RUE Logo

Module 1.2 - Power Architecture & Distribution

Verifying robust power delivery from source to every load in the system

← Back to Index Home Prev: General Schematic Quality Next: Decoupling & Bypass

1. Power Tree Documented Critical

What It Is

A power tree is a graphical or tabular representation showing every power rail in the system, its source (regulator/converter), voltage, current capacity, and all loads connected to it. It traces the complete path from input power (battery, USB, wall adapter) through all conversion stages to every IC power pin.

The power tree is the single most important document for understanding how the system is powered and whether it can deliver adequate current to all loads simultaneously.

Why It Matters

Without a documented power tree, it is impossible to verify that regulators are sized correctly, that total load current doesn't exceed source capacity, or that sequencing is correct. A missing or incorrect power tree leads to brownouts under load, regulators in thermal shutdown, and boards that work on the bench but fail in the field when all subsystems are active simultaneously.

How to Check - Step by Step

  1. Locate the power tree document (should be on the first sheet of power section or in a separate design document).
  2. Trace from input source (connector) through every regulator/converter to output rails.
  3. Verify that every IC in the BOM can be mapped to a rail in the power tree.
  4. Sum current draw for each rail: add typical currents for all loads, then verify peak currents fit within regulator maximums with margin.
  5. Check that conversion efficiency is accounted for when calculating input current from output power.
  6. Verify thermal dissipation is calculated for linear regulators: P = (Vin - Vout) * Iload.
  7. Confirm the power tree shows enable dependencies (which rail must be up before others).

Power Tree:

USB 5V (500mA max from host)
  |-- TPS62130: 5V -> 3.3V @ 1.5A (loads: MCU 80mA, Flash 50mA, Sensors 30mA = 160mA typ, 400mA peak)
  |     |-- TPS7A20: 3.3V -> 1.8V @ 200mA (loads: MCU core 120mA, SRAM 20mA = 140mA typ)
  |-- Direct 5V: USB ESD + connector (50mA for LED indicators)
Total input: 160mA/0.9(eff) + 140mA/0.9(eff) + 50mA = 383mA typ < 500mA USB limit

No power tree exists. Schematic has three regulators but no documentation of which loads connect where. One regulator is a 100mA LDO supplying an MCU, WiFi module, and LCD controller that together draw 350mA. Nobody noticed until the LDO went into thermal shutdown during testing.

KiCad: Create power tree as a text frame on the power sheet using Place > Text. Or maintain in a separate document referenced in schematic notes.

Altium: Use a dedicated schematic sheet with power tree drawn using drawing primitives. Or use Altium's power analysis tools if available.

OrCAD: Document power tree on a dedicated page using graphics. PSpice can simulate power distribution if models are available.

  • Peak vs. typical: Using only typical current numbers - the system must work at peak load which can be 3-5x typical.
  • Efficiency assumptions: Assuming 100% efficiency for DC-DC converters (reality: 80-95%) grossly underestimates input current.
  • Stale documentation: Power tree created early in design but never updated as loads were added or changed.

2. Input Voltage Range Verified Critical

What It Is

Input voltage range verification ensures that the actual input supply voltage (including tolerances, transients, and worst-case conditions) falls within the acceptable operating range of the first-stage power converter. This includes accounting for cable voltage drops, connector resistance, and input transients.

The input range must cover minimum voltage under maximum load to maximum voltage including transients.

Why It Matters

If input voltage drops below regulator minimum during peak load (due to cable resistance and source impedance), the output will brown out causing unpredictable system behavior. If input voltage exceeds the regulator's absolute maximum rating during hot-plug or load dump transients, the regulator will be damaged or destroyed. Both scenarios lead to field failures.

How to Check - Step by Step

  1. Identify the input power source and its specified voltage range (e.g., USB: 4.75V-5.25V, 12V adapter: 11.4V-12.6V).
  2. Calculate cable/connector voltage drop: V_drop = I_max * (R_cable + R_connector). For USB: typical 200-500mV at full load.
  3. Determine the worst-case minimum voltage at the board input: V_source_min - V_drop_max.
  4. Verify this minimum exceeds the regulator's minimum input voltage plus dropout (for LDOs) or minimum operating voltage (for switchers).
  5. Determine worst-case maximum voltage including transients (load dump, hot-plug overshoot).
  6. Verify maximum input is below regulator absolute maximum rating with margin (80% derating typical).
  7. Check if input protection (TVS, voltage clamp) limits transients to safe levels.

12V industrial supply design: Source: 12V +/-10% = 10.8V to 13.2V. Cable drop at 2A: 0.4V. Board minimum input: 10.4V. Regulator (TPS54331): Vin_min = 3.5V (well below 10.4V). Vin_max_abs = 28V. Transient with TVS clamp: max 18V. Derated to 80% of 28V = 22.4V. 18V < 22.4V. PASS.

USB-powered device: LM1117-3.3 LDO used with dropout voltage of 1.2V at 800mA. Requires minimum 4.5V input. USB minimum spec: 4.75V. Cable drop at 800mA with cheap cable: 0.5V. Actual input: 4.25V. This is BELOW the 4.5V minimum. Output drops below 3.3V and MCU resets intermittently.

KiCad: Add text note on schematic showing voltage range calculation. No automated tool for this - requires manual datasheet verification.

Altium: Use simulation (if models available) to verify voltage range. Document in schematic text frame or design notes.

OrCAD/PSpice: Simulate input voltage sweep from min to max. Monitor output regulation. Parametric sweep analysis shows dropout point.

  • Nominal-only design: Designing for 5.0V exactly without considering the 4.75V-5.25V USB specification range.
  • Ignoring cable drop: Long USB cables (2m+) can drop 0.5-1V at full current - this eats into regulator headroom.
  • Hot-plug transients: Connecting a charged capacitor bank to live power creates voltage spikes that exceed steady-state maximums.

3. Regulator Headroom Adequate Critical

What It Is

Regulator headroom is the difference between input voltage and output voltage. For LDOs (Low Dropout Regulators), this must exceed the dropout voltage specified in the datasheet at the actual operating current and temperature. For switching regulators, this determines duty cycle limits and operational boundaries.

Headroom = Vin_actual_minimum - Vout - V_dropout. This must be positive with margin.

Why It Matters

Insufficient headroom causes LDO output to sag below the regulated voltage, creating a condition where the output "follows" the input minus dropout. This unregulated condition causes voltage-sensitive ICs (MCUs, FPGAs, DDR memory) to malfunction or sustain damage. Too much headroom in an LDO wastes power as heat: P_dissipated = (Vin - Vout) * I_load, potentially requiring heat sinks or larger packages.

How to Check - Step by Step

  1. For each LDO: find dropout voltage in datasheet at your operating current and temperature (dropout increases with current and temperature).
  2. Calculate actual minimum input: Vin_min = Vout + V_dropout + safety_margin (typically 200-500mV extra).
  3. Verify the actual supply voltage at the LDO input exceeds this Vin_min under worst-case conditions.
  4. Calculate power dissipation: P = (Vin_max - Vout) * I_load_max. Verify this doesn't exceed package thermal limits.
  5. For switching regulators: verify duty cycle requirements are within the controller's min/max duty cycle range.
  6. Check that headroom is maintained across full temperature range (-40 to +85C or your operating range).

TPS7A20 LDO: Vin = 3.3V (from switching pre-regulator, tightly regulated). Vout = 1.8V. Dropout at 200mA = 100mV typical, 200mV max. Headroom = 3.3V - 1.8V - 0.2V = 1.3V margin. Power dissipation = (3.3 - 1.8) * 0.2A = 0.3W. SOT-23-5 thermal limit = 0.5W at 25C. PASS with margin.

LM1117-3.3: Input comes directly from USB (4.75V minimum). Dropout at 800mA = 1.2V per datasheet. Required input = 3.3V + 1.2V = 4.5V minimum. USB minimum = 4.75V after cable drop = 4.4V. At 4.4V input, output sags to 3.2V. MCU brown-out detector fires intermittently. Also: P = (5.25V - 3.3V) * 0.8A = 1.56W in SOT-223 package - thermal shutdown!

KiCad: No built-in thermal/headroom calculator. Add calculation notes to schematic. Use external tools like TI WEBENCH or LTspice to verify.

Altium: Use parameter annotations to document headroom calculation on schematic. Simulation with imported SPICE models if needed.

OrCAD/PSpice: Import regulator SPICE model. Sweep input voltage from max to min. Plot output voltage to find dropout point. Sweep load current to find thermal limit.

  • Datasheet typical vs. max: Using typical dropout (often 2-3x lower than maximum) for design calculations. Always use maximum.
  • Temperature effects: Dropout voltage increases significantly at high temperature and high current - check full operating matrix.
  • Cascaded LDOs: Two LDOs in series (5V->3.3V->1.8V) each needing headroom can fail if the intermediate rail is too low.

4. Power Budget Calculated Critical

What It Is

A power budget is a comprehensive spreadsheet or table listing every component in the design, its power rail, typical current draw, and peak current draw. The budget totals current per rail, calculates total system power, verifies regulator capacity, and determines battery life (if applicable). It accounts for all operating modes (sleep, idle, active, transmit).

This is not an estimate - it should be calculated from datasheet specifications for each component.

Why It Matters

An inaccurate power budget leads to undersized regulators, insufficient input current capacity, thermal problems, and shortened battery life. In USB-powered devices, exceeding 500mA (USB 2.0) or 900mA (USB 3.0) without proper enumeration violates the USB specification and may not work with all hosts. For battery devices, an error of 10mA in the sleep mode budget can halve the actual battery life.

How to Check - Step by Step

  1. Create a table with columns: Component, Rail, Typ Current (mA), Max Current (mA), Operating Mode, Notes.
  2. For each IC, extract current values from datasheet "Electrical Characteristics" table - use maximum values for worst case.
  3. Sum currents per rail for each operating mode (sleep, run, peak).
  4. Verify each regulator's maximum output current exceeds the rail's peak total with 20% margin minimum.
  5. Calculate input power: P_total = Sum(V_rail * I_rail / efficiency_of_that_converter).
  6. Verify input source can provide the total input current (include inrush).
  7. For battery: Life = Battery_capacity(mAh) / Average_current(mA). Verify against product requirements.
  8. Check that worst-case simultaneous peak currents don't exceed any bottleneck in the power path.
Rail: VCC_3V3 (TPS62130, max output: 3A)
+-------------------+----------+----------+------------+
| Component         | Typ (mA) | Max (mA) | Mode       |
+-------------------+----------+----------+------------+
| STM32F407 (IO)    |    45    |    80    | Run@168MHz |
| W25Q128 Flash     |    15    |    50    | Write mode |
| SX1276 LoRa       |     1    |   120    | TX@20dBm   |
| BME280 Sensor     |   0.3    |    0.7   | Measure    |
| LEDs (x3)         |    15    |    15    | All on     |
+-------------------+----------+----------+------------+
| TOTAL             |   76.3   |  265.7   |            |
+-------------------+----------+----------+------------+
Regulator capacity: 3000mA. Margin: 3000/265.7 = 11.3x. PASS.

No power budget document. Engineer "estimated" 200mA total for a design with STM32 + WiFi + BLE + LCD. Actual peak draw during WiFi transmission: 450mA on the 3.3V rail. The 500mA LDO enters current limiting, voltage sags to 2.8V, and the LCD display glitches. WiFi connection drops. Battery life is 4 hours instead of the specified 24 hours.

KiCad: No built-in power budgeting tool. Use external spreadsheet. Reference datasheet ICC values. Add power budget summary as text on power schematic sheet.

Altium: Use PDN Analyzer (paid add-on) for power-aware design. Or maintain external spreadsheet linked in schematic notes.

OrCAD: Use PSpice for transient power analysis. Create .MEAS statements to extract peak/average currents from simulation.

  • Simultaneous peaks: Not all maximums occur at once, but some do (WiFi TX + CPU processing received data). Identify realistic worst case.
  • Startup current: Many ICs draw 2-10x normal current during startup. If multiple ICs start simultaneously, peak demand can far exceed steady state.
  • Missing loads: Forgetting to include pull-up resistors (a 4.7k pull-up to 3.3V draws 0.7mA - multiply by 20 I2C devices = 14mA).

5. Voltage Sequencing Correct Critical

What It Is

Voltage sequencing defines the order in which power rails must turn on and off. Many ICs (FPGAs, processors, DDR memory, multi-rail ASICs) have strict requirements: core voltage must be up before I/O voltage, analog before digital, or specific timing gaps between rails. Sequencing is implemented via enable chains, power-good signals, or dedicated sequencer ICs.

Sequencing applies to both power-up and power-down (some ICs require reverse sequencing on shutdown).

Why It Matters

Incorrect voltage sequencing can cause latch-up, which is a parasitic thyristor action in CMOS ICs that creates a low-impedance path from power to ground. This draws massive current (amps) and permanently damages the IC within milliseconds. Even without latch-up, wrong sequencing can cause I/O contention, data corruption, or devices entering unknown states that require power cycling to recover.

How to Check - Step by Step

  1. Check every multi-rail IC datasheet for "Power Supply Sequencing" or "Power-Up Sequence" requirements.
  2. Document required sequence: e.g., FPGA: VCCINT(1.0V) -> VCCAUX(1.8V) -> VCCO(3.3V) within specified timing windows.
  3. Trace the enable chain on the schematic: verify PGOOD of first regulator connects to EN of second, etc.
  4. Check timing: verify that the delay between rails meets datasheet requirements (some require <20ms between rails).
  5. Verify power-down sequence is also handled (if required by IC - many FPGAs need reverse sequence on power-down).
  6. Check what happens during brown-out: does the sequence restart cleanly or can rails come up out of order?

FPGA Power Sequencing (Xilinx Artix-7):

TPS62130 (1.0V VCCINT) -- PGOOD --> EN of TPS62132 (1.8V VCCAUX)
TPS62132 (1.8V VCCAUX) -- PGOOD --> EN of TPS62133 (3.3V VCCO)
TPS62133 (3.3V VCCO) -- PGOOD --> FPGA PROG_B release (held low during sequencing)
Timing: Each PGOOD asserts 2ms after regulation. Total sequence: 6ms. Spec requires < 50ms.

All regulators enabled simultaneously: Three regulators share the same enable signal (tied to input power). Depending on component tolerances, 3.3V I/O rail comes up 0.5ms before 1.0V core rail. During this window, I/O pins are powered but core is not - latch-up occurs. FPGA draws 3A from the I/O rail and the package overheats in 2 seconds. IC permanently damaged.

KiCad: Document sequencing in schematic notes. Trace EN/PGOOD connections visually. No automated sequencing verification.

Altium: Use simulation to verify timing. Document enable chain with net labels showing sequence order. Power port designators can indicate sequence.

OrCAD/PSpice: Simulate power-up sequence with transient analysis. Monitor all rails simultaneously. Verify timing meets datasheet requirements.

  • RC delay assumption: Using RC networks for sequencing delays is unreliable - component tolerances make timing unpredictable. Use PGOOD-to-EN chains.
  • Missing PGOOD: Some cheap regulators don't have PGOOD output. You may need a voltage supervisor IC to detect when the rail is stable.
  • Power-down ignored: Many designs handle power-up sequencing but ignore power-down, causing latch-up during shutdown.

6. Enable/PGOOD Chain Correct Major

What It Is

The Enable/Power-Good chain is the physical signal path that implements voltage sequencing. Each regulator's Power Good (PGOOD) output drives the Enable (EN) input of the next regulator in sequence. Pull-up/pull-down resistors, delays, and logic levels must be correct at every stage of the chain.

This is the implementation of the sequencing requirement - the "how" to the sequencing's "what".

Why It Matters

A broken PGOOD chain means sequencing doesn't work even if the intent was correct. Common failures: PGOOD is open-drain but no pull-up resistor is provided (signal never goes high), EN pin has wrong threshold voltage (3.3V PGOOD driving a 5V-threshold EN), or PGOOD deasserts during transient load changes causing downstream rails to cycle.

How to Check - Step by Step

  1. For each regulator, check if PGOOD is open-drain/open-collector (requires external pull-up) or push-pull (can drive directly).
  2. Verify pull-up resistor value and pull-up voltage: pull-up must go to a rail that is already stable when this PGOOD asserts.
  3. Check that PGOOD high level exceeds the EN pin's minimum high threshold on the next regulator.
  4. Verify EN pin behavior: what happens when EN is floating during power-up before the driving PGOOD is valid?
  5. Check for glitch sensitivity: some EN pins need hysteresis or RC filtering to prevent false triggering from PGOOD transients.
  6. Verify the first regulator in chain: its EN must be tied high (or has internal pull-up) since nothing drives it.
  7. Check what happens if a mid-chain regulator fails: does the entire chain shut down gracefully?

TPS62130 PGOOD chain: PGOOD is open-drain, pulled up to 3.3V output (which is valid since this IS the 3.3V regulator - PGOOD only asserts when output is stable). 100k pull-up to 3.3V rail. Output drives EN of TPS7A20 (1.8V LDO). TPS7A20 EN threshold: 1.0V min high. PGOOD high = 3.3V > 1.0V. PASS. EN has internal 1M pull-down to keep LDO off until PGOOD is active.

Missing pull-up: TPS62130 PGOOD (open-drain) connected directly to next regulator EN with no pull-up resistor. PGOOD can only pull low (indicates fault) but cannot drive high - it just floats. EN pin sees random noise, regulator oscillates on/off. System is unstable and occasionally starts.

KiCad: Manually trace PGOOD-to-EN signal path. Verify pull-up resistors exist on open-drain signals. Check net connectivity in netlist.

Altium: Use Signal Integrity analysis for level compatibility. ActiveBOM can cross-reference regulator datasheets for PGOOD type.

OrCAD: Trace signal path in connectivity report. Cross-reference each regulator datasheet for output type (OD vs. push-pull).

  • Pull-up to wrong rail: Pulling up PGOOD to the input rail (e.g., 5V) when it should go to the output rail (3.3V) - causes the EN signal to be high before regulation is achieved.
  • PGOOD delay: Some PGOODs have built-in delay (128ms) that may be too long for the system startup requirement.
  • Loading PGOOD: Connecting PGOOD to multiple EN pins plus status LEDs plus MCU GPIO can exceed the open-drain sink current rating.

7. Inrush Current Managed Major

What It Is

Inrush current is the peak current drawn during initial power-up when input and output capacitors charge from zero volts. This current can be 10-100x the steady-state current and lasts microseconds to milliseconds. Management techniques include soft-start circuits, NTC thermistors, active current limiting, and controlled pre-charge circuits.

Every capacitor is a short circuit at t=0. The sum of all capacitors charging simultaneously determines the inrush peak.

Why It Matters

Excessive inrush current causes: input voltage dip triggering upstream protection (fuse blow, host USB disconnect), connector arcing and pitting, weld-on of relay/switch contacts, PCB trace fusing on thin power traces, and connector damage over repeated insertions. USB hosts will disconnect devices that draw more than specified inrush limits.

How to Check - Step by Step

  1. Calculate total input capacitance: sum all capacitors on the input power rail.
  2. Estimate peak inrush: I_peak = C_total * dV/dt (limited by source impedance and any series resistance).
  3. Check if regulators have soft-start: verify soft-start time in datasheet (typically 1-10ms).
  4. For USB: verify compliance with USB inrush limits (no more than 10uF at VBUS without proper inrush limiting per USB-IF spec).
  5. Check if NTC thermistor or active inrush limiter is present on input for high-power designs.
  6. Verify connector current rating handles inrush peaks (some connectors rate continuous vs. peak differently).
  7. Check that hot-plug scenarios are considered: what happens if power is connected while load capacitors are partially charged?

USB device with inrush control: Input capacitance: 47uF (bulk) + 10x 100nF (decoupling) = 48uF. Without limiting: I_peak = 48uF * 5V / 10ns(ESR limited) = too high. Solution: TPS2514A USB power switch with 60ms soft-start. Inrush: 48uF * 5V / 60ms = 4mA ramp rate. Peak never exceeds steady-state current limit of 2.5A. USB compliant.

Direct connection: 48V industrial supply connected directly through a switch to board with 4700uF input capacitors. At switch closure: I_peak = C*dV/dt limited only by wire impedance = 4700uF * 48V / 1us = 225A peak! Switch contacts weld together. PCB input trace (rated for 5A) vaporizes. Upstream 10A fuse blows.

KiCad: Document inrush calculation in schematic notes. Verify soft-start components are present (soft-start capacitor on SS pin).

Altium: Use transient simulation to verify inrush profile. Check power connector ratings against calculated inrush peaks.

OrCAD/PSpice: Transient simulation from t=0 with all capacitors at 0V. Measure peak current through input path. Verify against connector/fuse ratings.

  • Soft-start bypass: Adding a diode across the soft-start resistor "for faster recovery" defeats the inrush limiting purpose.
  • Parallel regulator start: Multiple regulators starting simultaneously multiply the inrush current even if each has individual soft-start.
  • NTC cold resistance: NTC thermistors only limit inrush when cold. Rapid power cycling (off for 1 second, back on) means NTC is still warm and provides no current limiting.

8. Reverse Polarity Protection Major

What It Is

Reverse polarity protection prevents damage when power is connected backwards (positive to negative terminal and vice versa). This is essential for any design with user-accessible power connectors, battery connections, or field wiring. Methods include series diodes, P-MOSFET circuits, ideal diode controllers, and fuses with polarity-sensitive connectors.

The protection must handle the full reverse voltage without damage to any downstream component.

Why It Matters

Without reverse polarity protection, connecting a battery backwards or miswiring a DC jack will immediately destroy the circuit. Electrolytic capacitors explode, ICs suffer instant breakdown, and the board is scrap. In products sold to consumers or field-installed by technicians, reverse polarity events are a certainty - not just a possibility. Protection cost: $0.10-$1.00. Board replacement cost: $50-$5000+.

How to Check - Step by Step

  1. Identify all power input points: DC jacks, battery connectors, header pins, USB (usually inherently keyed).
  2. For each non-keyed power input, verify a reverse polarity protection circuit exists.
  3. Check the protection method: Series diode (simple but 0.3-0.7V drop), P-MOSFET (low drop, ~20mV), ideal diode IC.
  4. Verify protection device voltage rating exceeds maximum input voltage (in reverse).
  5. Verify current rating of protection device exceeds maximum load current.
  6. Check power dissipation: series diode at 1A = 0.5W for Schottky - ensure adequate thermal rating.
  7. For MOSFET protection: verify gate drive is correct, body diode handles initial surge, and device fully enhances at minimum input voltage.

P-MOSFET reverse protection: Input power connects to drain of Si2301 P-MOSFET (Vds=-20V, Rds=80mOhm). Gate tied to ground through 100k resistor. Body diode conducts initially (0.5V drop for 1ms), then MOSFET enhances fully. Steady-state drop: 80mOhm * 1A = 80mV (vs. 400mV for a Schottky). When reversed: gate is positive, MOSFET is OFF, body diode reverse-biased. No current flows.

No protection: 12V barrel jack connector (center-positive) with no reverse protection. User connects a universal adapter with wrong polarity. 12V reverse applied to 100uF/16V electrolytic capacitor (explodes within seconds), then to LM7805 regulator (input pin sees -12V, absolute max is -0.3V - instant failure), smoke escapes. Board destroyed.

KiCad: Verify MOSFET orientation in schematic (source toward load for P-FET). Check gate-source voltage divider if input exceeds Vgs_max.

Altium: Use simulation to verify MOSFET protection circuit operates correctly in both normal and reversed input conditions.

OrCAD/PSpice: Simulate with both +12V and -12V input. Verify zero current flows to load in reversed case. Check MOSFET Vgs stays within limits.

  • MOSFET Vgs limit: If input can exceed 20V, the P-MOSFET gate (tied to ground) sees Vgs > 20V in normal operation - needs a zener clamp (e.g., 12V zener gate-to-source).
  • Body diode heating: During the brief period before MOSFET enhances, body diode carries full current. High inrush through body diode can damage MOSFET.
  • Relying only on keying: Keyed connectors prevent user error but don't protect against wiring errors during assembly or field installation mistakes with cut cables.

9. Overcurrent Protection Critical

What It Is

Overcurrent protection limits or interrupts current flow when it exceeds a safe level due to short circuits, component failures, or overloads. Protection devices include fuses (resettable PTC and one-shot), current-limiting ICs, electronic circuit breakers, and regulator built-in current limits. Each power path must have appropriate current limiting for the wire/trace rating.

The protection must trip before PCB traces, connectors, or components reach damaging temperatures.

Why It Matters

Without overcurrent protection, a short circuit (solder bridge, failed component, damaged cable) will draw unlimited current, melting PCB traces, overheating connectors, starting fires, and potentially causing injury. Safety certification (UL, CE, IEC 60950/62368) requires overcurrent protection on all external power inputs. Insurance claims and product liability lawsuits result from unprotected power paths that cause fires.

How to Check - Step by Step

  1. Identify every power path from input to load (including USB VBUS, battery, external power connectors).
  2. Verify each path has overcurrent protection: fuse, PTC, electronic current limiter, or regulator internal OCP.
  3. Check fuse/PTC rating: must trip ABOVE maximum normal current but BELOW the damage threshold of protected traces and components.
  4. Verify fuse breaking capacity exceeds available short-circuit current from the source.
  5. For electronic limiters (TPS2553, etc.): verify current limit setpoint, response time, and thermal shutdown behavior.
  6. Check that PCB trace width can handle the let-through current before the fuse trips (I2t coordination).
  7. Verify protection resets appropriately: PTC auto-resets (good for non-critical), one-shot fuse requires replacement (good for safety-critical).

USB host port protection: TPS2553 USB power switch with current limit set to 1.1A via RILIM resistor (10k for 1.1A per datasheet table). Thermal shutdown after 30ms of overcurrent. Auto-retry every 200ms. Connected before VBUS output. PCB trace to connector: 40mil wide (rated for 2A). Fuse trips well below trace damage threshold.

No protection on 24V input: Industrial sensor board powered from 24V bus. No fuse, no current limiter. A solder bridge on the board creates a short. PCB trace (10mil, rated 0.5A) carries 8A from the 24V supply. Trace acts as a fuse - it vaporizes, arcing between adjacent traces, potentially igniting the PCB. Factory power supply breaker eventually trips at 16A (too high, too late).

KiCad: Verify fuse symbols are present on all input power paths. Check fuse ratings in component values. No automated current path analysis.

Altium: Use PDN Analyzer to verify current paths. Check that all power inputs pass through protection devices.

OrCAD: Trace power paths manually from input connector through protection to load. Verify component ratings in BOM against calculated currents.

  • Fuse too slow: Standard fuses have "slow blow" characteristics - a 1A fuse may pass 10A for 10ms before opening. Verify I2t let-through energy is safe.
  • PTC after fault: PTC thermistors have high resistance after tripping and take minutes to cool down. If the system needs fast recovery, use electronic limiters.
  • Downstream only: Protecting the load but not the source cable. A short between the connector and the fuse is unprotected. Place fuse as close to the input connector as possible.

10. Overvoltage Protection Critical

What It Is

Overvoltage protection (OVP) clamps or disconnects the input when voltage exceeds safe levels for downstream components. Sources of overvoltage include: regulator failure (pass element shorts, output goes to input voltage), load dump in automotive (up to 40V on "12V" systems), lightning-induced surges, and miswiring. OVP methods include crowbar circuits (SCR + fuse), TVS diodes, overvoltage lockout ICs, and active disconnect switches.

OVP is the last line of defense when the voltage regulation system itself fails.

Why It Matters

If a switching regulator's control loop fails, the output may jump to the input voltage. A 3.3V rail suddenly at 12V will destroy every IC on that rail - typically dozens of components, totaling hundreds of dollars in parts and complete board replacement. In automotive applications, load dump transients of 40-100V are routine and must be survived. Without OVP, every field unit exposed to a transient becomes e-waste.

How to Check - Step by Step

  1. Identify the maximum safe voltage for each power rail based on the lowest-rated component on that rail.
  2. Check for OVP on the input: TVS diode or active OVP circuit that clamps before component damage thresholds.
  3. For switching regulator outputs: verify overshoot during transients stays within IC Abs Max ratings (check with simulation or bench measurement).
  4. In automotive designs: verify load dump protection per ISO 7637-2 (TVS clamping + series resistance + input cap).
  5. Check OVP response time: TVS diodes respond in nanoseconds (good for fast transients), active OVP circuits in microseconds (good for sustained overvoltage).
  6. Verify TVS clamping voltage: must be ABOVE normal operating voltage (to avoid conducting normally) but BELOW component damage voltage.
  7. Check TVS power rating for sustained overvoltage scenarios (not just transient pulse rating).

Automotive 12V input protection: Input: 12V nominal, operating 9-16V, load dump up to 40V/400ms (ISO 7637-2 Pulse 5a). Protection: SMAJ26A TVS (Vbr=26V, Vc=42V at 14A peak) in parallel with input, plus upstream 1-ohm series resistor to limit TVS current. During 40V load dump: resistor drops voltage, TVS clamps to 42V. TPS54331 regulator abs max = 28V. Additional Zener (24V) in OVP crowbar circuit triggers SCR which blows fuse if TVS fails.

No OVP on regulated rail: TPS62130 buck converter produces 3.3V from 12V input. No output OVP. Converter FET fails short: 12V appears on 3.3V rail. STM32 (abs max 4.0V), EEPROM (abs max 3.6V), and every other IC on the rail are instantly destroyed. Replacement cost: entire board assembly ($200) plus field service call ($500). If this is a 10,000-unit product, even 0.1% failure rate = 10 units = $7,000 warranty cost.

KiCad: Verify TVS diodes are present on input power nets. Check TVS voltage rating vs. protected component ratings. Use SPICE simulation for transient analysis.

Altium: Use simulation for transient overvoltage analysis. Verify TVS placement and ratings. Signal Integrity tools can model transient response.

OrCAD/PSpice: Inject transient voltage pulse at input. Monitor all power rails. Verify clamp voltages stay below IC damage thresholds. Model TVS with correct V-I curve.

  • TVS below operating voltage: Selecting a TVS with breakdown voltage too close to operating voltage causes it to conduct during normal operation, drawing current and heating up.
  • Clamping above damage: TVS clamps at 42V but the regulator is only rated to 28V absolute maximum. The TVS "works" but the regulator still dies.
  • Energy rating: TVS rated for 600W peak (8/20us pulse) but the overvoltage event lasts 400ms. Steady-state power exceeds rating by 100x - TVS fails open, providing no protection.

Hardware Design Review Tutorial - Module 1.2: Power Architecture & Distribution

Always verify against the latest component datasheets and your organization's design standards.