Open-Source-Space-Foundation · ineskhou · Jan 29, 2026 · Jan 27, 2026 · Jan 27, 2026 · Jan 28, 2026
diff --git a/FprimeZephyrReference/Components/AuthenticationRouter/AuthenticationRouter.cpp b/FprimeZephyrReference/Components/AuthenticationRouter/AuthenticationRouter.cpp
@@ -224,62 +224,22 @@ void AuthenticationRouter ::GET_COMMAND_LOSS_DATA_cmdHandler(FwOpcodeType opCode
 }
 
 Fw::Time AuthenticationRouter ::update_command_loss_start(bool write_to_file) {
+    // Lock the mutex to prevent multiple threads from updating the command loss start time simultaneously
     Os::ScopeLock lock(this->m_commandLossMutex);
 
-    // Update file with current time and cache it
     Fw::Time current_time = this->getTime();
 
-    // if current time base if monotonic, we don't want to write it to file, but we still want to update the cached
-    // time and return it this way we never write monotonic time to file, which would be invalid on reboot and if
-    // the system is using monotonic time, we don't consistently return a previously saved workstation time to a
-    // cube stuck on monotonic (ie broken RTC). So we don't write monotonic time to file, but cache it for use in
-    // current session
-
-    if (current_time.getTimeBase() == TimeBase::TB_PROC_TIME) {
-        if (write_to_file) {
-            // Don't write monotonic time to file, but cache it for use in current session
-            this->m_commandLossStartTime = current_time;
-            return current_time;
-        } else {
-            // Return cached time (the time when last command arrived)
-            return this->m_commandLossStartTime;
-        }
-    }
-
-    Fw::ParamValid is_valid;
-    auto time_file = this->paramGet_COMM_LOSS_TIME_START_FILE(is_valid);
-
-    if (write_to_file) {
-        Os::File::Status status = Utilities::FileHelper::writeToFile(time_file.toChar(), current_time);
-        if (status != Os::File::OP_OK) {
-            this->log_WARNING_HI_CommandLossFileInitFailure();
-        }
+    // If writing (command received), reset the timer to current time
+    // On boot, m_commandLossStartTime starts at ZERO_TIME, so first command will set it
+    // Also reset if timebase changed (can't compare times with different timebases)
+    bool changed_time_base = this->m_commandLossStartTime.getTimeBase() != current_time.getTimeBase();
+    if (write_to_file || this->m_commandLossStartTime == Fw::ZERO_TIME || changed_time_base) {
         this->m_commandLossStartTime = current_time;
-
         return current_time;
-    } else {
-        // Check if we need to load from file (cache is zero/uninitialized or timebase mismatch with the file)
-        // Otherwise we want to read from the cache in case the filesystem is broken
-        // Also invalidate cache if timebase changed (e.g., system switched from monotonic to workstation time)
-        if (this->m_commandLossStartTime == Fw::ZERO_TIME ||
-            this->m_commandLossStartTime.getTimeBase() != current_time.getTimeBase()) {
-            // Read stored time from file, or use current time if file doesn't exist
-            Fw::Time time = this->getTime();
-            Os::File::Status status = Utilities::FileHelper::readFromFile(time_file.toChar(), time);
-
-            // On read failure, write the current time to the file for future reads
-            if (status != Os::File::OP_OK) {
-                status = Utilities::FileHelper::writeToFile(time_file.toChar(), time);
-                if (status != Os::File::OP_OK) {
-                    this->log_WARNING_HI_CommandLossFileInitFailure();
-                }
-            }
-            // Cache the loaded time
-            this->m_commandLossStartTime = time;
-        }
-        // Return cached time
-        return this->m_commandLossStartTime;
     }
+
+    // If reading (checking timer), return the stored start time
+    return this->m_commandLossStartTime;
 }
 
 void AuthenticationRouter ::fileBufferReturnIn_handler(FwIndexType portNum, Fw::Buffer& fwBuffer) {

diff --git a/FprimeZephyrReference/Components/ModeManager/ModeManager.cpp b/FprimeZephyrReference/Components/ModeManager/ModeManager.cpp
@@ -265,6 +265,8 @@ void ModeManager ::loadState() {
                 if (this->m_mode == SystemMode::SAFE_MODE) {
                     // Turn off non-critical components to match safe mode state
                     this->turnOffNonCriticalComponents();
+                    // run radio safe to match default safe params
+                    this->runSafeModeSequence();
 
                     // Log that we're restoring safe mode (not entering it fresh)
                     Fw::LogStringArg reasonStr("State restored from persistent storage");
@@ -311,9 +313,11 @@ void ModeManager ::loadState() {
     // Handle unintended reboot detection AFTER basic state restoration
     // This ensures we enter safe mode due to system fault
     if (unintendedReboot) {
-        // On unintended reboot, re-enter safe mode and run the safe mode sequence
+        // On unintended reboot, enter safe mode and run the safe mode sequence
+        // (e.g., to reset radio parameters and enforce any transmit delay policy)
         this->log_WARNING_HI_UnintendedRebootDetected();
         this->enterSafeMode(Components::SafeModeReason::SYSTEM_FAULT);
+        this->runSafeModeSequence();
     }
 
     // Clear clean shutdown flag for next boot detection

diff --git a/FprimeZephyrReference/Components/ModeManager/ModeManager.fpp b/FprimeZephyrReference/Components/ModeManager/ModeManager.fpp
@@ -183,7 +183,7 @@ module Components {
         @ Debounce time for voltage transitions (seconds)
         param SafeModeDebounceSeconds: U32 default 10
 
-        param SAFEMODE_SEQUENCE_FILE: string default "/seq/radio_enter_safe.bin"
+        param SAFEMODE_SEQUENCE_FILE: string default "/seq/enter_safe.bin"
 
         ###############################################################################
         # Standard AC Ports: Required for Channels, Events, Commands, and Parameters  #

diff --git a/FprimeZephyrReference/Components/Watchdog/Watchdog.cpp b/FprimeZephyrReference/Components/Watchdog/Watchdog.cpp
@@ -47,7 +47,7 @@ void Watchdog ::start_handler(FwIndexType portNum) {
 
 void Watchdog ::stop_handler(FwIndexType portNum) {
     // Stop the watchdog
-    this->prepareForReboot_out(0);
+
     this->m_run = false;
 
     // Report watchdog stopped
@@ -68,8 +68,8 @@ void Watchdog ::START_WATCHDOG_cmdHandler(FwOpcodeType opCode, U32 cmdSeq) {
 
 void Watchdog ::STOP_WATCHDOG_cmdHandler(FwOpcodeType opCode, U32 cmdSeq) {
     // call stop handler
+    this->prepareForReboot_out(0);
     this->stop_handler(0);
-
     // Provide command response
     this->cmdResponse_out(opCode, cmdSeq, Fw::CmdResponse::OK);
 }

diff --git a/sequences/enter_safe.seq b/sequences/enter_safe.seq
@@ -0,0 +1,9 @@
+; Enter safe: turn off load switches
+R00:00:00 ReferenceDeployment.face4LoadSwitch.TURN_OFF
+R00:00:00 ReferenceDeployment.face0LoadSwitch.TURN_OFF
+R00:00:01 ReferenceDeployment.face1LoadSwitch.TURN_OFF
+R00:00:01 ReferenceDeployment.face2LoadSwitch.TURN_OFF
+R00:00:01 ReferenceDeployment.face3LoadSwitch.TURN_OFF
+R00:00:01 ReferenceDeployment.face5LoadSwitch.TURN_OFF
+R00:00:01 ReferenceDeployment.payloadPowerLoadSwitch.TURN_OFF
+R00:00:01 ReferenceDeployment.payloadBatteryLoadSwitch.TURN_OFF
diff --git a/sequences/radio_enter_safe.seq b/sequences/radio_enter_safe.seq
@@ -1,8 +1,8 @@
-R05:00:00 ReferenceDeployment.lora.TRANSMIT, DISABLED
+R00:00:00 ReferenceDeployment.lora.TRANSMIT, DISABLED
 R00:00:00 ReferenceDeployment.lora.DATA_RATE_PRM_SET, SF_8
 R00:00:00 ReferenceDeployment.downlinkDelay.DIVIDER_PRM_SET, 299
 R00:00:00 ReferenceDeployment.telemetryDelay.DIVIDER_PRM_SET, 29
 R00:00:00 ReferenceDeployment.lora.CODING_RATE_PRM_SET, CR_4_5
 R00:00:00 ReferenceDeployment.lora.BANDWIDTH_RX_PRM_SET, BW_125_KHZ
 R00:00:00 ReferenceDeployment.lora.BANDWIDTH_TX_PRM_SET, BW_125_KHZ
-R00:00:01 ReferenceDeployment.lora.TRANSMIT, ENABLED
+R00:45:00 ReferenceDeployment.lora.TRANSMIT, ENABLED
diff --git a/sequences/startup.seq b/sequences/startup.seq
@@ -5,6 +5,15 @@ R00:00:00 CdhCore.events.SET_ID_FILTER, 268439553, ENABLED ; RateGroupSlip (50)
 R00:00:00 CdhCore.events.SET_ID_FILTER, 268443649, ENABLED ; RateGroupSlip (10)
 
 R00:45:00 ReferenceDeployment.antennaDeployer.DEPLOY
+R00:00:00 ReferenceDeployment.lora.TRANSMIT, DISABLED
+R00:00:00 ReferenceDeployment.lora.DATA_RATE_PRM_SET, SF_8
+R00:00:00 ReferenceDeployment.downlinkDelay.DIVIDER_PRM_SET, 299
+R00:00:00 ReferenceDeployment.telemetryDelay.DIVIDER_PRM_SET, 29
+R00:00:00 ReferenceDeployment.lora.CODING_RATE_PRM_SET, CR_4_5
+R00:00:00 ReferenceDeployment.lora.BANDWIDTH_RX_PRM_SET, BW_125_KHZ
+R00:00:00 ReferenceDeployment.lora.BANDWIDTH_TX_PRM_SET, BW_125_KHZ
+
+
 R00:00:00 ReferenceDeployment.lora.TRANSMIT ENABLED
 
 ; Exit Safe Mode should turn on faces