Embed Size (px)
Citation preview
V1.2 | 2019-07-16
Vector India Conference 2019, Pune, 2019-07-16
Software Update and Upgrade Over the Air (SOTA)
2 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Data Collection
Implement predictive maintenance
Establish early feedback loops (e.g. on launch of a new model)
Offer new services based on vehicle data> E.g. collect rain sensor data for local weather reports
Live Diagnostics
Get remote roadside assistance from central vehicle support centers> Continue driving or keep waiting for the towing service?
> Solve some E/E issues immediately
Software Update
Avoid expensive recalls by fixing functionality and security incidents rapidly
Distribute new fancy features and create new business models
Implement software-based model upgrades
Automotive OTA – The three key use-cases
Introduction
3 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Automotive OTA – Vector Portfolio
Introduction
Automotive OTA
Software Update
In the cloud
In the vehicle
In P
C to
ols
vConnect
vFlash
…
MICROSAR
vConnect
4 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
1. Introduction
2. Software Download Use-cases
3. ECU Storage Solutions
4. MICROSAR.OTA Software Download Solution
5. Summary & Outlook
Agenda
5 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Software Download by Off-Board Diagnostic Tester
Software Download Use-cases
Authoring
Target ECUTarget ECU
Running Flash Bootloader
Flash Memory
OBD Gateway
SW Update Package
Vehicle PackageManagement in OEM Backend
while driving
Program software update via Flash Bootloader
UDS
Diagnostic Tester
UDS
Safe state
6 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
OTA Software Download in Bootloader Context – Single Partition
Software Download Use-cases
Authoring
Target ECUTarget ECU
Running Flash Bootloader
Flash Memory
Connectivity Unit / On-board Tester
MassStorage
SW Update Package
Vehicle PackageManagement in OEM Backend
UDS
Program software update via Flash Bootloader
While driving Safe state
7 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
OTA Software Download in Bootloader Context – Multiple Partitions
Software Download Use-cases
Authoring
Target ECUTarget ECU
Running Flash Bootloader
Connectivity Unit / On-board Tester
MassStorage
SW Update Package
Vehicle PackageManagement in OEM Backend
UDS
Target ECU
Running Flash Bootloader
Flash Memory
Active Partition
Inactive Partition
Program software update via Flash Bootloader
While driving Safe state
8 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Connectivity Unit / Gateway
OTA Software Download in Application Context
Software Download Use-cases
Authoring
Target ECU
Flash Memory
Active Partition
Inactive Partition
MassStorage
SW Update Package
Vehicle PackageManagement in OEM Backend
Activate software update via Flash Bootloader
While driving Safe state
9 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Approach
Software update package is received by connectivity unit while driving down the road
Update is applied on the target ECU in a post-run phase in Flash Bootloader context
Constraints
Download interrupt/resume capability needs to be implemented in download process
Battery capacity must be considered
Pros
Re-use existing infrastructure (Flash Bootloader)
No impact on application runtime behavior
Utilize maximum network bandwidth during update phase
Cons
Limited time window during key-off for applying updates
Impact on post-run system design since normal message communication is switched off
Comparison – OTA Software Download in Bootloader Context
Software Download Use-cases
10 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Approach
Software update package is received by connectivity unit while driving down the road
Update is applied in a shadow memory on the target ECU in application context
Constraints
Application stack needs to be extended by OTA download software components
Busload and ECU performance impact must be considered
Multiple memory partition concept and download interrupt/resume capability must be implemented
Pros
ECU is operating in application context, no need to disable normal message communication
Depending on memory partition concept, nearly no impact on vehicle availability
Cons
Increased complexity
Additional ROM resources
Impact on ECU system design and safety requirements must be considered
Comparison – OTA Software Download in Application Context
Software Download Use-cases
11 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
1. Introduction
2. Software Download Use-cases
3. ECU Storage Solutions
4. MICROSAR.OTA Software Download Solution
5. Summary & Outlook
Agenda
12 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
This architecture requires hardware support in the microcontroller itself
The hardware maps the active partition to a predefined address range (e.g. 0x000000, with partition size 2MB in the example below)
Code is always executed from that address range
Activation of a partition means remapping the active and inactive memory address ranges
Hardware-assisted A/B Swap Solution
ECU Storage Solutions
FBL
Appv1.0
(active)
0xA00000
0x000000
BeforeActivation
AfterActivationFBL
App v2.0
(inactive)
FBL
Appv2.0
(active)
0x000000
Appv1.0
(inactive)
0xA00000
FBLSwap
0xC00000
0x200000
0x200000
0xC00000
Download
13 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
During the background download the data is cached in unused memory area (either internal or external memory)
During software activation the new application is copied to the active memory area by the Flash Bootloader
Download Caching Solution
ECU Storage Solutions
FBL
App v1.0
(active)
App v1.0
(backup)
App v2.0
(inactive)
InternalFlash
ExternalFlash
InternalFlash
ExternalFlash
Download
FBL
App v2.0
(active)
App v1.0
(backup)
App v2.0
(inactive)
Copy
BeforeActivation
AfterActivation
14 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Depending on the active/inactive memory, different application entry addresses are selected
Code is executed from different memory locations
Two software binaries of the same version need to be maintained which are linked to different memory locations
Diagnostic tester needs to be aware of active/inactive memory location to select the correct image
Dual Binary Solution
ECU Storage Solutions
FBL
Appv1.0
(active)
BeforeActivation
App v2.0
(inactive)
FBL
Appv2.0
(active)
Appv1.0
(inactive)
Activate
Download
App entry
App entry
AfterActivation
0xA00000
0x000000
0xC00000
0x200000
0xA00000
0x000000
0xC00000
0x200000
15 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Hardware-assisted A/B Swap
Single binary
Short activation downtime
Currently only supported by a few hardware platforms
Download Caching
Single binary
Generic solution
Existing MCU platform can be reused by adding external flash memory
Longer activation downtime due to data copy
Cost for external flash memory
Dual Binary
Aside from read while write support no additional hardware requirements
Very short activation downtime
Configuration management for dual software image
Complex software may be necessary to handle different reset vector and interrupt addresses
Comparison of Solutions
ECU Storage Solutions
16 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
1. Introduction
2. Software Download Use-cases
3. ECU Storage Solutions
4. MICROSAR.OTA Software Download Solution
5. Summary & Outlook
Agenda
17 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
MICROSAR
Download of software updates
Verification of software updates
Backup creation (opt.)
Flashbootloader
Activation of software updates
Rollback to previous software
Note: The architecture diagram only shows the SWDL-specific BSW modules.
MICROSAR.OTA Software Architecture - Responsibilities
MICROSAR.OTA Software Download Solution
Electronic Control Unit
Microcontroller
MICROSAR
OTA (vOtaDL)
SWDL Handler(OEM-specific)
Software Update Manager
vMem
Flash Bootloader
OTA Manager
Basic / Extended
Memory Access Manager
vMem Ext
MICROSAR
Download of software updates
Verification of software updates
Backup creation (optional)
Flash Bootloader
Activation of software updates
Rollback to previous software
Note: The architecture diagram only shows the OTA-specific BSW modules
18 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
SWDL Handler
OEM-specific
Typically responsible for protocol and state handling
Features depend on OEM requirements
Supported OEM specifications
List available on request
MICROSAR.OTA Software Architecture – SWDL Handler
MICROSAR.OTA Software Download Solution
Electronic Control Unit
Microcontroller
MICROSAR
OTA (vOtaDL)
SWDL Handler(OEM-specific)
Software Update Manager
vMem
Flash Bootloader
OTA Manager
Basic / Extended
Memory Access Manager
vMem Ext
SWDL Handler
OEM-specific
Typically responsible for protocol and state handling
Features depend on OEM requirements
19 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Software Update Manager
Buffering of flash data
Data processing> Signature verification
> Decompression
> Decryption
> …
Definition of modules, aka logical blocks
Mapping of modules to virtual addresses
Handling of resume information to continue an interrupted software download
MICROSAR.OTA Software Architecture – Software Update Manager
MICROSAR.OTA Software Download Solution
Electronic Control Unit
Microcontroller
MICROSAR
OTA (vOtaDL)
SWDL Handler(OEM-specific)
Software Update Manager
vMem
Flash Bootloader
OTA Manager
Basic / Extended
Memory Access Manager
vMem Ext
Software Update Manager
Buffering of flash data
Data processing> Signature verification
> Decompression
> Decryption
> …
Definition of modules, aka logical blocks
Mapping of modules to virtual addresses
Handling of resume information to continue an interrupted software update
20 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Memory Access Manager
Definition of virtual addresses
Mapping of virtual to physical addresses
Priorization and scheduling of flash jobs
Handling of multiple flash drivers> AUTOSAR Fls
> Vector vMem
MICROSAR.OTA Software Architecture – Memory Access Manager
MICROSAR.OTA Software Download Solution
Electronic Control Unit
Microcontroller
MICROSAR
OTA (vOtaDL)
SWDL Handler(OEM-specific)
Software Update Manager
vMem
Flash Bootloader
OTA Manager
Basic / Extended
Memory Access Manager
vMem Ext
Memory Access Manager
Definition of virtual addresses
Mapping of virtual to physical addresses
Prioritization and scheduling of flash jobs
Handling of multiple flash drivers> AUTOSAR Fls
> Vector vMem
21 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
vMem (Ext)
Read/write/erase program (code) flash
Available for internal and external flash memory
MICROSAR.OTA Software Architecture – vMem
MICROSAR.OTA Software Download Solution
Electronic Control Unit
Microcontroller
MICROSAR
OTA (vOtaDL)
SWDL Handler(OEM-specific)
Software Update Manager
vMem
Flash Bootloader
OTA Manager
Basic / Extended
Memory Access Manager
vMem Ext
vMem (Ext)
Read/write/erase program (code) flash
Available for internal and external flash memory
22 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
OTA Manager
Add-On for Vector Flashbootloader
Responsible for activation and rollback
OTA Manager Basic> Uses hardware-assisted A/B swap
OTA Manager Extended> Copies the data between partitions located in
internal and/or external flash
SWDL Software Architecture
MICROSAR.OTA Software Download Solution
Electronic Control Unit
Microcontroller
MICROSAR
OTA (vOtaDL)
SWDL Handler(OEM-specific)
Software Update Manager
vMem
Flash Bootloader
OTA Manager
Basic / Extended
Memory Access Manager
vMem Ext
OTA Manager
Add-On for Vector Flash Bootloader
Responsible for activation and rollback
OTA Manager Basic> Uses hardware-assisted A/B swap
OTA Manager Extended> Copies the data between partitions located in
internal and/or external flash
23 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
1. Introduction
2. Software Download Use-cases
3. ECU Storage Solutions
4. MICROSAR.OTA Software Download Solution
5. Summary & Outlook
Agenda
24 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
OTA is a wide and complex topic
Dependencies from the lowest hardware level to system level (incl. backend)
There is even more:
Functional Safety
Multi-processor ECUs
Different OEM update strategies
AUTOSAR Adaptive
Summary & Outlook
Summary & Outlook
Vector has your solution for updating and upgrading ECU software over-the-air!
25 © 2019. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.2 | 2019-07-16
Author:Dr. Sebastian Lerch, Jonas WolfVector Germany
For more information about Vectorand our products please visit
www.vector.com
