Power Sequencers & Reset Managers

November 10 2025
Ersa

Design reliable multi-rail power-up/down with interlocks, PG filtering, reset stretching, and safe fault policies for FPGA/SoC/DDR systems.
 

Power Sequencers & Reset Managers coordinate 3–20+ rails with ordered EN/PG, timeouts, hysteresis/deglitch, and reset stretch synchronized to PLL_LOCK. Design goals: provable bring-up, controlled power-down without backfeed, and evidence-driven acceptance using timestamps, glitch counters, and repeatable policies (retry, latch-off, cooldown) under cold/hot and min/max load.

Quick Browse

Browse sections

Power Sequencer & Reset Manager: Quick Answer

Select the right sequencing strategy, avoid classic pitfalls, and set robust fault handling—for reliable, multi-rail power design.

Strategy Selector

  • ≤3 rails: Time-based sequencing
  • 4–12 rails: PG/threshold-based
  • PLL/clocked logic: Add reset stretch + PLL_LOCK
  • High inrush: Stagger enable/skew per rail

Top 6 Pitfalls

  • No or weak PG deglitch/hysteresis
  • No controlled power-down order
  • Reset too short for system startup
  • No enable skew—inrush spike
  • Multiple high-I rails start at once
  • No detection for “stuck-half-on” state

Fault Policy Map

  • Retry: Auto restart after timeout/cooldown
  • Cooldown: Wait period before retry
  • Latch-off: Lock until manual reset

30-Second Checklist

  • Set both power-up and down order—never just one
  • Enable deglitch and proper hysteresis for PG
  • Stretch reset to match longest downstream POR
  • Stagger high-I rails by at least 5–50 ms
  • Set per-rail timeout and total bring-up deadline
Quick decision box for power sequencing and reset policies
One-screen strategy, pitfalls, and checklist for robust multi-rail sequencing.
Data points: POR/PLL_LOCK requirement: e.g. “PG valid ≥95% Vnom for ≥1ms (2% hysteresis)”    PG glitch count: measured worst-case ripple ≤ 3 glitches/100ms    Peak inrush: initial rails <1.2x steady-state, max
Note: This guide covers multi-rail sequencing and reset management only. It does not cover PMBus, telemetry, eFuse, hot-swap, or black-box logging.

What is a Power Sequencer & Reset Manager?

A power sequencer & reset manager is the control hub that ensures every power rail in a multi-voltage system is enabled and disabled in the correct order, with proper PG (power-good) validation, reset stretching, and explicit fault-handling logic. This guarantees that sensitive loads—like FPGAs, SoCs, DDR, and peripherals—start and stop safely under all real-world conditions.

  • Sequencing: Up to 20+ rails, controlled enable and disable order
  • PG validation: Threshold and window comparators with deglitch/hysteresis
  • Reset stretching: Meet all downstream minimum reset and clock-lock times
  • Fault policy: Retry, cooldown, latch-off, and controlled discharge
Functional boundaries of a power sequencer & reset manager
Center–periphery boundary map clarifying the scope of sequencer/reset managers.

What is not included?

  • PMBus/SMBus system power managers
  • Black-box event loggers
  • eFuse or hot-swap controllers
  • PG aggregators and voting logic

Each of these has its own specialized control and is not covered in this guide.

FPGA/SoC Multi-Rail

Core → PLL → IO → DDR, then release system reset
PG = (Core ∧ PLL_LOCK ∧ IO)

DDR & MCU System

DDR after reference/MCU is valid;
Controlled power-down: DDR last
PG = (MCU ∧ REF) → DDR

Multi-board Domain

Board domains independently sequenced;
System PG is the AND of all domains
PG = (Domain1 ∧ Domain2 ... ∧ DomainN)
Datasheet example: “PG valid if rail ≥95% Vnom for ≥1ms, hysteresis ≥2%”
Common mistake: A reset supervisor is not a sequencer—no order, dependency, or coordinated shutdown.

System Overview & Working Principle

From a system viewpoint, power sequencing is a closed loop: qualified PG inputs enter a dependency graph, which schedules staggered EN and coordinates System_PGOOD and nRESET (aligned to PLL_LOCK). Any timeout/undervoltage triggers a fault policy: retry, cooldown, or latch-off, and a controlled reverse shutdown with discharge.

System-level block diagram of power sequencing and reset management
PG inputs → dependency graph → EN/RESET orchestration → fault feedback and safe reverse shutdown.

1) Inputs: PG & Sense Front-End

Each rail exposes a power-good source: device PG pin or comparator tap (remote or Kelvin sense). Before entering the scheduler, every PG must be qualified:

  • Thresholds: typical 90–97% of Vnom, per-rail specific.
  • Hysteresis: 0.5–5% of Vnom, sized against ripple and dV/dt noise.
  • Deglitch: programmable 10–1000 µs; reject spikes without delaying protection.
  • Window (optional): VLOW–VHIGH band defines the “ready region.”

The output of this stage is a set of PG_VALID[i] events (with timestamps) and PG_BAD[i] flags used for fault logic.

2) Dependency Graph & Stable Window

Rails are modeled as a directed acyclic graph where each node N declares prerequisites P(N). A node is ARMED when all P(N) have been PG_VALID for at least its stable-time window Ts(N).

  • Stable window: prevents racing on just-crossed thresholds; typical 0.2–5 ms depending on load dynamics.
  • Global skew Δt: staggers high-current rails (5–50 ms) to limit Iin_peak.
  • Bring-up deadline: a total timeout budget avoids “forever wait.”

3) Outputs: EN, System_PGOOD, nRESET

  • EN scheduling: assert ENN only after N is ARMED and its skew slot opens; verify with PG_VALID[N].
  • System_PGOOD: logical AND of critical PG_VALID rails with PLL_LOCK.
  • Reset stretch: hold nRESET low until max(PORmin) is satisfied and PLL_LOCK is high; optionally align release to a reference clock edge.

4) Fault Handling & Controlled Reverse Shutdown

  • Timeout on bring-up: retry N times with cooldown Tc; otherwise latch-off.
  • Run-time undervoltage: initiate reverse order shutdown with controlled discharge to prevent backfeed.
  • Evidence: log the rail/fault vector and timestamps for post-mortem correlation.
Engineering data to publish
Min/max gate delays (tEN), PG thresholds and Ts, PLL_LOCK guard time, POR minima, and inrush audit (Iin_peak ≤ budget).
Common mistakes: relying on RC delay only; missing reverse shutdown order and discharge; releasing nRESET before PLL_LOCK or before the slowest POR.
Parameter Meaning Typical Notes
PG_TH% PG threshold as % of Vnom 90–97% Per-rail; documented in spec
HYS% Hysteresis width 0.5–5% ≥ 3× ripplepp% is a good start
TDG PG deglitch timer 10–1000 µs Reject spikes, keep response fast
Ts(N) Stable window per node 0.2–5 ms Prevents threshold racing
Δt Global skew between rails 5–50 ms Limit inrush to budget

PG Qualification & Filters

An engineering-grade PG is not “above a threshold once,” but “inside a ready window for long enough,” hardened by hysteresis and deglitch to reject ripple, ringing, and load steps.

PG qualification with threshold, hysteresis, and deglitch windows
Voltage-time plot with threshold, hysteresis band, deglitch gate, and window region; OK vs NG shaded.

1) Thresholds & Hysteresis

  • PG_TH: 90–97% of Vnom, documented per rail.
  • HYS% sizing rule: choose HYS% ≥ max(3× ripplepp%, noise_guard%).
  • Hysteresis prevents chatter near the boundary when load dI/dt or switching ripple is significant.

2) Deglitch Window (10–1000 µs)

  • Pick TDG long enough to ride through the dominant ripple envelope (2–5 ripple periods).
  • But keep it short enough not to delay fault response or total boot time.
  • Document TDG per rail; fast CPU rails may use shorter windows than bulk rails.

3) Window Qualification (VLOW–VHIGH)

Declare PG_OK when VLOW ≤ VOUT ≤ VHIGH for at least TDG. Windows reduce false-ready caused by overshoot ringing or asymmetrical noise.

4) Ripple & Load-Step Impact

  • Convert ripplepp to % of Vnom; size HYS% accordingly.
  • If step response crosses PG_TH briefly, increase HYS or TDG, or add a small RC/IIR pre-filter.
  • Improve grounding/return current routing to reduce ground bounce near the comparator reference.
Evidence to publish
Scope captures of VOUT vs PG with threshold bands and TDG; false-trigger counts per 100 ms; PG stability histograms under ripple and step loads.
Common mistakes: deglitch set too long (slow response); hysteresis too small (PG flapping); copy-pasting identical numbers across rails with very different spectra.
Parameter Setting Guidance Typical Value Validation Note
PG_TH Per rail based on load sensitivity 0.94 × Vnom Verify under worst ripple
HYS% ≥ 3× ripplepp% 2% Tune for chatter margin
TDG ≥ 2–5 ripple periods 100 µs Do not exceed fault budget
Window Use for overshoot/ringing environments VLOW=0.92; VHIGH=0.98 Plot OK/NG shading
Pre-filter RC or digital IIR (1-pole) Cutoff near ripple peak Avoid excessive phase lag

Sequencing Strategies & Dependency Graph

Build a verifiable dependency DAG and a staggered enable plan. Choose between time-based, threshold-based, or hybrid chains to balance correctness, inrush, and boot time. Publish timestamps and inrush evidence so decisions are auditable.

Power rail dependency graph and staggered enable timeline
Left: dependency DAG (who waits for whom). Right: Gantt-like EN/PG timeline with skew Δt and per-slot inrush.

1) Strategy Profiles

Time-based (fixed delays)
  • Use when: tolerant digital trees; low analog sensitivity.
  • Pros: simple, predictable code path. Cons: PVT drift; ignores ripple/bounce.
  • Controls: min/max delay bounds; watchdog for “no-PG” timeout.
Threshold-based (PG-qualified)
  • Use when: FPGA/SoC/DDR, precision references, clock trees.
  • Keys: qualified PG (threshold + hysteresis + deglitch) and Ts stable window.
  • Per-rail: timeout budget; PG_VALID gating.
Hybrid (threshold gate + min/max delay)
  • Use when: mixed domains; need correctness plus bounded boot time.
  • Pattern: PG_VALID ∧ (t ≥ tEN,min) ∧ (t ≤ tEN,max).
  • Benefit: avoids early glitches and endless wait tails.

2) Dependency Graph (DAG)

Model rails as nodes; edges indicate prerequisites. A node N is ARMED when all P(N) are PG_VALID for at least its stable window Ts(N). Each node carries tEN,min/max, timeout, and a skew slot.

3) Enable Skew & Inrush Budget

  • Choose Δt = 5–50 ms for high-current rails; allow bulk-cap recharge.
  • Compute Iin,slot = ΣΔI of rails in that slot; enforce Iin,slot ≤ Ibudget.
  • Rule: never place two high-I rails in the same slot.

4) Power-Down & Discharge

  • Reverse the critical bring-up order; coordinate discharge paths per rail.
  • Avoid backfeed via body diodes or pull-ups; clamp energy safely.
  • Keep logging active until “black state” if hardware allows.
Evidence to publish
EN/PG timestamps, per-rail timeout outcome, measured Iin,slot, total boot time distribution (p50/p95/p99).
Common mistakes: enabling multiple high-I rails simultaneously; missing a defined reverse order and discharge; trusting “raw PG” without deglitch.
Rail Prereqs Ts (ms) tEN min/max (ms) Skew slot Timeout (ms) Critical?
VCORE 0.5 1 / 20 S0 50 Yes
VIO VCORE 0.5 2 / 25 S1 (Δt=10) 60 Yes
VDDR VCORE, VIO 1.0 5 / 40 S2 (Δt=10) 80 Yes
VANA VCORE 0.2 1 / 15 S1 (Δt=10) 40 No

Reset Management (POR/BOR, Stretch & Sync Release)

Guarantee reset width and release timing meet the strictest downstream tPORmin, under a clean clock after PLL_LOCK. Default to asynchronous assert and synchronous release. Arbitrate manual, watchdog, and PG-derived resets without glitches.

Reset pulse stretching and synchronized release with PLL_LOCK
Stacked timing: PG summary, nRESET with stretch, PLL_LOCK window, and clean-edge release on a qualified clock.

1) Reset Pulse Fundamentals

  • Asynchronous assert: immediate reaction to BOR/PG loss.
  • Synchronous release: re-time to system/always-on clock to avoid metastability.
  • Pick the release clock consciously (fabric or AON) and document it.

2) Reset Stretching

  • Set t_RST ≥ max(POR_min across critical domains); typical 10–100 ms.
  • Add guard for PLL_LOCK settling and clock-tree enable latency.
  • For multi-clock systems, stage releases: core → fabric → peripherals.

3) PLL_LOCK & Clean-Edge Release

  • Require PLL_LOCK high and deglitched before release.
  • Deassert nRESET on a qualified edge (1–2 reference cycles post-lock).
  • If multiple PLLs: vote critical locks or define a composite LOCK.

4) Multi-Source Reset Arbitration

  • Inputs: manual, watchdog, PG supervisor, optional thermal fault.
  • Assert path is OR-wired; release path is synchronized and filtered.
  • Log reset cause and duration; add cooldown to stop oscillations.
Evidence to publish
Datasheet excerpts for tPORmin and lock times; scope overlays of PG, PLL_LOCK, and nRESET; failure replay (too-short reset / early release).
Common mistakes: releasing under unstable clock; no stretch against slowest POR; LOCK not debounced; missing reset-cause logging.
Domain POR_min (ms) PLL used? LOCK time (ms) Required t_RST (ms) Release clock Cause log?
CPU 20 Yes 8 ≥ 28 Ref clk Yes
Fabric 12 Yes 5 ≥ 17 Ref clk Yes
DDR 30 Yes 12 ≥ 42 Ref clk Yes
Peripherals 8 No ≥ 8 AON clk Optional

Fault Policies & Safe Power-Down

Define a provably safe resolution path for timeout and undervoltage events. Bound retries with a cool-down, cap total bring-up with a global ceiling, and always execute controlled reverse shutdown with discharge to eliminate backfeed and tail current.

Fault handling state machine with retry, cool-down, and safe power-down
State machine: IDLE → BRING-UP → OK → FAULT {Retry/Cool-down | Latch-off} → controlled reverse power-down.

1) Timeout Model

  • Per-rail timeout TTO[i]: max time to reach PG_VALID under its stable window Ts.
  • Global ceiling TBOOT_MAX: prevents indefinite boot when dependencies never resolve.
  • Abort rules: missing prerequisite PG_VALID, queue starvation, over-long skew slot wait.
  • Evidence: log failing rail, elapsed time, dependency snapshot at timeout.

2) Retry with Cool-Down

  • Fixed N retries: N=2–4 typical; cool-down Tcool allows bulk caps to recharge and thermal to settle.
  • Exponential backoff: Tcool,k=T0·2k when source droop/thermal stress is suspected.
  • Counters: maintain per-rail and global retry counts; stop oscillation across rails.

3) Latch-Off & Service Path

  • Enter LAT-OFF when retries exhausted or on fatal faults(OV/OT/short).
  • Re-arm: manual action, power cycle, or authenticated PMIC command.
  • Black-box hooks: fault vector, last-N events, millisecond timestamps.

4) Controlled Reverse Power-Down

  • Reverse the bring-up order; isolate first, then gate-off sources.
  • Provide discharge paths(bleeders or PMIC FET discharge)to avoid tail voltage and backfeed.
  • Tail V spec: V(t) below limit by Toff_spec; verify on scope and publish curves.
  • Keep telemetry/logging alive until safe “black state” if supported.
Evidence to publish
Failure counts per rail, Tcool distribution, tail-voltage decay curves, time-to-safe histogram, proof of TBOOT_MAX enforcement.
Common mistakes: no global timeout (boot deadlock); power-down without discharge (backfeed/tail current); infinite retries on noisy UV; missing fault cause logging.
Rail T_TO (ms) Retries (N) T_cool (ms) Backoff Discharge Path Tail V @ T_off
VCORE 50 3 150 Exp (×2) PMIC discharge FET < 0.3 V
VDDR 80 2 200 Fixed Bleeder 2 kΩ < 0.5 V
VPERI 60 4 120 Exp (×2) Load switch + Rpd < 0.4 V

Interlocks & Inrush Control

Constrain concurrency and cap input current peaks during bring-up. Use mutual-exclusion interlocks, grouped enables for small loads, and Δt staggering for heavy rails. Gate peripherals until System_PGOOD.

Inrush current reduction via enable staggering and interlocks
Input current vs time for three plans: No-Skew, Moderate-Skew (Δt), Aggressive-Skew. Peak markers and Ibudget line show margin gains.

1) Mutual-Exclusion Interlocks

  • Define conflict sets(e.g., {CPU_VCORE, DDR, GPU_CORE})that cannot overlap in time.
  • Enforce with semaphore tokens or slot capacity limits in the scheduler.
  • Record violations; auto-redistribute if deadlines allow.

2) Grouped Enables & Staggering

  • Group small loads(refs, IO)in the same slot; isolate heavy rails with Δt=5–50 ms between slots.
  • Compute Iin,slot = ΣΔI and enforce Iin,slot ≤ Ibudget per slot.
  • Publish EN density per slot and total Tboot impact to justify trade-offs.

3) PG-Gated Loads

  • Keep key peripherals off until System_PGOOD; then ramp using soft-start or controlled switches.
  • Use reverse-block load switches or ideal diodes to prevent sneak currents.
Evidence to publish
Input current peak vs skew plan, EN density per slot, Ibudget compliance, and Tboot trade-off analysis.
Common mistakes: optimizing per rail while ignoring source capability/connectors; grouping two heavy rails in one slot; forgetting PG-gating on peripherals.
Slot Rails in Slot ΣΔI (A) I_in,slot (A) I_budget (A) OK? Notes
S0 VCORE 1.6 1.6 2.0 Yes Heavy rail isolated
S1 (Δt=10 ms) VIO, VANA 0.6 0.6 2.0 Yes Grouped small loads
S2 (Δt=10 ms) VDDR, VPERI 1.1 1.1 2.0 Yes Meets I_budget

Validation & Bring-Up Procedure

The goal is to elevate a “working” sequence into a provable and repeatable process with auditable evidence and pass/fail guardrails covering power-up, power-down, and fault handling.

Why validation matters

If it isn’t timestamped, it didn’t happen. Robust systems record EN/PG/RESET/PLL_LOCK edges, verify limits across corners, and leave a trail of CSV logs and scope captures that manufacturing can reproduce.

Baseline bring-up script (repeatable steps)

  1. Prepare probes for EN_x, PG_x, RESET, PLL_LOCK; define rail list and dependency order.
  2. Start capture; apply input power; record rising and falling edges with timestamps (ms resolution or better).
  3. Log PG deglitch counters and any chatter under a controlled load step (small-signal and large-signal).
  4. Enforce per-rail timeouts and a global bring-up deadline; if violated, trigger fault policy and log the state.
  5. Export a CSV per run: columns include run_id, rail, event, t_stamp_ms, value, result, notes.
CSV example (one line per event)
run_id,rail,event,t_stamp_ms,value,result,notes
B01,Core,EN_rise,0.0,1,pass,—
B01,Core,PG_rise,8.7,1,pass,deg=0
B01,PLL,LOCK_rise,11.2,1,pass,—
B01,System,RESET_fall,15.0,0,pass,stretch=20ms
    

Limits & guardrails (min/max windows)

Define explicit pass/fail bands for thresholds, deglitch, hysteresis, reset stretch, skew, and timeouts. Any out-of-band event must deterministically trigger the configured fault policy.

Metric Min Max Method Notes
PG “good” threshold ≥ 95% Vnom ≤ 98% Vnom Scope + divider Window + hysteresis ≥2%
PG deglitch ≥ 50 µs ≤ 200 µs Glitch inj + counter Tune vs. ripple
Reset stretch ≥ longest POR + PLL_LOCK margin Edge cursoring Async assert, sync de-assert
Enable skew per rail ≥ 5 ms ≤ 50 ms Current probe Inrush envelope control
Per-rail timeout ≥ 1 ms ≤ 1000 ms Timer + log Triggers fault policy

Force-fault & test-mode patterns

  • UV/timeout injection: pull a rail below the PG window or delay its ramp; verify retry/cooldown/latch-off.
  • Stuck-half-on: PG never validates; confirm safe reverse power-down and discharge path.
  • Recovery: manual reset path after latch-off; log the recovery timestamp.

Corner coverage (temperature/load/ripple)

  • Temperature: cold/hot (e.g., −40/85/105 °C) with identical scripts and limits.
  • Load: min/max current, fast steps; capture PG chatter and input droop.
  • Ripple spectra: worst-case switching noise; confirm deglitch and hysteresis immunity.

Evidence pack & sign-off

A releaseable bundle that manufacturing can replay:

  • Scope screenshots with edge cursors for EN/PG/RESET/PLL_LOCK.
  • CSV timestamp logs for bring-up, faults, and recovery runs.
  • Corner matrix report summarizing pass/fail and margins.
Bring-up checklist and timestamped evidence collection for sequencing
Bring-up checklist with ticked timeline events and an “evidence shelf” for CSV and waveforms.
Common mistakes: testing only typical conditions; missing test pads for clean probing; no global deadline causing indefinite “half-on” states.

Key Metrics & Selection Matrix

Turn raw specifications into scenario-driven choices. Start with rail count, then match accuracy, reset features, and fault policy, finally align I/O levels and temperature grade to your environment.

Key metrics explained

  • Rail count supported: 3–20+; grouping and staged enables.
  • Threshold accuracy & windowing: single threshold vs. window comparator; define hysteresis.
  • PG deglitch & hysteresis: noise immunity vs. detection latency.
  • Enable skew granularity: ms steps for inrush control; stagger heavy rails.
  • Reset pulse & sync: async assert, synchronous de-assert; PLL_LOCK awareness.
  • Timeout & fault policy: retry/cooldown/latch-off behaviors.
  • Controlled power-down & discharge: reverse order, no backfeed.
  • I/O levels: 1.8/3.3/5 V tolerance and logic domain alignment.
  • Temperature grade: −40…+105/125 °C for industrial/automotive spans.

Selection path

  1. Fix rail count (and grouping) first—this sets architectural bounds.
  2. Choose threshold accuracy/windowing if rails interact tightly (FPGA/DDR/refs).
  3. Require reset stretch & sync for clocked logic or firmware bring-up.
  4. Pick fault policy to meet safety/availability goals (retry vs. latch-off).
  5. Match I/O level to the logic domain; then lock temperature grade.

Selection matrix (rail count × feature depth)

Rail Count Accuracy & Windows PG Deglitch / Hysteresis Enable Skew Step Reset & PLL_SYNC Timeout & Policy Power-Down Control I/O & Temp
1–3 rails Basic threshold OK Short deglitch, small hysteresis Coarse (≥5 ms) Minimal reset stretch Simple timeout + retry Basic reverse order Match logic level; −40…85 °C
4–8 rails Window comparator preferred 50–200 µs; ≥2% hysteresis Medium (5–20 ms) Stretch to longest POR; PLL_LOCK aware Timeout + cooldown/retry Controlled discharge paths 1.8/3.3/5 V tolerant; −40…105 °C
9–20+ rails Tight accuracy; window + trims Programmable deglitch; robust hysteresis Fine (≤10 ms per step) Async assert; synced de-assert; PLL gating Per-rail timeout; latch-off for safety Reverse order + backfeed protection Level-shifting as needed; −40…125 °C

Production lock & audit

  • Freeze parameters: thresholds, hysteresis, deglitch, enable skew, reset width, timeouts, power-down order.
  • Read-only checksum/signature: store configuration integrity for factory QA.
  • Conformance sheet: one page with limits, test points, and acceptance criteria.
Selection matrix for power sequencers and reset managers by rail count and features
2D selection matrix: rail-count bands vs. feature depth, highlighting sequencing/reset features.
Pitfalls to avoid: ignoring temperature drift and dynamic droop when setting thresholds; choosing too-coarse skew; overlooking reset synchronization.

Design Guidelines (10 Hard Rules)

Apply the rules below to turn a “working” power sequence into a provable, repeatable, and manufacturable behavior with measurable margins.

1) Set power-down order first

Define reverse order explicitly; design for safe discharge and no backfeed.

  • Reverse order documented and versioned
  • Size discharge paths for stored energy
  • Backfeed prevention verified on scope

2) PG requires deglitch + hysteresis

Noise immunity without adding false latency.

  • Window target ≥2% hysteresis
  • Deglitch 50–200 µs typical
  • Validate vs. worst ripple spectra

3) Reset stretch ≥ strictest POR; sync to PLL_LOCK

Guarantee reset integrity across all domains.

  • Async assert; synchronous de-assert
  • Guard-time beyond PLL lock
  • Verify under cold/hot corners

4) Stagger enables to control inrush (5–50 ms)

Don’t let heavy rails start together.

  • Heaviest rails last
  • Target surge < 1.2× steady-state
  • Measure input current profile

5) Per-rail timeouts + global bring-up deadline

Never allow indefinite half-on states.

  • Timeout triggers policy immediately
  • Global deadline caps total sequence
  • Log both to CSV with run_id

6) Controlled power-down + discharge; forbid backfeed

Shut down safely every time.

  • Reverse order is enforced in silicon
  • Discharge FETs/res sized for energy
  • Backfeed test included in QA

7) PG/RESET open-drain with proper pull-ups; clean routing

Robust logic interfacing and signal integrity.

  • Matched logic domains and levels
  • RC not so large it masks faults
  • Short, direct traces; common reference

8) Reserve test pads and divider taps

Measurability is non-negotiable.

  • Probe points for EN/PG/RESET
  • Scaled rail monitor for scopes
  • Label nets for factory inspection

9) Script your bring-up; keep CSV + waveforms

Evidence proves repeatability and margins.

  • EN/PG/RESET/PLL_LOCK timestamps
  • PG glitch counters and chatter
  • Run IDs, corner tags, pass/fail

10) Freeze production parameters + read-only checksum

Lock what you verify; verify what you lock.

  • Thresholds, hysteresis, deglitch, skew
  • Reset width, timeouts, power-down order
  • Store signature for QA conformance
Ten design rules for reliable power sequencing and reset management
Ten-card rule set focusing on PG quality, reset integrity, inrush control, timeouts, controlled shutdown, signal hygiene, testability, evidence, and production lock.

Troubleshooting Matrix

Resolve issues through a closed loop from symptom to observable fields to root cause to action. Always capture timestamps for EN/PG/RESET/PLL_LOCK, PG glitch counters, and input current peaks in CSV and scope shots.

Symptom Trigger Condition Observable Fields Likely Cause Corrective Action
Power-up stuck Rail_X timeout Timestamps: EN_X→PG_X delta; Counters: PG glitches; Thresholds: window width PG window too tight; insufficient deglitch Loosen window; increase deglitch; validate ramp slope
Intermittent self-reset Load step / ripple Timestamps: RESET asserts vs. PG chatter; Counters: chatter spikes Insufficient hysteresis/deglitch; weak decoupling Add hysteresis and deglitch; improve decoupling
DDR training fails Reset too short / unsynced Timestamps: RESET width vs. POR; Flags: PLL_LOCK present? Reset stretch below requirement; no PLL sync Stretch and synchronize reset to PLL_LOCK
Start-up overcurrent No stagger Peaks: input surge vs. steady-state; Timestamps: EN overlaps Simultaneous heavy rails Increase EN skew; reorder heavy rails to last
Large shutdown tail current No discharge path Timestamps: power-down order; Paths: backfeed detection Backfeed path; uncontrolled discharge Add controlled discharge and isolation; enforce reverse order
Random lock-up Dependency conflict Graph: illegal dependency; Timestamps: PG ordering vs. logic release Contradictory rail dependencies Clarify dependencies; add mutual exclusion; delay logic release
Troubleshooting matrix linking symptoms to observable fields and fixes
Horizontally scrollable matrix mapping symptoms to triggers, observables, causes, and corrective actions.
Evidence to capture per row: EN/PG/RESET rising/falling timestamps, PG glitch count, input current peak; store CSV + scope shots for audit.

Applications & Schematics

Apply sequencing and reset discipline to three representative systems. Scope is strictly sequencing & reset (no PMBus managers, eFuse, hot-swap, or unrelated helpers). Each application shows a gating formula, safe release of nRESET, and a reverse power-down pattern that prevents backfeed.

A) FPGA/SoC Multi-Rail

Sequence: Core → PLL/BRAM → Aux → IO → DDR

System_PGOOD: (Core_OK ∧ Aux_OK ∧ IO_OK ∧ DDR_OK ∧ PLL_LOCK)

nRESET release: After System_PGOOD with reset stretch ≥ strictest POR; de-assert synchronous to system clock.

  • PG window 95–98% Vnom; ≥2% hysteresis
  • Deglitch 50–200 µs; tune to ripple
  • Enable skew 5–20 ms; heavy rails later

Reverse power-down: DDR → IO → Aux → PLL/BRAM → Core with controlled discharge paths.

B) CPU + DDR + Peripherals

Sequence: REF/CORE first → DDR next → Peripherals last

System_PGOOD: (CORE_OK ∧ REF_OK) then gate DDR; peripherals gate on DDR_OK.

nRESET release: After DDR rails pass PG and training prerequisites; include PLL_LOCK margin.

  • DDR VTT/VREF windows ±2–3%
  • Reset stretch ≥ DDR training requirement
  • Deglitch tuned per DDR vendor timing

Reverse power-down: Peripherals → DDR (controlled VTT/VREF discharge) → CORE/REF.

C) Industrial Domain / Backplane

Sequence: Bring domain rails to OK, then assert Domain_PGOOD for interop to the backplane.

Maintenance: Force-Fault / Bypass ports to reproduce/clear faults without firmware.

  • Enable skew 10–50 ms for bulky loads
  • Isolation for no backfeed into adjacent domains
  • Clear Domain_PGOOD rules and timeouts
Application PG Window Deglitch Enable Skew Reset Stretch Notes
A) FPGA/SoC 95–98% Vnom; ≥2% hyst 50–200 µs 5–20 ms ≥ strictest POR + PLL_LOCK Heavy rails last; DDR reverse-down last
B) CPU+DDR VTT/VREF ±2–3% Vendor-timing tuned 5–15 ms Covers DDR train + PLL Peripherals after DDR_OK
C) Industrial Domain 95–97% Vnom; robust hyst 100–300 µs 10–50 ms Per backplane sync Domain_PGOOD advertised after local OK
Application timelines for FPGA/SoC, CPU+DDR, and modular industrial systems
Three stacked timelines (A/B/C) with EN/PG/RESET/PLL_LOCK markers and concise threshold/skew hints.

Reference IC Selection Notes

Choose by needs, not by brand: rail count, PG/threshold quality, deglitch/hysteresis programmability, reset stretch/sync, timeouts/fault policy, controlled power-down, I/O levels, and temperature grade. Keep BOM hooks explicit.

Simple 3-Rail Sequencer

Time-based; coarse skew; minimal dependencies.

4–12+ Rail PG-Based

Threshold windows, dependencies, timeouts, skew.

Multi-Reset Supervisor

Windowed thresholds, reset stretch, POR guards.

Discrete Minimal

Comparators + RC + logic + open-drain ORing.

Bucket Rail Count Threshold/PG Deglitch/Hysteresis Reset & Sync Timeout/Policy
Simple 3-Rail 1–3 Basic Fixed/limited Basic stretch Simple retry
4–12+ PG-Based 4–12+ Windowed Programmable Stretch + PLL sync Timeout + policy
Multi-Reset Supervisor 1–6 Windowed Fixed/trim Strong stretch Reset policy only
Discrete Minimal N/A Comparator + RC RC-defined Discrete logic Discrete state

Seven Vendor Examples (PNs & Rationale)

Texas Instruments

UCD90120A / UCD9090A — 10–12 rail sequencer/monitor (dependencies, timeouts, PG deglitch).

TPS386000 / TPS386596 — multi-rail reset supervisors (windowed thresholds, stretch).

Reason: mature multi-rail control and robust reset features for 4–12+ rail architectures.

Analog Devices (incl. LTC/Maxim)

LTC2977 / ADM1266 — power system manager/sequencer; precise supervision, rich dependencies.

LTC2937 / LTC2928 — multi-rail sequencer/supervisor for PG-based order control.

Reason: high accuracy windows, programmable deglitch/hysteresis, complex trees.

Renesas (ex-Intersil)

ISL880xx / ISL9000-series — windowed reset supervisors with stretch.

ISL70321 / ISL70323 — multi-channel supervisors (industrial/hi-rel options).

Reason: broad supervisor portfolio, strong POR behavior across grades.

Microchip

MCP1316/17 / MIC803 — precise supervisors with delay/stretch options.

MCP100/101 — ultra-simple single-rail supervisors for discrete minimal builds.

Reason: proven resets; easy to pair with comparator+logic sequencing.

STMicroelectronics

STM706 / STM809 / STM810 — supervisors with selectable thresholds/delays.

STPMIC1 (sequencer outputs) — use exposed sequence outputs within scope.

Reason: ubiquitous supervisors; platform PMICs with usable sequence signaling.

onsemi

NCP30x / NCP31x — supervisors with wide threshold options.

NCP3985 — helper for controlled power-down/ideal-diode paths in discrete builds.

Reason: commodity supervisors + practical shutdown helpers.

NXP

MC33907/MC33908 PMIC — use sequencer outputs; keep within page scope.

FS6500 / safety PMICs — sequencer/reset depth aligned to safety needs.

Reason: platform PMICs that expose sequencing useful for CPU/auto systems.

BOM Hooks

  • PG/RESET pull-ups sized to logic level; avoid RC so large that it hides faults.
  • Discharge resistors/FETs sized for stored energy; verify thermal profile.
  • Open-drain ORing/isolators for safe PG combine and contention-free aggregation.
Non-branded capability buckets for sequencers and reset supervisors
Four capability buckets visualized without brands; choose by rail count, PG quality, reset strategy, and policy depth.

FAQ — Power Sequencers & Reset Managers

Answers focus strictly on sequencing and reset. Each item gives a decision, how to verify, and a practical acceptance line you can reproduce on the bench.

When should I choose time-based vs threshold-based sequencing?

Use time-based for ≤3 rails and tolerant loads; it’s simple but less adaptive to ramp and ripple. Choose threshold-based for 4–12+ rails or tight dependencies, using PG windows, hysteresis, deglitch, and timeouts. Mixed schemes are common: coarse delays for minor rails, PG-gated release for Core/DDR/PLL domains to prevent false-ready and inrush coupling.

How long should RESET be stretched?

Stretch RESET for at least the strictest downstream POR plus guard time, and de-assert synchronously to the target clock after PLL_LOCK. Validate across cold/hot corners and minimum ramp rates. Acceptance: worst-case POR time + margin always passes, and training-sensitive subsystems (e.g., DDR) show repeatable success without spurious reasserts.

What PG deglitch value is appropriate?

Start at 50–200 µs and tune to the rail’s ripple spectrum and load-step behavior. Pair with ≥2% hysteresis so chatter is rejected without masking genuine brownouts. Verify by injecting load transients and counting PG glitches. Acceptance: zero false “OK” across corners with deglitch short enough not to delay legitimate faults or RESET release.

How do I avoid start-up inrush peaks?

Stagger enables by 5–50 ms with the heaviest rails last. Measure the upstream supply; target surge ≤1.2× steady-state. If limits are exceeded, increase skew, slow problematic ramps, or reorder rails. Acceptance: surge remains below the limit at cold/hot and min/max load, and earlier rails do not brown out during subsequent rail starts.

Why must I define the power-down order?

Reverse order prevents backfeed paths and undefined logic states. Provide controlled discharge for energy-dense rails and hold RESET active until essential domains decay. Acceptance: tail current follows a predictable profile, no phantom powering appears on I/O rails, and power-down is reproducible in corner conditions without violating domain dependencies.

How do I detect “half-on” or stuck mid-sequence states?

Add per-rail timeouts and a global bring-up deadline. If any rail misses PG in time, assert a fault, unwind safely, and log timestamps. Acceptance: the system never idles indefinitely in a partially powered state; it either reaches READY with System_PGOOD or transitions to a defined fault state with evidence stored for review.

Should RESET be synchronized to the clock?

Yes. Assert asynchronously for speed, but de-assert synchronously to the destination clock domain, and after PLL_LOCK. This minimizes metastability and erratic training. Acceptance: oscilloscope shows edge-aligned release without runt pulses, and corner testing reveals no unexplained resets or configuration errors following READY transitions.

How much margin should thresholds leave from nominal voltage?

Aim for a 95–98% Vnom PG window with ≥2% hysteresis, then verify against ripple, droop, and load steps. For DDR VTT/VREF, follow vendor windows (often ±2–3%). Acceptance: no false-ready during ripple bursts; real undervoltage events still trigger, and RESET remains consistent across environmental corners.

How do I declare “system ready” when DDR is present?

Gate System_PGOOD as “all essential rails OK ∧ PLL_LOCK.” Release nRESET only after DDR rails pass PG and any training prerequisites. Acceptance: DDR training succeeds repeatedly across cold/hot and min/max load, System_PGOOD shows no chatter, and resets never race with PLL lock acquisition.

What evidence should I retain from bring-up and validation?

Keep CSV logs with EN/PG/RESET/PLL_LOCK timestamps, PG glitch counts, and scope screenshots for corner runs. Tag each run with an ID and pass/fail status. Acceptance: any engineer can reproduce the procedure and reach the same conclusions; margins are visible in artifacts, not implied by anecdotal tests.

How do I choose an appropriate fault policy (retry, latch-off, cooldown)?

For benign loads, limited retries with cooldown can recover transient faults. For safety or high downstream cost, prefer latch-off and explicit service action. Acceptance: policy aligns to hazard analysis, prevents restart storms, and logs show clear cause/effect, including which rail violated timing or thresholds.

How should I pick enable skew between rails?

Start with 5–20 ms for digital rails, 10–50 ms for bulky or analog loads. Measure upstream surge and interaction with earlier ramps; place high-current rails later. Acceptance: surge stays under limit; no early rail brownouts; PG edges remain stable when subsequent rails start under worst-case loading.

Do I need controlled discharge for shutdown?

Yes—rails with significant capacitance or shared I/O must discharge predictably. Provide discharge resistors/FETs sized for stored energy and enforce reverse order. Acceptance: tail current decays along a defined profile; no backfeed is observed; RESET remains asserted until essential domains are truly inactive.

How should I wire PG and RESET—push-pull or open-drain?

Prefer open-drain/open-collector with correct pull-ups to the logic domain. It enables safe OR-ing of PG sources and avoids contention. Keep traces short and clean; choose RC values that do not hide genuine faults. Acceptance: monotonic edges, no cross-domain leakage, and clear logic levels across temperature.

What’s the minimal viable verification script for sequencing?

Record EN/PG/RESET/PLL_LOCK edges, compute inter-event deltas, enforce per-rail timeouts and a global deadline, and count PG glitches during induced steps. Save CSV per run with corner tags. Acceptance: scripts yield identical pass/fail decisions on any bench unit and expose margins rather than anecdotes.

When is a discrete comparator + logic scheme acceptable?

Use discrete comparators, RC timing, and open-drain logic for ≤3 rails or gentle dynamics with wide thresholds. Validate hysteresis and deglitch explicitly. Acceptance: the same evidence standard applies—timestamps, glitch counts, surge checks—and results remain stable across corner conditions without complex sequencing silicon.

Ersa

Anastasia is a dedicated writer who finds immense joy in crafting technical articles that aim to disseminate knowledge about integrated circuits (ICs). Her passion lies in unraveling intricate concepts and presenting them in a simplified manner, making them easily understandable for a diverse range of readers.