Hey there,
a year ago I got a A320 SEC (B372BAM0515) from EBay and started reverse engineering it.
By now I covered a great amount of the interesting stuff of the software. I'm an electrical engineering student and via our institution we can use some products like Matlab/Simulink, which helped me to recover the flight control laws.
If someone is interested I can post some of this stuff here...

A few days ago I tried to power the thing up. (I found the ASM and AMM online) I only connected basic power, COM-MON interconnections (discrete and arinc) and nothing more.
The COM channel seems to boot normal: After a short while data appears on the COM Arinc XTalk Out, I might be wrong, but this should be part of the COM-MON Sync right before the application software starts.
MON however isn't sending anything to COM, so COM detects an error and enters into something I named ErrorHandler.
=> (Basically a infinit loop of Arinc429 transmission of current fault data plus fault history (BITE data?). This is to the FCDCs and on a test port which shouldn't be used on the A/C. On the test port one will find, on top of fault data, Main CPU stack and eight requestable RAM words.
I guess the test port is for ATEC use, maybe someone can clarify.)
MON never enters the Sync, instead it enters more ore less directly the ErrorHandler. I'm not even sure if it processes the start up test (RAM-ROM Check and so on).

Now I know when I have a look at the error data the computer will tell me what the problem is, as the guys at Airbus or even more likely Thales did an awesome job on fault detection in the code.
Yet, I'm currently waiting for an Holt 8282 to arrive to build my own Arinc429 - USB Interface. So I'll have updates hopefully at the end of the week.
Until then it would be great to hear from some folks here working or who have worked with this units. I saw the thread from Erik Baigar and it motivated me to open a thread too, great work on this one :)
I don't have any schematics from the device, no CMM... So it's a bit hard to tell what exactly happens in the code when interfacing with hardware is done. Help would be greatly appreciated.

Maybe one think for example:
The Arinc429 Transmitter ASIC, does it use one of the 8K RAMs to buffer the words to be send in a FIFO like manner? Otherwise they must stop the CPU with hardware wait cycles, as sending Arinc is just passing data to the same address byte after byte without waiting with software wait loops.
In this case one RAM would be the TX buffer, two would be system RAM, and the fourth the SR8A receiver RAM. Right? Everything I talked about is related to the Main CPU boards...

Again any help would be greatly appreciated.
Kind regards
Simon
​​​​​​

Quick update:
The described MON error is fixed. The error was related to the Servo CPU... The SCPU board wasn't plugged in correctly. Most likely I didn't put it back in correctly when I removed it for investigation :rolleyes:, simple fix.
Now the SEC-Healthy relays activate for a short while, then deactivate again...
Something still isn't as it should be. The arinc fault data to the FCDC, just the Main CPU fault:
COM:
Label: 1011|1100 Data: 0010|1011|0000|0101|1101|111 Parity: 0
MON:
Label: 1011|1100 Data: 0010|1011|0000|0101|1101|111 Parity: 0
It's the same...

Sounds like a great project and you are putting your studies to use! Are you planning a career in aviation?

All I want to say is thankyou for pursuing such a career. It gives me hope for the future.

Sounds like a great project and you are putting your studies to use! Are you planning a career in aviation?
Yeah maybe. We'll see... :)
Anyway thank you two for the kind words.

The computer is now running. No fatal errors. At least none, that would made the machine enter the error handler.
It took some time, because I had to build my own Arinc429 receiver. The Holts I ordered were fakes.
I built a two channel differential to single ended RZ demodulator out of opamps myself and did the rest in software with an fast enough MCU.
Then I wrote a little cpp application running on a PC. The application can filter through labels and channels and write data to a csv file for parsing later in MATLAB.
This is an extract I got from the FCDC bus COM:
-----------------------------------------------------------------------------
Timestamp | Label | Data | Speed | Channel
18:36:47:958 070 0000|0000|0000|0000|0000|0101b LS 0
18:36:47:961 071 0000|0000|0000|0000|0000|0100b LS 0
18:36:47:964 272 1100|1100|1111|1000|0000|0001b LS 0
18:36:47:967 273 0000|0000|0010|1000|1001|0001b LS 0
18:36:47:970 352 1111|1110|0000|0000|0000|0001b LS 0
18:36:47:974 072 0000|0000|0000|0000|0000|0111b LS 0
18:36:47:977 073 0000|0000|0000|0000|0000|0110b LS 0
18:36:47:980 315 0000|0000|0000|0000|0000|0101b LS 0
18:36:47:983 316 0000|0000|0000|0000|0000|0110b LS 0
18:36:47:986 314 0000|0000|0000|0000|0000|0100b LS 0
18:36:47:989 334 0000|0000|0000|0000|0000|0101b LS 0
18:36:47:992 270 0000|0000|0001|0000|0000|0000b LS 0
18:36:47:995 271 0000|0000|0100|0000|0100|0000b LS 0
18:36:47:998 354 0000|0000|0000|0000|0000|0110b LS 0
18:36:48:001 356 0000|0000|0000|0000|0000|0111b LS 0
18:36:48:004 377 1100|0001|0000|0000|0100|0001b LS 0
18:36:48:007 350 1111|0001|1001|0000|0000|0000b LS 0
18:36:48:009 274 1011|0010|1111|1111|1000|0001b LS 0
18:36:48:012 275 0110|1010|1000|1000|0000|0001b LS 0
18:36:48:015 133 0000|0000|0000|0000|0000|0101b LS 0
18:36:48:018 351 1000|1000|1000|1010|0000|1000b LS 0
18:36:48:021 301 0000|0100|0000|0000|0000|1101b LS 0
18:36:48:024 302 0000|0100|0000|0000|0000|1101b LS 0
18:36:48:027 305 0000|0100|0000|0000|0000|1100b LS 0
18:36:48:030 306 0000|0100|0000|0000|0000|1100b LS 0
------------------------------------------------------------------------
18:36:48:045 314 0000|0000|0000|0000|0000|0100b LS 0
18:36:48:048 334 0000|0000|0000|0000|0000|0101b LS 0
18:36:48:051 270 0000|0000|0001|0000|0000|0000b LS 0
18:36:48:054 271 0000|0000|0100|0000|0100|0000b LS 0
18:36:48:056 354 0000|0000|0000|0000|0000|0110b LS 0
18:36:48:059 356 0000|0000|0000|0000|0000|0111b LS 0

Sorry for the bad formatting...
Currently I'm trying to figure out, what's happening. Again I have nothing connect to it.
Honestly I'm a little confused that the computer is running with no indicated fault. SEC FAIL relay is activated, which in combination with SEC PsbSw "on" should be no error, right?
I wrote some parsing functions in MATLAB to extract flags and other data from the test busses and plot them. I'll see what I get out of it. :D
However I already got something interesting out of the test data: the WCETs for each of the eight sequences of the MainCPU software.

(Against what you might read here and there, that Airbus use a RTOS to get everything timed, that's not the case at least for the SEC.
Instead a simple ISR, I named it "Real Time Sequencer", driven by a timer interrupt cycles through eight blocks of function calls. That's it, nothing more.
That's why the execution time of each block is crucial. A timer cycle equals 15ms. So absolute max execution time is near to 15ms.
Btw. for the ServoCPU the software consists of 24 sequences. Cycle time should be 1.25ms.)

Good news: the system is not running at it's limits. Quite calming right? :)
Here are the WCETs:
Sequence1: 11.67 ms
Sequence2: 11.17ms
Sequence3: 11.65ms
Sequence4: 11.20ms
Sequence5: 11.28ms
Sequence6: 11.25ms
Sequence7: 11.67ms
Sequence8: 10.45ms

That's it for now.

JUST....WOW!

Really amazing, the way you're like so familiar with the actual internal functioning, so many people that IK today just don't know how stuff practically works, especially when it comes to integrated systems like those in the 320.
I'm currently doing a B.Tech in Mechanical Engg, but am super passionate about electricals/electronics and aviation... like I frequently work with Arduino/RasPi and drones and stuff.

What you're doing is really very impressive, and a huge motivation for me too :)

PS. You're certainly wayy smarter than me at this, but if you need any advice/help with this, I'd be really honored.

@Zar_1 Again thank you for the compliment. Really appreciate it! :)
The way one could really help is: Information.

At the moment I'm dealing with the startup routine, the "boot sequence" if you want so.
I noticed some "strange" behavior of the unit while powering it. After a short while it starts flickering the SEC FAIL relay, after some on-off cycles it stays on -> no fault.
First I thought it's maybe just my unit. Then I found videos on youtube where people power up the 320 from "cold and dark" and the SEC fault lights on the overhead panel doing the same flickering as my unit. Maybe technicians in this forum noticed it also?
It can be seen directly after you power the systems, for SEC2 and 3 after you press ground power, or power is available via the APU.

I'm trying to track where it happens in the boot code. Must be after ROM-Checksum, NV-Memory test, RAM test, DP-RAM test, OBRM soft. vers. cross check, hardware vers. cross check? etc...
I know that at some point a watchdog error in combination with a unit fail is triggered two times, meanwhile the relays start oscillating. :bored:

Would be great to know more about the logic inside the PLDs they use to realize the engage logic.
=> That brings me back to the beginning of this post: It becomes harder and harder at this stage to make progress. A lot of this stuff isn't based on software, but hardware => safer
As the boards are, I think, eight layer PCBs even tracking interconnections between components is impossible.
I try my best finding out more, it's still fun trying to understand what's the reason behind "this and that".

Cheers
Simon

Quick update:
The relay flickering is part of the self test. It's because the drive signal is hardware generated by logic. Seems that there is no mechanism to disable the relays while tests are performed.
At least none, the unit can control itself: If the SEC PbSw is in off position there won't be any oscillation. Why?

=> The switches on the overhead panel directly control the "master" relay, which in turn cuts power to all other relays and isolates the computer from the servo valves. In case a microprocessor, or the watchdog, or the power supply detect an error the master relay is also deactivated, driven by this fault signals.
If an error was detected by one of the above mentioned parts most likely a fault message, asking the crew to turn the unit off then on, is triggered on the ECAM. When the unit status became bad AND the PbSw is pushed, a reset of the processors is performed.
It seems ONLY when the unit detected a fault by itself and THEN the switch is pressed a reset is performed, when everything is ok and you press the switch, for the first part, only the relays turn off and when you press it again they turn on, but no reset is performed.

That being said: When the unit starts up the logic is tested by software, by the CPUs, which can be seen below...
https://cimg0.ibsrv.net/gimg/pprune.org-vbulletin/800x480/wd_com_fail_com_7d813c52d5a89c3d7227882e8bbf2a68a88f0299.jpg
First picture showing WD fault (yellow) and unit fault (blue), both COM
https://cimg8.ibsrv.net/gimg/pprune.org-vbulletin/800x480/wd_com_xtalk_com_b626bc9d22e45ef588ea71a3d9b0364b2250a373.jp g
Second picture showing WD fault (yellow) and A429 XTalk out (blue), both COM

The first picture shows the WD fault signal with respect to the general unit fault signal. The short two faults not caused by a WD fault are triggered by the ServoCPU. Every time the fault signal gets low the relays turn off...
Both signals are active low!
The second picture is just to get an idea of the timing and to understand the XTalk Bus record down below:
---------------------------------------------------------------------------------------------------
Timestamp | Label | Data | Speed | Channel
---------------------------------------------------------------------------------------------------Hard. Ver. Cross Check
14:39:17:905 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:914 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:922 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:931 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:939 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:948 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:956 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:965 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:973 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:982 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:991 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:17:999 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:18:008 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:18:016 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:18:025 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:18:033 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:18:042 075 1010|0000|0110|0000|0000|0000b HS 0
14:39:18:048 077 1010|0000|0110|0000|0000|0001b HS 1
14:39:18:051 075 1010|0000|0110|0000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------End
---------------------------------------------------------------------------------------------------Soft. Ver. Cross Check
14:39:18:060 075 1000|1010|0001|0000|0000|0000b HS 0
14:39:18:062 077 1000|1010|0001|0000|0000|0001b HS 1
14:39:18:069 075 1000|1010|0001|0000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------End
800+ ms gap
---------------------------------------------------------------------------------------------------Voltage Check State Ex.
14:39:18:941 075 0000|0000|0101|0000|0000|0000b HS 0
14:39:18:945 077 0000|0000|0101|0000|0000|0001b HS 1
14:39:18:950 075 0000|0000|0101|0000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------
800+ ms gap
---------------------------------------------------------------------------------------------------
14:39:19:803 075 1000|0000|0101|0000|0000|0001b HS 0
14:39:19:807 077 1000|0000|0101|0000|0000|0000b HS 1
14:39:19:812 075 1000|0000|0101|0000|1000|0000b HS 0
---------------------------------------------------------------------------------------------------
800+ ms gap
---------------------------------------------------------------------------------------------------
14:39:20:664 075 0100|0000|0101|0000|0000|0001b HS 0
14:39:20:669 077 0100|0000|0101|0000|0000|0000b HS 1
14:39:20:673 075 0100|0000|0101|0000|1000|0000b HS 0
---------------------------------------------------------------------------------------------------
800+ ms gap
---------------------------------------------------------------------------------------------------
14:39:21:526 075 1100|0000|0101|0000|0000|0000b HS 0
14:39:21:530 077 1100|0000|0101|0000|0000|0001b HS 1
14:39:21:535 075 1100|0000|0101|0000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------End
400+ ms gap / 2x WD Fault
---------------------------------------------------------------------------------------------------Unit Fault Cross Check
14:39:21:973 075 0000|0000|1111|0000|0000|0000b HS 0
14:39:21:977 077 0000|0000|1111|0000|0000|0001b HS 1
14:39:21:981 075 0000|0000|1111|0000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------
50ms+ gap
---------------------------------------------------------------------------------------------------
14:39:22:036 075 1000|0000|1111|0000|0000|0001b HS 0
14:39:22:041 077 1000|0000|1111|0000|0000|0000b HS 1
14:39:22:045 075 1000|0000|1111|0000|1000|0000b HS 0
14:39:22:060 075 0100|0000|1111|0000|0000|0001b HS 0
14:39:22:065 077 0100|0000|1111|0000|0000|0000b HS 1
14:39:22:069 075 0100|0000|1111|0000|1000|0000b HS 0
---------------------------------------------------------------------------------------------------
50+ ms gap
---------------------------------------------------------------------------------------------------
14:39:22:124 075 1100|0000|1111|0000|0000|0000b HS 0
14:39:22:128 077 1100|0000|1111|0000|0000|0001b HS 1
14:39:22:133 075 1100|0000|1111|0000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------End
30+ ms gap
---------------------------------------------------------------------------------------------------End Of Test XTalk
14:39:22:167 075 0000|0000|1110|1000|0000|0000b HS 0
14:39:22:170 077 0000|0000|1110|1000|0000|0001b HS 1
14:39:22:176 075 0000|0000|1110|1000|1000|0001b HS 0
---------------------------------------------------------------------------------------------------End
250+ ms gap
---------------------------------------------------------------------------------------------------COM-MON Sync.
14:39:22:448 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:448 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:449 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:449 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:450 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:450 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:451 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:451 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:452 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:452 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:453 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:453 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:453 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:454 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:454 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:455 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:455 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:456 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:456 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:457 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:457 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:457 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:458 273 0000|0000|0000|0000|0000|0001b HS 0
14:39:22:458 273 0000|0000|0000|0000|0000|0001b HS 1
14:39:22:458 271 0000|0010|0000|0000|0000|0001b HS 0
14:39:22:458 271 0000|0001|0000|0000|0000|0001b HS 1
14:39:22:459 271 0000|0010|0000|0000|0000|0001b HS 0
---------------------------------------------------------------------------------------------------End
---------------------------------------------------------------------------------------------------Normal Operation
14:39:22:468 275 0001|1000|0000|0000|0000|0001b HS 1
14:39:22:470 275 0001|1000|0000|0000|0000|0001b HS 0
14:39:22:480 303 0000|0000|0000|0000|0000|0111b HS 0
14:39:22:481 305 0000|0100|0000|0000|0000|1111b HS 0
14:39:22:481 306 0000|0100|0000|0000|0000|1111b HS 0

Channel zero was connected to COM out and channel one to MON out.

Simon

(sorry I had to split the post enabling me to upload pictures)