CN113495736A - Vehicle-mounted electronic module updating method and vehicle-mounted electronic module - Google Patents
Vehicle-mounted electronic module updating method and vehicle-mounted electronic module Download PDFInfo
- Publication number
- CN113495736A CN113495736A CN202010250074.6A CN202010250074A CN113495736A CN 113495736 A CN113495736 A CN 113495736A CN 202010250074 A CN202010250074 A CN 202010250074A CN 113495736 A CN113495736 A CN 113495736A
- Authority
- CN
- China
- Prior art keywords
- update
- updating
- data
- operating system
- vehicle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The application relates to a vehicle-mounted electronic module updating method, which comprises the following steps: receiving an updating instruction and updating data; determining an updating type according to the updating instruction; and executing corresponding updating operation by using the updating data according to the updating type.
Description
Technical Field
The invention relates to the technical field of vehicle electronics, in particular to a vehicle-mounted electronic module updating method and a vehicle-mounted electronic module.
Background
With the development of automobile electronic technology, automobile electrification, networking and intellectualization, the number of vehicle-mounted electronic control units (or electronic control modules, ECUs) is increasing, and thus the functions are gradually enhanced and the mechanisms are increasingly complex. In order to meet the requirements of vehicle-mounted software on a multi-process file management system and the like, Linux operating systems are applied to more and more non-entertainment system ECUs to replace real-time operating systems. The conventional technique of refreshing (also referred to as updating in the context of the present invention) a real-time operating system is to complete the deletion and downloading of the whole application or the target in the boot mode phase of the system through a transmitted instruction by a tool. When the application is updated in the offline refreshing mode, the operating system and the application are bound in the same file, and even if the application is slightly changed, the whole file needs to be deleted and refreshed, so that the updating efficiency is low, and the updating process is complicated.
Although the vehicle-mounted software resources are managed in a file form by using the Linux operating system in some cases, certain memory areas can be conveniently controlled, so that multi-level flash of the file system can be realized. However, the updating function of the U-Boot as a Boot loader of a conventional Linux system cannot ensure the authenticity and integrity of downloaded software, and cannot meet the security requirement of a vehicle-mounted network. The end-to-end communication mode of the vehicle-mounted system is not integrated in the U-Boot, so that the requirements of application or calibration updating of an automobile production line and an after-sales tool chain are not met.
Disclosure of Invention
The invention provides an updating mechanism of a vehicle-mounted ECU (electronic control unit), so that the vehicle-mounted electronic module updating method and the vehicle-mounted electronic module can efficiently and reliably update the ECU module. Specifically, the method comprises the following steps:
according to an aspect of the invention, an updating method for a vehicle-mounted electronic module is provided, which comprises the following steps: receiving an updating instruction and updating data; determining an updating type according to the updating instruction; and executing corresponding updating operation by using the updating data according to the updating type.
Optionally, in some embodiments of the present invention, if it is determined that the update type is an operating system update, the update operation includes the following steps: restarting an operating system and guiding the operating system to enter a minimum system through U-Boot; and updating the operating system using the update data under the minimal system.
Optionally, in some embodiments of the invention, the method further comprises: and verifying the signature of the updating data under the minimum system, and updating the operating system if the verification is passed.
Optionally, in some embodiments of the present invention, if the update type is an application update or a calibration update, the update operation includes the following steps: storing the update data to a designated storage area; and calling an operating system to execute data flashing according to the updated data.
Optionally, in some embodiments of the invention, the method further comprises: and verifying the authenticity of the updating data, and performing data flashing if the updating data passes the verification.
According to another aspect of the present invention, there is provided an in-vehicle electronic module including: a receiving unit configured to receive an update instruction and update data; a judging unit configured to determine an update type according to the update instruction; and an updating unit configured to perform a corresponding updating operation using the update data according to the update type.
Optionally, in some embodiments of the present invention, if the determining unit determines that the update type is an os update, the updating unit performs an update operation that: restarting an operating system and guiding the operating system to enter a minimum system through U-Boot; and updating the operating system using the update data under the minimal system.
Optionally, in some embodiments of the present invention, the updating unit is further configured to: and verifying the signature of the updating data under the minimum system, and updating the operating system if the verification is passed.
Optionally, in some embodiments of the present invention, if the determining unit determines that the update type is an application update or a calibration update, the updating unit performs an update operation that: storing the update data to a designated storage area; and calling an operating system to execute data flashing according to the updated data.
Optionally, in some embodiments of the present invention, the updating unit is further configured to: and verifying the authenticity of the updating data, and performing data flashing if the updating data passes the verification.
Drawings
The above and other objects and advantages of the present invention will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings, in which like or similar elements are designated by like reference numerals.
FIG. 1 illustrates an in-vehicle electronic module according to one embodiment of the present invention.
FIG. 2 illustrates an in-vehicle electronic module according to one embodiment of the present invention.
FIG. 3 illustrates an in-vehicle electronic module update method according to one embodiment of the invention.
FIG. 4 illustrates an in-vehicle electronic module according to one embodiment of the present invention.
Detailed Description
Since the real-time operating system cannot meet the functional requirements of some ECUs, and the update of the general Linux file cannot be directly applied to the vehicle-mounted terminal, a secure update (or referred to as refresh) scheme is proposed herein, which securely updates the Linux operating system itself or the application and the like through the vehicle-mounted communication interface, as described in detail below.
According to one aspect of the invention, an in-vehicle electronic module updating method is provided. As shown in fig. 3, the method for updating the vehicle-mounted electronic module includes the following steps: receiving an update instruction and update data (abbreviated as "reception" in the drawing) in step S31; determining the update type according to the update instruction in step S32 (abbreviated as "determination" in the figure); and in step S33, corresponding update operation (abbreviated as "update" in the figure) is performed using the update data according to the update type.
The update instruction and the update data are received in step S31 of the update method of the present invention. Generally, an ECU serving as a node to be updated may receive an update command (or called query or request) from an update tool (e.g., a vehicle production line tool or an after-market tool). The ECU to be updated may or may not return corresponding data to the update tool according to its own condition. If the ECU accepts the update instruction, it may return a response to the update tool that it is willing to receive the update data. If the ECU does not accept the update command (e.g., certain communication protocol services do not meet the ECU system requirements), the ECU may send an error code and exit the ECU's update process (not enter the download process and thus not receive the update data). In addition, if the update tool does not receive the response from the ECU due to other reasons, the update tool may exit the update flow at this time. The update tool may send the update data to the ECU after the ECU indicates acceptance of the update request. Specifically, for example, the ECU may receive a download instruction transmitted by the update tool, and thereafter the ECU may initiate a download operation and receive update data.
The update type is determined according to the update instruction in step S32 of the update method of the present invention. As noted above, updates to the ECU may be of multiple levels (or referred to as types, modes, etc.), i.e., updates to the ECU require consideration of the update type. In some examples of the invention, the update type may be determined based on certain parameters in the update instructions, e.g., the update tool may inform via the update instructions which type of update needs to be performed. In other examples of the invention it may be determined which type of update is to be performed in dependence on parameters in the update data. Of course, the type of update may also be determined in combination with both. For example, the update may be exited when the two declared update types are inconsistent, or the later received update type may be the priority. Additional data may also be sent to indicate the type of update in other examples of the invention.
In step S33 of the update method of the present invention, a corresponding update operation is performed using the update data according to the update type. In this step, the ECU may perform the update operation according to the update type determined above and the update data for the update operation. It should be noted that, the ECU has previously specified the update modes of different update types, and the update operation can be realized by flushing the update data in the corresponding update modes. Here, the present invention does not limit the specific form of the update type, but common update types include system level updates (e.g., Linux kernel updates, file system updates, etc.), application updates, calibration updates, and the like.
In some embodiments of the present invention, if it is determined that the update type is an operating system update, the update operation includes the steps of: restarting an operating system and guiding the operating system to enter a minimum system through U-Boot; and updating the operating system with the update data under the minimal system.
FIG. 1 illustrates an in-vehicle electronic module according to one embodiment of the present invention. As shown, the ECU 10 includes a U-Boot 101, a minimal system 102, a Linux kernel 103, a file system 104, and a data update area 105. Wherein, the U-Boot 101 is used as a program which is firstly accessed by system Boot and is used for booting the Linux minimum system 102, and other updating functions in the system are forbidden. The minimum system 102 is additionally constructed, and functions of a communication protocol, a security key algorithm, a Flash driver and the like are mainly integrated in the minimum system. The minimum system 102 has a main function of completing operations such as system file deletion, update, and check, and after exiting the update process, the updated ECU node will enter the Linux system. The Linux kernel 103 is a Linux operating system core. The Linux kernel 103 starts the file system 104 where the application program is located, and starts the corresponding application process. In addition, the application program for updating needs to be downloaded to a specific memory area, that is, the data update area 105. In addition, the ECU 10 may further include a data storage area (not shown in the drawings) for storing shared data required during the start-up of the ECU 10 and during the running of the program.
With reference to the example shown in fig. 1, if the update to the ECU 10 belongs to a system level update, the system directly configures the start parameter and performs a restart, after which the minimum system 102 continues to receive information from the update tool, erases the corresponding Partition area, downloads the file system content to the data update area 105, and then updates the operating system according to the downloaded content.
In some embodiments of the invention, the method further comprises: and verifying the signature of the updated data under the minimum system, and updating the operating system if the verification is passed. Continuing with the above example, after the downloading of the file system content to the designated area is completed, the Linux minimum system verifies the file signature of the downloaded file by using the integrated key algorithm, ensures the authenticity and integrity of the downloaded file, and feeds back the final result to the update tool. As shown in fig. 2, the minimal system 102 may specifically include a digital signature unit 201, a diagnostic communication unit 202, and a file management unit 203. In some examples of the invention, the digital signature unit 201 may verify the file signature of the downloaded file through an integrated key algorithm. If the Linux system fails, the process will stay in the minimum system all the time.
In some embodiments of the present invention, if the update type is an application update or a calibration update, the update operation includes the following steps: storing the update data in a designated storage area; and calling the operating system to perform data flashing according to the updated data. If the software is the application layer software and the calibration update, a downloading process in the Linux file system can be used for receiving a downloading instruction sent by an updating tool and downloading the updating package to a specified storage area. Specifically, in the case of application layer software or calibration update, the downloading process in the Linux file system may receive a downloading instruction sent by the update tool, download the update package to a specified storage area (e.g., the data update area 105), and further call the Linux operating system to perform the flushing of the file.
In some embodiments of the invention, the method further comprises: and verifying the authenticity of the updated data, and performing data flashing if the updated data passes the verification. Continuing with the previous example, after downloading is completed, the downloading process can be used to verify the authenticity of the file, the updating process can be triggered after verification is successful, the updating process can call the Linux system to call and execute the flashing of the completed file, and the final result is fed back to the updating tool.
According to another aspect of the invention, an in-vehicle electronic module is provided. As shown in fig. 4, the in-vehicle electronic module 40 includes a receiving unit 401, a determining unit 402, and an updating unit 403, and data interaction may be performed between the units as needed.
Wherein the receiving unit 401 is configured to receive update instructions and update data. Generally, the in-vehicle electronic module 40 serving as a node to be updated can receive an update instruction (or called query or request) from an update tool (e.g., a vehicle production line tool and an after-sales tool) through the receiving unit 401. The vehicle-mounted electronic module 40 to be updated may or may not return corresponding data to the update tool according to its own condition. If the in-vehicle electronic module 40 accepts the update instruction, a response may be returned to the update tool that it is willing to receive the update data. If the vehicle-mounted electronic module 40 does not accept the update command (e.g., some communication protocol services do not meet the system requirements of the vehicle-mounted electronic module 40), the vehicle-mounted electronic module 40 may send an error code and exit the update process of the vehicle-mounted electronic module 40 (not enter the download process, and thus not receive the update data). In addition, if the update tool does not receive the response from the in-vehicle electronic module 40 due to other reasons, the update tool may exit the update process. After the in-vehicle electronic module 40 indicates acceptance of the update request, the update tool may send update data to the in-vehicle electronic module 40. Specifically, for example, the in-vehicle electronic module 40 may receive a download instruction sent by the update tool, and then the in-vehicle electronic module 40 may initiate a download operation and receive update data. It is noted that in some examples of the invention, the receiving unit 401 may take on the data transmission role of the in-vehicle electronic module 40.
The judging unit 402 is configured to determine the update type according to the update instruction. As mentioned above, the update of the in-vehicle electronic module 40 may be of various levels (or called types, modes, etc.), that is, the update of the in-vehicle electronic module 40 needs to take into account the update type. In some examples of the invention, the determination unit 402 may determine the update type according to certain parameters in the update instruction, for example, the update tool may inform which type of update needs to be performed through the update instruction. In other examples of the invention the decision unit 402 may determine which type of update to perform based on parameters in the update data. Of course, the determining unit 402 may also determine the type of update by combining the two. For example, the update may be exited when the two declared update types are inconsistent, or the later received update type may be the priority. In other examples of the invention the update tool may also send additional data to indicate the type of update.
The updating unit 403 is configured to perform a corresponding updating operation using the update data according to the update type. At this time, the updating unit 403 may perform the updating operation according to the update type determined above and the update data for the updating operation. It should be noted that, the vehicle-mounted electronic module 40 has been previously assigned with update modes of different update types, and the update operation can be implemented by writing update data in the corresponding update modes. Here, the present invention does not limit the specific form of the update type, but common update types include system level updates (e.g., Linux kernel updates, file system updates, etc.), application updates, calibration updates, and the like.
In some embodiments of the present invention, if the determining unit determines that the update type is the os update, the updating unit performs an update operation including: restarting an operating system and guiding the operating system to enter a minimum system through U-Boot; and updating the operating system with the update data under the minimal system. If the update of the vehicle-mounted electronic module 40 belongs to system level update, the system can directly configure the starting parameters and restart, after the restart, the minimum system can continuously receive information from the updating tool, erase the corresponding Partition area, download the file system content to the data updating area, and then update the operating system according to the downloaded content.
In some embodiments of the invention, the update unit is further configured to: and verifying the signature of the updated data under the minimum system, and updating the operating system if the verification is passed. Continuing with the above example, after the downloading of the file system content to the designated area is completed, the Linux minimum system verifies the file signature of the downloaded file by using the integrated key algorithm, ensures the authenticity and integrity of the downloaded file, and feeds back the final result to the update tool. If the Linux system fails, the process will stay in the minimum system all the time.
In some embodiments of the present invention, if the determining unit determines that the update type is an application update or a calibration update, the updating unit performs an update operation of: storing the update data in a designated storage area; and calling the operating system to perform data flashing according to the updated data. If the software is the application layer software and the calibration update, a downloading process in the Linux file system can be used for receiving a downloading instruction sent by an updating tool and downloading the updating package to a specified storage area. Specifically, if the file is an application layer software or a calibration update, the downloading process in the Linux file system may receive a downloading instruction sent by the update tool, download the update package to a specified storage area, and further call the Linux operating system to perform the flash of the file.
In some embodiments of the invention, the update unit is further configured to: and verifying the authenticity of the updated data, and performing data flashing if the updated data passes the verification. Continuing with the previous example, after downloading is completed, the downloading process can be used to verify the authenticity of the file, the updating process can be triggered after verification is successful, the updating process can call the Linux system to call and execute the flashing of the completed file, and the final result is fed back to the updating tool.
In the safe refresh mechanism in the Linux environment of the present invention, some examples provide a plurality of different update modes for the vehicle-mounted terminal, including a full system refresh and an APP/CAL update, and the requirements for refresh under different conditions are satisfied in one mechanism. In addition, some examples of the invention construct a Linux minimum system to complete operations such as verification/deletion/upgrade of files, so that the overall security of the system is improved, and the requirements of a trust chain of vehicle-mounted network security are met. Finally, some examples of the present invention implement the functionality of updating a Linux file system from a vehicle-mounted communication interface by building a Linux minimum system, meeting the automotive toolchain update requirements.
Although the above examples mainly illustrate the vehicle-mounted electronic module updating method and the vehicle-mounted electronic module of the present invention, and only some of the embodiments of the present invention are described, it should be understood by those skilled in the art that the present invention can be implemented in many other forms without departing from the spirit and scope of the present invention. Accordingly, the present examples and embodiments are to be considered as illustrative and not restrictive, and various modifications and substitutions may be made therein without departing from the spirit and scope of the present invention as defined by the appended claims.
Claims (10)
1. A vehicle-mounted electronic module updating method is characterized by comprising the following steps:
receiving an updating instruction and updating data;
determining an updating type according to the updating instruction; and
and executing corresponding updating operation by using the updating data according to the updating type.
2. The method of claim 1, wherein if the update type is determined to be an operating system update, the update operation comprises:
restarting an operating system and guiding the operating system to enter a minimum system through U-Boot; and
and updating the operating system by using the updating data under the minimum system.
3. The method of claim 2, further comprising: and verifying the signature of the updating data under the minimum system, and updating the operating system if the verification is passed.
4. The method of claim 1, wherein if the update type is an application update or a calibration update, the update operation comprises the steps of:
storing the update data to a designated storage area; and
and calling an operating system to execute data flashing according to the updated data.
5. The method of claim 4, further comprising: and verifying the authenticity of the updating data, and performing data flashing if the updating data passes the verification.
6. An in-vehicle electronic module, the module comprising:
a receiving unit configured to receive an update instruction and update data;
a judging unit configured to determine an update type according to the update instruction; and
an updating unit configured to perform a corresponding updating operation using the update data according to the update type.
7. The module according to claim 6, wherein if the determining unit determines that the update type is os update, the updating unit performs an update operation that is:
restarting an operating system and guiding the operating system to enter a minimum system through U-Boot; and
and updating the operating system by using the updating data under the minimum system.
8. The module of claim 7, wherein the update unit is further configured to: and verifying the signature of the updating data under the minimum system, and updating the operating system if the verification is passed.
9. The module according to claim 6, wherein if the determining unit determines that the update type is an application update or a calibration update, the updating unit performs an update operation of:
storing the update data to a designated storage area; and
and calling an operating system to execute data flashing according to the updated data.
10. The module of claim 9, wherein the update unit is further configured to: and verifying the authenticity of the updating data, and performing data flashing if the updating data passes the verification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010250074.6A CN113495736A (en) | 2020-04-01 | 2020-04-01 | Vehicle-mounted electronic module updating method and vehicle-mounted electronic module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010250074.6A CN113495736A (en) | 2020-04-01 | 2020-04-01 | Vehicle-mounted electronic module updating method and vehicle-mounted electronic module |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113495736A true CN113495736A (en) | 2021-10-12 |
Family
ID=77993956
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010250074.6A Pending CN113495736A (en) | 2020-04-01 | 2020-04-01 | Vehicle-mounted electronic module updating method and vehicle-mounted electronic module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113495736A (en) |
-
2020
- 2020-04-01 CN CN202010250074.6A patent/CN113495736A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10042635B2 (en) | Method for wireless remote updating vehicle software | |
US9841965B2 (en) | Centralized system for software updating vehicle components | |
US10162625B2 (en) | Vehicle control storage methods and systems | |
US20160371075A1 (en) | Method for software updating of vehicle components | |
US20160364230A1 (en) | Telematics control unit comprising a differential update package | |
US20160364232A1 (en) | Method for ota updating vehicle electronic control unit | |
CN102135922B (en) | The method for refreshing of application program and system | |
CN110008690B (en) | Authority management method, device, equipment and medium for terminal application | |
CN111796848A (en) | Bootloader software updating method and device, embedded controller and storage medium | |
CN110825403A (en) | Method and system for flashing ECU (electronic control Unit) of automobile | |
US20240069906A1 (en) | Server, software update system, distribution method, and non-transitory storage medium | |
CN115061713A (en) | Method and device for upgrading electronic equipment | |
CN114895947A (en) | Software upgrading method, device, equipment and storage medium of vehicle-mounted controller | |
CN113495736A (en) | Vehicle-mounted electronic module updating method and vehicle-mounted electronic module | |
CN114840241A (en) | Data processing method and related equipment | |
US11947824B2 (en) | Electronic control unit, method, and program | |
US20220391194A1 (en) | Ota master, system, method, non-transitory storage medium, and vehicle | |
CN115982710A (en) | OTA (over the air) security upgrading method based on Ethernet | |
CN114675864A (en) | Control method, control device and system for reprogramming and upgrading of dual-partition ECU | |
CN113276788A (en) | Vehicle-mounted application upgrading method and device, vehicle-mounted terminal and storage medium | |
CN113454608A (en) | Update method for updating a motor vehicle computer to add additional functionality thereto | |
CN113935011A (en) | Method for executing a secure boot sequence of a control device | |
CN117295055A (en) | OTA upgrading system and upgrading method | |
US11954480B2 (en) | Center, OTA master, system, method, non-transitory storage medium, and vehicle | |
US20220405083A1 (en) | Ota master, system, method, non-transitory storage medium, and vehicle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |