Air India Crash

[NickK]

I do love watching you all reverse engineer the entire avionics and electrical systems of a Boeing 787. I wonder if Boeing will send us a copy of the wiring diagrams if we ask nicely?

Give us a second and we'll use AI to reverse engineer the software and design a better plane.. then send it off to China to 3D print it.

 

[Penfold101]

I do love watching you all reverse engineer the entire avionics and electrical systems of a Boeing 787. I wonder if Boeing will send us a copy of the wiring diagrams if we ask nicely?

You should have seen me twitching as I was reading the thread during my 48 hour ban

 

[Purgatory]

He’s not questioning that it remains powered, just that if it loses all control inputs (turbine disc goes through the wing severing all wiring bundles, much like QF32) what reaction does the FADEC have?

Does it remain at the current thrust setting, roll back to idle as a failsafe or shutdown completely.

Are you sure ? Well he states all wires, yes a FADEC is not mechanically connected to the throttle, but by electrical wires or optical cables.

From what I can tell is he doesn't understand the engine has a PMA and provides electrical power to the FADEC that powers the throttles, reversers and other engine switches.

Honestly have no idea if there was a full loss of control connection from the cockpit to the FADEC but there would be a dual channel fault, ECAM (Airbus) or EICAS (Boeing) would trigger and I would have thought the FADEC would keep last known good configuration of the TLA, so the engine would run at last known throttle and stick to that unless FADEC detects out of limits and manages the engine to a safer speed.

BUT that means you can't set the engines speed at all, or trigger reversers or signal an engine shut down, so only way to shut down the engines will be to cut the fuel to them.

^..... this is what I think not a fact, any pilots here that really know what happens if the FADEC loses both channels to the TLA and what the FADEC does to the engine power or does the engine go into idle or shuts down ? Which I doubt the engines will shut down.





EDIT: This is interesting do Aeroplane FEDEC jet engines have such a system (EBCAU) too like helicopters from Airbus?

EBCAU, or Engine Back-up Control Ancillary Unit, is a component in Airbus helicopters that acts as a backup system for controlling fuel flow in case of a FADEC (Full Authority Digital Engine Control) failure. The EBCAU TEST button, when pressed, allows for testing the backup control system on the ground.



Here's a more detailed explanation:

• FADEC and EBCAU:
  Airbus helicopters utilize FADEC for engine control, but the EBCAU provides a redundant system.
• EBCAU Function:
  In normal operation, FADEC manages fuel flow. In case of a FADEC failure, the EBCAU takes over, ensuring continued engine operation.
• EBCAU TEST Button:
  This button, found on the cockpit panel, is used to test the EBCAU system. When pressed, it freezes the main control actuator position controlled by the FADEC and activates the EBCAU to monitor and control fuel flow.
• Indications:
  During the EBCAU test, an amber light illuminates on the EBCAU TEST button and a red GOV light illuminates on the caution warning panel.
• Rotor Speed:
  When the EBCAU test button is depressed, the NR (rotor speed) should be within a specified range (e.g., 390 +/- 2 rpm).
• Potential Issues:
  EASA has addressed potential issues with the EBCAU system, including cases where a faulty DECU (Digital Engine Control Unit) led to a loss of fuel flow regulation and potential rotor overspeed or loss of power.

 

[Diddums]

Chatgpt has entered the chat lol.

 

[Ayahuasca]

Chatgpt has entered the chat lol.

Giveth the model, giveth the man.

 

[Kenai]

Chatgpt has entered the chat lol.

Dunno why we don't just ask it the question being debated

How does the FADEC in a Boeing 787 respond if it loses communication with the throttle resolver in the cockpit?

ChatGPT said:​

In a Boeing 787, if the FADEC (Full Authority Digital Engine Control) system loses communication with the throttle resolver (also known as the Throttle Lever Angle (TLA) sensors) in the cockpit, it initiates a fail-safe response to maintain engine control and flight safety.

Here's what happens in that scenario:​

1.​

• The FADEC continuously monitors the input signals from the cockpit throttle resolvers.
• If the signal is lost, corrupted, or out of range, the FADEC detects this as a loss of throttle input.

2.​

• The FADEC enters a degraded mode where it can no longer rely on pilot throttle lever position.
• In this case, the FADEC typically switches to automatic thrust control, maintaining a predefined safe thrust setting to ensure continued engine operation.

3.​

• The engine thrust may either:
  
  • Be frozen at the last valid commanded setting, or
  • Transition to an idle or fixed power level, depending on flight phase and configuration.

4.​

• The flight crew will be notified via ECAM/EICAS messages indicating a throttle or FADEC issue.
• The alert would prompt the crew to follow the appropriate non-normal checklist.

5.​

• On the 787, backup or alternate control laws and redundancy may allow the crew to maintain some level of control over the engine using other means (e.g., autothrottle inputs, secondary channels).

Summary​

If the FADEC on a Boeing 787 loses communication with the throttle resolver:

• It detects the failure and alerts the crew.
• It maintains safe engine operation by holding thrust at a known safe level or reverting to idle.
• It may continue to use autothrottle or default logic to manage thrust.

This behavior is governed by built-in redundancy and safety logic to ensure continued safe operation despite throttle control issues.

 

[Purgatory]

Chatgpt has entered the chat lol.

Google Gemini model here lol for above info but its correct as checked. Never ever used ChatGPT. Probably will give me just as flaky answers. Why I try use a link to a site with real data and knowledge of the topic.

 

[Purgatory]

Dunno why we don't just ask it the question being debated

See what I’m wondering now do Rolls Royce, General Electric and Pratt & Whitney engines FADEC all behave the same if the FADEC goes into fault mode.

As Rolls-Royce uses Hamilton Sundstrand (now part of Collins Aerospace) FADEC's.

Then General Electric uses FADEC Alliance (BAE Systems and Safran Electronics & Defense)

Then Pratt & Whitney uses both of the above.

Question really is how do they all behave in the situation of TLA dual channel failure on take off, do they stick to last known good throttle setting, idle, etc.

​

 

[squerble]

Dunno why we don't just ask it the question being debated

Well, you didn't ask it the question being debated

We're debating whether all the electricals being offline (i.e., main gens completely offline) cuts communication between the trust levers and FADEC

 

[Kenai]

Well, you didn't ask it the question being debated

We're debating whether all the electricals being offline (i.e., main gens completely offline) cuts communication between the trust levers and FADEC

Fine

A fine chap by the name of squerble on the internet says I asked you the wrong question and what we'd collectively actually like to know is whether all the electricals being offline (i.e., main gens completely offline) cuts communication between the trust levers and FADEC?

ChatGPT said:​

Ah, now that’s the right angle—and squerble is onto something insightful.

Let’s dig into it:

---

​

The question is: Does this situation sever communication between the throttle levers and the FADECs?

Short Answer:​

No, not immediately.
The 787 is designed with multiple layers of electrical and control redundancy to maintain communication between the thrust levers and the FADECs even in the event of a total main generator failure.

---

Let’s unpack it technically:​

​

• The 787 is an "all-electric" aircraft, with no traditional pneumatic bleed system.
• Each engine drives an Integrated Drive Generator (IDG) and an auxiliary power source.
• In the event of both engine-driven generators going offline, power can still come from:
  
  • APU generator
  • Ram Air Turbine (RAT)
  • Backup power converters and batteries

These sources provide critical power to essential systems, including:

• Flight controls
• Engine controls (FADECs)
• Throttle resolver signal pathways

---

️​

• Throttle lever positions are sensed via resolver units, which output analog signals.
• These signals are read by the Throttle Control Modules (TCMs) or equivalent input processors, which then communicate with the FADEC over a dedicated, redundant data bus.
• These signal pathways are part of the Essential Electrical Bus.

So even if all main generators fail, power is rerouted to the essential buses by the RAT or battery-powered backup inverters.

---

​

• Each FADEC is powered by its own dedicated Permanent Magnet Alternator (PMA) attached to the engine gearbox.
• So the FADECs themselves do not rely on aircraft electrical power to function—they can control the engine autonomously.

BUT: for the FADEC to receive throttle commands, the resolver signal and interface electronics must still be powered.

That's where the essential buses and electrical redundancy come in—ensuring that throttle input paths remain powered as long as any emergency power source is available.

---

What​

• Complete loss of all electrical power including the RAT and batteries.
• Failure in both TCMs or their wiring harnesses.
• Severe electrical bus failure that isolates the cockpit from the FADEC interface.

Only in such extreme, cascading failures would you lose throttle-to-FADEC communication.

---

Bottom Line:​

Even if the main generators go offline, communication between the throttle levers and the FADECs is preserved through:

• Independent FADEC power (via PMAs),
• Essential bus redundancy,
• Emergency power sources (RAT, APU, battery).

So unless you're in a movie-level disaster, throttle control remains alive.

Well done for being onto something insightful @squerble

 

[Purgatory]

Fine



Well done for being onto something insightful @squerble

Does ChatGPT list the sources it gets the information from ? Never used it yet to know how it works or is it just pulling stuff from Reddit if you know what I mean, are the sources reliable, does it rate how good the answers are and a reliability of the information provided ?


I have to say the replies so far you have given seem as I would expect them to be and don't look bad, I wonder how technical a question could be asked and if it came back with a very good technical breakdown of such complex systems.

 

[Purgatory]

@Kenai you have just made me open Pandora's Box here...

In red what I asked and rest what it spat out.

Spoiler: ChatGPT replies about FADEC questions I asked it.

If the FADEC fails on an engine what would happen to the engine

If the FADEC (Full Authority Digital Engine Control) fails on an engine of a Boeing 787-8 with GE GEnx-1B engines, here’s what would happen:

---

​

Each FADEC has dual channels (Channel A and Channel B). Normally only one is active at a time, but:

• If one channel fails, control is automatically transferred to the backup channel.
• So, a single-channel failure does not result in engine shutdown.

---

​

If both channels of the FADEC for an engine fail — which is extremely rare — then:

• The engine will typically shut down or enter a fail-safe mode.
• The engine cannot be controlled (thrust, fuel, etc.) without the FADEC.
• The pilot cannot manually override it — FADEC is a full authority system.

In other words: Without a working FADEC, the engine cannot operate.

---

what is the fail safe mode and what would it do in that mode ?


Great question — let’s go into detail.

---

What Is “Fail-Safe Mode” for a FADEC?​

In the context of the GE GEnx-1B engine on a Boeing 787-8, the term “fail-safe mode” refers to how the engine responds to a critical failure in the FADEC system, particularly if both FADEC channels fail or become unresponsive.

---

What Happens in Fail-Safe Mode?​

In general, if both FADEC channels fail, the engine cannot continue normal operation. Here's what happens in that case:

1. Engine Shutdown​

• The most likely response is automatic engine shutdown.
• Since FADEC controls fuel flow, ignition, variable geometry, and other systems, no control input can be processed without it.
• The engine cannot "limp along" in a degraded power setting because there’s no way to meter fuel or control airflow.

2. Attempted Safe Configuration (if possible)​

• In some cases, before shutting down, the engine may try to lock in a pre-set “safe” configuration for a few seconds (e.g., fixed fuel flow, fixed stator vane positions).
• However, in most modern FADEC-controlled engines, this mode is transitional at best — buying time for shutdown.
• The idea is to avoid damage, fire, or unsafe thrust conditions.

---

Why Not Manual Backup?​

• Older engines had manual backup controls (e.g. mechanical throttle linkage).
• The GEnx (and most modern engines) use full-authority digital control — there is no manual override.
• So if both FADEC channels fail, the engine is effectively uncontrollable and must shut down to remain safe.

---

What Happens Next?​

• The engine is declared inoperative.
• Pilots get an ECAM/EICAS alert (like ENG FAIL or ENG SHUTDOWN).
• The crew follows engine failure procedures (e.g., single-engine drift down, diversion, etc.).
• The aircraft can continue flying safely on one engine due to ETOPS certification.

---

Summary:​

Condition	Outcome
One FADEC channel fails	Backup channel takes over — engine continues normally
Both FADEC channels fail	Engine shuts down or briefly enters fixed "safe" state before shutdown
Pilot control possible?	No — FADEC is full-authority, no manual override
Aircraft impact	Engine-out procedures followed, aircraft can fly safely on one engine

I would like a schematic and timeline of how the FADEC responds to faults


It looks like I need you to be logged in to ChatGPT in order to create and share a schematic. However, I can describe the timeline and fault response process for you in detail.


Here’s a breakdown of how the FADEC responds to faults in a GE GEnx-1B engine system:

---

Timeline & Schematic for FADEC Fault Response​

1. Normal Operation (Pre-Fault)​

• FADEC Channels A & B active: Both channels monitor the engine’s health and control all key systems, including fuel flow, engine speed, and variable stator vanes.

---

2. Fault Detected in Channel A (Minor Fault)​

• Fault type: A temporary fault (e.g., sensor glitch, minor electrical disturbance).
• Response:
  • Channel B takes over full control.
  • Channel A goes into standby, awaiting recovery or reset.
• Engine operation: Unaffected, continues with Channel B running the engine.
• Pilot alert: The system might display a warning like "FADEC A Fail" or "FADEC Channel A Active" on the cockpit display.

---

3. Fault Detected in Channel B (Minor Fault)​

• Fault type: A similar transient fault (e.g., low voltage, communication issue).
• Response:
  • Channel A takes over full control.
  • Channel B goes into standby.
• Engine operation: Unaffected, continues with Channel A running the engine.
• Pilot alert: A warning like "FADEC B Fail" or "FADEC Channel B Active" is shown.

---

4. Complete FADEC Failure (Both Channels Fail)​

• Fault type: Severe failure, such as simultaneous failure of both channels (e.g., power loss, critical software corruption).
• Response:
  • Engine automatically shuts down or goes into a fail-safe mode.
  • Engine may enter emergency fuel control or fixed settings (if the fail-safe allows).
• Pilot alert: The cockpit will show an “Engine Shutdown” or “ENG FAIL”warning.
  • The engine cannot be restarted by the crew due to FADEC failure.

---

5. Fail-Safe Mode (if applicable)​

• Possible Fail-Safe Response: Some modern engines (including GEnx) might attempt to configure the engine to a "safe mode" where:
  • Fixed settings for fuel and airflow are applied for a few seconds.
  • The engine may run at a minimal power setting to give the crew time to respond, but this doesn’t last long.
• Duration: Typically only a few seconds before the engine fully shuts down.
• Pilot action: Follow engine failure and shutdown procedures.
  • The aircraft can continue flying on the remaining engine.

---

Schematic Overview:​

• Step 1: Engine Running Normally
  • FADEC Channel A & B active
  • Full engine control with all parameters monitored.
• Step 2: Fault Detected in Channel A
  • Channel B takes control
  • Pilot sees FADEC A failure warning.
• Step 3: Fault Detected in Channel B
  • Channel A takes control
  • Pilot sees FADEC B failure warning.
• Step 4: Total FADEC Failure
  • Both channels fail → Engine shutdown or fail-safe mode initiated.
  • Pilot sees engine shutdown alert.
• Step 5: Fail-Safe Mode (if engine is running for a short time)
  • Safe parameters applied for a few seconds.
  • Engine shuts down if no recovery is possible.

---

Additional Notes:​

• Critical Faults: Major faults that result in complete failure are extremely rare, especially with redundant FADEC systems.
• Flight Outcome: The aircraft can continue safely on the other engine due to ETOPS certification and modern engine reliability.

---

If you’d like more specific details, like how each subsystem is wired into the FADEC or more advanced fault types, feel free to ask!



I would like how each subsystem is wired into the FADEC and more advanced fault types
Let's dive into the detailed workings of the FADEC system, its wiring, and more advanced fault types. I'll also break down how the various engine subsystems are controlled and monitored by the FADEC.

---

1. FADEC System Overview​

The Full Authority Digital Engine Control (FADEC) is a highly integrated digital system responsible for controlling and monitoring every aspect of the engine in real-time. It communicates with the engine sensors, actuators, and other systems to ensure safe and efficient operation.

Key Components Managed by the FADEC:​

• Sensors: Measure critical engine parameters (e.g., temperature, pressure, speed, fuel flow, etc.).
• Actuators: Adjust engine components like fuel valves, thrust reversers, and variable stator vanes.
• Electronic Communication: FADEC communicates with other avionics systems and provides feedback to the cockpit.

Each GE GEnx-1B engine on the Boeing 787 has two FADEC channels (A and B), each operating independently. Here's how the wiring and subsystems work:

---

2. Wiring of Key Subsystems into the FADEC​

a. Sensors and Inputs to FADEC​

The FADEC receives inputs from various engine sensors, each responsible for monitoring specific engine parameters. These sensors feed electrical signals to the FADEC that get processed to determine the engine's operational state.

• Turbine Inlet Temperature (TIT): Measures the temperature of the gases entering the turbine. This helps manage fuel flow and ignition.
• Pressure Sensors: Measure compressor discharge pressure (P3) and combustion chamber pressure, which are used for performance monitoring and adjusting airflow.
• RPM Sensors: Measure the low-pressure spool speed (N1) and high-pressure spool speed (N2).
• Fuel Flow Sensors: Measure the amount of fuel injected into the engine.
• Vibration Sensors: Monitor engine vibrations that could indicate misalignment or damage.
• Exhaust Gas Temperature (EGT): Monitors exhaust temperature for performance and safety.

b. Actuators Controlled by FADEC​

The FADEC directly controls actuators that adjust engine components based on sensor data. The two FADEC channels can operate independently or share control in case of redundancy.

• Fuel Control Valves: The FADEC adjusts the fuel flow to each engine in response to throttle input and other performance parameters.
• Variable Fan Blades/Stator Vanes: The FADEC adjusts the angle of fan blades and stator vanes for optimal airflow and efficiency.
• Thrust Reversers: FADEC manages thrust reversers for braking after landing.
• Ignition Control: FADEC controls the igniters based on engine speed, airspeed, and throttle position.

c. Data Communication Systems​

FADEC communicates with the aircraft’s avionics systems (like ECAM or EICAS) to provide real-time status messages and alerts about engine performance. The data is shared over a Redundant Data Bus that helps in fault detection and isolation.

d. Power Supply​

The FADEC is powered by the aircraft’s electrical system (normally supplied by the main generators). Power loss to the FADEC is detected, and in such cases, the FADEC would enter fail-safe mode or cause the engine to shut down, depending on the severity of the fault.

---

3. Fault Types in FADEC: Advanced Scenarios​

FADEC systems are designed to handle a wide range of faults while maintaining engine safety. Below are some of the more advanced fault types and how they would affect engine operation.

---

a. Sensor Failures (Input Faults)​

If a sensor feeding into the FADEC fails, it may lead to:

1. Single Sensor Failure:
   • Example: Fuel flow sensor failure.
   • Impact: The FADEC will use backup data from other sensors or revert to pre-programmed "safe values." For example, if fuel flow is uncertain, the FADEC may default to a conservative fuel flow to prevent over-fueling or under-fueling.
   • Pilot alert: A message like "Fuel Flow Sensor Fail" might appear on the EICAS.
2. Multiple Sensor Failures:
   • Example: Loss of both TIT and EGT sensors.
   • Impact: The FADEC would enter a fallback mode, relying on alternate sensor data or default engine settings.
   • Pilot alert: "Engine Performance Degraded" or "Multiple Sensor Failures" on the EICAS.

---

b. Actuator Failures (Output Faults)​

Actuator failures affect the engine's ability to adjust parameters based on FADEC commands. This might result in:

1. Fuel Control Actuator Failure:
   • Impact: The FADEC may attempt to adjust fuel flow, but the actuator fails to respond.
   • Pilot alert: "Fuel Control Actuator Fault" or "Fuel Flow Error".
   • Response: The FADEC might attempt to enter a fixed fuel flow mode for stability. However, performance could be degraded.
2. Thrust Reverser Actuator Failure:
   • Impact: Thrust reversers may fail to deploy, which is a critical issue for landing.
   • Pilot alert: "Thrust Reverser Inoperative".
   • Response: The aircraft can still land safely without thrust reversers, but it might require longer runway distances.

---

c. Power Supply Failures​

If the FADEC loses power (e.g., due to generator failure or a wiring issue):

1. Loss of Primary Power:
   • Impact: The FADEC will automatically switch to backup power from the secondary system, usually from the aircraft’s battery or a redundant generator.
   • Pilot alert: "FADEC Power Loss" or "FADEC Backup Active" on the cockpit display.
   • Response: The engine may run at reduced performance until the fault is cleared.
2. Complete Loss of FADEC Power:
   • Impact: Both channels go completely offline.
   • Pilot action: The engine will shut down and the aircraft will need to rely on the other engine.

---

d. Software or Logic Failures​

A software fault or corrupted logic in the FADEC could lead to:

1. Inconsistent Engine Behavior:
   • Impact: Erratic fuel flow, variable fan speed, or unexpected throttle behavior.
   • Pilot alert: "FADEC Logic Error" or "Engine Control Fault" on EICAS.
   • Response: The FADEC may automatically switch to a default control mode, and the engine may run at a fixed speed or reduced power setting.
2. Total FADEC Failure:
   • Impact: If both FADEC channels fail simultaneously, the engine will enter a shutdown or fail-safe mode. This is very rare.
   • Pilot alert: "Engine Failure" or "Both FADEC Channels Inoperative".
   • Response: The engine is shut down or locked in a safe mode until the fault is resolved.

---

4. FADEC Failure Mitigation and Safety Features​

• Redundancy: The dual-channel FADEC system ensures that if one channel fails, the other will take over seamlessly.
• Real-Time Diagnostics: The FADEC constantly monitors all components and can self-diagnose faults, allowing the crew to be alerted in real-time.
• Safety Thresholds: FADEC operates within predefined safe thresholds. If a parameter exceeds these thresholds (e.g., temperature or pressure), the FADEC will take protective action such as reducing engine power or initiating shutdown.

---

Summary:​

Subsystem	Component	Fault Type	Response
Sensors	TIT, Fuel Flow, EGT, etc.	Sensor Failures	Use backup values or fail-safe mode
Actuators	Fuel Flow Control, VSV, Thrust Reversers	Actuator Failures	Fixed settings, conservative operation
Power Supply	FADEC Power	Power Loss	Switch to backup, reduced power
Software/Logic	FADEC Software Logic	Logic Failures, Corruption	Default mode, engine shutdown or degraded performance
Complete FADEC Failure	FADEC Channels A & B	Both channels fail simultaneously	Engine shutdown, cockpit warning

I hope this helps with understanding the subsystems, wiring, and advanced fault types in a GE GEnx-1B FADEC system. Let me know if you'd like a more specific dive into any part of this!

 

[ChrisD.]

Can we stop with the AI nonsense please? I see enough of it in work by people who claim they know about IT, but don't.

 

[Kenai]

Can we stop with the AI nonsense please? I see enough of it in work by people who claim they know about IT, but don't.

I was only posting mine as a wind up

 

[Purgatory]

Can we stop with the AI nonsense please? I see enough of it in work by people who claim they know about IT, but don't.

Never used it before (ChatGPT), so was curious what it would throw out with such questions, I'm in same boat to be honest not an A.I fan but that was very interesting what it replied to these questions we had here that’s why I stuck one post above with all the questions I asked it and may answer other peoples questions too.


Stuck it in a spoiler if anyone was interested to read its replies regarding the FADEC questions I asked it.

 

[Armageus]

Can we stop with the AI nonsense please? I see enough of it in work by people who claim they know about IT, but don't.

Yes please. It's bad enough seeing the questions and replies go round and round because people are too lazy to read, please don't start being lazy with replies as well.

(Now I can see why PPRuNe have locked their thread on this accident)

 

[Cryfreeman]

Bit behind on this, did the sole survivor check out or was it a random guy, all seemed a bit weird.

 

[200sols]

Bit behind on this, did the sole survivor check out or was it a random guy, all seemed a bit weird.

Another sceptic.

 

[Penfold101]

Another sceptic.

I think a small amount of skepticism is warranted given the extraordinary circumstances of someone being the only person to walk away from a crash like that. Too much or too little isn’t a good thing, and as long as someone is willing to have their mind changed by evidence then it’s good to ask questions.

Just to move on from FADEc, Mover and Gonky (both former fighter pilots who now fly civil airliners, the former being a 787 driver) have had a discussion about which is worth a watch:

 

[Stu999]

Yes please. It's bad enough seeing the questions and replies go round and round because people are too lazy to read, please don't start being lazy with replies as well.

(Now I can see why PPRuNe have locked their thread on this accident)

Could get ChatGPT to summarise the thread for them.