General requirements for high voltage interlock circuit HVIL

In the near future, I will pay more attention to the issue of battery high voltage safety. Here are some requirements for high-voltage interlocking. These requirements are general requirements. For these requirements, each manufacturer will have their own different implementation methods. For example, if the barrier/enclosure permits direct access, individuals can only open or remove it using tools or maintenance keys, or there is a method to disconnect the B-level voltage at certain points, such as through an interlock.” Interlock here generally refers to High Voltage Interlock Loop (HVIL), which detects the electrical integrity or connectivity of high-voltage components, wires and connectors through low-voltage circuits, recognizes abnormal disconnection of the circuit, and disconnects the controller at the high-voltage input in time.

When HVIL fails, make sure to safely power off the high-voltage system in an appropriate manner. Before resolving the fault, refrain from powering on the high-voltage system, while simultaneously triggering the corresponding DTC. When disconnecting the high-voltage module from the high-voltage circuit, exercise caution regarding the charging of capacitive loads and high-voltage cables to prevent electric shocks to operators. During normal vehicle operation, prevent electric shocks caused by improper operation, vehicle vibration, product aging, and local heating and arcing caused by line wear.

HVIL Design Requirements

1) The functional safety level of HVIL-related modules in the controller should reach ASIL C

2) HVIL should include a signal generator and 2 signal detection devices

3) It must be able to continuously and real-time monitor the on/off of the entire loop

4) Users cannot open or separate all high-voltage connectors of the HVIL circuit without tools or without doing so unconsciously.

5) All high-voltage connectors of the high-voltage circuit should have mechanical interlocking devices. The high-voltage connectors can only be opened when the HVIL circuit is disconnected first.

6) The HVIL circuit should have a safety redundancy design, that is, the failure of a key component will not seriously affect the misjudgment of the high-voltage circuit monitoring function

7) Under special circumstances, the HVIL circuit can be detected directly through the HCU or BMS, and the high-voltage circuit can be directly disconnected.

Diagnostic Function Requirements

The HVIL related controller should diagnose the following faults

1) The circuit is disconnected

2) Short circuit to ground

3) Short circuit to 12V power supply

4) Short circuit

5) The loop impedance becomes larger

Signal Source Requirements

1) HVIL signal source voltage is generally 5V

2) HVIL and 12V power supply are short-circuited, the signal source cannot fail, and it has reverse protection

3) HVIL wiring harness cannot have branch crimp contact points

4) When the voltage of the 12V lead-acid battery drops, such as about 10V. It is also necessary to protect the HVIL signal source to have a stable output.

High Voltage Connector Requirements

1) The high voltage connector needs to integrate the interlock function

2) When the high voltage connector is disconnected, HVIL is disconnected first; when connected, HVIL is connected later, some designs are connected at the same time

3) The contact resistance of the high-voltage connector after joining meets the “Technical Conditions of Automotive Wire Harness Connectors”

4) When the interlocking wiring harness is arranged, it should be led out from the low-voltage interface of the high-voltage components and separated from the high-voltage wiring harness.

5) Usually, connectors are crimped, plugged and unplugged, and they typically have angles of 90° or 180°, often featuring built-in interlocking shorting tabs or pins at the harness end or plug-in end. For example, in a relatively common MSD, the HVIL design (yellow dashed frame) in the picture below employs pins.

Hazard Control Strategy

When HVIL recognizes a danger, the entire controller needs to use safety strategies reasonably according to the driving status and the degree of damage caused by the accident at the time of the incident. Here are some common safety strategies:

1) Failure alarm. Regardless of whether the vehicle is driving or not, when HVIL recognizes a danger, it must issue a warning in some form to remind the driver to deal with it in time

2) Cut off the high voltage. When the vehicle is in a stopped state, when HVIL detects danger, it needs to tell the system controller to disconnect the high voltage.

3) Reduced power operation. When identifying a danger during driving, it is not possible to immediately disconnect the high voltage. First, the control system issues a reminder or alarm to alert the driver of the abnormality. Subsequently, the system reduces the operating power of the motor and the speed of the vehicle, allowing the high-voltage system to operate under a lighter load. This provides the driver with a certain amount of time to pull over and stop, facilitating the next step of failure analysis.

There are many ways to realize HVIL in electrical design, and the realization of each way needs to consider the interrelationship between various high and low voltage devices, and comprehensively consider the overall requirements of the system.