CN112925546A - Multi-stage verification method and system for preventing vehicle-mounted ECU (electronic control Unit) from refreshing errors - Google Patents
Multi-stage verification method and system for preventing vehicle-mounted ECU (electronic control Unit) from refreshing errors Download PDFInfo
- Publication number
- CN112925546A CN112925546A CN202110259427.3A CN202110259427A CN112925546A CN 112925546 A CN112925546 A CN 112925546A CN 202110259427 A CN202110259427 A CN 202110259427A CN 112925546 A CN112925546 A CN 112925546A
- Authority
- CN
- China
- Prior art keywords
- data
- controller
- verification
- crc
- stage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0061—Error detection codes
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/10—Internal combustion engine [ICE] based vehicles
- Y02T10/40—Engine management systems
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a multi-stage verification method and a multi-stage verification system for preventing vehicle-mounted ECU (electronic control unit) from refreshing errors, wherein the method comprises the following steps that a controller executes automobile software updating, and the controller carries out reprogramming; in the reprogramming process of the controller, more than three levels of data verification, namely first level data verification, second level data verification and third level data verification are carried out, and after the controller receives all data, the first CRC value is compared with the fourth CRC value; if the first-stage data verification, the second-stage data verification and the third-stage data verification pass the verification, the application program written into the controller can be started normally, and if any one of the first-stage data verification, the second-stage data verification and the third-stage data verification fails, the reprogramming process is stopped, and the software updating fails. The invention can confirm that the transmission of each level of data is problem-free through multiple checks. And multi-stage verification is performed, so that the safety of the file and the safety of data in the transmission process are ensured, and the safe reprogramming of the controller is realized.
Description
Technical Field
The invention relates to the technical field of vehicle software, in particular to a multistage verification method and a multistage verification system for preventing vehicle-mounted ECU (electronic control unit) refreshing errors.
Background
In the prior art, after a pure electric vehicle is sold to a user, remote updating of software of an ECU (electronic control unit) can be performed through the specific ECU of a T-Box of the electric vehicle, but the remote updating has the risk of failure in updating, and the vehicle can not normally run.
In the prior art, in a reprogramming process of a controller, an upper computer performs a service of a download request according to an address recorded in a flash file of the controller, the upper computer transmits data to a corresponding address of the controller after the download request passes, the upper computer performs a check of data transmission in a form of routine service after the data of one logical block address is transmitted, and the controller judges whether the data transmission of the logical block is correct.
In the conventional data transmission check, a CRC value is issued by an upper computer, the controller calculates the CRC value, and then the two check values are compared; the CRC value of a known file is a known fixed value, and whether data transmission is accurate can be obtained by comparing the CRC value calculated by the controller with the known fixed value.
More information about the above solution can also be found in the following documents:
in the chinese invention patent with publication number CN 107992321a, an ECU software updating method, apparatus, vehicle-mounted T-BOX and vehicle are disclosed, wherein the method comprises: after the updating detection is completed, receiving a positive response sent by the target ECU, and sending the positive response to the cloud server; receiving a software update package pushed by a cloud server, and performing CRC (cyclic redundancy check) byte by byte in the transmission and receiving processes; when the second CRC checksum sent by the cloud server is the same as the first CRC checksum, sending an update software package to the target ECU; after the target ECU updates the software to the updating area by performing CRC operation byte by byte, reading the data of the updating area to a buffer area of the vehicle-mounted T-BOX, and receiving and sending a switching instruction to the target software to complete software updating when the data of the updating area is the same as the data of the cloud server. According to the method, the software updating package is compared byte by byte for multiple times, and CRC (cyclic redundancy check) protection is adopted, so that software updating is completed, the safety and the efficiency of software updating are improved, and the use experience of a user is improved.
In the chinese invention patent with publication number CN 110597792a, a method and apparatus for fusing multilevel redundant data based on contemporaneous line loss data fusion is disclosed, wherein the method comprises: cleaning the power grid data by using a button tool; carrying out abnormal data identification, system clustering analysis and positive-negative correlation analysis on the cleaned power grid data to obtain an abnormal data discrimination result; and performing multi-level redundant data check correction according to the abnormal data discrimination result to finish the correction of the power grid equipment parameters, the calculation model, the topological data and the electric quantity data. According to the fusion method provided by the embodiment of the invention, multi-source data can be treated by utilizing multi-level redundant data fusion, the data quality is improved, and the use requirement is effectively met.
In the process of implementing the invention, the inventor finds that the following problems exist in the prior art:
1. in the data transmission process, the data transmitted to the controller is changed due to factors such as environment and the like, and the CRC value is also changed correspondingly; the CRC check value at this time is matched with the wrong data, so the controller may misjudge that the data is correct, and the wrong data written into the controller may result in an uncontrollable effect.
2. The server is used for comparing the check values twice, and the intermediate link also has uncontrollable data deviation depending on the connection quality of the server; and the data accuracy cannot be ensured without multi-stage verification.
Disclosure of Invention
Therefore, a multi-stage verification method and a multi-stage verification system for preventing vehicle-mounted ECU (electronic control unit) refreshing errors need to be provided, and the problem that uncontrollable data deviation can also occur in an intermediate link depending on the connection quality of a server when a server is used for comparing verification values twice in the prior art is solved; the technical problem that the accuracy of the data cannot be ensured without multi-stage verification is solved.
In order to achieve the above object, the inventor provides a multi-stage verification method for preventing refresh errors of an on-board ECU, comprising the following steps:
the server sends a software updating request to the vehicle-mounted T-Box, the vehicle-mounted T-Box sends the software updating request to the vehicle-mounted ECU, the vehicle-mounted ECU receives the updating request, responds to the software updating, the controller executes the automobile software updating, and the controller carries out reprogramming;
in the process of reprogramming the controller, more than three levels of data verification are carried out:
the method comprises the steps of first-stage data checking, namely reserving a preset address in an upgrading file of a controller, writing a first CRC (cyclic redundancy check) value of flash data, calculating a second CRC value of the data of the upgrading file by a vehicle-mounted T-Box, and comparing the second CRC value with the first CRC value in the upgrading file of the controller;
the second-stage data check is carried out, the vehicle-mounted T-Box reads back the data written in the controller in real time in the reprogramming process of the controller, the vehicle-mounted T-Box carries out calculation of a third CRC value of the transmitted data after the data transmission is finished, and the third CRC value is sent to the controller in a routine service mode;
after the controller receives the transmitted data, calculating a fourth CRC value, and comparing the fourth CRC value with a third CRC value sent by the received vehicle-mounted T-Box;
third-level data check, namely comparing the first CRC check value with the fourth CRC check value after the controller receives all data;
if the first-stage data verification, the second-stage data verification and the third-stage data verification pass the verification, the application program written into the controller can be started normally, and if any one of the first-stage data verification, the second-stage data verification and the third-stage data verification fails, the reprogramming process is stopped, and the software updating fails.
As an embodiment of the present invention, in the first-stage data checking step, it is required to determine whether a preset address is continuous;
if the address is not continuous, writing a first CRC (cyclic redundancy check) value of the logic block data in each logic block; if the addresses are continuous, only one position is reserved for writing the first CRC value.
As an embodiment of the present invention, in the second-level data verification step, it is required to determine whether the preset addresses are continuous again;
if the address is not continuous, a fourth CRC check value needs to be calculated in each logic block; if the addresses are consecutive, only one fourth CRC check value needs to be calculated.
As an embodiment of the present invention, the upgrading of the controller is performed by BootLoader based on diagnosis, the data transmission is performed in the form of diagnosis service, and after the data transmission is completed, the CRC check is performed on the transmitted data by using the check routine diagnosis service.
The vehicle-mounted T-Box calculates a third CRC value of the transmitted data, then sends the data to the controller through the routine service, after receiving the third CRC value, the controller calculates a fourth CRC value of the received data, then compares the calculated fourth CRC value with the third CRC value sent by the vehicle-mounted T-Box, if the calculated third CRC value is consistent, a passing reply is sent, and if the calculated third CRC value is inconsistent, a failing reply is sent.
As an embodiment of the present invention, the method further includes the steps of:
fourth-level data check, wherein after the controller receives all the data, the second CRC check value is compared with the fourth CRC check value;
if the fourth-level data verification fails, the reprogramming process is stopped, and the software updating fails.
As an embodiment of the present invention, the method further includes the steps of:
a fifth-level data check, wherein after the controller receives all the data, the first CRC check value, the second CRC check value, the third CRC check value and the fourth CRC check value are compared;
and if the fifth-level data passes the verification, the application program written into the controller can be normally started, otherwise, the reprogramming process is stopped, and the software updating fails.
Different from the prior art, the technical scheme is characterized in that more than three levels of data verification and first level of data verification are carried out in the reprogramming process of the controller, and before data transmission, the vehicle-mounted T-Box carries out second CRC verification value on the data of the upgrade file and compares the second CRC verification value with the first CRC verification value in the upgrade file of the controller; second-stage data check, after the data is transmitted, the vehicle-mounted T-Box performs third CRC value calculation on the transmitted data after the data transmission is completed, and after the controller receives the transmitted data, the controller performs fourth CRC value calculation and comparison; third-level data check, namely comparing the first CRC check value with the fourth CRC check value after the controller receives all data; therefore, the coverage of the whole process is realized through the three-stage verification process; the CRC value of a known file is a known constant value, and through multiple checks, the transmission of each level of data can be confirmed to be free of problems. And multi-stage verification is performed, so that the safety of the file and the safety of data in the transmission process are ensured, and the safe reprogramming of the controller is realized. The method can be realized by only adding corresponding mechanisms in the existing upper computer and the controller, and does not need multi-party linkage and additional hardware resources.
In order to achieve the above object, the inventor further provides a multilevel verification system for preventing the refresh error of the vehicle-mounted ECU, which comprises an execution unit, wherein the execution unit is used for executing the multilevel verification method for preventing the refresh error of the vehicle-mounted ECU.
Different from the prior art, the technical scheme realizes the coverage of the whole flow through a three-level verification process; the CRC value of a known file is a known constant value, and through multiple checks, the transmission of each level of data can be confirmed to be free of problems. And multi-stage verification is performed, so that the safety of the file and the safety of data in the transmission process are ensured, and the safe reprogramming of the controller is realized. The method can be realized by only adding corresponding mechanisms in the existing upper computer and the controller, and does not need multi-party linkage and additional hardware resources.
Drawings
FIG. 1 is a logic diagram of a multi-stage verification method for preventing refresh errors of an onboard ECU in accordance with an embodiment.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
In the description of the present application, unless explicitly stated or limited otherwise, the terms "first", "second", and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance; the term "plurality" means two or more unless specified or indicated otherwise; the terms "connected," "fixed," and the like are to be construed broadly and may, for example, be fixedly connected, detachably connected, integrally connected, or electrically connected; may be directly connected or indirectly connected through an intermediate. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the description of the present application, it should be understood that the terms "upper", "lower", "left", "right", and the like used in the embodiments of the present application are described with reference to the angles shown in the drawings, and should not be construed as limiting the embodiments of the present application. In addition, in this context, it will also be understood that when an element is referred to as being "on" or "under" another element, it can be directly on "or" under "the other element or be indirectly on" or "under" the other element via an intermediate element.
An ecu (electronic Control unit) electronic Control unit, which is also called a "traveling computer" or a "vehicle-mounted computer".
The Telematics BOX is called a vehicle-mounted T-BOX for short, and the vehicle networking system comprises four parts, namely a host, the vehicle-mounted T-BOX, a mobile phone APP and a background system.
CRC check (i.e. cyclic redundancy check) is a check method which is most commonly used for error detection and correction in data communication, and is widely applied to data transmission in a data link layer to ensure an error detection measure for data transmission reliability.
In an embedded operating system, BootLoader is run before the operating system kernel is run. Hardware devices can be initialized, and a memory space mapping graph can be established, so that the software and hardware environment of the system is brought to a proper state, and a correct environment is prepared for finally calling an operating system kernel.
Referring to fig. 1, the present embodiment relates to a multi-stage verification method for preventing a refresh error of a vehicle-mounted ECU, including the following steps:
s101, a server sends a software updating request to a vehicle-mounted T-Box, the vehicle-mounted T-Box sends the software updating request to a vehicle-mounted ECU, the vehicle-mounted ECU receives the updating request, responds to the software updating, a controller executes the automobile software updating, and the controller carries out reprogramming;
s102, in the reprogramming process of the controller, more than three levels of data verification are carried out:
the method comprises the steps of first-stage data checking, namely reserving a preset address in an upgrading file of a controller, writing a first CRC (cyclic redundancy check) value of flash data, calculating a second CRC value of the data of the upgrading file by a vehicle-mounted T-Box, and comparing the second CRC value with the first CRC value in the upgrading file of the controller;
optionally, in the first-stage data verification step, it is required to determine whether the preset addresses are continuous;
if the address is not continuous, writing a first CRC (cyclic redundancy check) value of the logic block data in each logic block; if the addresses are continuous, only one position is reserved for writing the first CRC value. Therefore, in order to prevent the situation that the addresses are not continuous, whether the addresses are continuous or not needs to be judged first, if the addresses are not continuous, a first CRC value needs to be written into each logic block, and if the addresses are continuous, only one first CRC value needs to be written, so that the accuracy of the first CRC value is improved.
The second-stage data check is carried out, the vehicle-mounted T-Box reads back the data written in the controller in real time in the reprogramming process of the controller, the vehicle-mounted T-Box carries out calculation of a third CRC value of the transmitted data after the data transmission is finished, and the third CRC value is sent to the controller in a routine service mode;
after the controller receives the transmitted data, calculating a fourth CRC value, and comparing the fourth CRC value with a third CRC value sent by the received vehicle-mounted T-Box;
optionally, in the second-stage data verification step, it is required to determine whether the preset addresses are continuous again;
if the address is not continuous, a fourth CRC check value needs to be calculated in each logic block; if the addresses are consecutive, only one fourth CRC check value needs to be calculated. At this time, in order to ensure that the data received by each logic block is accurate, if the addresses are not consecutive, the fourth CRC check value needs to be calculated for each logic block, and if the addresses are consecutive, only one fourth CRC check value needs to be calculated.
Third-level data check, namely comparing the first CRC check value with the fourth CRC check value after the controller receives all data;
if the first-stage data verification, the second-stage data verification and the third-stage data verification pass the verification, the application program written into the controller can be started normally, and if any one of the first-stage data verification, the second-stage data verification and the third-stage data verification fails, the reprogramming process is stopped, and the software updating fails.
Optionally, the upgrading of the controller is performed through BootLoader based on diagnosis, data transmission is performed in a form of diagnosis service, and after the data transmission is completed, CRC check is performed on the transmitted data by using a check routine diagnosis service.
Specifically, the vehicle-mounted T-Box calculates a third CRC value of the transmitted data, and then sends the calculated third CRC value to the controller through the routine service, after the controller receives the third CRC value, the controller calculates a fourth CRC value of the received data, and then compares the calculated fourth CRC value with the third CRC value transmitted by the vehicle-mounted T-Box, if the calculated third CRC value is consistent, the passing reply is sent, and if the calculated third CRC value is inconsistent, the failing reply is sent. Therefore, the transmission data can be calculated once in the vehicle-mounted T-Box and once in the controller, the transmission accuracy between the vehicle-mounted T-Box and the controller is ensured, and the uncontrollable result caused by writing of wrong data in the controller is prevented. The existing checking mode is improved, and error data checking is prevented from passing.
Optionally, the method further comprises the following steps:
fourth-level data check, wherein after the controller receives all the data, the second CRC check value is compared with the fourth CRC check value;
if the fourth-level data verification fails, the reprogramming process is stopped, and the software updating fails.
At the moment, before transmission, a known first CRC check value is compared with a second CRC check value calculated by the vehicle-mounted T-Box, and the consistency of the first CRC check value and the second CRC check value is checked; after transmission, comparing a third CRC value calculated by the vehicle-mounted T-Box with a fourth CRC value calculated by the controller, and checking the consistency of the third CRC value and the fourth CRC value; and comparing the first CRC value and the fourth CRC value of the original data, and checking whether the data are consistent after transmission. At this moment, in order to ensure the consistency of data, further, the second CRC check value is compared with the fourth CRC check value, whether the calculated values before and after transmission are consistent or not is checked, and multiple checking operations are performed, so that the situation that error data are written in the controller to cause uncontrollable results is prevented. The existing checking mode is improved, and error data checking is prevented from passing.
As an embodiment of the present invention, the method further includes the steps of:
a fifth-level data check, wherein after the controller receives all the data, the first CRC check value, the second CRC check value, the third CRC check value and the fourth CRC check value are compared;
and if the fifth-level data passes the verification, the application program written into the controller can be normally started, otherwise, the reprogramming process is stopped, and the software updating fails. Therefore, the first CRC check value, the second CRC check value, the third CRC check value and the fourth CRC check value are compared, so that the situation that the data are in place from the beginning and the data in the whole process are accurate is ensured, and the software is updated only if the transmitted data are accurate.
The embodiment also relates to a multilevel verification system for preventing the refresh error of the vehicle-mounted ECU, which comprises an execution unit, wherein the execution unit is used for executing the multilevel verification method for preventing the refresh error of the vehicle-mounted ECU according to any item provided by the embodiment.
Different from the prior art, the technical scheme is characterized in that more than three levels of data verification and first level of data verification are carried out in the reprogramming process of the controller, and before data transmission, the vehicle-mounted T-Box carries out second CRC verification value on the data of the upgrade file and compares the second CRC verification value with the first CRC verification value in the upgrade file of the controller; second-stage data check, after the data is transmitted, the vehicle-mounted T-Box performs third CRC value calculation on the transmitted data after the data transmission is completed, and after the controller receives the transmitted data, the controller performs fourth CRC value calculation and comparison; third-level data check, namely comparing the first CRC check value with the fourth CRC check value after the controller receives all data; therefore, the coverage of the whole process is realized through the three-stage verification process; the CRC value of a known file is a known constant value, and through multiple checks, the transmission of each level of data can be confirmed to be free of problems. And multi-stage verification is performed, so that the safety of the file and the safety of data in the transmission process are ensured, and the safe reprogramming of the controller is realized. The method can be realized by only adding corresponding mechanisms in the existing upper computer and the controller, and does not need multi-party linkage and additional hardware resources.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrases "comprising … …" or "comprising … …" does not exclude the presence of additional elements in a process, method, article, or terminal that comprises the element. Further, herein, "greater than," "less than," "more than," and the like are understood to exclude the present numbers; the terms "above", "below", "within" and the like are to be understood as including the number.
As will be appreciated by one skilled in the art, the above-described embodiments may be provided as a method, apparatus, or computer program product. These embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. All or part of the steps in the methods according to the embodiments may be implemented by a program instructing associated hardware, where the program may be stored in a storage medium readable by a computer device and used to execute all or part of the steps in the methods according to the embodiments. The computer devices, including but not limited to: personal computers, servers, general-purpose computers, special-purpose computers, network devices, embedded devices, programmable devices, intelligent mobile terminals, intelligent home devices, wearable intelligent devices, vehicle-mounted intelligent devices, and the like; the storage medium includes but is not limited to: RAM, ROM, magnetic disk, magnetic tape, optical disk, flash memory, U disk, removable hard disk, memory card, memory stick, network server storage, network cloud storage, etc.
The various embodiments described above are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a computer apparatus to produce a machine, such that the instructions, which execute via the processor of the computer apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer device to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer apparatus to cause a series of operational steps to be performed on the computer apparatus to produce a computer implemented process such that the instructions which execute on the computer apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.
Claims (8)
1. A multi-stage verification method for preventing vehicle-mounted ECU refresh errors is characterized by comprising the following steps:
the server sends a software updating request to the vehicle-mounted T-Box, the vehicle-mounted T-Box sends the software updating request to the vehicle-mounted ECU, the vehicle-mounted ECU receives the updating request, responds to the software updating, the controller executes the automobile software updating, and the controller carries out reprogramming;
in the process of reprogramming the controller, more than three levels of data verification are carried out:
the method comprises the steps of first-stage data checking, namely reserving a preset address in an upgrading file of a controller, writing a first CRC (cyclic redundancy check) value of flash data, calculating a second CRC value of the data of the upgrading file by a vehicle-mounted T-Box, and comparing the second CRC value with the first CRC value in the upgrading file of the controller;
the second-stage data check is carried out, the vehicle-mounted T-Box reads back the data written in the controller in real time in the reprogramming process of the controller, the vehicle-mounted T-Box carries out calculation of a third CRC value of the transmitted data after the data transmission is finished, and the third CRC value is sent to the controller in a routine service mode;
after the controller receives the transmitted data, calculating a fourth CRC value, and comparing the fourth CRC value with a third CRC value sent by the received vehicle-mounted T-Box;
third-level data check, namely comparing the first CRC check value with the fourth CRC check value after the controller receives all data;
if the first-stage data verification, the second-stage data verification and the third-stage data verification pass the verification, the application program written into the controller can be started normally, and if any one of the first-stage data verification, the second-stage data verification and the third-stage data verification fails, the reprogramming process is stopped, and the software updating fails.
2. The multi-stage verification method for preventing refresh errors of the vehicle-mounted ECU according to claim 1, wherein in the first-stage data verification step, it is required to judge whether preset addresses are continuous;
if the address is not continuous, writing a first CRC (cyclic redundancy check) value of the logic block data in each logic block; if the addresses are continuous, only one position is reserved for writing the first CRC value.
3. The multi-stage verification method for preventing refresh errors of the onboard ECU according to claim 2, wherein in the second-stage data verification step, it is necessary to judge again whether the preset addresses are continuous;
if the address is not continuous, a fourth CRC check value needs to be calculated in each logic block; if the addresses are consecutive, only one fourth CRC check value needs to be calculated.
4. The multi-stage verification method for preventing vehicle-mounted ECU refresh errors according to claim 1, characterized in that upgrading of the controller is performed through BootLoader based on diagnosis, data transmission is performed in the form of diagnosis service, and after the data transmission is completed, CRC verification is performed on the transmitted data by using a verification routine diagnosis service.
5. The multi-stage verification method for preventing vehicle-mounted ECU refresh errors according to claim 4, characterized in that the vehicle-mounted T-Box performs third CRC value calculation on the transmitted data, and then sends the calculated data to the controller through a routine service, after receiving the third CRC value, the controller performs fourth CRC value calculation on the received data, and then compares the calculated data with the third CRC value sent by the vehicle-mounted T-Box, if the calculated data are consistent, the controller sends a passing reply, and if the calculated data are inconsistent, the controller sends a failing reply.
6. The multi-stage verification method for preventing refresh errors of an onboard ECU according to claim 1, characterized by further comprising the steps of:
fourth-level data check, wherein after the controller receives all the data, the second CRC check value is compared with the fourth CRC check value;
if the fourth-level data verification fails, the reprogramming process is stopped, and the software updating fails.
7. The multi-stage verification method for preventing refresh errors of an onboard ECU according to claim 1, characterized by further comprising the steps of:
a fifth-level data check, wherein after the controller receives all the data, the first CRC check value, the second CRC check value, the third CRC check value and the fourth CRC check value are compared;
and if the fifth-level data passes the verification, the application program written into the controller can be normally started, otherwise, the reprogramming process is stopped, and the software updating fails.
8. A multi-stage verification system for preventing refresh errors of an onboard ECU, characterized by comprising an execution unit for executing the multi-stage verification method for preventing refresh errors of an onboard ECU according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110259427.3A CN112925546B (en) | 2021-03-10 | 2021-03-10 | Multistage verification method and system for preventing vehicle-mounted ECU from refreshing errors |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110259427.3A CN112925546B (en) | 2021-03-10 | 2021-03-10 | Multistage verification method and system for preventing vehicle-mounted ECU from refreshing errors |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112925546A true CN112925546A (en) | 2021-06-08 |
| CN112925546B CN112925546B (en) | 2023-07-25 |
Family
ID=76172357
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110259427.3A Active CN112925546B (en) | 2021-03-10 | 2021-03-10 | Multistage verification method and system for preventing vehicle-mounted ECU from refreshing errors |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112925546B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615075A (en) * | 2022-03-28 | 2022-06-10 | 重庆长安汽车股份有限公司 | Software tamper-proofing system and method for controller and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2863303A1 (en) * | 2013-10-18 | 2015-04-22 | Fujitsu Limited | Method for confirming correction program, confirming program for confirming correction program, and information processing apparatus |
| CN106853757A (en) * | 2016-12-29 | 2017-06-16 | 江苏阿尔特空调实业有限责任公司 | On-board air conditioner intellectual monitoring safeguards the ECU management and control programs with multilevel security prevention and control |
| CN107632862A (en) * | 2017-09-20 | 2018-01-26 | 江苏兆能电子有限公司 | A kind of multistage start-up loading method of vehicle electronic control unit ECU |
| CN107992321A (en) * | 2017-12-28 | 2018-05-04 | 国机智骏(北京)汽车科技有限公司 | ECU software update method, device, vehicle-mounted T-BOX and vehicle |
| CN111930407A (en) * | 2020-10-19 | 2020-11-13 | 广州汽车集团股份有限公司 | Vehicle ECU software upgrading method and system, vehicle TBOX microcontroller and SOC terminal |
| CN112152825A (en) * | 2019-06-27 | 2020-12-29 | 广东美的制冷设备有限公司 | Multi-stage module upgrading method and device for household electrical appliance and electronic equipment |
-
2021
- 2021-03-10 CN CN202110259427.3A patent/CN112925546B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2863303A1 (en) * | 2013-10-18 | 2015-04-22 | Fujitsu Limited | Method for confirming correction program, confirming program for confirming correction program, and information processing apparatus |
| CN106853757A (en) * | 2016-12-29 | 2017-06-16 | 江苏阿尔特空调实业有限责任公司 | On-board air conditioner intellectual monitoring safeguards the ECU management and control programs with multilevel security prevention and control |
| CN107632862A (en) * | 2017-09-20 | 2018-01-26 | 江苏兆能电子有限公司 | A kind of multistage start-up loading method of vehicle electronic control unit ECU |
| CN107992321A (en) * | 2017-12-28 | 2018-05-04 | 国机智骏(北京)汽车科技有限公司 | ECU software update method, device, vehicle-mounted T-BOX and vehicle |
| CN112152825A (en) * | 2019-06-27 | 2020-12-29 | 广东美的制冷设备有限公司 | Multi-stage module upgrading method and device for household electrical appliance and electronic equipment |
| CN111930407A (en) * | 2020-10-19 | 2020-11-13 | 广州汽车集团股份有限公司 | Vehicle ECU software upgrading method and system, vehicle TBOX microcontroller and SOC terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615075A (en) * | 2022-03-28 | 2022-06-10 | 重庆长安汽车股份有限公司 | Software tamper-proofing system and method for controller and storage medium |
| CN114615075B (en) * | 2022-03-28 | 2023-04-25 | 重庆长安汽车股份有限公司 | Software tamper-proof system and method of controller and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112925546B (en) | 2023-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110782240B (en) | Business data processing method and device, computer equipment and storage medium | |
| CN109683930B (en) | Air conditioning equipment program upgrading method, device and system and household electrical appliance | |
| CN105719140A (en) | Method and device for user information verification | |
| CN111522562B (en) | Dishwasher software burning method, device and equipment thereof | |
| CN112650518A (en) | DSP program on-line upgrading method | |
| CN113359657B (en) | ECU diagnosis configuration code verification method and system and electronic control unit thereof | |
| CN112925546B (en) | Multistage verification method and system for preventing vehicle-mounted ECU from refreshing errors | |
| CN108108262A (en) | Integrated circuit with the hardware check unit for checking selected memory access | |
| CN117391099B (en) | Data downloading and checking method and system for smart card and storage medium | |
| CN112751782B (en) | Flow switching method, device, equipment and medium based on multi-activity data center | |
| CN103914313A (en) | Paxos example updating method, device and system | |
| CN112667272A (en) | Ammeter upgrading method and system, intelligent ammeter and storage medium | |
| CN111966461A (en) | Virtual machine cluster node guarding method, device, equipment and storage medium | |
| CN111258608A (en) | Software upgrading method and device for terminal equipment and electronic system | |
| CN116107618A (en) | Flowmeter controller upgrading method, computer equipment and storage medium | |
| CN116126379A (en) | BIOS firmware upgrading method, device, equipment and storage medium | |
| CN115878647A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN100578557C (en) | Demo plant, portable terminal device and verification method | |
| CN113868216B (en) | Block chain monitoring method and device | |
| CN114371860A (en) | Controller batch upgrading method and device | |
| CN115203665A (en) | Intelligent cabinet code scanning verification method and device, computer equipment and storage medium | |
| CN114546842A (en) | Interface test method and device, storage medium and electronic equipment | |
| CN106844088B (en) | Data sending method and device of RAID storage system | |
| CN112466455A (en) | Intelligent medical fault processing method applied to treatment data transmission and cloud server | |
| CN117499369B (en) | Automatic addressing method and device for battery management system and battery management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |