I’ve seen in the product datasheet of EM9190 that a power-off sequence is needed to safely shutdown the module. From my search on the forum, this “work-around” is needed on most of your modules to avoid file system corruption due to power down while writing.
Of course, this is annoying, but in my product, I can live with this, since it is a battery operated device. However, there are two cases where the battery can’t help me: missing batteries due to user removing both batteries at once (the user can swap one of two batteries one after the other to avoid turning off the instrument) or severely depleted batteries (we try to turn off early and safely, but aging batteries can shut-down unexpectedly).
That being said, I would like to know the likeliness of file system corruption after power down without that power-down sequence. Is it:
a problem that affect a limited set of devices or all of them?
a problem that occurs once in 10, 100, 1k, 1M power cycle?
in the event the file system gets corrupted, is it possible to recover the module somehow by reflashing a firmware or reconfiguring something? We have an embedded Windows O/S that could recover the module if Sierra Wireless has a tool for that.
I guess you don’t exact statistics of failure rate, but do you have an idea of the order of magnitude?
So yes we have put this statement in most of our products because while we have taken as many measures as possible to make sure it does not happen through self journaling files systems, etc we just cannot eliminate all of the corner cases as they are highly complex devices. We do recognize that a lot of the applications that all of our units go into do not control the power and putting a battery in is either not practical or cost prohibitive hence us putting these measures in.
As an example, quite a while ago (not in the current product line up) we did have a unit which did not have enough protection in place and as soon as customer started deploying it our return rates went through the roof (indicating that a lot of them were pulling the power regularly), we immediately EOL’ed that firmware and put a new one in place which did have better protection and the rates dropped down to more normal levels (which are very low), where they have remained for several years.
I myself never power devices down in a controlled way (lazy I guess), I generally pull the power or hit the reset button and have never actually blown any units.
The bottom line is that the chance of it happening is very low but we would be remiss if we did not make the statement in our PTS as it is potentially going to be seen in corner cases (or if you are unlucky).
If its refusing to boot up normally i.e. nothing on USB (assuming you are using USB) or it comes up as QDL loader (on Windows) and a power cycle or attempting to reload the firmware does not fix it then it will bricked and it would be an RMA return, there generally isn’t anyway to recover it beyond this as toy have no idea what the damage will be so it would need a complete wiping which only the factory can do (we don’t as its not cost effective but they could do it if they wanted to).