Fault-Tolerant Computer
Logan Kugler (via Hacker News):
To ensure those wrong answers never reach the spacecraft’s thrusters, NASA moved beyond the triple redundancy of traditional systems. Orion utilizes two Vehicle Management Computers, each containing two Flight Control Modules, for a total of four FCMs. But the redundancy goes even deeper: each FCM consists of a self-checking pair of processors.
Effectively, eight CPUs run the flight software in parallel. The engineering philosophy hinges on a “fail-silent” design. The self-checking pairs ensure that if a CPU performs an erroneous calculation due to a radiation event, the error is detected immediately and the system responds.
“A faulty computer will fail silent, rather than transmit the ‘wrong answer,’” Uitenbroek explained. This approach simplifies the complex task of the triplex “voting” mechanism that compares results. Instead of comparing three answers to find a majority, the system uses a priority-ordered source selection algorithm among healthy channels that haven’t failed-silent. It picks the output from the first available FCM in the priority list; if that module has gone silent due to a fault, it moves to the second, third, or fourth.
[…]
Orion carries a completely independent Backup Flight Software (BFS) system. This is a prime example of dissimilar redundancy. It is implemented on different hardware, runs a different operating system, and utilizes independently developed, simplified flight software.
There are two main flight computers that use two radiation hardened IBM PowerPC 750FX single-core processors, a CPU introduced in 2002 and used in Apple computers such as the iBook G3 until 2005.
Previously:
- Airbus A320 Solar Radiation Recall
- Testing the Apollo Spacecraft
- Software Engineering Within SpaceX
- The Apollo Guidance Computer
- Margaret Hamilton and Apollo 11
- That Would Never Happen
Update (2026-05-04): See also: Hacker News.
4 Comments RSS · Twitter · Mastodon
Man, just wait until they put a sonnet G4 upgrade card in that bird, it's going to fly!
I think they mean that the processors are radiation-hardened versions of the processor that was used in the iBook G3, not that Apple was using radiation-hardened processors? Or were we all using laptops that would work during a nuclear war back in 2002?
Although the PPC 750 was designed by IBM, I believe this radiation hardened version (which is used in many of the fancier space missions in recent years) is built by under license by BAE.
