2025-06-13T12:56:00
permalink Post: 11900487
Question is why both engines lost power . Foreign object ingestion , contaminated fuel or both cutoff levels operated ? We do not know .
Any autothrust discussion is misleading since every pilot in that situation will firewall the levers whatever thrust reduction was selected for TO . the same is true for the RAT discussion- if enough hydraulic pressure was generated or not . The plane pitched up last second so there obviously was control until the end . Of course , without energy pulling alone will not bring you anywhere .
Why did both engines fail the same second as they would be cut off ???
Any autothrust discussion is misleading since every pilot in that situation will firewall the levers whatever thrust reduction was selected for TO . the same is true for the RAT discussion- if enough hydraulic pressure was generated or not . The plane pitched up last second so there obviously was control until the end . Of course , without energy pulling alone will not bring you anywhere .
Why did both engines fail the same second as they would be cut off ???
Let\x92s be careful about absolutes. Emirates 521 and Turkish 1951 are both examples of crews not firewalling the thrust levers despite low energy. The late pitch up could be due to the onset of a stall not an order from the crew.
TCMA is function which can reduce thrust on both engines simultaneously. It had done so in error in the past resulting in an AD. It uses air/ground logic so that it only operates on the ground, however note that at the point of thrust loss the gear is still down without any movement of the gear or doors. I would expect gear retraction to start before that height. Could we imagine an air/ground logic fault inhibiting gear retraction and allowing TCMA, which triggered (for whatever reason!) causing dual thrust loss? I would expect this to be in the realms of a combination of failures shown to be extremely impossible, but\x85
2 users liked this post.
2025-06-13T18:00:00
permalink Post: 11900751
Let\x92s be careful about absolutes. Emirates 521 and Turkish 1951 are both examples of crews not firewalling the thrust levers despite low energy. The late pitch up could be due to the onset of a stall not an order from the crew.
TCMA is function which can reduce thrust on both engines simultaneously. It had done so in error in the past resulting in an AD. It uses air/ground logic so that it only operates on the ground, however note that at the point of thrust loss the gear is still down without any movement of the gear or doors. I would expect gear retraction to start before that height. Could we imagine an air/ground logic fault inhibiting gear retraction and allowing TCMA, which triggered (for whatever reason!) causing dual thrust loss? I would expect this to be in the realms of a combination of failures shown to be extremely impossible, but\x85
TCMA is function which can reduce thrust on both engines simultaneously. It had done so in error in the past resulting in an AD. It uses air/ground logic so that it only operates on the ground, however note that at the point of thrust loss the gear is still down without any movement of the gear or doors. I would expect gear retraction to start before that height. Could we imagine an air/ground logic fault inhibiting gear retraction and allowing TCMA, which triggered (for whatever reason!) causing dual thrust loss? I would expect this to be in the realms of a combination of failures shown to be extremely impossible, but\x85
6 users liked this post.
2025-06-13T18:41:00
permalink Post: 11900793
OK, another hour spent going through all the posts since I was on last night...
I won't quote the relevant posts as they go back ~15 pages, but a few more comments:
TAT errors affecting N1 power set: The FADEC logic (BTW, this is pretty much common on all Boeing FADEC) will use aircraft TAT if it agrees with the dedicated engine inlet temp probe - but if they differ it will use the engine probe . The GE inlet temp probe is relatively simple and unheated, so (unlike a heated probe) a blocked or contaminated probe will still read accurately - just with greater 'lag' to actual temperature changes.
TCMA - first off, I have to admit that this does look rather like an improper TCMA activation, but that is very, very unlikely. For those who don't know, TCMA is a system to shutdown a runaway engine that's not responding to the thrust lever - basic logic is an engine at high power with the thrust lever at/near idle, and the engine not decelerating. However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
Fuel contamination/filter blockage: The fuel filters have a bypass - if the delta P across the filter becomes excessive, the filter bypasses and provides the contaminated fuel to the engine. Now this contaminated fuel could easy foul up the fuel metering unit causing a flameout, but to happen to two engines at virtually the same time would be tremendous unlikely.
Auto Thrust thrust lever retard - the TO lockup in the logic makes this very unlikely (it won't unlock below (IIRC) 400 ft., and even that requires a separate pilot action such as a mode select change or thrust lever movement). And if it did somehow happen, all the pilot needs to do is push the levers back up.
Engine parameters on the FDR: I don't know what exactly is on the 787 FDR with regards to engine parameters, but rest assured that there is plenty of engine data that gets recorded - most at one/second. Getting the FDR readout from a modern FDR is almost an embarrassment of riches. Assuming the data is intact, we'll soon have a very good idea of what the engines were doing
I won't quote the relevant posts as they go back ~15 pages, but a few more comments:
TAT errors affecting N1 power set: The FADEC logic (BTW, this is pretty much common on all Boeing FADEC) will use aircraft TAT if it agrees with the dedicated engine inlet temp probe - but if they differ it will use the engine probe . The GE inlet temp probe is relatively simple and unheated, so (unlike a heated probe) a blocked or contaminated probe will still read accurately - just with greater 'lag' to actual temperature changes.
TCMA - first off, I have to admit that this does look rather like an improper TCMA activation, but that is very, very unlikely. For those who don't know, TCMA is a system to shutdown a runaway engine that's not responding to the thrust lever - basic logic is an engine at high power with the thrust lever at/near idle, and the engine not decelerating. However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
Fuel contamination/filter blockage: The fuel filters have a bypass - if the delta P across the filter becomes excessive, the filter bypasses and provides the contaminated fuel to the engine. Now this contaminated fuel could easy foul up the fuel metering unit causing a flameout, but to happen to two engines at virtually the same time would be tremendous unlikely.
Auto Thrust thrust lever retard - the TO lockup in the logic makes this very unlikely (it won't unlock below (IIRC) 400 ft., and even that requires a separate pilot action such as a mode select change or thrust lever movement). And if it did somehow happen, all the pilot needs to do is push the levers back up.
Engine parameters on the FDR: I don't know what exactly is on the 787 FDR with regards to engine parameters, but rest assured that there is plenty of engine data that gets recorded - most at one/second. Getting the FDR readout from a modern FDR is almost an embarrassment of riches. Assuming the data is intact, we'll soon have a very good idea of what the engines were doing
17 users liked this post.
2025-06-13T18:58:00
permalink Post: 11900812
OK, another hour spent going through all the posts since I was on last night...
I won't quote the relevant posts as they go back ~15 pages, but a few more comments:
TAT errors affecting N1 power set: The FADEC logic (BTW, this is pretty much common on all Boeing FADEC) will use aircraft TAT if it agrees with the dedicated engine inlet temp probe - but if they differ it will use the engine probe . The GE inlet temp probe is relatively simple and unheated, so (unlike a heated probe) a blocked or contaminated probe will still read accurately - just with greater 'lag' to actual temperature changes.
TCMA - first off, I have to admit that this does look rather like an improper TCMA activation, but that is very, very unlikely. For those who don't know, TCMA is a system to shutdown a runaway engine that's not responding to the thrust lever - basic logic is an engine at high power with the thrust lever at/near idle, and the engine not decelerating. However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
Fuel contamination/filter blockage: The fuel filters have a bypass - if the delta P across the filter becomes excessive, the filter bypasses and provides the contaminated fuel to the engine. Now this contaminated fuel could easy foul up the fuel metering unit causing a flameout, but to happen to two engines at virtually the same time would be tremendous unlikely.
Auto Thrust thrust lever retard - the TO lockup in the logic makes this very unlikely (it won't unlock below (IIRC) 400 ft., and even that requires a separate pilot action such as a mode select change or thrust lever movement). And if it did somehow happen, all the pilot needs to do is push the levers back up.
Engine parameters on the FDR: I don't know what exactly is on the 787 FDR with regards to engine parameters, but rest assured that there is plenty of engine data that gets recorded - most at one/second. Getting the FDR readout from a modern FDR is almost an embarrassment of riches. Assuming the data is intact, we'll soon have a very good idea of what the engines were doing
I won't quote the relevant posts as they go back ~15 pages, but a few more comments:
TAT errors affecting N1 power set: The FADEC logic (BTW, this is pretty much common on all Boeing FADEC) will use aircraft TAT if it agrees with the dedicated engine inlet temp probe - but if they differ it will use the engine probe . The GE inlet temp probe is relatively simple and unheated, so (unlike a heated probe) a blocked or contaminated probe will still read accurately - just with greater 'lag' to actual temperature changes.
TCMA - first off, I have to admit that this does look rather like an improper TCMA activation, but that is very, very unlikely. For those who don't know, TCMA is a system to shutdown a runaway engine that's not responding to the thrust lever - basic logic is an engine at high power with the thrust lever at/near idle, and the engine not decelerating. However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
Fuel contamination/filter blockage: The fuel filters have a bypass - if the delta P across the filter becomes excessive, the filter bypasses and provides the contaminated fuel to the engine. Now this contaminated fuel could easy foul up the fuel metering unit causing a flameout, but to happen to two engines at virtually the same time would be tremendous unlikely.
Auto Thrust thrust lever retard - the TO lockup in the logic makes this very unlikely (it won't unlock below (IIRC) 400 ft., and even that requires a separate pilot action such as a mode select change or thrust lever movement). And if it did somehow happen, all the pilot needs to do is push the levers back up.
Engine parameters on the FDR: I don't know what exactly is on the 787 FDR with regards to engine parameters, but rest assured that there is plenty of engine data that gets recorded - most at one/second. Getting the FDR readout from a modern FDR is almost an embarrassment of riches. Assuming the data is intact, we'll soon have a very good idea of what the engines were doing
2025-06-13T21:57:00
permalink Post: 11900954
At this stage, at least two scenarios seem highly plausible:
1. Technical issue
Airliners rely on air/ground logic , which is fundamental to how systems operate.
There have been numerous crashes and serious incidents linked to this logic functioning incorrectly.
Some engineering tests require the air/ground switch to be set in a particular mode. If it's inadvertently left in engineering mode—or if the system misinterprets the mode—this can cause significant problems.
2. Pilot misselection of fuel control switches to cutoff
This is still a very real possibility. If it occurred, the pilot responsible may not have done it consciously—his mindset could have been in a different mode.
There’s precedent: an A320 pilot once inadvertently shut down both engines over Paris. Fortunately, the crew managed to restart them. Afterward, the pilot reportedly couldn’t explain his actions.
If something similar happened here, then when the pilots realized the engines had stopped producing thrust, pushing the levers forward would have had no effect. It’s easy to overlook that the fuel switches are in the wrong position—they're far from the normal scan pattern. And with the ground rushing up, the view outside would’ve been far more commanding.
Speaking personally, when I shut down engines at the end of a flight, I consciously force myself to operate each fuel switch independently and with full attention. I avoid building muscle memory that might lead to switching off both engines in a fast, well-practiced habit.
If this is a technical issue, I assume we’ll know soon enough.
1. Technical issue
Airliners rely on air/ground logic , which is fundamental to how systems operate.
There have been numerous crashes and serious incidents linked to this logic functioning incorrectly.
Some engineering tests require the air/ground switch to be set in a particular mode. If it's inadvertently left in engineering mode—or if the system misinterprets the mode—this can cause significant problems.
-
On the ground
, if the aircraft is incorrectly in
air mode
, some systems may be unavailable—such as wheel brakes, reverse thrust, or ground spoilers.
-
In the air
, if the aircraft is mistakenly in
ground mode
, flaps might auto-retract, and various layers of system protection may be disabled.
2. Pilot misselection of fuel control switches to cutoff
This is still a very real possibility. If it occurred, the pilot responsible may not have done it consciously—his mindset could have been in a different mode.
There’s precedent: an A320 pilot once inadvertently shut down both engines over Paris. Fortunately, the crew managed to restart them. Afterward, the pilot reportedly couldn’t explain his actions.
If something similar happened here, then when the pilots realized the engines had stopped producing thrust, pushing the levers forward would have had no effect. It’s easy to overlook that the fuel switches are in the wrong position—they're far from the normal scan pattern. And with the ground rushing up, the view outside would’ve been far more commanding.
Speaking personally, when I shut down engines at the end of a flight, I consciously force myself to operate each fuel switch independently and with full attention. I avoid building muscle memory that might lead to switching off both engines in a fast, well-practiced habit.
If this is a technical issue, I assume we’ll know soon enough.
3 users liked this post.
2025-06-13T22:05:00
permalink Post: 11900958
TCMA - first off, I have to admit that this does look rather like an improper TCMA activation, but that is very, very unlikely. For those who don't know, TCMA is a system to shutdown a runaway engine that's not responding to the thrust lever - basic logic is an engine at high power with the thrust lever at/near idle, and the engine not decelerating. However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
Two thoughts re TCMA: 1) Is it possible a false TCMA activation could have occurred just before, or concurrently with, the a/c leaving the ground, with the resulting loss of thrust and electrical power not being apparent for another (say) 10s); 2) As you say two simultaneous failures very unlikely... except that it did happen to that ANA flight, albeit during ground state.
2025-06-13T22:13:00
permalink Post: 11900962
At this stage, at least two scenarios seem highly plausible:
1. Technical issue
Airliners rely on air/ground logic , which is fundamental to how systems operate.
There have been numerous crashes and serious incidents linked to this logic functioning incorrectly.
Some engineering tests require the air/ground switch to be set in a particular mode. If it's inadvertently left in engineering mode—or if the system misinterprets the mode—this can cause significant problems.
2. Pilot misselection of fuel control switches to cutoff
This is still a very real possibility. If it occurred, the pilot responsible may not have done it consciously—his mindset could have been in a different mode.
There’s precedent: an A320 pilot once inadvertently shut down both engines over Paris. Fortunately, the crew managed to restart them. Afterward, the pilot reportedly couldn’t explain his actions.
If something similar happened here, then when the pilots realized the engines had stopped producing thrust, pushing the levers forward would have had no effect. It’s easy to overlook that the fuel switches are in the wrong position—they're far from the normal scan pattern. And with the ground rushing up, the view outside would’ve been far more commanding.
Speaking personally, when I shut down engines at the end of a flight, I consciously force myself to operate each fuel switch independently and with full attention. I avoid building muscle memory that might lead to switching off both engines in a fast, well-practiced habit.
If this is a technical issue, I assume we’ll know soon enough.
1. Technical issue
Airliners rely on air/ground logic , which is fundamental to how systems operate.
There have been numerous crashes and serious incidents linked to this logic functioning incorrectly.
Some engineering tests require the air/ground switch to be set in a particular mode. If it's inadvertently left in engineering mode—or if the system misinterprets the mode—this can cause significant problems.
-
On the ground
, if the aircraft is incorrectly in
air mode
, some systems may be unavailable—such as wheel brakes, reverse thrust, or ground spoilers.
-
In the air
, if the aircraft is mistakenly in
ground mode
, flaps might auto-retract, and various layers of system protection may be disabled.
2. Pilot misselection of fuel control switches to cutoff
This is still a very real possibility. If it occurred, the pilot responsible may not have done it consciously—his mindset could have been in a different mode.
There’s precedent: an A320 pilot once inadvertently shut down both engines over Paris. Fortunately, the crew managed to restart them. Afterward, the pilot reportedly couldn’t explain his actions.
If something similar happened here, then when the pilots realized the engines had stopped producing thrust, pushing the levers forward would have had no effect. It’s easy to overlook that the fuel switches are in the wrong position—they're far from the normal scan pattern. And with the ground rushing up, the view outside would’ve been far more commanding.
Speaking personally, when I shut down engines at the end of a flight, I consciously force myself to operate each fuel switch independently and with full attention. I avoid building muscle memory that might lead to switching off both engines in a fast, well-practiced habit.
If this is a technical issue, I assume we’ll know soon enough.
On item 2, the video shows no asymmetry at any time, so there is only a symmetric failure of the engines possible. Back on a B747 classic, you could chop all 4 engines at the same time with one hand, on a B737, also, not so much on a B777 or B787. I would doubt that anyone used two hands to cut the fuel at screen height. Note, there was a B744 that lost one engine in cruise when a clip board fell off the coaming. Didn't happen twice, and it only happened to one engine.
Yes indeed, the moment they pulled the gear lever, as we see the gear begin the retraction process, and then suddenly stop. Almost as if they suddenly lost power.
We can see the landing gear retraction process begin. We see the bogies tilted in the second video. We can hear the RAT. We can see the RAT. We can see the flaps extended in the video and at the crash site. There isn't actually a single piece of evidence the flaps were raised, it's just a conclusion people jumped too before evidence began to emerge.
The crazy thing is, when the report comes out and there is no mention of flaps none of the people who have been pushing the flap theory will self reflect or learn anything. They'll think those of us who didn't buy into it were just lucky, rather than it being down to use of fairly simple critical thinking.
We can see the landing gear retraction process begin. We see the bogies tilted in the second video. We can hear the RAT. We can see the RAT. We can see the flaps extended in the video and at the crash site. There isn't actually a single piece of evidence the flaps were raised, it's just a conclusion people jumped too before evidence began to emerge.
The crazy thing is, when the report comes out and there is no mention of flaps none of the people who have been pushing the flap theory will self reflect or learn anything. They'll think those of us who didn't buy into it were just lucky, rather than it being down to use of fairly simple critical thinking.
Neila83 is correct, the gear tilt pre retraction is rear wheels low, and at the commencement of the selection of the retraction cycle (generally),
There is enough in the way of anomalies here to end up with regulatory action, and airlines themselves should/will be starting to pore over their systems and decide if they are comfortable with the airworthiness of the aircraft at this moment. A latent single point of failure is not a comfortable place to be. Inhibiting TCMA might be a good interim option, that system could have been negated by having the ATR ARM switches....(Both)... ARM deferred to the before takeoff checks. The EAFR recovery should result in action within the next 24-48 hours. Boeing needs to be getting their tiger teams warmed up, they can ill afford to have a latent system fault discovered that is not immediately responded to, and the general corporate response of "blame the pilots" is not likely to win any future orders.
I think we are about to have some really busy days for the OEM.
Not sure that Neila83 is that far off the mark at all.
Last edited by fdr; 14th Jun 2025 at 01:21 . Reason: corrected for B788 by Capt Bloggs!
8 users liked this post.
2025-06-14T21:39:00
permalink Post: 11901865
TCMA
Which side of V1 does TCMA lurk? If a pilot closes the throttles to abort, does the system allow it? After all, "too low thrust" is outside the contour....
Ya know, when every conceivable possibility (or close) has been de wormed, it"s usually something impossible, or too fearful...(Or dishonest, fraudulent, criminal ....etc ,?
Which side of V1 does TCMA lurk? If a pilot closes the throttles to abort, does the system allow it? After all, "too low thrust" is outside the contour....
Ya know, when every conceivable possibility (or close) has been de wormed, it"s usually something impossible, or too fearful...(Or dishonest, fraudulent, criminal ....etc ,?
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
2 users liked this post.
2025-06-14T21:59:00
permalink Post: 11901875
From tdracer
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
2025-06-14T22:13:00
permalink Post: 11901888
From tdracer
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
1 user liked this post.
2025-06-14T23:05:00
permalink Post: 11901941
I am curious to learn what power source drives the high-pressure fuel pumps in the engine. If there is such a thing, I suppose there would.
Gearbox? This is at odds with a possible cascading electric failure that (might have) caused a loss of engine fuel feed.
To my understanding on my ancient plane and engine design, the HP pumps that feed the nozzles are driven mechanically, which enables gravity feeding among other scenarios, but also assures the fuel supply is independent of whatever happens upstream of the nacelle. Except for LP/fire shut-off cocks.
Gearbox? This is at odds with a possible cascading electric failure that (might have) caused a loss of engine fuel feed.
To my understanding on my ancient plane and engine design, the HP pumps that feed the nozzles are driven mechanically, which enables gravity feeding among other scenarios, but also assures the fuel supply is independent of whatever happens upstream of the nacelle. Except for LP/fire shut-off cocks.
Engine driven fuel pump failures are very rare, but have happened (usually with some 'precursor' symptoms that were ignored or mis-diagnosed by maintenance). It would be unheard of for engine driven fuel pumps to fail on both engines on the same flight.
As I've repeatedly posted, even a 100% aircraft power failure would not explain both engines quitting, at least without several other existing faults. Again, never say never, but you can only combine so many 10-9 events before it becomes ridiculous...
TCMA doesn't know what V1 is - it's active whenever the air/ground logic says the aircraft is on-ground.
16 users liked this post.
2025-06-14T23:54:00
permalink Post: 11901974
From tdracer
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
Of course you can have two or three systems that are coded by different teams, using different languages, running in different hardware, even if they are fed from the same sensors, as long as you have many sensors (as tdracer has indicated, 5 inputs on the 747 for instance - although only needing 2 to be true does seem to reduce that margin for error somewhat).
If these two or three systems all have to send independent signals to the downstream hardware (the engine in this case) and the engine requires more than one signal to take the dangerous action like shutdown, then you're more protected, but that doesn't seem to be how the 787 works from the descriptions here by the experts like td and fdr. But please correct me if I'm wrong on that.
Its hard to imagine how else you could simultaneously cut both engines any other way, as tdracer said, other than human action or by software command. And software command means software failure. So information and discussion about exactly how redundant the software that takes this decision is would seem a good direction to move this discussion in. Is it truly only redundant 'internally' to itself, the module that sends this message to the engines? We heard about the 32 bit overflow bug that can shutdown engines - is it really that hard to believe that it has no other similar bugs when that one slipped through the testing?
2025-06-15T00:30:00
permalink Post: 11901992
The 'good' news is that even a cursory check of the FDR will indicate if TCMA activated, so we'll soon know.
8 users liked this post.
2025-06-15T01:21:00
permalink Post: 11902026
I can buy the AC power loss, but TCMA activation as well - That\x92s a stretch. TCMA is available on the ground and on approach and will activate if the engine thrust doesn\x92t follow the Thrust Lever command. On the ground it will shut the engine down (think RTO with engine stuck at T/O). On approach it will reduce the thrust if the engine doesn\x92t respond to the Thrust Lever command ala Cathay Pacific A330 (CMB - HKG) with the fuel contamination incident.
5 users liked this post.
2025-06-15T01:43:00
permalink Post: 11902040
MELs?
From tdracer
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
However, TCMA is only active on the ground (unfamiliar with the 787/GEnx TCMA air/ground logic - on the 747-8 we used 5 sources of air/ground - three Radio Altimeters and two Weight on Wheels - at least one of each had to indicate ground to enable TCMA). TCMA will shutdown the engine via the N2 overspeed protection - nearly instantaneous. For this to be TCMA, it would require at least two major failures - improper air ground indication or logic, and improper TCMA activation logic (completely separate software paths in the FADEC). Like I said, very, very unlikely.
2025-06-15T04:19:00
permalink Post: 11902094
Okay! Many thanks for that! Of course, it very much complicates the picture, and I'm very puzzled as to how the Fuel Cutoff Switches and Valves operate. Apparently, the TCAM system shuts off an errant engine on the ground at least, but my concern is not with the software but the hardware. It obviously has an Output going into the Fuel Shutoff system. If the TCAM unit loses power, can that output cause the Cutoff process (powered by the engine-dedicated generator) to be activated? I guess that's the $64 billion question, but if MCAS is any example, then: Probably!
TCMA (not TCAM) - Thrust Control Malfunction Accommodation - is a FADEC based system. It's resident in the engine FADEC (aka EEC) - the ONLY inputs from the aircraft that go into the TCMA is air/ground (to enable) and thrust lever position (to determine if the engine is doing what it's being commanded to do. The FADEC has the ability to shutdown the engine via the N2 overspeed protection system - this is separate from the aircraft run/cutoff signal, although it uses the same HPSOV to effect the shutdown. That same system is used by TCMA to shutoff fuel if it determines the engine is 'running away'.
Hint, you might try going back a few pages and reading where all this has been posted previously.
33 users liked this post.
2025-06-15T05:45:00
permalink Post: 11902127
TCMA (not TCAM) - Thrust Control Malfunction Accommodation - is a FADEC based system. It's resident in the engine FADEC (aka EEC) - the ONLY inputs from the aircraft that go into the TCMA is air/ground (to enable) and thrust lever position (to determine if the engine is doing what it's being commanded to do. The FADEC has the ability to shutdown the engine via the N2 overspeed protection system - this is separate from the aircraft run/cutoff signal, although it uses the same HPSOV to effect the shutdown. That same system is used by TCMA to shutoff fuel if it determines the engine is 'running away'.
In software development, we always have the deadlock risk when we disable a function during a system mode shift. In case an erroneous decision was made just prior to this mode shift, it cant be correctedt as the function itself got disabled after mode shift. Normally we have a monitoring function alway active to correct this.
2025-06-15T06:25:00
permalink Post: 11902143
So are we now saying total loss of AC power for the RAT activation and activation of TCMA on two very independent engines for the power loss? What are the chances..
I can buy the AC power loss, but TCMA activation as well - That\x92s a stretch. TCMA is available on the ground and on approach and will activate if the engine thrust doesn\x92t follow the Thrust Lever command. On the ground it will shut the engine down (think RTO with engine stuck at T/O). On approach it will reduce the thrust if the engine doesn\x92t respond to the Thrust Lever command ala Cathay Pacific A330 (CMB - HKG) with the fuel contamination incident.
I can buy the AC power loss, but TCMA activation as well - That\x92s a stretch. TCMA is available on the ground and on approach and will activate if the engine thrust doesn\x92t follow the Thrust Lever command. On the ground it will shut the engine down (think RTO with engine stuck at T/O). On approach it will reduce the thrust if the engine doesn\x92t respond to the Thrust Lever command ala Cathay Pacific A330 (CMB - HKG) with the fuel contamination incident.
1 user liked this post.
2025-06-15T06:47:00
permalink Post: 11902155
I hate to disappoint you, but the people (like me) who design, test, and certify aircraft are not idiots. We design for failures. Yes, on rare occasion, something gets missed (e.g. MCAS), but we know that aircraft power systems sometimes fail (or suffer short term interuptions) and we design for that. EVERY VALVE IN THE FUEL SYSTEM MUST BE POWERED TO CHANGE STATE!!!! If electrical power is lost, they just stay where they are. The engine fuel valve must be powered open, and it must be powered closed. Same with the spar valve. The pilot moves a switch, that provides electrical signals to the spar valve and the engine fuel valve to open or close. It's
not
complicated and has been in use for decades.
TCMA (not TCAM) - Thrust Control Malfunction Accommodation - is a FADEC based system. It's resident in the engine FADEC (aka EEC) - the ONLY inputs from the aircraft that go into the TCMA is air/ground (to enable) and thrust lever position (to determine if the engine is doing what it's being commanded to do. The FADEC has the ability to shutdown the engine via the N2 overspeed protection system - this is separate from the aircraft run/cutoff signal, although it uses the same HPSOV to effect the shutdown. That same system is used by TCMA to shutoff fuel if it determines the engine is 'running away'.
Hint, you might try going back a few pages and reading where all this has been posted previously.
TCMA (not TCAM) - Thrust Control Malfunction Accommodation - is a FADEC based system. It's resident in the engine FADEC (aka EEC) - the ONLY inputs from the aircraft that go into the TCMA is air/ground (to enable) and thrust lever position (to determine if the engine is doing what it's being commanded to do. The FADEC has the ability to shutdown the engine via the N2 overspeed protection system - this is separate from the aircraft run/cutoff signal, although it uses the same HPSOV to effect the shutdown. That same system is used by TCMA to shutoff fuel if it determines the engine is 'running away'.
Hint, you might try going back a few pages and reading where all this has been posted previously.
I hope I never suggested you guys are idiots! I very much doubt that indeed. You cannot be idiots. Planes fly, very reliably. That's evidence enough.
Maybe my analysis is simplistic, but for someone who knows as little about the nuts and bolts that are your profession, I think I'm not doing too badly.
I believe I have made a number of worthy contributions to this thread. Maybe I'm deluded. Too bad. Fact is, over the history of modern aviation, there have been a number of serious design stuff ups that "shouldn't have happened". As far as I'm concerned, the crash of AF447 is bloody good evidence of not considering a very simple, fundamental failure, and should NEVER have happened. The thing is, that would have been sooo easy to avoid. So please, don't get on too high a horse over this.
Thanks for your information about all the fuel control valves. That's cool. Yes, my cars have numerous such systems, from the radiator grilles backward.
And you misunderstand what I meant about "complicates things". Was that deliberate? What I meant was it complicates understanding how a major electrical failure could cause the Fuel Cutoff valves to close, that's all. The valves don't close if unpowered, but if the control is via the FADEC, then what could have caused them to close?
Your explanation of how the Fuel Valves are controlled is rather simplistic too. "The pilot moves a switch, that provides electrical signals to the spar valve and the engine fuel valve to open or close." Seriously? Am I an idiot then? Is it a single pole, single throw switch? Is the valve driven by a stepper motor, or what? A DC Motor and worm drive? Does it have an integral controller? How does the valve drive know when to stop at end of travel? Would you mind elaborating, please?
1 user liked this post.
2025-06-15T21:03:00
permalink Post: 11902838
Would be interesting to understand more about the exact definition of TCMA’s “on the ground“ and some more detailed insight into its implementation (only one or more WoW’s or multiple sensing?… is there a switch on the gear added? …is there an ALT/AGL check?.. how is implementation split over HW/FW/SW? … ).
Also, how could external factors impact that sequence to run.
Appreciating your previous answers (as usual).
Also, how could external factors impact that sequence to run.
Appreciating your previous answers (as usual).
)
Apologies for a few terse posts last night, but a couple of inane posts (by a usual suspect) really set me off. I've never used the 'ignore' function, but I may need to revisit that.
I posted this previously, but it was about 70 pages ago, so I understand not going back that far, or forgetting that tidbit amongst all the noise.
In short, I'm not familiar with the specific air/ground logic on the 787/GEnx-1B - the logic I posted (3 radio altimeters, 2 Weight on Wheels, at least one of each must indicate 'on-ground) is for the 747-8 (which I'm intimately familiar with). I have a vague recollection of a discussion with my GEnx-1B counterpart 10 or more years ago that suggested that the 787 was not as complex as the 747-8, but I don't recall any details. Basic FADEC logic (BTW, as someone else noted - it's "Full Authority", not "Autonomous") is to default to 'air' if in doubt, as it's considered to be 'safer'.
The only real hardware in the TCMA system is the N2 overspeed shutdown system - which goes through a BITE style functional test on every engine start. Everything else is in software - with the only aircraft inputs being Air/Ground and thrust lever position.
As I've posted previously, the FADEC is powered by a dedicated Permanant Magnet Alternator (PMA) - aircraft power is used only as a backup for starting or if the PMA fails. If the FADEC determines it is running on aircraft power with engine running (i.e. the PMA has failed), it sets a 'No Dispatch" fault message.
12 users liked this post.