NOOUTPUT safety mode is now SILENT. NOOUTPUT still exists but keeps C… (

#388)

* NOOUTPUT safety mode is now SILENT. NOOUTPUT still exists but keeps CAN live

* README mention of 'no output'

* mispelled

README.md

@@ -87,7 +87,7 @@ To print out the serial console from the ESP8266, run PORT=1 tests/debug_console
 Safety Model
 ------
 
-When a panda powers up, by default it's in `SAFETY_NOOUTPUT` mode. While in no output mode, the buses are also forced to be silent. In order to send messages, you have to select a safety mode. Currently, setting safety modes is only supported over USB.
+When a panda powers up, by default it's in `SAFETY_SILENT` mode. While in `SAFETY_SILENT` mode, the buses are also forced to be silent. In order to send messages, you have to select a safety mode. Currently, setting safety modes is only supported over USB.
 
 Safety modes optionally supports `controls_allowed`, which allows or blocks a subset of messages based on a customizable state in the board.
 

VERSION

@@ -1 +1 @@
-v1.6.3
+v1.6.4

board/main.c

@@ -121,13 +121,20 @@ void set_safety_mode(uint16_t mode, int16_t param) {
     while (true) {}  // ERROR: we can't continue if safety mode isn't succesfully set
   } else {
     switch (mode) {
-        case SAFETY_NOOUTPUT:
+        case SAFETY_SILENT:
           set_intercept_relay(false);
           if(board_has_obd()){
             current_board->set_can_mode(CAN_MODE_NORMAL);
           }
           can_silent = ALL_CAN_SILENT;
           break;
+        case SAFETY_NOOUTPUT:
+          set_intercept_relay(false);
+          if(board_has_obd()){
+            current_board->set_can_mode(CAN_MODE_NORMAL);
+          }
+          can_silent = ALL_CAN_LIVE;
+          break;
         case SAFETY_ELM327:
           set_intercept_relay(false);
           heartbeat_counter = 0U;
@@ -434,8 +441,10 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired)
     // **** 0xdc: set safety mode
     case 0xdc:
       // Blocked over WiFi.
-      // Allow NOOUTPUT and ELM security mode to be set over wifi.
-      if (hardwired || (setup->b.wValue.w == SAFETY_NOOUTPUT) || (setup->b.wValue.w == SAFETY_ELM327)) {
+      // Allow SILENT, NOOUTPUT and ELM security mode to be set over wifi.
+      if (hardwired || (setup->b.wValue.w == SAFETY_SILENT) ||
+                       (setup->b.wValue.w == SAFETY_NOOUTPUT) ||
+                       (setup->b.wValue.w == SAFETY_ELM327)) {
         set_safety_mode(setup->b.wValue.w, (uint16_t) setup->b.wIndex.w);
       }
       break;
@@ -649,7 +658,7 @@ void __attribute__ ((noinline)) enable_fpu(void) {
 
 uint64_t tcnt = 0;
 
-// go into NOOUTPUT when the EON does not send a heartbeat for this amount of seconds.
+// go into SILENT when the EON does not send a heartbeat for this amount of seconds.
 #define EON_HEARTBEAT_IGNITION_CNT_ON 5U
 #define EON_HEARTBEAT_IGNITION_CNT_OFF 2U
 
@@ -690,12 +699,12 @@ void TIM1_BRK_TIM9_IRQHandler(void) {
       heartbeat_counter += 1U;
     }
 
-    // check heartbeat counter if we are running EON code. If the heartbeat has been gone for a while, go to NOOUTPUT safety mode.
+    // check heartbeat counter if we are running EON code. If the heartbeat has been gone for a while, go to SILENT safety mode.
     #ifdef EON
     if (heartbeat_counter >= (check_started() ? EON_HEARTBEAT_IGNITION_CNT_ON : EON_HEARTBEAT_IGNITION_CNT_OFF)) {
-      puts("EON hasn't sent a heartbeat for 0x"); puth(heartbeat_counter); puts(" seconds. Safety is set to NOOUTPUT mode.\n");
-      if(current_safety_mode != SAFETY_NOOUTPUT){
-        set_safety_mode(SAFETY_NOOUTPUT, 0U);
+      puts("EON hasn't sent a heartbeat for 0x"); puth(heartbeat_counter); puts(" seconds. Safety is set to SILENT mode.\n");
+      if(current_safety_mode != SAFETY_SILENT){
+        set_safety_mode(SAFETY_SILENT, 0U);
       }
     }
     #endif
@@ -767,8 +776,8 @@ int main(void) {
   TIM2->EGR = TIM_EGR_UG;
   // use TIM2->CNT to read
 
-  // init to NOOUTPUT and can silent
-  set_safety_mode(SAFETY_NOOUTPUT, 0);
+  // init to SILENT and can silent
+  set_safety_mode(SAFETY_SILENT, 0);
 
 #ifndef EON
   spi_init();

board/safety.h

@@ -18,7 +18,7 @@
 #include "safety/safety_elm327.h"
 
 // from cereal.car.CarParams.SafetyModel
-#define SAFETY_NOOUTPUT 0U
+#define SAFETY_SILENT 0U
 #define SAFETY_HONDA 1U
 #define SAFETY_TOYOTA 2U
 #define SAFETY_ELM327 3U
@@ -35,8 +35,9 @@
 #define SAFETY_TOYOTA_IPAS 16U
 #define SAFETY_ALLOUTPUT 17U
 #define SAFETY_GM_ASCM 18U
+#define SAFETY_NOOUTPUT 19U
 
-uint16_t current_safety_mode = SAFETY_NOOUTPUT;
+uint16_t current_safety_mode = SAFETY_SILENT;
 const safety_hooks *current_hooks = &nooutput_hooks;
 
 void safety_rx_hook(CAN_FIFOMailBox_TypeDef *to_push){
@@ -72,7 +73,7 @@ typedef struct {
 } safety_hook_config;
 
 const safety_hook_config safety_hook_registry[] = {
-  {SAFETY_NOOUTPUT, &nooutput_hooks},
+  {SAFETY_SILENT, &nooutput_hooks},
   {SAFETY_HONDA, &honda_hooks},
   {SAFETY_TOYOTA, &toyota_hooks},
   {SAFETY_ELM327, &elm327_hooks},
@@ -83,6 +84,7 @@ const safety_hook_config safety_hook_registry[] = {
   {SAFETY_SUBARU, &subaru_hooks},
   {SAFETY_MAZDA, &mazda_hooks},
   {SAFETY_VOLKSWAGEN, &volkswagen_hooks},
+  {SAFETY_NOOUTPUT, &nooutput_hooks},
 #ifdef ALLOW_DEBUG
   {SAFETY_CADILLAC, &cadillac_hooks},
   {SAFETY_TOYOTA_IPAS, &toyota_ipas_hooks},

drivers/linux/panda.c

@@ -39,7 +39,7 @@
 #define PANDA_DLC_MASK  0x0F
 
 #define SAFETY_ALLOUTPUT 17
-#define SAFETY_NOOUTPUT 0
+#define SAFETY_SILENT 0
 
 struct panda_usb_ctx {
   struct panda_inf_priv *priv;
@@ -159,7 +159,7 @@ static int panda_set_output_enable(struct panda_inf_priv* priv, bool enable){
   return usb_control_msg(priv->priv_dev->udev,
 			 usb_sndctrlpipe(priv->priv_dev->udev, 0),
 			 0xDC, USB_TYPE_VENDOR | USB_RECIP_DEVICE,
-			 enable ? SAFETY_ALLOUTPUT : SAFETY_NOOUTPUT, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
+			 enable ? SAFETY_ALLOUTPUT : SAFETY_SILENT, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
 }
 
 static void panda_usb_write_bulk_callback(struct urb *urb)

drivers/windows/panda_shared/panda.cpp

@@ -277,7 +277,7 @@ bool Panda::esp_reset(uint16_t bootmode = 0) {
 	return this->control_transfer(REQUEST_OUT, 0xda, bootmode, 0, NULL, 0, 0) != -1;
 }
 
-bool Panda::set_safety_mode(PANDA_SAFETY_MODE mode = SAFETY_NOOUTPUT) {
+bool Panda::set_safety_mode(PANDA_SAFETY_MODE mode = SAFETY_SILENT) {
 	return this->control_transfer(REQUEST_OUT, 0xdc, mode, 0, NULL, 0, 0) != -1;
 }
 

drivers/windows/panda_shared/panda.h

@@ -38,7 +38,7 @@
 
 namespace panda {
 	typedef enum _PANDA_SAFETY_MODE : uint16_t {
-		SAFETY_NOOUTPUT = 0,
+		SAFETY_SILENT = 0,
 		SAFETY_HONDA = 1,
 		SAFETY_ALLOUTPUT = 17,
 	} PANDA_SAFETY_MODE;

examples/tesla_tester.py

@@ -22,7 +22,7 @@ def tesla_tester():
   body_bus_num = 1 # My TDC to OBD adapter has PT on bus0 BDY on bus1 and CH on bus2
   p.set_can_speed_kbps(body_bus_num, body_bus_speed)
 
-  # Now set the panda from its default of SAFETY_NOOUTPUT (read only) to SAFETY_ALLOUTPUT
+  # Now set the panda from its default of SAFETY_SILENT (read only) to SAFETY_ALLOUTPUT
   # Careful, as this will let us send any CAN messages we want (which could be very bad!)
   print("Setting Panda to output mode...")
   p.set_safety_mode(Panda.SAFETY_ALLOUTPUT)
@@ -37,7 +37,7 @@ def tesla_tester():
 
   #Back to safety...
   print("Disabling output on Panda...")
-  p.set_safety_mode(Panda.SAFETY_NOOUTPUT)
+  p.set_safety_mode(Panda.SAFETY_SILENT)
 
   print("Reading VIN from 0x568. This is painfully slow and can take up to 3 minutes (1 minute per message; 3 messages needed for full VIN)...")
 

python/__init__.py

@@ -110,7 +110,7 @@ def close(self):
 class Panda(object):
 
   # matches cereal.car.CarParams.SafetyModel
-  SAFETY_NOOUTPUT = 0
+  SAFETY_SILENT = 0
   SAFETY_HONDA = 1
   SAFETY_TOYOTA = 2
   SAFETY_ELM327 = 3
@@ -127,6 +127,7 @@ class Panda(object):
   SAFETY_TOYOTA_IPAS = 16
   SAFETY_ALLOUTPUT = 17
   SAFETY_GM_ASCM = 18
+  SAFETY_NOOUTPUT = 19
 
   SERIAL_DEBUG = 0
   SERIAL_ESP = 1
@@ -354,7 +355,7 @@ def health(self):
       "can_fwd_errs": a[3],
       "gmlan_send_errs": a[4],
       "ignition_line": a[5],
-      "ignition_can": a[6],      
+      "ignition_can": a[6],
       "controls_allowed": a[7],
       "gas_interceptor_detected": a[8],
       "car_harness_status": a[9],
@@ -414,7 +415,7 @@ def esp_reset(self, bootmode=0):
     self._handle.controlWrite(Panda.REQUEST_OUT, 0xda, int(bootmode), 0, b'')
     time.sleep(0.2)
 
-  def set_safety_mode(self, mode=SAFETY_NOOUTPUT):
+  def set_safety_mode(self, mode=SAFETY_SILENT):
     self._handle.controlWrite(Panda.REQUEST_OUT, 0xdc, mode, 0, b'')
 
   def set_can_forwarding(self, from_bus, to_bus):
@@ -634,4 +635,4 @@ def get_fan_rpm(self):
 
 # ****************** Phone *****************
   def set_phone_power(self, enabled):
-    self._handle.controlWrite(Panda.REQUEST_OUT, 0xb3, int(enabled), 0, b'')
+    self._handle.controlWrite(Panda.REQUEST_OUT, 0xb3, int(enabled), 0, b'')

tests/automated/2_usb_to_can.py

@@ -41,7 +41,7 @@ def test_can_loopback(p):
 @panda_connect_and_init
 def test_safety_nooutput(p):
   # enable output mode
-  p.set_safety_mode(Panda.SAFETY_NOOUTPUT)
+  p.set_safety_mode(Panda.SAFETY_SILENT)
 
   # enable CAN loopback mode
   p.set_can_loopback(True)

tests/black_white_loopback_test.py

@@ -67,7 +67,7 @@ def run_test(sleep_duration):
     print("Number of cycles:", counter, "Non-zero bus errors:", nonzero_bus_errors, "Zero bus errors:", zero_bus_errors, "Content errors:", content_errors)
 
     # Toggle relay
-    black_panda.set_safety_mode(Panda.SAFETY_NOOUTPUT)
+    black_panda.set_safety_mode(Panda.SAFETY_SILENT)
     time.sleep(1)
     black_panda.set_safety_mode(Panda.SAFETY_ALLOUTPUT)
     time.sleep(1)

tests/black_white_relay_endurance.py

@@ -72,7 +72,7 @@ def run_test(sleep_duration):
 
     if (time.time() - temp_start_time) > 3600*6:
     	# Toggle relay
-      black_panda.set_safety_mode(Panda.SAFETY_NOOUTPUT)
+      black_panda.set_safety_mode(Panda.SAFETY_SILENT)
       time.sleep(1)
       black_panda.set_safety_mode(Panda.SAFETY_ALLOUTPUT)
       time.sleep(1)

tests/black_white_relay_test.py

@@ -74,7 +74,7 @@ def run_test(sleep_duration):
       assert False
 
     # Switch off relay
-    black_panda.set_safety_mode(Panda.SAFETY_NOOUTPUT)
+    black_panda.set_safety_mode(Panda.SAFETY_SILENT)
     time.sleep(0.05)
 
     if not test_buses(black_panda, other_panda, (0, False, [0, 2])):