Flight termination - Always send flag to IO without checking the circuit breaker. The circuit breaker is used inside IO to decide if it has to go into failsafe if FMU dies and also controls is the FailureDetector sets the force_failsafe flag. The other sources of flight termination (rc loss, geo fence, ...) are not disabled by the circuit breaker

src/drivers/px4io/px4io.cpp

@@ -1372,8 +1372,7 @@ PX4IO::io_set_arming_state()
 			_lockdown_override = false;
 		}
 
-		/* Do not set failsafe if circuit breaker is enabled */
-		if (armed.force_failsafe && !_cb_flighttermination) {
+		if (armed.force_failsafe) {
 			set |= PX4IO_P_SETUP_ARMING_FORCE_FAILSAFE;
 
 		} else {

src/lib/circuit_breaker/circuit_breaker_params.c

@@ -103,14 +103,8 @@ PARAM_DEFINE_INT32(CBRK_AIRSPD_CHK, 0);
 /**
  * Circuit breaker for flight termination
  *
- * Setting this parameter to 121212 will disable the flight termination action.
- * If configured, flight termination can be triggered as a failsafe action of the following failures:
- * - RC or data link is lost
- * - The vehicle moves outside the geofence
- * - The FailureDetector reports a failure (e.g.: attitude failure).
- * - GPS is lost, height estimate is not available and RC is lost
- * Flight termination is also triggered on the IO processor if FMU is lost.
- * => With this circuit breaker enabled, flight termination will never be exectued, even if configured.
+ * Setting this parameter to 121212 will disable the flight termination action if triggered
+ * by the FailureDetector logic or if FMU is lost.
  * WARNING: ENABLING THIS CIRCUIT BREAKER IS AT OWN RISK
  *
  * @reboot_required true

src/modules/px4iofirmware/mixer.cpp

@@ -235,6 +235,7 @@ mixer_tick(void)
 		should_arm &&
 		/* and FMU is initialized */
 		(r_status_flags & PX4IO_P_STATUS_FLAGS_FMU_INITIALIZED)) {
+		/* FMU is then dead -> force failsafe */
 		PX4_ATOMIC_MODIFY_OR(r_setup_arming, PX4IO_P_SETUP_ARMING_FORCE_FAILSAFE);
 	}