123 Main Street, New York, NY 10001

Submit Your BOM

Low-Power Hooks for I²C / SPI / UART Serial Buses

Low-Power Hooks for I²C / SPI / UART Serial Buses

← Back to: I²C / SPI / UART — Serial Peripheral Buses

Low-Power Hooks are deliverable engineering controls that make I²C/SPI/UART sleep–wake behavior measurable, deterministic, and recoverable—not a slogan. The target is to minimize average power while bounding wake latency and guaranteeing first-transaction success with evidence (tags/logs/counters) and a proven recovery gate.

Definition & Goals: what “Low-Power Hooks” really means

“Low-Power Hooks” is an engineering deliverable: a set of system-level mechanisms that guarantees sleep/wake/recovery without data loss, avoids bus lock-ups, and remains measurable and production-testable.

What this topic optimizes

  • Average power (µA/mA): total energy per representative cycle, not just the sleep current snapshot.
  • Wake latency (µs/ms): time from wake event to the first verified transaction completion.
  • Robustness: lock-up probability, recovery success rate, and maximum time-to-recover (MTTR) under brown-out/noise edge cases.

Typical operating scenarios (choose priorities upfront)

  • Periodic sampling: minimize average power while keeping deterministic wake-to-sample latency.
  • Event-driven wake: prioritize wake reliability (missed wake = functional failure), then optimize idle residency.
  • Long standby + burst communication: prioritize robustness (no “wake-then-deadlock”), then optimize burst cost and retry budget.

The core tension: clock gating vs. state retention

  • Clock gating reduces dynamic power, but can increase wake complexity and the probability of “first-transaction failure” if timing/bring-up ordering is weak.
  • State retention / bus-hold / sticky-state reduces recovery risk and wake time, but costs leakage/hold power and requires explicit domain planning.

Pass criteria (placeholder): stable sleep entry, deterministic wake-to-first-transaction, and recovery within threshold X across voltage/temperature cycles.

Minimum deliverables (hooks that make sleep/wake “provable”)

  • Domain map: always-on vs. switchable rails/clocks; retention coverage for critical state.
  • Wake chain: wake sources, enable ordering, “ready” checkpoints (rail good → clock stable → peripheral ready).
  • Safe pin states: default levels for CS/SCLK/lines, bus-hold strategy, and ghost-power avoidance at boundaries.
  • Recovery state machine: sanity checks, re-init steps, first-transaction guard, and bounded retries/timeouts.
  • Instrumentation: GPIO tags, counters, reset-cause logging, and production-test entry to validate residency/latency/robustness.
Low-power design triangle and sleep/wake recovery state machine A triangle showing the trade-off between Power, Latency, and Robustness with a central Hook Set box. Below, a state machine shows Active, Idle, Sleep, Wake, and Recover. Design trade-off (optimize with hooks, not slogans) Power Latency Robustness Hook set Typical state machine (proof-oriented) Active Idle Sleep Wake Recover Entry checks · Safe states · Sanity checks · Bounded retries
Diagram: low-power trade-offs are managed by explicit hooks; sleep/wake must be validated by a recovery-capable state machine.

Power Accounting: average power model & what to measure

Low power must be reported as energy per representative cycle, not as a single “sleep current” number. Average power follows Pavg = Etotal / T, where Etotal is the sum of segment energies across sleep, wake, communication bursts, and recovery.

A practical energy ledger (include the “hidden” terms)

  • E_sleep_static: baseline sleep leakage and always-on background.
  • E_hold_retention: bus-hold, state retention, pull-up/hold costs (domain-dependent).
  • E_wake_transient: rail settling, clock start/lock, and peripheral enable surges.
  • E_comm_burst: TX/RX activity during the intended workload burst.
  • E_retry_recovery: failed transactions, retries, and recovery state machine execution.

Design rule: if E_retry_recovery is non-negligible, the system is not low-power in the field.

Parameters that dominate average power (capture distributions, not only averages)

  • Sleep residency (duty cycle) and wakeups/hour.
  • Burst profile: message size, burst duration, and inter-burst gaps.
  • Retry budget: mean and tail (P95/P99) retries per wake or per hour.
  • Pull-up/hold cost (e.g., I²C): depends on line-low occupancy and which rail sources the pull-up.
  • Driver activity (SPI/UART): switching activity during burst and recovery retries.

Measurement method (repeatable, segment-based, and audit-friendly)

Step 1 · Add GPIO tags to mark segments

  • Tag points: Sleep entry, Wake ISR, First transaction start, First transaction done, Recovery begin/end.
  • Use tags as triggers for both current measurement and bus decoding.

Step 2 · Integrate energy per segment

  • Compute E = ∫ V(t)·I(t) dt per segment; keep the same cycle length T for comparisons.
  • Validate model closure: Etot ≈ ΣE_segment within measurement tolerance.

Step 3 · Stress the tail (field realism)

  • Sweep voltage/temperature and intentionally trigger borderline wake conditions.
  • Track how E_retry_recovery scales; sudden growth indicates a robustness gap, not a “power optimization” issue.

Pass criteria (placeholder): segment energies remain bounded; retry/recovery energy stays below threshold X per hour across stress conditions.

Energy timeline breakdown for low-power accounting A segmented timeline showing energy contributions from sleep, hold or retention, wake transient, communication burst, and retry or recovery, annotated with GPIO tag markers. Energy ledger per representative cycle (segment-based) Sleep Hold Wake Tx/Rx Retry Etot = Esleep + Ehold + Ewake + Eburst + Eretry GPIO tags (for segmentation) Sleep entry Wake ISR First txn start First txn done Audit rule: keep the same cycle T; compare segment energies, not only currents
Diagram: average power becomes reliable when energy is segmented by GPIO tags and integrated per cycle, with retry/recovery treated as first-class cost.

Definition & Goals: what “Low-Power Hooks” really means

“Low-Power Hooks” is an engineering deliverable: a set of system-level mechanisms that guarantees sleep/wake/recovery without data loss, avoids bus lock-ups, and remains measurable and production-testable.

What this topic optimizes

  • Average power (µA/mA): total energy per representative cycle, not just the sleep current snapshot.
  • Wake latency (µs/ms): time from wake event to the first verified transaction completion.
  • Robustness: lock-up probability, recovery success rate, and maximum time-to-recover (MTTR) under brown-out/noise edge cases.

Typical operating scenarios (choose priorities upfront)

  • Periodic sampling: minimize average power while keeping deterministic wake-to-sample latency.
  • Event-driven wake: prioritize wake reliability (missed wake = functional failure), then optimize idle residency.
  • Long standby + burst communication: prioritize robustness (no “wake-then-deadlock”), then optimize burst cost and retry budget.

The core tension: clock gating vs. state retention

  • Clock gating reduces dynamic power, but can increase wake complexity and the probability of “first-transaction failure” if timing/bring-up ordering is weak.
  • State retention / bus-hold / sticky-state reduces recovery risk and wake time, but costs leakage/hold power and requires explicit domain planning.

Pass criteria (placeholder): stable sleep entry, deterministic wake-to-first-transaction, and recovery within threshold X across voltage/temperature cycles.

Minimum deliverables (hooks that make sleep/wake “provable”)

  • Domain map: always-on vs. switchable rails/clocks; retention coverage for critical state.
  • Wake chain: wake sources, enable ordering, “ready” checkpoints (rail good → clock stable → peripheral ready).
  • Safe pin states: default levels for CS/SCLK/lines, bus-hold strategy, and ghost-power avoidance at boundaries.
  • Recovery state machine: sanity checks, re-init steps, first-transaction guard, and bounded retries/timeouts.
  • Instrumentation: GPIO tags, counters, reset-cause logging, and production-test entry to validate residency/latency/robustness.
Low-power design triangle and sleep/wake recovery state machine A triangle showing the trade-off between Power, Latency, and Robustness with a central Hook Set box. Below, a state machine shows Active, Idle, Sleep, Wake, and Recover. Design trade-off (optimize with hooks, not slogans) Power Latency Robustness Hook set Typical state machine (proof-oriented) Active Idle Sleep Wake Recover Entry checks · Safe states · Sanity checks · Bounded retries
Diagram: low-power trade-offs are managed by explicit hooks; sleep/wake must be validated by a recovery-capable state machine.

Power Accounting: average power model & what to measure

Low power must be reported as energy per representative cycle, not as a single “sleep current” number. Average power follows Pavg = Etotal / T, where Etotal is the sum of segment energies across sleep, wake, communication bursts, and recovery.

A practical energy ledger (include the “hidden” terms)

  • E_sleep_static: baseline sleep leakage and always-on background.
  • E_hold_retention: bus-hold, state retention, pull-up/hold costs (domain-dependent).
  • E_wake_transient: rail settling, clock start/lock, and peripheral enable surges.
  • E_comm_burst: TX/RX activity during the intended workload burst.
  • E_retry_recovery: failed transactions, retries, and recovery state machine execution.

Design rule: if E_retry_recovery is non-negligible, the system is not low-power in the field.

Parameters that dominate average power (capture distributions, not only averages)

  • Sleep residency (duty cycle) and wakeups/hour.
  • Burst profile: message size, burst duration, and inter-burst gaps.
  • Retry budget: mean and tail (P95/P99) retries per wake or per hour.
  • Pull-up/hold cost (e.g., I²C): depends on line-low occupancy and which rail sources the pull-up.
  • Driver activity (SPI/UART): switching activity during burst and recovery retries.

Measurement method (repeatable, segment-based, and audit-friendly)

Step 1 · Add GPIO tags to mark segments

  • Tag points: Sleep entry, Wake ISR, First transaction start, First transaction done, Recovery begin/end.
  • Use tags as triggers for both current measurement and bus decoding.

Step 2 · Integrate energy per segment

  • Compute E = ∫ V(t)·I(t) dt per segment; keep the same cycle length T for comparisons.
  • Validate model closure: Etot ≈ ΣE_segment within measurement tolerance.

Step 3 · Stress the tail (field realism)

  • Sweep voltage/temperature and intentionally trigger borderline wake conditions.
  • Track how E_retry_recovery scales; sudden growth indicates a robustness gap, not a “power optimization” issue.

Pass criteria (placeholder): segment energies remain bounded; retry/recovery energy stays below threshold X per hour across stress conditions.

Energy timeline breakdown for low-power accounting A segmented timeline showing energy contributions from sleep, hold or retention, wake transient, communication burst, and retry or recovery, annotated with GPIO tag markers. Energy ledger per representative cycle (segment-based) Sleep Hold Wake Tx/Rx Retry Etot = Esleep + Ehold + Ewake + Eburst + Eretry GPIO tags (for segmentation) Sleep entry Wake ISR First txn start First txn done Audit rule: keep the same cycle T; compare segment energies, not only currents
Diagram: average power becomes reliable when energy is segmented by GPIO tags and integrated per cycle, with retry/recovery treated as first-class cost.

Clock Gating Strategy: gate what, keep what

Clock gating is safe only when boundary conditions remain enforced: wake detection, timeout timebase, watchdog recovery, and deterministic pin states must survive the sleep boundary.

Clock layers (what is actually being gated)

  • System / SoC clock: CPU + fabric timing base; impacts resume ordering and timekeeping.
  • Peripheral clock: I²C/SPI/UART controller logic; must be restored before any transaction.
  • IO / pad clock: pad sampling/drive and synchronizers; protects pin stability across sleep.
  • Sampling clock: oversampling / internal sampling windows; affects first-transaction validity.

Must-keep capabilities (Always-On / Wake domain)

  • Wake chain: wake cause latching and a reliable event path.
  • Timeout timebase: bounded waits for bus sanity, recovery, and first-transaction guard.
  • Watchdog / fail-safe: a hard stop when firmware state machines stall.
  • Minimal logging: wake cause, reset cause, retry/timeout counters for auditability.

Pass criteria (placeholder): timeouts remain active during and after sleep; pin safe-states remain deterministic; recovery completes within threshold X.

Common failure modes (sleep boundary hazards)

FM1 · Timeout base gated off

  • Symptom: rare “never returns” hangs during wake or first transaction.
  • Quick check: timeout counters stop changing; waits have no bound.
  • Fix: move timeout timer to AON or restore timer before enabling buses.

FM2 · IO / pad domain gated off

  • Symptom: CS/SCLK/lines drift; false wake or ghost-power paths appear.
  • Quick check: pin readback differs before/after sleep; safe-level not held.
  • Fix: enable bus-hold/keeper, retain pads, or enforce safe states before gating.

FM3 · Wrong entry/exit ordering

  • Symptom: first transaction fails → retries explode → average power increases.
  • Quick check: first-transaction success rate drops only after gating changes.
  • Fix: define an ordered checklist: safe pins → gate clocks → sleep; wake → clocks → peripherals → sanity → first txn.
Clock tree gating map showing Always-On and Switchable domains A clock source block feeds system, peripheral, IO, and sampling clocks through gating switches, split into Always-On domain for wake, timeout, watchdog, and minimal logging, and Switchable domain for high-power blocks. Clock tree gating map (Always-On vs Switchable) Clock sources PLL / XO OSC RC Clock layers System clk Peripheral clk IO / pad clk Sampling clk Always-On domain Wake IRQ Timeout timer WDT Min log Switchable domain High-speed clk I²C SPI/UART Rule: never gate off the only timeout/wake evidence; keep pin safe-states deterministic across sleep
Diagram: clock layers can be gated only when Always-On capabilities preserve wake, bounded waits, recovery, and deterministic pin behavior.

Sleep/Wake Handshake: designing deterministic wake latency

A reliable wake-up must be a measurable chain: event detectrail readyclock stableperipheral readybus sanityfirst verified transaction.

Wake paths (choose based on domain availability)

  • GPIO wake: simplest and robust; record wake cause and debounce if needed.
  • RTC wake: deterministic periodic tasks; ideal for sampling loops.
  • Peripheral IRQ wake: only safe if the IRQ and its latching remain in Always-On or retained logic.
  • Bus-event wake (e.g., address match): useful but sensitive; requires strict ordering, logging, and bounded retries.

Latency budget: assign time and pass criteria per segment

  • Detect: wake cause latched (tag + counter).
  • Rail ready: PGOOD/threshold stable for a defined window.
  • Clock stable: PLL lock or safe clock selected (no undefined timing).
  • Peripheral ready: reset complete, key registers restored, FIFOs cleaned.
  • First verified transaction: sanity check passes and the first transaction verifies (ACK/CRC/frame).

Pass criteria (placeholder): each segment meets its time budget; first-transaction success rate meets threshold X without unbounded retries.

Two-stage wake (fast proof, then full enable)

Stage 1 · Minimal bring-up (fast)

  • Enable Always-On timer + logging; latch wake cause and reset cause.
  • Restore only required clocks and one bus path for sanity + first transaction.
  • If Stage 1 fails, enter bounded recovery instead of “trying forever”.

Stage 2 · Full enable (stable)

  • Enable high-speed clocks and full peripheral features only after Stage 1 passes.
  • Promote performance gradually to avoid tail-latency spikes from unstable initial conditions.
Wake latency budget ladder with pass criteria and two-stage wake A step ladder showing segments Detect, Rail Ready, Clock Stable, Peripheral Ready, and First Verified Transaction, each with a time budget label and pass condition, plus a two-stage wake marker. Wake latency budget ladder (time + pass criteria) Detect Pass: CAUSE t1 Rail Pass: PGOOD t2 Clock Pass: LOCK t3 Periph Pass: READY t4 1st txn Pass: ACK t5 Two-stage wake Stage 1: Minimal Stage 2: Full Promote only after Stage 1 passes (cause latched + bus sanity + first txn verified)
Diagram: deterministic wake latency requires per-segment budgets and pass checks, with a fast minimal stage before full high-speed enable.

Bus-Hold & Sticky-State: preventing float, ghost-power, and surprise states

Sleep robustness often depends on “holding” more than “turning off”. Across the sleep boundary, pins must not float, peripherals must not be back-powered through IO, and the wake resume must not inherit surprise states.

Bus-hold targets (define a sleep safe-state spec)

  • Line levels: define High/Low/Hi-Z per signal; ensure the chosen state is still enforced in deep sleep.
  • Chip-select & enables: CS/EN/RESET must be deterministic to prevent accidental commands and false wake paths.
  • Pull-ups & keepers: choose external pull-ups, keepers, or pad retention based on which power domain remains alive.
  • Direction control: 3-wire / bidirectional pins must not flip direction across sleep, avoiding contention and extra current.
  • Isolation enables: isolator / level-shifter EN must track power domains to avoid floating or backfeed.

Sticky-state policy (retain intentionally, reset intentionally)

  • Retain: configuration that shortens wake time (modes, thresholds, safe defaults) when retention is reliable.
  • Do not retain: transient state machines, FIFOs, and error flags that can poison the first transaction after wake.
  • Shadow & replay: keep a minimal “golden config” shadow and re-apply non-retained items in a fixed order on resume.

Resume recipe (ordered, proof-friendly)

  • Read-back sanity: verify pin states and key retained bits match expectations.
  • Clear sticky errors: clear latched error flags and reset transient counters.
  • Re-apply non-retained config: restore only what is required for first transaction validity.
  • First-transaction guard: execute a bounded verification transaction before enabling full throughput.

Ghost-power audit (backfeed must be measurable and bounded)

Typical backfeed paths

  • IO high drives into a powered-off peripheral through pad clamp/ESD structures to VDD.
  • Pull-ups referenced to a live rail while peripheral VDD is off (common in open-drain buses).
  • Level shifters/isolators enabled with mismatched domains, creating unintended current paths.

Field-proof checks (fast)

  • VDD lift: when peripheral VDD is “off”, measure whether it rises above threshold X (placeholder).
  • Reverse current: measure backfeed current below threshold X (placeholder).
  • Pin determinism: compare pin readback before/after sleep; no drift beyond defined logic thresholds.

Common fixes (hook-level)

  • Reference pull-ups/keepers to the correct domain or use switchable pull-ups tied to the peripheral rail.
  • Add series resistance or powered-off-protection switches where backfeed risk is high.
  • Control isolator/level-shifter EN so “powered-off” truly isolates, avoiding surprise current paths.

Pass criteria (placeholder): powered-off peripherals stay below VDD threshold X; backfeed current below X; first-transaction success rate above X after sleep cycles.

IO retention and ghost-power paths across the sleep boundary A block diagram showing MCU IO banks split into Always-On and Switchable domains, retention and bus-hold elements, a peripheral pad with ESD clamp, and a highlighted backfeed path to peripheral VDD when powered off. IO retention & ghost-power paths (sleep boundary) MCU IO bank AON IO Keeper Log SW IO Retention EN Hook elems Bus-hold Series R Isolation Peripheral IO pad ESD VDD rail ON OFF AON rail SW rail Backfeed risk increases when IO is driven while peripheral VDD is OFF; enforce isolation and safe states
Diagram: retention/keepers enforce deterministic pin states, while uncontrolled IO drive can backfeed a powered-off peripheral through pad clamp paths.

Protocol-Specific Low-Power Hooks (I²C / SPI / UART) — only what matters for sleep/wake

This section intentionally avoids protocol encyclopedias. It extracts only three hook categories per bus: sleep safe state, wake trigger, and first verified transaction.

I²C low-power hooks

Sleep safe state

  • Pull-up reference rail must match the intended power domain plan (avoid backfeeding powered-off peripherals).
  • Before sleep, lines should be released and read back High; pin hold must remain effective in deep sleep.

Wake trigger

  • Prefer GPIO/RTC/peripheral IRQ wake; bus-event wake is safe only when address-detect logic remains available in AON/retained logic.
  • Always latch wake cause and count wake attempts for audit.

First transaction guard

  • On wake, check SCL/SDA levels; if abnormal, enter a bounded “hung-bus” recovery entry before any workload.
  • Use bounded retries/timeouts; unbounded waiting is a power and robustness failure.

SPI low-power hooks

Sleep safe state

  • CS must be held inactive deterministically; avoid floating CS during sleep.
  • SCLK must remain quiet across sleep; 3-wire direction/OE must be forced to a safe state to avoid contention.

Wake trigger

  • SPI rarely acts as a wake source; use GPIO/RTC/IRQ and keep wake cause logging.
  • Avoid enabling high-speed clocks until Stage-1 bring-up passes.

First transaction guard

  • Restore mode/config, then enable SCLK, then perform a read-back verification (ID/status) before full throughput.
  • Bound retries and record first-transaction outcomes to correlate power spikes with wake failures.

UART low-power hooks

Sleep safe state

  • RX/TX must be deterministic to avoid false start-bit detection; confirm internal pulls remain active in deep sleep if relied upon.
  • If powered-off protection is not guaranteed, prevent backfeed by not driving into an unpowered peer.

Wake trigger

  • Wake-on-RX requires low-power detect logic and a valid timebase; break/idle wake is practical but must be bounded against noise.
  • Always latch wake cause and count wake attempts for auditability.

First transaction guard

  • Re-sync baud (auto-baud or divisor restore) before trusting received frames; flush boundary noise if needed.
  • Track framing/parity error rate in the first N bytes after wake; keep below threshold X (placeholder).

Pass criteria (placeholder): each bus meets its defined sleep safe state; wake cause is logged; first-transaction verification passes within bounded time and retries.

Protocol-specific low-power hooks comparison for I2C SPI UART A three-column diagram comparing I2C, SPI, and UART low-power hooks across sleep safe state, wake trigger, and first transaction verification. Only what matters for sleep/wake (3 hooks per bus) I²C SPI UART Sleep safe Pull-up domain Lines released Sleep safe CS inactive SCLK quiet Sleep safe RX stable No backfeed Wake GPIO/RTC Addr match* Wake GPIO/RTC IRQ Wake Wake-on-RX Break/Idle 1st txn Hung check 1st txn Read-back 1st txn Re-sync * Addr match wake requires AON/retained detect logic; otherwise treat as unsafe
Diagram: each bus is reduced to three low-power hooks—sleep safe state, wake trigger, and first verified transaction—to avoid protocol sprawl.

Brown-Out / Hot-Plug Recovery: never resume into a broken bus

Sleep boundary, brown-out, and hot-plug are the same failure class: recovery must be state-first (sanity), then rebuild (re-init), then prove (first guarded transaction). Never resume straight into workload traffic.

ResetCause evidence (must be logged, not guessed)

  • Power-good history: PGOOD stable window ≥ X ms (placeholder) before trusting peripherals.
  • BOR / reset flags: brown-out indicators and reset-reason registers map to a single ResetCause enum.
  • Wake cause latch: wake pin/RTC/IRQ is captured even if the resume later escalates to re-init.

Minimum log fields

reset_cause · wake_cause · pgood_stable_ms · bus_sanity_fail_flag · reinit_count · first_txn_ok_flag · retry_count

Recovery template (ordered, bounded, proof-friendly)

  1. Bus sanity check: do not start workload traffic; verify line/idle states and enter bounded recovery if abnormal.
  2. Peripheral re-init: clear transient state (FIFOs/errors), re-apply required configuration in a fixed order.
  3. First guarded transaction: execute a low-risk verify transaction (ID/status) with bounded retries/backoff before full enable.

Pass criteria (placeholder): sanity completes ≤ X ms; first-transaction verifies within ≤ X ms; failures converge to re-init or fail-safe with logged error codes.

Typical entry actions (hook-level, no protocol sprawl)

I²C

  • Check SCL/SDA released High; if SDA is stuck Low, enter bounded clock-out recovery entry then re-check.
  • Do not proceed until sanity passes or the system reports a fail-safe code.

SPI

  • Force CS inactive and keep SCLK quiet; clear peripheral transient state before enabling full-speed clocks.
  • Optional bounded “dummy clocks” can realign peripheral state before the first verify read-back.

UART

  • Flush boundary noise and re-sync framing/baud before trusting the first received frame.
  • Discard the first frame(s) within a bounded window if sync is not yet confirmed.
Recovery state machine after brown-out hot-plug and sleep boundary events A state machine diagram showing ResetCause classification, bus sanity check, peripheral re-initialization, first guarded transaction, and resume, with bounded retry and a fail-safe branch. Recovery state machine (state-first → rebuild → prove) ResetCause log + latch Sanity no workload Reinit clear + replay Guard Txn verify Resume full enable Fail-safe report retry + backoff Rule: no workload traffic until Sanity + Guard Txn pass within bounded time
Diagram: all resume paths converge through Sanity → Reinit → Guarded first transaction; retries are budgeted and failure exits are explicit.

Firmware State Machine: timeouts, retries, and idempotent transactions

Low-power systems fail when a partial transaction meets retries and state divergence. A robust implementation enforces idempotent behavior, bounded waiting, and budgeted retries with explicit failure exits and telemetry.

Idempotency rules (repeat without side effects)

  • Prefer verifyable writes: write then read-back to confirm the target state rather than assuming success.
  • Avoid toggle semantics: commands that flip state on each execution must be wrapped with pre-check and post-verify.
  • Non-idempotent operations: gate EEPROM/page writes or multi-step commits behind a two-stage guard (prepare → commit) where possible.

Timeout hierarchy (short → long → watchdog)

  • Short timeout: per wait-point (ACK, FIFO, idle). Goal: prevent single-point stalls.
  • Long timeout: per transaction. Goal: force convergence to recovery within X ms (placeholder).
  • Watchdog: last-resort for control-plane failures; reboots must re-enter the H2-7 recovery gate.

Requirement: timebase for timeouts must remain valid across the chosen sleep depth (avoid “timeouts disabled by clock gating”).

Retry budget & telemetry (retries must have a cost ceiling)

  • Max retries: set per transaction type; exceeding budget is a failure, not a “maybe later”.
  • Backoff: apply bounded backoff to avoid tight retry loops that destroy average power.
  • Report fields: retry_count, timeout_stage, last_error, reset_cause, first_txn_fail_flag.

Transaction wrapper (template)

  1. Pre-check: bus sanity + domain readiness + pin safe-state.
  2. Execute: run one bounded transaction (no unbounded waits).
  3. Verify: read-back/CRC/frame validity with explicit pass criteria (placeholder).
  4. Retry/backoff: bounded attempts, backoff, and telemetry updates.
  5. Fail-safe: converge to re-init/recovery gate and surface error codes.

Pass criteria (placeholder): any transaction terminates within bounded time; repeated execution does not create side effects; failures always return a diagnosable code path.

Transaction wrapper with pre-check execute verify retry and fail-safe A flow diagram showing a firmware transaction wrapper: pre-check, execute, verify, retry/backoff, and fail-safe, with timeout stages and telemetry counters. Transaction wrapper (bounded, idempotent, diagnosable) Pre sanity Exec bounded Verify pass Retry backoff Fail-safe recovery gate verify fail budget exhausted Timeouts short / long Telemetry counters + codes Idempotent safe repeats Rule: every transaction must terminate in bounded time and return an explicit status
Diagram: a wrapper enforces pre-check, bounded execution, explicit verification, budgeted retries, and a fail-safe exit with telemetry.

Verification & Instrumentation: prove low power without self-deception

A low-power design is only real when it is measurable, repeatable, and diagnosable. Verification must cover average power, wake latency tail behavior, recovery success rate, and boundary conditions across stress dimensions.

Probe triplet (minimum instrumentation set)

1) GPIO tags

Stage markers aligned with current waveforms: sleep_entry · wake_detect · rail_ready · clock_ready · sanity_begin/end · reinit_end · guard_txn_done · resume.

2) Log fields

reset_cause · wake_cause · pgood_stable_ms · sleep_depth · first_txn_ok_flag · bus_sanity_fail_flag · last_error_code · timeout_stage.

3) Counters

wake_count · guard_fail_total · reinit_total · retry_total · i2c_nak_total · crc_error_total · uart_framing_total · brownout_total.

Measurement rules (avoid “pretty sleep current” traps)

  • Use segmented energy: integrate sleep / wake spike / traffic / retry-recovery and close the accounting loop.
  • Use tail latency: report wake and recovery as p95/p99 and maximum, not only average.
  • Count retries: retry/backoff time is part of average power and must be visible in counters and logs.

Pass criteria (placeholder): I_avg ≤ X; T_wake_p99 ≤ X; recovery_success ≥ X%; T_recover_max ≤ X; failures converge to fail-safe within ≤ X ms with codes logged.

Stress test matrix (dimensions × metrics)

  • Dimensions: temperature · voltage · cable/length · noise injection · sleep cycles (N) · load profile.
  • Metrics: I_avg · E_wake · T_wake_p99 · first_txn_success · recovery_success · retry_budget_usage.
  • Reliability: run long sleep/wake loops and record drift in success rate and retry growth.
Low-power verification test matrix board with dimensions and metrics A grid board diagram that maps stress dimensions such as temperature and voltage to metrics such as average power and wake latency, plus a side panel listing required log fields and counters. Test matrix board (dimensions × metrics) + evidence fields Dimensions Temp Voltage Cable Noise inj Sleep N Load Metrics Iavg Ewake Twake SR Grid: run loops and record tails & retries Evidence GPIO tags Log fields Counters Key fields reset_cause retry_count guard_ok T_p99 Rule: validate average + tail + success rate under stress, with evidence fields captured per loop
Diagram: a reusable matrix that forces stress coverage (temperature/voltage/cable/noise/sleep cycles) and ties each run to GPIO tags, logs, and counters.

Hardware Hooks Checklist: pins, rails, and layout choices that enable low power

Hardware hooks must exist before firmware can measure, control, and verify low-power behavior. The checklist below focuses on pins, power-domain boundaries, default states, and layout pitfalls that directly impact sleep/wake success and true average power.

Pin hooks (control + safe defaults + observability)

  • WAKE: a deterministic wake input; debounced/qualified in the chosen sleep depth.
  • PWR_EN: controls switchable rails; supports staged bring-up (minimal → full).
  • ISO_EN (if isolation/level shifting exists): aligns IO validity with rail state to prevent backfeed.
  • PERIPH_RST: forces known peripheral state after brown-out/hot-plug.
  • GPIO tag pins: exported stage markers for power/latency correlation during validation.

Rails & pull strategy (Always-On vs Switchable)

  • Define domains: Always-On domain retains wake/timebase/log; Switchable domain powers high-cost peripherals.
  • Pull-ups must match rail intent: open-drain pulls tied to an always-on rail can backfeed an off peripheral.
  • Default-state safety: CS inactive, SCLK quiet, I²C released, UART RX idle are enforced by pulls/keepers/retention.

Pass criteria (placeholder): peripheral VDD rise during off-state ≤ X; backfeed current ≤ X; safe-state pins hold within defined levels across sleep.

Layout pitfalls (only what impacts low-power correctness)

  • Leakage paths: contamination, flux residue, and high-impedance nodes can dominate µA budgets.
  • Floating inputs: undefined levels cause spurious wake events and retry storms; enforce pulls/keepers.
  • Over-strong pulls: pulls that are too small waste static power; size against required edge/timing and duty.
Low-power hook pins diagram for MCU PMIC and peripherals A block diagram showing MCU, PMIC, and peripherals with hook pins such as WAKE, PWR_EN, ISO_EN, PERIPH_RST, safe-state pulls, and pull-up domain placement between always-on and switchable rails. Low-power hook pins (control + default states + rail domains) MCU / SoC PMIC Peripherals WAKE (AON) PWR_EN ISO_EN GPIO tags AON rail SW rail PGOOD RST I²C device SPI device UART device CS safe pull PWR_EN ISO_EN AON SW RST Bus lines Default states: CS=inactive · SCLK=quiet · I²C=released · UART RX=idle · pulls match rail intent
Diagram: hook pins (WAKE/PWR_EN/ISO_EN/RST) and rail-domain intent (AON vs SW) define measurable, controllable low-power behavior with safe defaults.

Engineering Checklist: design → bring-up → production

The page becomes deliverable when the low-power hooks are enforced as three gates. Each item includes an action, evidence, and pass criteria (threshold placeholders). Example material numbers are provided as references; verify package/suffix/availability and system constraints.

Gate 1 — Design (freeze definitions, hooks, and evidence)

1) Freeze the average-power accounting model

Evidence: segmented buckets: E_sleep / E_wake / E_txrx / E_retry and required counters (wake_count, retry_total, error totals).

Pass criteria: model closes within ≤ X% vs measured energy for a defined duty profile.

2) Freeze power domains and timebase survivability

Evidence: Always-On vs Switchable domain map showing which blocks remain alive (wake detect, timeout timebase, minimal logs).

Pass criteria: timeout logic remains valid in the chosen sleep depth; no “infinite wait” states.

3) Freeze safe default states at sleep boundaries

Evidence: schematic annotations for pulls/keepers/retention: CS=inactive, SCLK=quiet, I²C=released, UART RX=idle.

Pass criteria: pin levels remain within defined VIH/VIL margins across sleep without ghost-power.

4) Freeze recovery gate and failure convergence

Evidence: state machine: ResetCause → Sanity → Reinit → Guard Txn → Resume with explicit fail-safe branch.

Pass criteria: recovery completes ≤ X ms or exits to fail-safe with codes logged (no unbounded retries).

5) Freeze instrumentation triplet: tags, logs, counters

Evidence: GPIO tag list + log field list + counter list aligned with power and latency measurements.

Pass criteria: every failure path produces a diagnosable code and increments counters.

6) Freeze retry and timeout budgets

Evidence: max retries per transaction type + backoff policy + short/long/watchdog timeout hierarchy.

Pass criteria: retry cost ceiling enforced; retry storms cannot dominate average power.

Reference parts (Design gate examples)

  • Load switch (SW rail): TI TPS22916, TPS22918, TPS22965
  • Voltage supervisor / reset: TI TPS3839, TI TPS3808, Microchip MCP100
  • RTC wake source: Micro Crystal RV-3028-C7, Abracon AB1805, NXP PCF85263A
  • Duty-cycle timer: TI TPL5110, TI TPL5010
  • GPIO expander (safe-state assists): TI TCA9535, NXP PCA9535

Note: material numbers are references; select variants by voltage range, package, leakage, enable polarity, and required default behavior.

Gate 2 — Bring-up (measure segmented energy, tails, and recovery)

1) Validate segmented energy with GPIO tags

Evidence: current waveform aligned to tags (sleep_entry → wake → sanity → guard_txn → resume) and per-segment energy totals.

Pass criteria: E_wake + E_retry remain below defined budgets (placeholders) for the target duty cycle.

2) Verify wake latency ladder (tail-focused)

Evidence: T_wake measured from true trigger to guard_txn_done; report p95/p99/max.

Pass criteria: T_wake_p99 ≤ X; T_recover_max ≤ X (placeholders).

3) Inject boundary failures and enforce convergence

Evidence: brown-out/hot-plug cases trigger ResetCause; hung-bus/fault injections route through Sanity → Reinit → Guard Txn.

Pass criteria: recovery_success ≥ X% over N cycles and stress corners (placeholders); failures exit with codes.

4) Validate retry budgets as power budgets

Evidence: retry_total and retry time share remain bounded; backoff does not create long tail explosions.

Pass criteria: retry_budget_usage ≤ X and does not dominate I_avg (placeholders).

Reference parts (Bring-up instrumentation examples)

  • Power/energy monitor: TI INA228, TI INA226, ADI LTC2944
  • Fuel gauge (battery nodes): TI BQ27441, Maxim MAX17048
  • Bus isolation w/ enable (if needed for power domains): TI ISO1540, ADI ADuM1250

Gate 3 — Production (test mode, BIST, exportable diagnostics)

1) Provide a deterministic factory test mode

Evidence: mode forces a known sleep depth, fixed wake source, and bounded transaction scripts.

Pass criteria: production sequence completes ≤ X s with deterministic logs and counters.

2) Provide BIST/loopback hooks and counter control

Evidence: loopback/guard transaction can be executed without external stimulus; counters can be read and cleared.

Pass criteria: guard_txn_success ≥ X% over N cycles at production conditions (placeholders).

3) Exportable diagnostics and error codes

Evidence: standardized error codes map to recovery branches; logs include reset_cause/wake_cause/timeout_stage.

Pass criteria: field returns can be triaged using codes + counters without reproducing full lab conditions.

Reference parts (Production hooks examples)

  • Programming / test connector: Tag-Connect TC2030 (spring-pin cable system)
  • Reset/supervisor for deterministic boot: TI TPS3839, Microchip MCP100
  • Load switch for rail sequencing tests: TI TPS22916, TPS22965
Three-gate checklist flow for low-power hooks A flow diagram showing Design gate, Bring-up gate, and Production gate, each producing evidence artifacts, leading to a deliverable package of logs, counters, and thresholds. Three-gate checklist flow (freeze → validate → industrialize) Design model · domains defaults · evidence Bring-up segmented energy tails · recovery Production test mode · BIST exportable codes Deliverable package Logs cause · stage Counters retry · error Thresholds Iavg · p99 Rule: each gate must produce evidence, and failures must be diagnosable with bounded convergence
Diagram: the three gates force a deliverable evidence package (logs + counters + thresholds) and prevent “unprovable” low-power claims.

Applications (typical profiles for low-power hooks)

The goal is not protocol coverage; it is selecting the right hooks to meet power, latency, and robustness targets for common field profiles. Each profile lists the critical hooks and reference parts (verify constraints and variants).

Battery sensor node (periodic sample + event wake)

  • Power profile: long sleep, short wake bursts; retries can dominate I_avg.
  • Critical hooks: RTC/timer wake, safe default bus states, retry budget + backoff, segmented energy measurement.
  • Common failures: spurious wake, ghost-power through pull-ups, partial transactions with re-tries.
  • Pass criteria: I_avg ≤ X; T_wake_p99 ≤ X; first_txn_success ≥ X% (placeholders).

Reference parts

RV-3028-C7 · AB1805 · TPL5110 · TPS22916 · TPS3839 · MAX17048 · BQ27441

Industrial monitoring (long standby + alarm bursts)

  • Power profile: standby for hours/days; bursts must resume deterministically.
  • Critical hooks: ResetCause logging, recovery gate (sanity→reinit→guard), error codes + counters for field triage.
  • Common failures: brown-out resumes into a broken bus, long-tail recovery, repeated retries increasing I_avg.
  • Pass criteria: recovery_success ≥ X% over N cycles; T_recover_max ≤ X (placeholders).

Reference parts

TPS3839 · TPS3808 · TPS22965 · INA228 · INA226 · ISO1540 · ADuM1250 · TC2030

Portable instrument (fast wake + data consistency)

  • Power profile: frequent wake; tail latency defines UX and measurement readiness.
  • Critical hooks: staged bring-up (minimal→full), guard transaction before measurement, idempotent configuration writes.
  • Common failures: first frame invalid after wake, partial configuration, silent state divergence across retries.
  • Pass criteria: T_wake_p99 ≤ X; first_txn_success ≥ X%; retry_budget_usage ≤ X (placeholders).

Reference parts

TPS22916 · TPS3839 · INA226 · RV-3028-C7 · TCA9535 · TPS22918

Application profiles: low-power state machines and critical hooks Three panels showing a simplified state machine for battery sensor nodes, industrial monitoring, and portable instruments. Each panel highlights wake source, hold behavior, and recovery entry. Typical profiles: state machine + key hooks (wake / hold / recovery) Battery node Industrial Portable Sleep Wake Sanity Guard Txn Work Wake: RTC / timer Hold: safe pins Sleep Wake Sanity Guard Txn Burst Wake: IRQ / PGOOD Recovery gate Sleep Wake Minimal Guard Txn Measure Wake: user / event Staged bring-up
Diagram: three profiles share the same core sequence (Sleep → Wake → Sanity → Guard Txn → Work), but differ in wake source, hook emphasis, and acceptance criteria.

Request a Quote

Accepted Formats

pdf, csv, xls, xlsx, zip

Attachment

Drag & drop files here or use the button below.

FAQs (Low-Power Hooks)

These FAQs close common bring-up and field-debug loops strictly within the Low-Power Hooks boundary. Each answer uses a fixed 4-line, data-oriented structure to drive measurable verification.

Sleep current is very low, but battery life is still poor — what is the first energy split?
Likely cause: energy is dominated by E_wake spike and/or E_retry, not by I_sleep; duty profile assumptions are wrong.
Quick check: align current waveform using GPIO tags and compute E_sleep / E_wake / E_tx / E_retry per cycle; also log wake_count/hour and retry_total/hour.
Fix: reduce wake frequency (batching), shorten wake ladder (staged bring-up), and cap retries (max retry + backoff); treat retry as a power budget item.
Pass criteria: measured |E_model − E_meas|/E_meas ≤ X% and E_retry/E_total ≤ X% over N cycles (X,N placeholders).
After wake, the first I²C transaction occasionally gets NAK — check pull-up domain or hung-bus first?
Likely cause: SCL/SDA are not valid at wake boundary (pull-up rail off / slow to settle) or bus is stuck low (hung-bus) from the previous cycle.
Quick check: log pullup_rail_state + bus_sanity_fail_flag and sample SCL/SDA level right before the first START; count NAK_total per 1k wakes.
Fix: move pull-ups to the correct alive domain (or provide a keep-alive/keeper), add Sanity→Clock-out recovery before the first transaction, and gate the first START until the rail is stable.
Pass criteria: first_txn_success ≥ X% and NAK_rate ≤ X per 1000 wakes at corners (X placeholders).
SPI bit-slip after sleep/wake — check CS default state or SCLK gating order first?
Likely cause: the device samples a “valid” SCLK edge while CS is not guaranteed inactive (or CS glitches during clock enable), shifting the frame boundary.
Quick check: capture CS/SCLK/MOSI with a logic analyzer around wake; verify CS_inactive_before_clk and measure tCS-CLK margin at wake (placeholder threshold).
Fix: enforce CS safe pull (inactive by default), sequence “CS inactive → enable SCLK → dummy clocks (if needed) → assert CS”; add a guarded first transfer that validates framing.
Pass criteria: frame_sync_error ≤ X per 10k wakes and guarded first SPI transfer passes with CRC/ID match ≥ X% (X placeholders).
UART drops the first frame only after deep sleep — wake-on-RX timing or baud not locked?
Likely cause: RX start-bit arrives before the UART clock/baud divider is stable; the first byte is sampled with wrong timing or stale configuration.
Quick check: log clk_ready_ts, uart_baud_locked_flag, and framing_err_count within the first 50 ms after wake.
Fix: stage bring-up: lock clock/baud first, then enable RX; optionally discard frames until “sync-ready”; bound the discard window with a timer and expose a counter.
Pass criteria: first_frame_drop_rate ≤ X per 10k wakes and framing_err_rate ≤ X at corners (X placeholders).
A peripheral becomes “half-powered” and heats up during sleep — what ghost-power path is most common?
Likely cause: backfeed through I/O protection structures (ESD diodes) when MCU I/O is high while the peripheral rail is off; I²C pull-ups or SPI lines are frequent sources.
Quick check: with peripheral rail off, measure I_backfeed on that rail and correlate it to specific signals by forcing pins low/high one group at a time; log “sleep rail state” and pin default states.
Fix: move pull-ups to the correct domain or add isolation/series resistors; enforce pin hold/safe states (drive low or hi-Z as required) before switching the rail off; sequence ISO_EN/PWR_EN to prevent backfeed windows.
Pass criteria: I_backfeed ≤ X µA (or ≤ X% of intended sleep current) and peripheral temperature rise ΔT ≤ X°C in steady sleep (X placeholders).
Wake latency occasionally becomes much longer — check PLL lock or firmware retry/backoff first?
Likely cause: long-tail events are usually caused by recovery/retry loops (bus sanity fails, guarded first transaction fails), not by nominal PLL lock time.
Quick check: log per-stage timestamps: t_rail_ready, t_clk_ready, t_sanity_ok, t_guard_ok and count retry_total during the event.
Fix: keep the wake ladder deterministic: do not start bus traffic before sanity passes; cap retries; differentiate “PLL not ready” vs “transaction failed” by error codes.
Pass criteria: T_wake_p99 ≤ X and (T_wake_max − T_wake_p50) ≤ X with retry budget enforced (X placeholders).
Wake failures increase at low temperature — rail settle or IO retention drift first?
Likely cause: power rail settling/PGOOD timing shifts with temperature, and marginal IO default levels can move across VIH/VIL boundaries during sleep.
Quick check: record t_rail_ready vs temperature and sample key pins (CS/SCL/SDA/RX) at sleep boundary; compare sanity_fail_rate across temps.
Fix: widen rail-ready guard time (bounded), tighten default pulls/keepers, and ensure pull-ups reference an alive domain; keep sanity checks before first transaction.
Pass criteria: recovery_success ≥ X% over N cycles at Tmin/Tmax and sanity_fail_rate ≤ X (X,N placeholders).
After brown-out the system does not crash, but the bus stays busy — which recovery step is missing?
Likely cause: resume skips Bus sanity or Guarded first transaction, so the system keeps transacting on a broken/stuck bus.
Quick check: read reset_cause/BOR_flag, then confirm the state machine path executed: ResetCause→Sanity→Reinit→Guard→Resume; inspect sanity_fail_flag and guard_fail_total.
Fix: enforce the three-step recovery gate: (1) sanity (levels/clock-out) (2) re-init (peripheral reset/config) (3) guard txn (read ID/status/CRC) before normal traffic; fail-safe on timeout.
Pass criteria: T_recover_max ≤ X and “bus busy” incidents ≤ X per 10k brown-outs (X placeholders).
Production test passes but field devices occasionally deadlock after wake — which counter/log field is usually missing?
Likely cause: field deadlocks are “silent” because the system lacks branch-level evidence; it cannot distinguish rail-not-ready, bus-sanity failure, guard txn failure, or retry budget exhaustion.
Quick check: ensure logs include reset_cause, wake_cause, stage_last, and timestamps; counters include retry_total, sanity_fail_total, guard_fail_total.
Fix: add minimal evidence triplet and enforce bounded convergence: every wait has a timeout, every retry increments a counter, and failures exit to fail-safe with an error code.
Pass criteria:(1 − X)% of field failures are classifiable by code+stage within the first report; deadlock MTTR ≤ X (X placeholders).
I²C pull-up resistor was reduced and battery life got worse — how to quantify pull-up power vs edge compliance?
Likely cause: pull-up static energy (when line is low) increased faster than any benefit from cleaner rise time; the duty factor of low-level dominates.
Quick check: compute I_pullup = Vpullup/R and estimate E_pullup ≈ Vpullup·I_pullup·(t_low_total); measure actual tR and confirm it is truly the limiting constraint.
Fix: select the weakest pull-up that still meets rise-time margin at worst-case Cbus; reduce low-level duty (shorter holds), or move pull-up to an optimized domain/conditional enable if architecture allows.
Pass criteria: worst-case tR ≤ X with ≥ X% margin, and I_avg improves by ≥ X% for the real duty profile (X placeholders).
Error rate increases after frequent sleep/wake cycles — counter overflow or state not cleared?
Likely cause: non-idempotent transactions accumulate state drift, or counters/timeouts are not reset/rolled over safely, causing false behavior after many cycles.
Quick check: track cycle_count, verify counters are saturating or wide enough, and log whether configuration writes are replayed with verification (read-back) on each wake.
Fix: enforce idempotent wrappers (pre-check→write→read-back→verify), clear/rollover counters safely, and treat “after N cycles” as a required stress test item.
Pass criteria: at N = X sleep/wake cycles, error_rate ≤ X and state_divergence = 0 by read-back checks (X placeholders).
The device claims to support a low-power mode but it seems ineffective — what wake-chain evidence to capture first?
Likely cause: the system never reaches the intended sleep depth (residency too low), or wake ladder stages are not satisfied so it keeps bouncing between partial states.
Quick check: log sleep_depth, sleep_residency%, wake_cause, and per-stage timestamps (t_rail_ready/t_clk_ready/t_guard_ok); compute wake_count/hour.
Fix: remove background wake sources, gate unnecessary clocks/IRQs, and ensure “wake accepted” only after guard transaction; keep retry budgets bounded to prevent oscillation.
Pass criteria: sleep_residency ≥ X% for the defined duty profile and wake_count/hour ≤ X while meeting T_wake_p99 ≤ X (X placeholders).
icnavigator

ICNavigator helps engineers find verified ICs, alternatives, and fast quotes.

Explore
Categories
  • Power Management
  • MCU
  • Automotive ICs
  • Sensors
  • Interface & Transceivers
  • Analog Front-End
Get in Touch
  • Email: hello@icnavigator.com
  • WeChat/WhatsApp: +86-xxxx

© 2025 ICNavigator. All rights reserved.