I'm using a Pi zero attached to a custom PCB as part of a large project. The custom PCB has a "shut down" button on it and a "startup" button. The startup button temporarily enables a "relay"* while it is held down, during this time an ATMEGA328P microcontroller (almost an arduino uno but mounted differently) on the custom PCB powers on and turns on a GPIO output, by the time that the user releases the "startup" button the atmega's GPIO is being used to keep this "relay" is the "continue to power the board" state. The pi begins booting, the atmega runs other bits of code while keeping that GPIO output high. The Pi runs and does it's stuff with the board's analogue hardware and various realtime slave microcontrollers. When it comes to shuytting down the user presses the "shutdown button", this informs that atmega microcontroller, the atmega microcontroller sends a HIGH warning signal, through a 5V to 3v3 level shifter to keep the Pi's GPIOs safely isolated form 5V voltages, to one of the Pi's GPIO inputs. When the Pi sees this pin go high it does system("shutdown -h now") from within the C code it is running. About 14 seconds later the Pi has shutdown. The 5V supply going into the Pi's 5V pins stays high at 5V, it is afterall the same 5V rail as is used to power the atmega, and the ground of the board stays at ground. Also when the "shutdown" button was pressed the atmega started a countdown of its own, and after this countdown is finished it lets it's "enable the relay" GPIO drop LOW and the whole board is powered off, the 5V rail which powers Pi, atmega and everything else goes to ground as the relay turns off. For clarity I'll mention that, once the shutdown pin has been pressed for the necessary minimum time of half a second for the atmega to decide "this is a real shutdown request and not noise" then it doesn't matter whether the user releases the button or keeps it pressed, the atmega will warn the pi and do it's countdown to cutting of the relay either way.
But I've had some trouble. Due to the existance of a few emergency (low batetry and such) shutdown modes and other stfuf which the atmega does there can be cases where the atmega doesn't cut the relay's GPIO to LOW until perhaps 20 secodns or 30 seconds afetr the "shutdown" button is pressed. This is a deliberate and desired behaviour. However I've found that sometiems during one of these extended shutdowns the Pi will have shutdown but during the time between the Pi shutting down and the atmega turning of the relay somehow the pi begins to power up again. I don't know if it's electrical noise in the circuitry causing the Pi to think it has just been freshly powered on, or something else, but it seems that a Pi which has been shutdown but is still exposed to a 5V supply may spontaneously try to start again. Starting again like this is bad, I could quite likely corrupt the SD card of the pi or cause other damage to the Pi if power to it's 5V pins is cut during startup rather than when it is in a shutdown state.
What can I do to get the Pi to, upon turning off due to the shutdown -h call, stay off and not restart? I won't want the Pi to begin startup again until next time the whole board is powered on. Is there an alternative shutdown terminal command which I can call from my C program? What about use of the "run" pin pair beside GPIOs 37 and 39, although redesigning my PCB to accomodate extra header sockets in the region of my board which aligns to that section of the Pi could be rather tricky.
*It's not quite a normal relay, but this description is the easiest way to dicuss it without going into long details, it's a voltage regulator which has an input GPIO pin which can be sent high or low to enable the regulator's output, everything on my board is powered from that output.