Posts about: "Spar Valves" [Posts: 46 Pages: 3]

Originally Posted by D Bru

Inspired by the mention in the PR about a MEL on the \x91core network\x92, I came across the polemics between Boeing and IOActive a few years ago about the alleged vulnerability of 787 core systems to outside interference (hacker attack from within a/c and/or ground), including the highly sensitive CDN module, from where also the fuel cut-off module can be accessed. It\x92s definitely not my specialty, but I thought to flag it in case someone has more informed ideas about this. To my mind it could potentially \x93outshine\x94 intentional crew action. Boeing at the time denied such options, of course. Obviously also in good faith, but who knows where we are 6 years on.

https://www.wired.com/story/boeing-7...ecurity-flaws/

Originally Posted by GroundedSpanner

787 has RDC's - Remote Data Concentrators. Doing the same function. Two of the switch pole-sets go each to one of 2 different RDC's, that feed the EAFR's / QAR, and the common core network so that any system that wants to know, can. The wiring is positive voltage from the RDC's to the switch and to GND through the common pin. So the RDC's would be able to detect anomalies such as both contacts open, or both contacts closed. The EAFR will see two independent channels per switch.
The other 2 contact sets feed latching relays (again driven each coil independently by dropping to GND at the switch) that then drive spar valves and reset signals to the FADEC Channels. (and more).

So - for the benefit of those that hang on to the 'possibility' of electrical gremlins and 'ghost' switch signals.

Each switch has 4 mechanically separated 'channels' - 2 of which do electromechanical things to the engines through separate paths, the other 2 feed through independent paths the FDR and the rest of the computer systems. The results of the electromechanical actions also feed back to the FDR.

Thus the readout from the EAFR will PROVE that the switches MUST have been PHYSICALLY MOVED.

Originally Posted by LiveSpark

Can someone please confirm whether or not the respective fuel cut-off switch is directly connected to the open/closing coils of the fuel valve actuator? Or is there some intermediate control system between the switch and valve actuator?

Originally Posted by tdracer

Something else that has been repeatedly discussed in the three threads...
While there are interposing relays, the signals to the Fuel Metering Unit shutoff valve and the Spar Valve are hardwired from the switches to the valves in question. They don't go through some computer interface that could corrupt the signals.

Originally Posted by LiveSpark

Can someone please confirm whether or not the respective fuel cut-off switch is directly connected to the open/closing coils of the fuel valve actuator? Or is there some intermediate control system between the switch and valve actuator?

Originally Posted by GroundedSpanner

tdracer excellently summarised. But I'll confirm.
The switch is directly connected to the coils of a latching relay. That latching relay is directly connected to the coils of the spar valve. There is no digital logic device in the way,
The position of the switch is monitored (through a different set of contacts) by the EAFR (twice). The position of the spar valve is monitored by the EAFR.
Thus the recorder sees (twice) that the switch is moved, and that the valve moved in response.