Think Like a Saboteur.

Design and Schematic


  • Is the design passively or actively safe? For example, if an MCU or FPGA is being programmed, held in reset, or in their POR, does the circuit enter a safe / idle / known state? Is the circuit only hot under control (can it be)?
  • Can you detect all relevant environmental changes? If changes in environment indicate a change in operating state or mode, can you detect them? (e.g. VBUS high on a self-powered USB device, SD card in socket, a particular connector plugged in)
  • FETs have pull-ups / -downs?
  • BJTs properly biased for both levels and current?
  • Chip selects have pull-ups / -downs?
  • Pull-up / -down resistors appropriate value for expected environment/noise?
  • Enable pins checked for polarity. Not all datasheets indicate this well, pin description text checked? Part number verified for ICs with orderable polarity configurations?
  • Shutdown pins checked for polarity?
  • Enable and shutdown pins pulled to the correct level when not under control? (e.g. shut down unless controlled)
  • Address select pins properly tied / pulled to the correct level?
  • Pull-ups on open-drain, open-collector nets? Values checked for required slew rates / throughput / noise?
  • Input / output pairs matched for all single-ended transceivers? (e.g. RX->TX, TX->RX for UART)
  • Differential pairs polarity checked? (e.g. H/L for CAN, D+/D- for USB)
  • Passive / buffered visual indicators (e.g. LEDs) at appropriate level for the idle level of the protocol? (e.g. UART idle high, SPI clock idle low, etc)
  • High-speed lines have appropriate series termination?
  • Crystals have load capacitors if required? Stray capacitance of PCB trace factored in?
  • Trimming potentiometers and capacitors increase their value when turned clockwise?
  • Exposed pads on no-leads packages tied to correct net? Needs to be left floating?
  • FPGAs have built-in configuration flash or have external flash available if not?
  • MCUs have built-in program flash or have external flash available if not?
  • MCUs have enough flash for debugging routines and unoptimized code on prototypes?
  • Bootloader size factored into required flash space?

In-Circuit Programming

  • Programming pins broken out?
  • Reset pins broken out?
  • Polarity / duration of reset nets checked? (e.g. must float during power-on, reset high? must be held for more than 100 ┬Ás?)
  • Pull-ups / -downs on reset nets?
  • Low-pass filters on reset nets in noisy environments or on external connectors? Discharge diode to bring filter low during power transients? Discharge diode on the output side of the filter?
  • FPGA external flash signals broken out and/or wired up to MCU?
  • If programming lines are shared, no drivers exist on line? (e.g. a receiver's push-pull output) Programming waveforms safe for downstream circuit?


  • Watchdog can be disabled during programming / debug?
  • If watchdog enabled / disabled via a jumper, configured so jumped enters programming / debug mode? (Jumper can be omitted?)
  • Watchdog output resets all peripherals that require a specific startup state?
  • Watchdog output tied to any write-protect pins if appropriate?


  • Serial termination resistors required or on-chip?
  • External pull-up/-down resistors required?
  • Can current be limited when the device is put in suspend mode?
  • Self-powered device does not drive VBUS?
  • Self-powered device pulls D+/D- only when VBUS is detected?


  • Power pins tied to correct voltage rail?
  • Dropout voltage of regulators checked against complete range/tolerance of source supply? Not just nominal/ideal rating.
  • Minimum load met for stability of all regulators?
  • Final circuit maximum load rechecked against regulator ratings?
  • Digital ICs have correct number and value of bypass capacitors for frequencies in use?
  • Bypass and output capacitor values checked for all regulators? Correctly derated? Appropriate ESR for stability?
  • Analog rails properly decoupled with ferrites / inductors / capacitors?
  • Circuit held idle / safe / in reset until voltages are stable? Voltage supervisor IC required (used to hold in reset or signal power-good)?
  • Power rails have short-circuit / over-current protection at output connectors?
  • Power rails have appropriate current limiting?
  • Over-current protection checked for time-until-trip? Crowbar required? Load-switch required?
  • Over-current protection recovers automatically?
  • Power input rails need reverse-polarity protection? Appropriate type for allowable voltage drop? and current? If using a P-channel FET, Rds(on) and Vgs checked? Vgs clamped if less than input voltage?
  • Total bulk capacitance on any power rail warrant inrush limiting?

Battery Chemistry

  • Average and peak currents checked? Efficiency and lifespan vary for different chemistries and peak current combinations.
  • Parallel cells require balancing? Internal resistance considered? (e.g. parallel coin cells effectively drain each other)

Sensors / Signal Conditioning

  • Temperature sensor exist if other sensors require temperature-compensation / calibration?
  • Source impedance of sensor checked? In-amp required?
  • Dividers and filters buffered with op-amp before ADC?
  • Op-amp stability checked given load capacitance on output?
  • Unused op-amps in dual or quad packages terminated?


  • Power and ground lines appropriately filtered at connector? Ferrites, etc.
  • Shield on shielded cable / connector appropriately decoupled and tied to ground?
  • Two boards with separate power supplies that share a data interface, share data ground? (e.g. RS-485)
  • If "large" ground potential differences are possible, current limited with low-value resistor?
  • If "very large" ground potential differences are possible, data grounds are floating with a single reference? Have fully isolated supplies?
  • Power and its ground on same connector?
  • Power connectors different size / type than IO connectors?
  • Related inputs / outputs on same connector?

PCB Layout


  • Set up the DRC before you start.
  • Double check the drill vs annular ring size for vias?
  • Fiducials required? Present?
  • High-speed differential pairs not routed over broken ground plane?
  • Passives have traces coming into pads symmetrically? Traces comming into opposing "sides" of pads can cause solder migration, part rotation, tombstoning, or stresses when the board cools.
  • Margin to edge of board checked? Appropriate given board break-away (V-score or mouse bites)? Mouse bites can easily pull/crack solder mask at 20 mil in.
  • Components can be reworked without removing others?
  • Thermal reliefs for all pads of serviceable components?
  • Does each component's zeroed orientation match that of the orientation in the reel? Or placement/insertion rotation offset checked?


  • TVS close to connector it is protecting circuit from?
  • Programming header has clearance for IDC connector mating half? They are much wider than the header itself.
  • Maximum cable bend (minimum radius) checked against important clearances?
  • Inter-board connector locations checked against enclosure?
  • Drivers near connectors they are driving signals on?
  • Staggered power / signal connectors required? Double check if signals can be connected before power?


  • Drill holes checked? Correct hole spacing to mounting hardware (space between fastener and hole edge)?
  • Drill hole plating checked?
  • Adequate clearance around mounting holes for both the mounting hardware and the tool that fastens it?


  • Soldermask relief set appropriately given expected soldermask expansion?
  • Soldermask minimum spoke size met?
  • Soldermask relief around fiducials?
  • Soldermask removed for all pads?


  • Paste mask correctly sized and segmented on exposed DFN/QFN pads?
  • Paste mask correctly scaled for stencil type and thickness being used?

Programming and Test

  • Don't forget to design two boards...the test jig too!
  • Test points on all important clock and data pins?
  • More test points?
  • Ok cool, but maybe some more test points?
  • Ground reference test points near all high speed signals that might need to be probed?
  • Test points on 100-mil grid if possible? (ease of test jig creation)
  • Unused MCU pins broken out to header? (for debugging, setting test modes, etc)
  • Programming / test jig can provide power to board? Can be powered from board?


  • PCB antenna location checked against enclosure? E.g. Is there a cable gland or other structure placing more material over antenna?
  • PCB antenna has strong ground reference? Most ISM band antenna designs are aperture antennas.
  • RF tuning network easily reworkable?
  • RF shielding can dimensions checked?


  • Analog sensors close to their ADC or buffered soon?
  • ADCs on or toward digital part of layout? (ADCs use fast oscillators)
  • Feedback dividers accidentally bypassed with capacitor placement?


  • Traces have sufficient width for current and allowable temperature rise?
  • Sufficient trace spacing for voltage?
  • Highest ground currents closest to supply return?
  • Via size and count appropriate for current?
  • Thermal vias for thermal pads?
  • Tenting set appropriately for thermal vias?
  • Thermal reliefs disabled for power component pads?
  • Separate supply rail traces to multiple regulators?


(TODO: Section needs work)

  • Appropriate number and size of vias for current?
  • Current / impedance matched? Equal trace widths and via counts?


  • Inductors sharing same axis? Can become transformers.
  • Power and digital grounds separate (in terms of ground loops)?
  • All power components on same side?
  • Current loop area minimized? Stray inductances minimized?
  • FETs and inductors close?
  • Switch node ringing requires dampening?
  • Electrolytics will remain cool? Electrolytics on "bottom" of convection volume?
  • Output/bulk capacitor terminals tied as close as possible to low-side FET?
  • Gate drive signals short and thick?
  • Feedback trace thick and clear of other noisy signals? (gates and boost nodes)
  • Minimum voltage ripple required by controller met?
  • Control circuitry away from the noisy end of the switch node? (Buck: Vin side, Boost: Vout side)

Legend / Silkscreen

  • Check fab silkscreen DPI? Can legend be printed clearly?
  • Ticks every 10 or 25 pins for high-ish pin count ICs?
  • Pin-1 indicator visible after component is placed on board?
  • Power pins labeled with polarity and voltage ranges?
  • Connector pinouts printed on both sides of board and mirrored? (if two-sided silkscreen)
  • Part number, revision number, date code present?
  • Serial number blank window required?
  • Legend references all facing one or two directions (not four)?