CN117295055A - OTA upgrading system and upgrading method - Google Patents
OTA upgrading system and upgrading method Download PDFInfo
- Publication number
- CN117295055A CN117295055A CN202311109304.7A CN202311109304A CN117295055A CN 117295055 A CN117295055 A CN 117295055A CN 202311109304 A CN202311109304 A CN 202311109304A CN 117295055 A CN117295055 A CN 117295055A
- Authority
- CN
- China
- Prior art keywords
- ecu
- ota
- upgrading
- request
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000013507 mapping Methods 0.000 claims abstract description 34
- 238000005192 partition Methods 0.000 claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 7
- 230000004044 response Effects 0.000 claims description 39
- 238000003745 diagnosis Methods 0.000 claims description 37
- 230000005540 biological transmission Effects 0.000 claims description 21
- 238000004422 calculation algorithm Methods 0.000 claims description 7
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 20
- 230000006870 function Effects 0.000 abstract description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000013478 data encryption standard Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
- H04W8/245—Transfer of terminal data from a network towards a terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/656—Updates while running
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to an OTA upgrading system and an upgrading method, comprising an electronic control unit ECU and an OTA Master control module OTA Master, wherein the ECU selects a microcontroller CPU supporting virtual address mapping as a Master control chip of the ECU, a vehicle end obtains an image file of new software in the ECU under the constraint of a communication protocol by an OTA Master node through a wireless network, and then the OTA upgrading of the ECU is actively initiated. The PFflash is divided into the A partition and the B partition, the system can be switched between the A partition and the B partition, the original Application program runs normally in the process of downloading the new Application program, and the vehicle user can still use all functions of the ECU. Original edition Application is kept all the time in the whole process of OTA upgrading, if the original edition Application is interrupted in the upgrading process, normal operation can still be realized, and the condition that an Application program cannot work can be avoided. The convenience and reliability of upgrading are improved.
Description
Technical Field
The invention relates to an automobile electronic information technology, in particular to an OTA upgrading system and an upgrading method.
Background
OTA is called "Over-The-Air", i.e. The Over-The-Air technology, is widely used in The mobile phone industry, terminating The complex operations of connecting The computer, downloading The software, and reinstalling The update required for mobile phone software upgrade. In recent years, with the continuous development of the internet technology of automobiles, the in-automobile controller software OTA is also becoming a trend.
In the automotive field, existing implementations of software upgrades to ECU (Electric Control Unit electronic control unit) require the development of Bootloader programs (boot loader of embedded systems) and Application programs (applications ), respectively.
If the Application program is to be updated, the ECU needs to enter a Bootloader program, and the Application program is updated in the Bootloader, as shown in the ECU software upgrading process schematic diagram in fig. 1. In the process of upgrading the ECU by using the existing mode, the ECU runs Bootloader instead of Application, and at the moment, the ECU does not have any function of an Application program. Then a portion of the vehicle's functionality may be disabled during the upgrade process for the vehicle user, which may affect the vehicle experience.
If the Application program is erased and the subsequent upgrading process is interrupted in the conventional upgrading process, the upgrade must be tried again, and the ECU can not work normally until the upgrade is successful, which is very time-consuming and memory-consuming.
Disclosure of Invention
Aiming at the problems, an OTA upgrading system and an upgrading method are provided, and a new version of Application program is downloaded while the current version of Application program is run; the current Application program is kept from being erased and available until the new Application program is run.
The technical scheme of the invention is as follows: an OTA upgrading system comprises an electronic control unit ECU and an OTA main control module OTA Master, wherein the ECU selects a microcontroller CPU supporting virtual address mapping as a main control chip of the ECU, a vehicle end obtains an image file of new software in the ECU under the constraint of a communication protocol by an OTA Master node through a wireless network, and then the OTA upgrading of the ECU is actively initiated to replace a new Application program and an old Application program.
Preferably, the communication protocol is any one of Ethernet, flexRay or CAN FD.
Preferably, the Program Flash of the microcontroller CPU is divided into an A area and a B area, the physical address ranges of the A area and the B area are different and are mapped to the same section of virtual address range, and the section of virtual address range is used as the CPU instruction fetching area.
Preferably, the partition a and the partition B store an Application of an active version and an Application of an old version, respectively.
An OTA upgrading method carries out OTA upgrading on an established OTA upgrading system, and specifically comprises the following steps:
the method comprises the steps that firstly, an OTA Master sends a diagnosis request for entering an expansion session to an ECU, the ECU enters the expansion session after receiving the request, replies a positive response and enters the next step;
secondly, the OTA Master sends a diagnosis request for entering a programming session to the ECU, the ECU enters the programming session from the expansion session after receiving the request, replies a positive response and enters the next step;
thirdly, the OTA Master sends a diagnosis request for requesting the seeds to the ECU, the ECU receives the request and then replies a positive response and the seeds, the OTA Master calculates a secret key by using a DES algorithm after receiving the seeds, then sends a diagnosis request for requesting safe unlocking and carries secret key information to the ECU, the ECU checks whether the secret key is correct after receiving the request, and the ECU checks the corresponding safety level after unlocking and replies a positive response, and then the next step is carried out; fourth, OTA Master sends a diagnosis request for downloading Flash Driver to ECU, and ECU replies positive response; then the OTA Master continuously sends a diagnosis request of the transmission data to the ECU until the Flash Driver finishes all transmission, and the ECU needs to reply a positive response every time the ECU receives the diagnosis request of the transmission data; finally, the OTA Master sends a diagnosis request for exiting transmission to the ECU, and the ECU replies a positive response; fifthly, the OTA Master sends a request for erasing old Application to the ECU, and the ECU erases the Application in the unused partition and replies a positive response to enter the next step;
sixthly, the OTA Master sends an OTA Master to the ECU, sends a diagnosis request for requesting to download new Application to the ECU, and the ECU replies an affirmative response; then the OTA Master continuously sends a diagnosis request of the transmission data to the ECU until the new Application is completely transmitted, and the ECU needs to reply a positive response every time the ECU receives the diagnosis request of the transmission data; finally, the OTA Master sends a diagnosis request for exiting transmission to the ECU, and the ECU replies an affirmative response to enter the next step;
seventh step: the OTA Master sends a diagnosis request of new Application integrity check to the ECU, and the ECU uses cyclic redundancy check to carry out the integrity check on the new Application; if the check is not passed, a negative response is returned, the OTA upgrade fails and the current edition Application continues to be operated, and the upgrade is exited; if the check is passed, a positive response is replied, and the next step is carried out;
eighth step: and the OTA Master sends a reset request, the ECU firstly checks whether the virtual address mapping function of the chip is enabled after receiving the request, and if the virtual address mapping function is not enabled, the OTA Master activates the virtual address mapping function, selects an alternative mapping mode and then triggers a reset operation new Application. If the virtual address mapping function is enabled, the address mapping mode is switched, then the reset operation is triggered to run new Application, and the upgrading is ended.
Further, in the fifth to eighth steps, the CPU in the ECU maps only the partition storing old version Application.
Further, the cyclic redundancy check in the seventh step is replaced by a parity check or a hamming check.
The invention has the beneficial effects that: according to the OTA upgrading system and the upgrading method, the PFlash is divided into the A partition and the B partition, the system can be switched between the A partition and the B partition, the original edition Application program normally operates in the process of downloading the new edition Application program, and a vehicle user can still use all functions of the ECU. Original edition Application is kept all the time in the whole process of OTA upgrading, if the original edition Application is interrupted in the upgrading process, normal operation can still be realized, and the condition that an Application program cannot work can be avoided.
Drawings
FIG. 1 is a schematic diagram of a conventional ECU software upgrade process;
FIG. 2 is a network topology diagram of an OTA upgrade system of the present invention;
FIG. 3A is a diagram of a standard address mapping mode of a microcontroller according to the present invention;
FIG. 3B is a diagram of an alternative address mapping mode of the microcontroller of the present invention;
FIG. 4 is a flowchart of an OTA upgrade of the present invention;
FIG. 5 is a logic diagram of ECU software in the OTA upgrade process of the present invention;
fig. 6 is a schematic diagram of PFlash data change in the OTA upgrading process according to the invention.
Detailed Description
The invention will now be described in detail with reference to the drawings and specific examples. The present embodiment is implemented on the premise of the technical scheme of the present invention, and a detailed implementation manner and a specific operation process are given, but the protection scope of the present invention is not limited to the following examples.
The invention selects a microcontroller CPU supporting virtual address mapping as a main control chip of an ECU, uses Ethernet as a communication protocol for transmitting data, and communicates with a vehicle end; and acquiring an image file of the new software of the ECU through a wireless network at the vehicle end by an OTA Master (OTA Master control module) node, and then actively initiating OTA upgrading of the ECU. The network topology of the OTA upgrade system is shown in fig. 2.
The PFflash (Program Flash) is divided into an A area and a B area, wherein the physical address ranges of the A area and the B area are different, but can be mapped to the same section of virtual address range, and the section of virtual address range is called as a CPU instruction fetching area. As shown in fig. 3A, 3B, the microcontroller has two address mapping modes: mapping the A partition to the CPU instruction fetch area is referred to as a standard mapping mode, and mapping the B partition to the CPU instruction fetch area is referred to as an alternative mapping mode. After the starting addresses and the sizes of the partition A, the partition B and the CPU instruction fetching area are determined, the link script is modified, and all programs are positioned in the CPU instruction fetching area.
On the basis of finishing A/B partition and link script change, designing a software OTA upgrading flow as shown in FIG. 4, and realizing intercommunication between an OTA Master and an ECU in the upgrading process; the corresponding working logic of the software in the ECU during the upgrade process in fig. 4 is shown in fig. 5.
The first step, OTA Master sends a diagnosis request for entering an expansion session to the ECU, the ECU enters the expansion session after receiving the request, and replies a positive response to enter the next step.
And secondly, sending a diagnosis request for entering the programming session to the ECU by the OTA Master, entering the programming session by the expansion session after the ECU receives the request, replying an affirmative response, and entering the next step.
Thirdly, the OTA Master sends a diagnosis request for requesting the seeds to the ECU, the ECU receives the request and then replies an affirmative response and the seeds, the OTA Master calculates a secret key by using a DES algorithm (Data Encryption Standard) after receiving the seeds, then sends a diagnosis request for requesting safe unlocking and carries secret key information to the ECU, the ECU checks whether the secret key is correct after receiving the request, and the ECU checks the corresponding safety level after unlocking and replies an affirmative response, and then the ECU enters the next step.
Fourth, OTA Master sends a diagnosis request for downloading Flash Driver to ECU, and ECU replies positive response; then the OTA Master continuously sends a diagnosis request of the transmission data to the ECU until the Flash Driver finishes all transmission, and the ECU needs to reply a positive response every time the ECU receives the diagnosis request of the transmission data; finally, the OTA Master sends a diagnostic request to the ECU to exit the transmission, and the ECU replies a positive response.
Fifth, OTA Master sends request for erasing old Application to ECU, ECU erases Application in unused partition and replies positive response to go to next step.
Sixthly, the OTA Master sends an OTA Master to the ECU, sends a diagnosis request for requesting to download new Application to the ECU, and the ECU replies an affirmative response; then the OTA Master continuously sends a diagnosis request of the transmission data to the ECU until the new Application is completely transmitted, and the ECU needs to reply a positive response every time the ECU receives the diagnosis request of the transmission data; finally, the OTA Master sends a diagnosis request for exiting transmission to the ECU, and the ECU replies an affirmative response to enter the next step.
Seventh step: the OTA Master sends a diagnostic request for the new Application integrity check to the ECU, which uses the cyclic redundancy check to perform the integrity check on the new Application. If the check is not passed, a negative response is returned, the OTA upgrade fails and the current edition Application continues to be operated, and the upgrade is exited; if the check is passed, a positive response is returned, and the next step is performed.
Eighth step: and the OTA Master sends a reset request, the ECU firstly checks whether the virtual address mapping function of the chip is enabled after receiving the request, and if the virtual address mapping function is not enabled, the OTA Master activates the virtual address mapping function, selects an alternative mapping mode and then triggers a reset operation new Application. If the virtual address mapping function is enabled, the address mapping mode is switched, then the reset operation is triggered to run new Application, and the upgrading is ended.
Fig. 6 is a schematic diagram showing the change of PFlash data in the OTA upgrading process according to the present invention, in which, when executing steps one to four, the application1.0 and the application0.0 of the old version are stored in the a area and the B area of the program flash memory respectively; when the fifth step is executed, the old version application0.0 stored in the program flash memory B area is erased; executing the sixth to eighth steps, the old version of application0.0 stored in the B area of the program flash memory is replaced by the new version of application2.0, while the existing application1.0 is always stored in the A area of the program flash memory, and can be restarted if the upgrade is unsuccessful, if the upgrade is successful, the new version of application2.0 of the B area is started. In the whole process of fig. 6, the mapping mode of mapping the partition B to the instruction fetching area of the CPU is adopted, the partition a does not enter the mapping mode, and when the partition a needs to be upgraded to application3.0 as the next time, the partition a enters the mapping mode, and the partition B retains the existing version.
The upgrade system and the upgrade method are really realized by the fact that the ECU operates in Application and by means of Flash mapping mode switching, so that the upgrade speed is improved; the algorithm, interactive confirmation and integrity acceptance of the key in the upgrading process ensure the upgrading reliability.
The communication protocol for transmitting data between the OTA Master and the ECU CAN be other protocols besides Ethernet, such as FlexRay, CAN FD, etc. The algorithm that generates the key at the time of secure unlocking may use other encryption algorithms in addition to the DES algorithm. In addition to cyclic redundancy check, other methods may be used to check the integrity of the new Application, such as parity check, hamming check, etc.
The above examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (7)
1. The OTA upgrading system is characterized by comprising an electronic control unit ECU and an OTA Master control module OTA Master, wherein the ECU selects a microcontroller CPU supporting virtual address mapping as a Master control chip of the ECU, a vehicle end obtains an image file of new software in the ECU under the constraint of a communication protocol by an OTA Master node through a wireless network, and then the OTA upgrading of the ECU is actively initiated to replace new and old Application programs.
2. The OTA upgrade system of claim 1 wherein the communication protocol is any one of Ethernet, flexRay or CAN FD.
3. The OTA upgrading system according to claim 1 or 2 wherein the Program Flash of the microcontroller CPU is divided into two areas a and B, the physical address ranges of the a and B areas are different and each mapped to the same segment of virtual address range, and the segment of virtual address range is used as the CPU instruction fetching area.
4. The OTA upgrade system of claim 3 wherein the a partition and B partition store an active version Application and an older version Application, respectively.
5. An OTA upgrading method carries out OTA upgrading on an established OTA upgrading system and is characterized by comprising the following steps:
the method comprises the steps that firstly, an OTA Master sends a diagnosis request for entering an expansion session to an ECU, the ECU enters the expansion session after receiving the request, replies a positive response and enters the next step;
secondly, the OTA Master sends a diagnosis request for entering a programming session to the ECU, the ECU enters the programming session from the expansion session after receiving the request, replies a positive response and enters the next step;
thirdly, the OTA Master sends a diagnosis request for requesting the seeds to the ECU, the ECU receives the request and then replies a positive response and the seeds, the OTA Master calculates a secret key by using a DES algorithm after receiving the seeds, then sends a diagnosis request for requesting safe unlocking and carries secret key information to the ECU, the ECU checks whether the secret key is correct after receiving the request, and the ECU checks the corresponding safety level after unlocking and replies a positive response, and then the next step is carried out;
fourth, OTA Master sends a diagnosis request for downloading Flash Driver to ECU, and ECU replies positive response; then the OTA Master continuously sends a diagnosis request of the transmission data to the ECU until the Flash Driver finishes all transmission, and the ECU needs to reply a positive response every time the ECU receives the diagnosis request of the transmission data; finally, the OTA Master sends a diagnosis request for exiting transmission to the ECU, and the ECU replies a positive response;
fifthly, the OTA Master sends a request for erasing old Application to the ECU, and the ECU erases the Application in the unused partition and replies a positive response to enter the next step;
sixthly, the OTA Master sends an OTA Master to the ECU, sends a diagnosis request for requesting to download new Application to the ECU, and the ECU replies an affirmative response; then the OTA Master continuously sends a diagnosis request of the transmission data to the ECU until the new Application is completely transmitted, and the ECU needs to reply a positive response every time the ECU receives the diagnosis request of the transmission data; finally, the OTA Master sends a diagnosis request for exiting transmission to the ECU, and the ECU replies an affirmative response to enter the next step;
seventh step: the OTA Master sends a diagnosis request of new Application integrity check to the ECU, and the ECU uses cyclic redundancy check to carry out the integrity check on the new Application; if the check is not passed, a negative response is returned, the OTA upgrade fails and the current edition Application continues to be operated, and the upgrade is exited; if the check is passed, a positive response is replied, and the next step is carried out;
eighth step: and the OTA Master sends a reset request, the ECU firstly checks whether the virtual address mapping function of the chip is enabled after receiving the request, and if the virtual address mapping function is not enabled, the OTA Master activates the virtual address mapping function, selects an alternative mapping mode and then triggers a reset operation new Application. If the virtual address mapping function is enabled, the address mapping mode is switched, then the reset operation is triggered to run new Application, and the upgrading is ended.
6. The OTA upgrading method according to claim 5 wherein the fifth to eighth steps, the CPU in the ECU maps only the partition storing the old version of Application.
7. The OTA upgrading method of claim 5 wherein the cyclic redundancy check in the seventh step is replaced by a parity check or a hamming check.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311109304.7A CN117295055A (en) | 2023-08-30 | 2023-08-30 | OTA upgrading system and upgrading method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311109304.7A CN117295055A (en) | 2023-08-30 | 2023-08-30 | OTA upgrading system and upgrading method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117295055A true CN117295055A (en) | 2023-12-26 |
Family
ID=89239987
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311109304.7A Pending CN117295055A (en) | 2023-08-30 | 2023-08-30 | OTA upgrading system and upgrading method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117295055A (en) |
-
2023
- 2023-08-30 CN CN202311109304.7A patent/CN117295055A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110231952B (en) | ECU program backup and cyclic upgrade control method and device | |
| US11960877B2 (en) | Updating system, electronic control unit, updating management device, and updating management method | |
| WO2010017775A1 (en) | Controller area network (can) bus based control method for refreshing codes of vehicle’s electronic controller | |
| US20160085538A1 (en) | Over-the-air updates for ble devices | |
| US11914871B2 (en) | Electronic control device and program-update method | |
| WO2018176692A1 (en) | System firmware updating method, device and battery management system | |
| US20240069906A1 (en) | Server, software update system, distribution method, and non-transitory storage medium | |
| CN111722864A (en) | ECU data flashing method and related device | |
| WO2022160816A1 (en) | Data processing method and related device | |
| CN114895947A (en) | Software upgrading method, device, equipment and storage medium of vehicle-mounted controller | |
| JP2018160207A (en) | On-vehicle controller and program update software | |
| KR101744998B1 (en) | Re-programming control module and re-programming system and method using the re-programming control module | |
| CN117295055A (en) | OTA upgrading system and upgrading method | |
| CN116755737A (en) | OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software | |
| CN110704076A (en) | Data processing method and device, vehicle-mounted controller and computer-readable storage medium | |
| CN110688136A (en) | Application program updating method and device | |
| CN115982710A (en) | OTA (over the air) security upgrading method based on Ethernet | |
| US11995429B2 (en) | Software update device, update control method, non-transitory storage medium, and server | |
| CN113672258A (en) | System upgrading method and device for vehicle, computer equipment and storage medium | |
| JP2018160208A (en) | On-vehicle controller and program update software | |
| JP2013192092A (en) | On-vehicle device | |
| CN116909609B (en) | Software upgrading method and device of vehicle-mounted intelligent equipment and vehicle-mounted intelligent equipment | |
| CN113495736A (en) | Vehicle-mounted electronic module updating method and vehicle-mounted electronic module | |
| WO2024108456A1 (en) | Controller upgrading method, and apparatus | |
| US20170031703A1 (en) | Method and device for updating a virtual machine operated on a physical machine under a hypervisor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |