CN109408153B - Software starting method and software upgrading method - Google Patents

Software starting method and software upgrading method Download PDF

Info

Publication number
CN109408153B
CN109408153B CN201811296732.4A CN201811296732A CN109408153B CN 109408153 B CN109408153 B CN 109408153B CN 201811296732 A CN201811296732 A CN 201811296732A CN 109408153 B CN109408153 B CN 109408153B
Authority
CN
China
Prior art keywords
partition
software
starting
current
current starting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811296732.4A
Other languages
Chinese (zh)
Other versions
CN109408153A (en
Inventor
霍建宇
姜秋慧
刘建新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Original Assignee
Baidu Online Network Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baidu Online Network Technology Beijing Co Ltd filed Critical Baidu Online Network Technology Beijing Co Ltd
Priority to CN201811296732.4A priority Critical patent/CN109408153B/en
Publication of CN109408153A publication Critical patent/CN109408153A/en
Application granted granted Critical
Publication of CN109408153B publication Critical patent/CN109408153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1433Saving, restoring, recovering or retrying at system level during software upgrading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1461Backup scheduling policy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

An embodiment of the present invention relates to a software boot method, wherein software is stored in a first partition and a second partition of a storage device, respectively, the software boot method including: reading starting information, wherein the starting information comprises a current starting partition, and the current starting partition is the first partition or the second partition; judging whether the current starting partition can normally start the software or not, and if not, switching the current starting partition into the other one of the first partition and the second partition; the software is launched from the current boot partition. The method and the device can be particularly used for solving the problem that the OTA cannot be started when the system image is damaged due to nonvolatile storage damage (such as an eMMC (embedded multimedia controller) bad block, a hard disk bad channel and the like) after the OTA is upgraded. It is currently available on-board computing units (autopilot computing units).

Description

Software starting method and software upgrading method
Technical Field
The invention relates to the technical field of computer software, in particular to a software starting method and a vehicle-mounted operating system OTA upgrading method and device.
Background
Communication technology is rapidly developing, and terminals such as computers, mobile phones, vehicle-mounted intelligent systems and the like are becoming more and more popular. The terminal requires various software, such as an operating system and various application software (such as navigation software), in addition to hardware, to function properly. These software often require constant upgrades to make the system more secure and sophisticated. For example, a vehicle-mounted operating system is manufactured in a 4.0 version, and needs to be upgraded to a 5.0 version and higher.
In the prior art, the upgrade operation of the terminal system is often realized based on Over-the-Air (OTA) technology.
With respect to software upgrade operations, the following two solutions are now commonly used:
1. for the scenario after android 7.0: supporting A/B dual-partition upgrading after 7.0 android, and refreshing a partition B when the current OS is in the partition A; and when the current OS is in the B partition, refreshing the A partition. If the starting fails, the Recovery mode is entered, the firmware can be refreshed only through the USB, and the normally used function cannot be provided.
2. And a simplest factory firmware is built in, and when the factory firmware is not started successfully, the factory firmware is started, and only the simplest function is supported.
For the first scheme, once the storage is damaged, the normal function cannot be provided, and only the USB refreshing can be used after the USB flash memory is offline.
With the second scheme, once a storage corruption occurs, a rollback to an original factory release occurs. In this way, two problems exist, namely, all updated functions from the factory are lost, and problems of compatibility and the like may exist; and once the old version has security holes, the old version is very easy to be utilized by attackers, and becomes a hidden danger of information security.
The above is only a technical situation known to the inventors and does not certainly represent the prior art constituting the present invention.
Disclosure of Invention
An embodiment of the present invention provides a software boot method, where software is stored in a first partition and a second partition of a storage device, respectively, the software boot method including: reading starting information, wherein the starting information comprises a current starting partition, and the current starting partition is the first partition or the second partition; judging whether the current starting partition can normally start the software or not, and if not, switching the current starting partition into the other one of the first partition and the second partition; and launching the software from the current boot partition.
According to one aspect, the step of determining whether the currently-started partition can normally start the software includes: and judging whether the current starting partition is verified or not.
According to one aspect, the step of determining whether the currently-started partition can normally start the software further includes: and judging whether the digital signature of the current starting partition is matched with a preset signature or not.
According to one aspect, the software startup method further comprises: and when the current starting partition is judged not to be checked, judging whether the retry frequency of the current starting partition is larger than zero or not, if so, subtracting one from the retry frequency of the current starting partition, starting the software from the current starting partition, and otherwise, switching the current starting partition to be the other one of the first partition and the second partition.
According to one aspect, the software startup method further comprises: when the digital signature of the current starting partition is the same as a preset signature, judging whether the first partition and the second partition are synchronized, and if so, starting the software from the current starting partition; otherwise, synchronizing the other of the first partition and the second partition with the current partition; when the digital signature of the current starting partition is different from a preset signature; judging whether the first partition and the second partition are synchronized, if so, synchronizing the current partition by using the other one of the first partition and the second partition, and starting the software from the current starting partition; otherwise, an alarm which cannot be recovered is sent.
According to one aspect, the software startup method further comprises: after the software is started from the current starting partition, verifying whether the current starting partition is successful, and if the verification is successful, marking the current starting partition as verified; otherwise, carrying out reset operation.
According to one aspect, the software starting method is an in-vehicle operating system starting method.
An embodiment of the present invention further provides a software upgrading method, where the software is stored in a first partition and a second partition of a storage device, respectively, and the software upgrading method includes: receiving an upgrade package of the software; analyzing the upgrade package; and upgrading the software stored in the first partition and the second partition according to the upgrading package.
According to one aspect, the software upgrade method further comprises: and recording the synchronization information, and/or the verification information, and/or the digital signature, and/or the retry number of the first partition and the second partition.
According to one aspect, the software upgrade method further comprises: when the first partition and the second partition are not synchronous, one of the first partition and the second partition which can be started normally is synchronized to the other.
According to one aspect, the software is a vehicle android system, and the software upgrading method is performed OTA.
An embodiment of the present invention also provides an apparatus, including: one or more processors; storage means for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the software launching method as described above.
An embodiment of the present invention also provides an apparatus, including: one or more processors; storage means for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the software upgrade method as described above.
An embodiment of the present invention further provides a software boot apparatus, wherein the software is stored in a first partition and a second partition of a storage device, respectively, and the software boot apparatus includes: a unit for reading start information, where the start information includes a current start partition, and the current start partition is the first partition or the second partition; a unit for judging whether the current starting partition can normally start the software, and configured to switch the current starting partition to the other one of the first partition and the second partition if the software cannot be normally started; and means for launching said software from said current boot partition.
An embodiment of the present invention further provides a software upgrading apparatus, where the software is stored in a first partition and a second partition of a storage device, respectively, and the software upgrading apparatus includes: a unit that receives an upgrade package of the software; analyzing the unit of the upgrade package; and a unit for upgrading the software stored in the first partition and the second partition according to the upgrade package.
Embodiments of the present invention also provide a computer-readable storage medium comprising computer-executable instructions stored thereon which, when executed by a processor, implement the software startup method as described above.
Embodiments of the present invention also provide a computer-readable storage medium comprising computer-executable instructions stored thereon which, when executed by a processor, implement the software upgrade method as described above.
The embodiment of the invention provides a safer software upgrading method and a safer software upgrading starting method, which ensure that the versions of two partitions of software can be updated, verify the integrity of a system mirror image by a digital signature method, and can be recovered by the same version of the other partition once the system mirror image is damaged, thereby realizing mutual backup and improving the robustness of software OTA (over the air) upgrading. The method and the device can be applied to upgrading and starting of various software, and are particularly suitable for determining and upgrading operating system software (such as an android system) and other software (such as navigation software) of an on-vehicle intelligent system.
The foregoing summary is provided for the purpose of description only and is not intended to be limiting in any way. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features of the present invention will be readily apparent by reference to the drawings and following detailed description.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 shows a flow diagram of a software boot method according to one embodiment of the invention;
FIG. 2 illustrates system partitioning according to a second embodiment of the present invention;
FIG. 3 shows a flow chart of a startup method according to a second embodiment of the invention;
FIG. 4 shows a flow chart of a software upgrade method according to a third embodiment of the present invention;
fig. 5 shows a block diagram of an apparatus according to a fourth embodiment of the invention;
fig. 6 shows a block diagram of an apparatus according to a fifth embodiment of the invention;
fig. 7 shows a block diagram of an apparatus according to a sixth embodiment of the invention;
fig. 8 shows a block diagram of an apparatus according to a seventh embodiment of the invention;
fig. 9 shows a block diagram of a computer program product according to an eighth embodiment of the invention; and
fig. 10 shows a block diagram of a computer program product according to a ninth embodiment of the invention.
Detailed Description
In the following, only certain exemplary embodiments are briefly described. As those skilled in the art will recognize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. Accordingly, the drawings and description are to be regarded as illustrative in nature, and not as restrictive.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", and the like, indicate orientations and positional relationships based on those shown in the drawings, and are used only for convenience of description and simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be considered as limiting the present invention. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, features defined as "first", "second", may explicitly or implicitly include one or more of the described features. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
In the description of the present invention, it should be noted that unless otherwise explicitly stated or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection, either mechanically, electrically, or in communication with each other; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the present invention, unless otherwise expressly stated or limited, "above" or "below" a first feature means that the first and second features are in direct contact, or that the first and second features are not in direct contact but are in contact with each other via another feature therebetween. Also, the first feature being "on," "above" and "over" the second feature includes the first feature being directly on and obliquely above the second feature, or merely indicating that the first feature is at a higher level than the second feature. A first feature being "under," "below," and "beneath" a second feature includes the first feature being directly above and obliquely above the second feature, or simply meaning that the first feature is at a lesser level than the second feature.
The following disclosure provides many different embodiments or examples for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Of course, they are merely examples and are not intended to limit the present invention. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples, such repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. In addition, the present invention provides examples of various specific processes and materials, but one of ordinary skill in the art may recognize applications of other processes and/or uses of other materials.
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
FIG. 1 illustrates a software startup method 100 according to one embodiment of the invention. The software is stored, for example, in a first partition and a second partition, respectively, of a storage device, by which the software can be started. Note that, as those skilled in the art can understand, the meaning of the first partition and the second partition in the present invention includes partitions on different physical storage devices, for example, the first partition is located on a hard disk, and the second partition is located on an SSD memory card; also includes different logical partitions on the same physical storage device, e.g., two logical partitions on the same hard disk; and also includes different folders in the same logical partition on the same storage device. These are all within the scope of the present invention. In addition, the software may be operating system software, such as Linux operating system or qnx operating system, or application software, such as GPS navigation system software.
As shown in fig. 1, the software startup method 100 of the present embodiment includes:
in step S101: and reading the starting information of the software. The starting information comprises a current starting partition, and the current starting partition is the first partition or the second partition. In the present invention, for example, the first partition may be set as a default partition, and in a default state, the currently-started partition is the first partition. In certain cases, such as when the software cannot be normally started by the first partition, the currently-starting partition is modified to the second partition.
In step S102: and judging whether the software can be normally started through the current starting partition, and if not, switching the current starting partition into the other one of the first partition and the second partition. When the software cannot be normally started by the current starting partition, the problem of the software stored by the current starting partition is shown, and in this case, the software needs to be switched to another partition to start the software.
In step S103: the software is launched from the current boot partition.
A booting method of an operating system according to a preferred embodiment of the present invention is described below with reference to fig. 2 and 3. Where figure 2 illustrates one implementation of system partitioning and figure 3 illustrates a boot method 200 for an operating system. In the present embodiment, the operating system software is taken as an example for explanation, but those skilled in the art will understand that the present invention is not limited thereto, and may be applied to other types of software.
As shown in fig. 2, the system partitions of the present embodiment include boot, OS a, OS B, rootfs, and misc partitions. Wherein, the boot partition is responsible for starting a boot loader of the storage system; the OS A and the OS B partitions respectively store kernels of an operating system and are backups of each other; rootfs is the root file system; the misc partition is responsible for communication between the OS and bootloader, and stores information including the current boot partition, whether synchronization is performed, whether each partition image is verified, the digital signature and retry number of each image, and the like.
As shown in fig. 3, the method 200 for starting the operating system of the present embodiment includes:
in step S201, the system resets and executes the bootloader.
In step S202, the bootloader reads the boot information of the misc partition, which includes one or more or all of the information of the current boot partition, whether synchronization is performed, whether each partition image is verified, the digital signature and retry number of each image, and the like. The information about whether to synchronize may be, for example, a flag value, or may be determined whether the two partitions are synchronized by comparing version numbers of operating systems stored in the first partition and the second partition. The start information indicating whether each partition image is verified may also be, for example, a flag, where after the operating system stored in the partition is self-checked, the flag is 1 to indicate that the operating system can be started by the partition, and otherwise, the flag is 0 to indicate whether the operating system can be started by the partition that has not been verified.
In step S203, it is checked whether the current partition is verified, if not, the process proceeds to step S205, and it is determined whether the retry number of the current partition is greater than 0, and if it is greater than 0, the retry number is decremented by 1 (step S206), and the current partition is started, otherwise, the current partition is considered to be an error version, and the process is switched to another partition (step S207) for starting. If the current partition is verified, the process proceeds to step S204, the current partition is digitally signed and compared with the pre-stored signature, if successful, the process proceeds to step S210, it is determined whether the two partitions are synchronized, if not, the current partition is synchronized to another partition (step S211), and then the operating system is started from the current partition (step S212). If the signature fails, the storage of the current partition is considered to be damaged, the process goes to step S208 to determine whether the two partitions are synchronized, if so, the other partition is used to recover the current starting partition (step S209), otherwise, an alarm that the recovery cannot be performed is issued.
After step S212, it proceeds to step S213 to verify whether the current partition is successful. Methods of verification include, but are not limited to, performing a system self-check after startup. If the check is successful, the operation goes to step S214, the current partition is marked as checked, and the normal mode is entered to execute the functions of the system; otherwise, the process proceeds to step S215, a reset operation is performed, and the system is restarted.
Note that the operating system boot method 200 of the second embodiment is a preferred implementation of the boot method 100 of the first embodiment, where step S203 and step S204 are preferred implementations of step S102.
According to a preferred embodiment of the present invention, the software in the first embodiment and the operating system in the second embodiment may be, for example, an in-vehicle operating system, such as a Linux or qnx operating system, installed on an in-vehicle computing unit (autopilot computing unit).
A software upgrade method 400 according to a third embodiment of the invention is described below with reference to fig. 4. Wherein the software is stored in a first partition and a second partition of the storage device, respectively, similar to the first and second embodiments. The software upgrade method 400 includes:
in step S401, an upgrade package of the software is received. In an embodiment of the present invention, the upgrade package includes two types: full packets and differential packets. The complete package includes all information and files included in the system version corresponding to the upgrade, and the differential package includes only differential information and files existing between the two system versions. The data amount of the complete packet is generally larger than that of the differential packet. The present embodiment can be upgraded using both full and differential packages.
In step S402, the upgrade package is parsed, for example, file decompression is performed, a version number is obtained, and the like.
In step S403, the software stored in the first partition and the second partition is upgraded according to the analysis information of the upgrade package. The upgrade includes, but is not limited to, firmware flashing, file updating, configuration issuing, and the like.
According to a preferred embodiment of the present invention, the software upgrade method 400 further comprises: and recording the synchronization information, and/or the verification information, and/or the digital signature, and/or the retry number of the first partition and the second partition.
According to a preferred embodiment of the present invention, the software upgrade method 400 further comprises: when the first partition and the second partition are not synchronous, one of the first partition and the second partition which can be started normally is synchronized to the other.
According to a preferred embodiment of the invention, the software is a vehicle-mounted android system, and the software upgrading method can be executed in an OTA mode.
By the starting methods 100 and 200 and the upgrading method 400 of the embodiment of the invention, a safer software upgrading method and starting method are provided. After each upgrade, the versions of the two partitions of the software are updated, the integrity of the system image is verified by a digital signature method, once the system image is damaged, the same version of the other partition can be used for recovery, mutual backup is realized, and the robustness of the OTA upgrade of the software is improved.
An apparatus 500 according to a fourth embodiment of the invention is described below with reference to fig. 5. The apparatus 500 includes one or more processors 501 and storage 502. The storage device 502 may be used to store one or more programs. The program, when executed by the processor, causes the one or more processors to implement the software startup method 100 or 200 as described above.
The device 500 is for example an in-vehicle computing unit and the software is for example a linux or qnx operating system installed in the in-vehicle computing unit or other software, such as navigation software or the like.
An apparatus 600 according to a fifth embodiment of the invention is described below with reference to fig. 6. The apparatus 600 comprises: one or more processors 601 and storage 602. The storage device 602 is used to store one or more programs. The program is configured to, when executed by the one or more processors, cause the one or more processors to implement the software upgrade method 400 as described above.
The device 600 is for example an in-vehicle computing unit and the software is for example a linux or qnx operating system installed in the in-vehicle computing unit or other software, such as navigation software or the like.
Fig. 7 shows a software startup device 700 according to a sixth embodiment of the invention. The software starting apparatus 700 includes: a unit 701 for reading start information, where the start information includes a current start partition, and the current start partition is the first partition or the second partition; a unit 702 configured to determine whether the currently-started partition can normally start the software, and if the software cannot be normally started, switch the currently-started partition to another one of the first partition and the second partition; means for launching said software from said currently launched partition 703.
According to a preferred embodiment of this embodiment, the unit 702 for determining whether the currently-started partition can normally start the software is configured to determine whether the currently-started partition is verified, and determine whether the digital signature of the currently-started partition matches a preset signature.
According to a preferred implementation of this embodiment, the unit 702 for determining whether the currently-started partition can normally start the software is configured to determine whether the retry number of the currently-started partition is greater than zero when it is determined that the currently-started partition is not verified, reduce the retry number of the currently-started partition by one when the retry number of the currently-started partition is greater than zero, and start the software from the currently-started partition, otherwise switch the currently-started partition to the other of the first partition and the second partition.
According to a preferred implementation of this embodiment, the unit 702 for determining whether the currently-started partition can normally start the software is configured to: when the digital signature of the current starting partition is the same as a preset signature, judging whether the first partition and the second partition are synchronized, and if so, starting the software from the current starting partition; otherwise, synchronizing the other of the first partition and the second partition with the current partition; when the digital signature of the current starting partition is different from a preset signature; judging whether the first partition and the second partition are synchronized, if so, synchronizing the current partition by using the other one of the first partition and the second partition, and starting the software from the current starting partition; otherwise, an alarm which cannot be recovered is sent.
According to a preferred implementation of this embodiment, the software startup device 700 further comprises a verification unit configured to: after the software is started from the current starting partition, verifying whether the current starting partition is successful, and if the verification is successful, marking the current starting partition as verified; otherwise, carrying out reset operation.
Fig. 8 shows a software startup device 800 according to a seventh embodiment of the invention. Wherein the software is stored in a first partition and a second partition of the storage device, respectively. The software upgrading device comprises: a unit 801 that receives an upgrade package of the software; a unit 802 for parsing the upgrade package; and a unit 803 for upgrading the software stored in the first partition and the second partition according to the upgrade package.
According to a preferred embodiment of this embodiment, the software startup device 800 further comprises a recording unit configured to record synchronization information, and/or verification information, and/or digital signature, and/or retry number of the first partition and the second partition.
According to a preferred implementation of this embodiment, the software starting apparatus 800 further includes a synchronization unit configured to synchronize one of the first partition and the second partition that can be normally started to the other when the first partition and the second partition are not synchronized.
Fig. 9 shows a block diagram of a computer program product 900 according to an eighth embodiment of the invention. The signal bearing medium 902 may be embodied as or include a computer readable medium 906, a computer recordable medium 908, a computer communication medium 910, or a combination thereof, which stores programming instructions 904 that may configure a processing unit to perform all or some of the processes previously described. The instructions may include, for example, one or more executable instructions for causing one or more processors to: reading starting information, wherein the starting information comprises a current starting partition, and the current starting partition is the first partition or the second partition; judging whether the current starting partition can normally start the software or not, and if not, switching the current starting partition into the other one of the first partition and the second partition; the software is launched from the current boot partition.
Fig. 10 shows a block diagram of a computer program product 1000 according to a ninth embodiment of the invention. The signal bearing medium 1002 may be embodied as or include a computer readable medium 1006, a computer recordable medium 1008, a computer communication medium 1010, or a combination thereof, which stores programming instructions 1004 that may configure a processing unit to perform all or some of the processes previously described. The instructions may include, for example, one or more executable instructions for causing one or more processors to: receiving an upgrade package of the software; analyzing the upgrade package; and upgrading the software stored in the first partition and the second partition according to the upgrading packet.
The embodiment of the invention provides a safer software upgrading method and a safer software upgrading starting method, which ensure that the versions of two partitions of software can be updated, verify the integrity of a system mirror image by a digital signature method, and can be recovered by the same version of the other partition once the system mirror image is damaged, thereby realizing mutual backup and improving the robustness of software OTA (over the air) upgrading. The method and the device can be applied to upgrading and starting of various software, and are particularly suitable for determining and upgrading operating system software (such as an android system) and other software (such as navigation software) of an on-vehicle intelligent system. Automotive electronics has more stringent safety requirements than consumer electronics, and the field of automotive electronics is an emerging field, with very rapid product iteration, which increases the frequency of OTA. The invention uses the synchronous OTA of the double partitions, and the two partitions are mutually backed up, thereby reducing the risk of service unavailability caused by the OTA to a certain extent. The method and the device can be particularly used for solving the problem that the OTA cannot be started when the system image is damaged due to nonvolatile storage damage (such as an eMMC (embedded multimedia controller) bad block, a hard disk bad channel and the like) after the OTA is upgraded. It is currently available on-board computing units (autopilot computing units).
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer readable storage medium. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (7)

1. A software startup method, wherein the software is stored in a first partition and a second partition of a storage device, respectively, the software startup method comprising:
reading starting information, wherein the starting information comprises a current starting partition, and the current starting partition is one of the first partition and the second partition;
judging whether the current starting partition can normally start the software or not, and if not, switching the current starting partition into the other one of the first partition and the second partition; and
launching the software from the current boot partition;
wherein, judging whether the current starting partition can normally start the software further comprises:
judging whether the current starting partition is verified or not;
if the current starting partition is verified, judging whether the digital signature of the current starting partition is matched with a preset signature;
when the digital signature of the current starting partition is the same as a preset signature, judging whether the first partition and the second partition are synchronized by using a mark value, and if so, starting the software from the current starting partition; otherwise, synchronizing the other of the first partition and the second partition with the current partition;
when the digital signature of the current starting partition is different from a preset signature, judging whether the first partition and the second partition are synchronized by using a mark value, if so, recovering the current starting partition by using the other one of the first partition and the second partition, and starting the software from the current starting partition; otherwise, an alarm which cannot be recovered is sent.
2. The software startup method of claim 1, further comprising: and when the current starting partition is judged not to be checked, judging whether the retry frequency of the current starting partition is larger than zero or not, if so, subtracting one from the retry frequency of the current starting partition, starting the software from the current starting partition, and otherwise, switching the current starting partition to be the other one of the first partition and the second partition.
3. The software startup method of any one of claims 1-2, further comprising: after the software is started from the current starting partition, verifying whether the current starting partition is successful, and if the verification is successful, marking the current starting partition as verified; otherwise, carrying out reset operation.
4. The software starting method according to any one of claims 1-2, wherein the software starting method is an in-vehicle operating system starting method.
5. An apparatus, comprising:
one or more processors;
storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the software launching method of any of claims 1-4.
6. A software startup device, wherein the software is stored in a first partition and a second partition of a storage device, respectively, the software startup device comprising:
a unit for reading start information, where the start information includes a current start partition, and the current start partition is the first partition or the second partition;
a unit for judging whether the current starting partition can normally start the software, and configured to switch the current starting partition to the other one of the first partition and the second partition if the software cannot be normally started; and
means for booting the software from the current boot partition;
wherein, judging whether the current starting partition can normally start the software further comprises:
judging whether the current starting partition is verified or not;
if the current starting partition is verified, judging whether the digital signature of the current starting partition is matched with a preset signature;
when the digital signature of the current starting partition is the same as a preset signature, judging whether the first partition and the second partition are synchronized by using a mark value, and if so, starting the software from the current starting partition; otherwise, synchronizing the other of the first partition and the second partition with the current partition;
when the digital signature of the current starting partition is different from a preset signature; judging whether the first partition and the second partition are synchronized by using a mark value, if so, recovering the current starting partition by using the other one of the first partition and the second partition, and starting the software from the current starting partition; otherwise, an alarm which cannot be recovered is sent.
7. A computer-readable storage medium comprising computer-executable instructions stored thereon which, when executed by a processor, implement the software startup method of any one of claims 1-4.
CN201811296732.4A 2018-11-01 2018-11-01 Software starting method and software upgrading method Active CN109408153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811296732.4A CN109408153B (en) 2018-11-01 2018-11-01 Software starting method and software upgrading method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811296732.4A CN109408153B (en) 2018-11-01 2018-11-01 Software starting method and software upgrading method

Publications (2)

Publication Number Publication Date
CN109408153A CN109408153A (en) 2019-03-01
CN109408153B true CN109408153B (en) 2022-03-01

Family

ID=65470938

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811296732.4A Active CN109408153B (en) 2018-11-01 2018-11-01 Software starting method and software upgrading method

Country Status (1)

Country Link
CN (1) CN109408153B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110333882B (en) * 2019-05-09 2023-03-14 阿波罗智联(北京)科技有限公司 System upgrading method, device, equipment and computer readable medium
CN110377308A (en) * 2019-07-18 2019-10-25 上海擎感智能科技有限公司 Data updating method, system
CN110471680A (en) * 2019-07-23 2019-11-19 武汉格罗夫氢能汽车有限公司 Control method for the upgrading of hydrogen energy automobile controller software and failure rollback
CN111209141B (en) * 2019-12-30 2023-10-20 晶晨半导体(深圳)有限公司 Dual-system switching method and device applied to system iteration
CN111881101A (en) * 2020-08-03 2020-11-03 南京创通微新通信有限公司 Double-file system synchronization method
CN114138343A (en) * 2020-09-04 2022-03-04 青岛海信移动通信技术股份有限公司 Terminal and terminal starting method
CN112256285A (en) * 2020-10-16 2021-01-22 宝能(广州)汽车研究院有限公司 OTA (over the air) upgrading method of vehicle, computer-readable storage medium and electronic equipment
CN112631626B (en) * 2020-12-02 2023-11-14 广东中兴新支点技术有限公司 System upgrading method and device based on double systems and storage medium
CN112612524A (en) * 2020-12-22 2021-04-06 西人马(西安)测控科技有限公司 Method, device and equipment for starting Linux system and storage medium
CN113114730B (en) * 2021-03-22 2022-09-27 深圳市晨北科技有限公司 Upgrading method and device, terminal equipment and storage medium
EP4092539A1 (en) 2021-05-17 2022-11-23 Elektrobit Automotive GmbH Re-partitioning of a flash memory device
CN114116023B (en) * 2021-06-15 2023-05-09 荣耀终端有限公司 Operating system starting method, device, storage medium and computer program product
CN113821263B (en) * 2021-06-15 2023-03-24 荣耀终端有限公司 Management method, device, storage medium and computer program product of operating system
CN113821233B (en) * 2021-06-15 2022-09-27 荣耀终端有限公司 Operating system upgrade method, apparatus, storage medium, and computer program product
CN116069375A (en) * 2021-06-15 2023-05-05 荣耀终端有限公司 Operating system data updating method, device and storage medium
CN113609476A (en) * 2021-07-28 2021-11-05 南京慧尔视智能科技有限公司 Radar firmware remote upgrading method and upgrading system
CN116149714A (en) * 2021-07-29 2023-05-23 荣耀终端有限公司 Operating system data configuration method, device, storage medium and program product
CN114489814B (en) * 2021-08-20 2023-01-17 荣耀终端有限公司 Terminal equipment starting method and terminal equipment
CN113824620A (en) * 2021-08-20 2021-12-21 中国第一汽车股份有限公司 Partition switching method, device, vehicle and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100584338B1 (en) * 2003-09-17 2006-05-26 삼성전자주식회사 Method and system for updating software
CN101126920A (en) * 2007-09-30 2008-02-20 浙江中控技术有限公司 Method and device implementing on-line upgrading of a fixed programme
CN101437106A (en) * 2007-11-16 2009-05-20 深圳Tcl工业研究院有限公司 Set-top box system and self-repairing method thereof
CN101650662A (en) * 2009-08-26 2010-02-17 中兴通讯股份有限公司 Memory device of embedded system and staring method and upgrading of firmware
CN102779081A (en) * 2012-07-05 2012-11-14 深圳市华曦达科技股份有限公司 Method and device for safe updating of electric device system
CN104636171A (en) * 2015-03-04 2015-05-20 深圳市欧珀通信软件有限公司 Upgrading method and device and mobile device
CN105786510A (en) * 2016-02-29 2016-07-20 深圳市美贝壳科技有限公司 Upgrading and partitioning system and security upgrading method for single-chip microcomputer
CN106055430A (en) * 2016-05-27 2016-10-26 北京奇虎科技有限公司 System backup updating method and device for PTZ camera
CN106293822A (en) * 2016-08-04 2017-01-04 青岛海信电器股份有限公司 A kind of from the method and device processing chip upgrade
CN108121554A (en) * 2017-12-20 2018-06-05 浙江亿邦通信科技股份有限公司 A kind of upgrade method and upgrade-system of open air embedded device system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100584338B1 (en) * 2003-09-17 2006-05-26 삼성전자주식회사 Method and system for updating software
CN101126920A (en) * 2007-09-30 2008-02-20 浙江中控技术有限公司 Method and device implementing on-line upgrading of a fixed programme
CN101437106A (en) * 2007-11-16 2009-05-20 深圳Tcl工业研究院有限公司 Set-top box system and self-repairing method thereof
CN101650662A (en) * 2009-08-26 2010-02-17 中兴通讯股份有限公司 Memory device of embedded system and staring method and upgrading of firmware
CN102779081A (en) * 2012-07-05 2012-11-14 深圳市华曦达科技股份有限公司 Method and device for safe updating of electric device system
CN104636171A (en) * 2015-03-04 2015-05-20 深圳市欧珀通信软件有限公司 Upgrading method and device and mobile device
CN105786510A (en) * 2016-02-29 2016-07-20 深圳市美贝壳科技有限公司 Upgrading and partitioning system and security upgrading method for single-chip microcomputer
CN106055430A (en) * 2016-05-27 2016-10-26 北京奇虎科技有限公司 System backup updating method and device for PTZ camera
CN106293822A (en) * 2016-08-04 2017-01-04 青岛海信电器股份有限公司 A kind of from the method and device processing chip upgrade
CN108121554A (en) * 2017-12-20 2018-06-05 浙江亿邦通信科技股份有限公司 A kind of upgrade method and upgrade-system of open air embedded device system

Also Published As

Publication number Publication date
CN109408153A (en) 2019-03-01

Similar Documents

Publication Publication Date Title
CN109408153B (en) Software starting method and software upgrading method
CN110178114B (en) Vehicle control device and program update system
US10162625B2 (en) Vehicle control storage methods and systems
CN109032632B (en) FOTA upgrading method, wireless communication terminal and storage medium
CN109343885B (en) System upgrading method and multi-system equipment
WO2019076037A1 (en) Firmware updating method and device
CN107783776B (en) Processing method and device of firmware upgrade package and electronic equipment
CN105260215A (en) Method of updating vehicle-mounted automobile data recorder terminal by USB flash disk
EP3153968B1 (en) Multi-system terminal system updating method, updating device and terminal
CN111625295A (en) Embedded system starting method, device, equipment and storage medium
WO2019080840A1 (en) Method and device for repairing firmware
CN114443081A (en) Terminal upgrading method and terminal
CN106775874B (en) System upgrading method of terminal equipment
KR102610730B1 (en) Apparatus for providing update of vehicle and computer-readable storage medium
CN110333882B (en) System upgrading method, device, equipment and computer readable medium
CN115344434B (en) Patching method and device, electronic equipment and storage medium
WO2021012170A1 (en) Firmware booting method and device, and computer-readable storage medium
CN110659052B (en) Method and system for updating system software in network equipment and readable storage medium
CN113114730B (en) Upgrading method and device, terminal equipment and storage medium
CN114780122A (en) Embedded equipment firmware updating method and embedded equipment
CN115220796A (en) Secure boot device
CN111190627A (en) System upgrading method and device
CN110569059A (en) USB-based system partition upgrading method under uboot
CN109901861B (en) Method and device for updating software of electronic control unit
CN114489717A (en) System upgrading method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant