WO2020099023A2 - Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur - Google Patents

Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur Download PDF

Info

Publication number
WO2020099023A2
WO2020099023A2 PCT/EP2019/076994 EP2019076994W WO2020099023A2 WO 2020099023 A2 WO2020099023 A2 WO 2020099023A2 EP 2019076994 W EP2019076994 W EP 2019076994W WO 2020099023 A2 WO2020099023 A2 WO 2020099023A2
Authority
WO
WIPO (PCT)
Prior art keywords
program
update
data
control device
data carrier
Prior art date
Application number
PCT/EP2019/076994
Other languages
German (de)
English (en)
Other versions
WO2020099023A3 (fr
Inventor
Hans-Guenter Kothgasser
Christophe Elies
Matthias Bilger
Original Assignee
Bayerische Motoren Werke Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bayerische Motoren Werke Aktiengesellschaft filed Critical Bayerische Motoren Werke Aktiengesellschaft
Publication of WO2020099023A2 publication Critical patent/WO2020099023A2/fr
Publication of WO2020099023A3 publication Critical patent/WO2020099023A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Definitions

  • Control device for a vehicle component kit comprising a control device and a tester device, vehicle, method for updating a control device and computer-readable storage medium
  • the present invention relates to a control device for a vehicle component, a kit comprising a control device and a tester device, a vehicle, a method for updating a control device and a corresponding computer-readable storage medium.
  • Vehicles such as cars, have a large number of control units which control and / or monitor different functions or actuators of the vehicle. So control devices are provided, for example the
  • Control devices for communication are each connected to one or more BUS systems in order to send or receive data.
  • Control devices also typically have a computing device and a storage device, and are designed to execute different programs in order to perform their control functions.
  • Control units are usually updated in a workshop.
  • a workshop employee connects a so-called tester or a tester device, ie a device which is used to update the control units, to the vehicle via an OBD connection.
  • the tester can then communicate with the control units in the vehicle via a BUS system.
  • Classic control units are implemented very close to the hardware. You have specialized hardware, e.g. B. ASICS (Application Specific Integrated Circuits), which work with defined programs and data.
  • Modern control devices on the other hand, can be used universally in some cases and have complex operating systems such as B. Linux-based systems and a file system.
  • the file system makes it possible to save data as files on partitions, ie logical data carriers, and to access them.
  • Such a modern control unit usually has two partitions in which the data or the programs and the operating system of the control unit are present in a mirrored manner.
  • a so-called main partition is used to run the programs while the vehicle is running.
  • a so-called mirror partition or mirror partition is used to ensure redundant storage of the programs of the control device. Programs to be executed as well as the
  • the data of the mirror partition are updated first.
  • the update process it is checked whether the update of the mirror partition has been successfully completed, e.g. B. by calculating a hash value over the partition and comparing the calculated hash value with a reference value. If the update is successfully completed, all data of the mirror partition can be transferred to the main partition.
  • Copying the mirror partition to the main partition includes copying application data and operating system data. This process takes a long time.
  • a control device is to be specified which consumes less time when updating the control device.
  • the object of the invention is achieved by a control device according to claim 1.
  • the object is achieved by a control device for a
  • Vehicle component in particular for a vehicle component of a car, comprising the following:
  • a storage device for storing a program update, a first logical data carrier and a second logical data carrier
  • a computing device for executing the program update and first program data stored on the first logical data carrier;
  • the program updater is designed to use second program data of the second logical data carrier
  • the computing device is designed to execute the updated second program data of the second logical data carrier.
  • a core of the invention is that a program updater is used to update the second program data.
  • a program update means a program that can be set up to update the second program data.
  • For the first and second program data can be programs to be executed or parts of programs to be executed.
  • Program user data can also be used to update the second program data.
  • Program data must be included.
  • the operating system of the control device is not part of the first or second program data.
  • Operating system can be stored on an operating system disk or partition.
  • the program updater can be stored on the first logical data carrier.
  • Program update is a program that is executed by the operating system.
  • a logical volume can be a partition of a
  • the first and second logical data carriers can be partitions of a file-based system.
  • the computing device can be designed to copy at least a subset of the second program data to the first logical data carrier, in particular the updated second program data.
  • the computing device can be designed to carry out the copying at a time when the computing device is in an idle or idle state.
  • the idle state is preferably a state in which no update tasks are carried out by the control device.
  • the vehicle can thus be any vehicle.
  • Refresh can be put back into operation quickly.
  • copying can only take place when a rest phase occurs. This means that the vehicle is available to the customer again more quickly.
  • a communication device can be provided in the control device, which can be designed to receive an update signal, wherein the program updater can be configured to update the second program data in response to the receipt of the
  • the initiation of the update process can thus advantageously be started by an external signal.
  • a tester connected to the control unit outputs the update signal.
  • the communication device can be designed to transmit the update signal via a wireless interface, such as e.g. B. to receive an air interface such as LTE or GSM or 3G. It is also conceivable that the communication device receives the update signal via a WLAN interface.
  • the program updater may be configured to interrupt execution of the first program data in response to / receiving the update signal.
  • control unit can thus be brought into a defined state. For example, access to
  • Hardware resources are interrupted, or the hardware resources are released. This is an advantage because it ensures that the
  • ECU can be ensured during the update.
  • authorization conflicts can be prevented if individual files are used by the second program data.
  • the computing unit can be designed to identify a program that is specified by the second program data.
  • program data can indicate programs that form a logical unit. A program can thus be specifically updated.
  • the updating may be an exchange of a program stored on the second logical volume with one
  • the update may include replacing an operating system stored on the second logical volume.
  • the second logical data carrier can also store an operating system. For example, a Linux-based operating system
  • the updating can include calculating a checksum, in particular a hash value, using the second program data.
  • the updating can include comparing the calculated checksum with a reference checksum, wherein the computing device can be designed to execute the second program data only if the calculated checksum and the reference checksum are identical.
  • the reference checksum can indicate a planned state of the second logical data carrier and / or the second program data.
  • the update data can indicate an operating system, in particular a Linux-based operating system.
  • the computing device can be designed to switch the control device into an update mode.
  • the computing device can, for example in response to receiving the update signal, switch the control device into an update mode.
  • control functions of the control device can be deactivated in the update mode.
  • the control device can thus be switched in a kind of passive state.
  • One advantage is that external influences do not affect the update process.
  • kits comprising a control device as described above and a tester device, the control device having a communication device and the tester device being designed to update data via the communication device to send to the control unit.
  • the tester device or the tester can for example be communicatively connected to the control device via an OBD interface.
  • the tester device can therefore be a device with the aid of which a workshop employee can update data for updating the
  • Control unit can play on the control unit.
  • the tester device can be designed to check whether the second logical data carrier indicates a consistent state of the vehicle and / or the control device, in particular before and / or after an update has been carried out.
  • a consistent condition of the vehicle can result from a variety of
  • a consistent state can be indicated by a number of programs installed. It is also possible that calculated checksums of the installed programs on the second logical data carrier indicate a consistent state.
  • a consistent state can be stored on the tester device, wherein the tester device can be designed to compare the consistent state stored on the tester device with a state specified by the control device or the plurality of control devices.
  • the tester device can thus prevent a control unit from being put back into operation, which causes an inconsistent state. Overall, the safety of the vehicle during operation is increased.
  • the object is further achieved by a vehicle according to claim 11.
  • the object is achieved by a vehicle comprising a plurality of control devices, as described above, wherein a gateway communicatively connected to the plurality of control devices is provided, which is designed to receive update data from a tester device and to send it to the plurality of control devices .
  • a vehicle can thus have a large number of control units, the gateway sending the update data from the tester device to the
  • control unit sends updating control units. This makes it possible to easily update a large number of control units at once. Furthermore, there are the advantages of upgrading the control unit
  • Control units are thus drastically reduced.
  • the object is further achieved by a method according to claim 11.
  • the object is achieved by a method for updating a control device, comprising the following steps: a) execution of first program data by a control device, which are stored on a first logical data carrier; b) receiving update data;
  • the method can include copying at least a subset of the second program data onto the first logical data carrier.
  • the control device, the vehicle and the kit can be identified as the main data carrier and the second logical data carrier can be identified as the mirror data carrier, the execution of the
  • updated second program data includes an identification of the first logical data carrier as a mirror data carrier and the second logical data carrier as the main data carrier.
  • the control device can be instructed in a very simple manner to execute the updated second program data.
  • a computing device can be designed to always execute the program data of the main data carrier.
  • the second logical data carrier as the main data carrier, it can be easily ensured that the updated second program data are executed after an update. There is no need for time-consuming copying of the updated program data.
  • the new one can also be identified Main data carrier copying the update from the second logical data carrier to the first logical data carrier can be provided.
  • the method can include: dl) determining at least one characteristic value that is specified by the updated second program data;
  • the object is further achieved by a computer-readable storage medium which contains instructions for implementing a method as described above if the instructions are provided by at least one
  • Figure 1 is a schematic representation of a vehicle with a tester and a plurality of control units.
  • Fig. 2 is a schematic representation of a control unit
  • FIG. 3 shows a schematic illustration of a storage device with two logical data carriers
  • Fig. 4 shows the memory device of Fig. 3 after the update process
  • Fig. 6 is a flowchart schematically illustrating the process of the update.
  • FIG. 1 shows vehicle 10 with a large number of control units 20, 20 ', 20 ".
  • the control unit 20 is a device which is used for
  • the control unit 20 ' is a device which is used for automatically switching on the front light.
  • the control unit 20 " is a device which is used to control a temperature sensor.
  • the central gateway 12 is a device which allows the control devices 20, 20 ', 20 "to communicate with one another, although they may be connected via different BUS systems 23, 23', 23".
  • the BUS systems include a CAN bus, an Ethernet network or a LIN bus.
  • the central gateway 12 is communicatively connected to an onboard diagnostic connector 11 (OBD connector) by means of an Ethernet connection 13.
  • a tester 1 can be connected via the OBD connection 11.
  • Tester 1 is a device that can be used by workshop personnel and is usually part of an OBD diagnostic device.
  • the tester 1 comprises a tester storage device and a tester computing device.
  • a tester communication device is provided for communication, which enables communication with the OBD interface 11 of the vehicle 10. Update data are stored in the tester storage device
  • the tester 1 can download the update data from a server from the Internet.
  • the tester 1 can have a mobile radio interface or a WLAN interface.
  • the tester 1 receives a vehicle identification and a list of the installed ones via the tester communication device Control units 20, 20 ', 20 "and the programs installed thereon. Using this information, tester 1 can query a server whether there are updates for control units 20, 20', 20" that
  • Programs can tester 1 update data 3 via an OBD connection
  • the update data 3 can be individual programs or also individual files. This is particularly advantageous if the control units 20, 20 ', 20" are designed as file-based control units. This means that a file system is present on the control units 20, 20 ', 20 ". File systems can be, for example, ext2, ext3, ext3, Btrfs, FAT, FAT32, VFAT, NTFS, HFS, HFS + or corresponding derivatives. In addition to that The file system and the program to be executed usually comprise the control devices 20, 20 ', 20 "an operating system. Linux-based operating systems can preferably be used on the control devices 20, 20 ', 20 ".
  • Fig. 2 shows a schematic representation of a control unit 20.
  • Control device 20 comprises a control device communication device 21, a control device computing device 22 and a control device storage device 30.
  • the control device communication device 21 can be designed as a BUS communication device. This means that the control unit 20 can be connected to a vehicle bus.
  • the control device 20 receives update data 3 via the control device communication device 21.
  • the update data 3 are then processed by the control device computing device 22.
  • FIG. 3 shows the control unit storage device 30 in a schematic
  • the control unit storage device 30 comprises a boot loader 33, as well as a first logical data carrier 31 and a second logical one
  • the first logical data carrier 31 denotes a so-called main or main partition.
  • the second logical volume 32 denotes a so-called Mirror or mirror partition.
  • program data is stored as first program data 34 and second program data 35.
  • the first program data 34 and second program data 35 are identical in the exemplary embodiment in FIG. 3 and each indicate a program APP2. Furthermore, there are in each case on the first logical data carrier 31 and second logical data carrier 32
  • Program update APP1 is trained to update programs.
  • the boot loader 33 has the function of starting the operating system OS of the main partition 31 when the control unit 20, 20 ', 20 "is switched on.
  • the first program data 34 are saved by the first program data 34 .
  • Control unit computing device 22 executed.
  • the control unit computing device 22 is designed to always execute the program data that is stored on the main partition.
  • the second program data 35 the
  • Mirror partition serve as a backup.
  • the second logical data carrier 32 is first updated and then the updated data which are stored in the second logical data carrier 32 are copied to the first logical data carrier.
  • Program update APP1 that update data 3 are initially stored in the second logical data carrier 32.
  • the update data 3 are represented by an additional program APP3.
  • An additional program is therefore installed on the control unit 20.
  • an existing program can be replaced, whereby the replacement of a program is equivalent to an update. Deleting at least one program can also represent an update of the second program data 35.
  • the identification of the first logical data carrier 31 and the second logical data carrier 32 is exchanged. This means that after the update, the second logical volume 32 as the main Partition is referred to and the first logical volume 31 as a mirror or mirror partition.
  • the control unit computing device 22 immediately after updating the second program data 35 together with the
  • the updated control device 20, 20 ', 20 "can continue its operation immediately after the update.
  • FIG. 5 illustrates that after a successful update of the second program data 35 of the second logical data carrier 32 and one
  • the program data or files or data of the second logical data carrier 32 are mirrored or copied onto the first logical data carrier 31.
  • the main partition and the mirror partition contain the same program data 34, 35. It is not necessary to copy all the program data, but it is sufficient if the changed or updated data is copied. An incremental update of the program data is thus carried out, after which only the changes have to be copied or mirrored onto the first logical data carrier. As a result, little data is copied overall.
  • step S1 a workshop employee connects a tester 1 to a corresponding OBD connection 11 to a vehicle 10 by means of an OBD connection 2.
  • step S2 an update signal is sent from the tester 1 to the
  • tester 1 can send out a broadcast signal which is received by all connected control devices 20, 20', 20".
  • Control devices 20, 20 ', 20 in a so-called flash mode.
  • the control units 20, 20 ', 20 block their actual control tasks.
  • step S3 the tester 1 reads the data on the control units 20, 20 ', 20 "
  • the tester 1 thus contains a complete list of all programs and data that are installed on the control units 20, 20 ′, 20 ′′ of the vehicle 10. In addition, the tester 1 also receives
  • step S4 tester 1 determines which program data or which
  • Programs or data must be updated so that the vehicle 10 again has a consistent vehicle state after the update of a single control device 20. This is particularly necessary because
  • Vehicles are tested in different software configurations, so that a certain combination of software versions must be installed in the vehicle. Otherwise, for the security of a software configuration, i.e. the combination of a variety of different software versions are not guaranteed.
  • control units 20, 20 ', 20 Programs and data on which control units 20, 20 ', 20 "need to be updated, the tester 1 sends a corresponding signal to the control units 20, 20', 20" to be updated in step S5.
  • control units 20, 20 ', 20 " In response to the received signal by the control units 20, 20 ', 20 ", the control units 20, 20', 20" end their current programs.
  • step S7 a corresponding program is exchanged, added or deleted by the program update APP1.
  • user data such. B. card material or configuration parameters can be exchanged.
  • a checksum is calculated for the newly installed program or program data, e.g. Legs MD5 checksum.
  • step S7 it is then checked whether the update was carried out successfully.
  • the calculated checksum or the hash is compared by the tester 1 with a reference value.
  • the tester 1 can send the reference value to the updated control device 20, 20 ', 20 ", so that the control device 20, 20', 20" can check itself whether the update was carried out successfully.
  • step S8 the tester 1 checks whether all control units 20, 20 ', 20 "have stored software which together have a consistent one
  • step S9 the previous mirror partition becomes the main partition
  • step S10 the content of the new main partition is transferred to the mirror partition, i.e. mirrored. However, only the changed ones are used
  • step Si 1 the program update APP2 is ended and the vehicle 10 is switched to a basic state.
  • the tester 1 sends a further signal to all connected control units 20, 20 ', 20 ", so that the programs on the control units 20, 20', 20" are started.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un appareil de commande (20) pour un composant de véhicule, en particulier pour un composant de véhicule d'une voiture (10), présentant les éléments suivants : - un dispositif de mémoire (30) pour la mémorisation d'un outil de mise à jour de programme (APP1), un premier support de données logique (31) et un deuxième support de données logique (32) ; - un dispositif de calcul (22) pour l'exécution de l'outil de mise à jour de programme (APP1) et de premières données de programme (34), qui sont mémorisées sur le premier support de données logique (31) ; - l'outil de mise à jour de programme (APP1) étant conçu pour mettre à jour des deuxièmes données de programme (34) du deuxième support de données logique (32) en utilisant des données de mise à jour (3) ; et - le dispositif de calcul (32) est conçu pour : ° copier au moins une quantité partielle des deuxièmes données de programme (35) sur le premier support de données logique (31), en particulier les deuxièmes données de programme mises à jour (35) ; ° exécuter les deuxièmes données de programme (35) mises à jour du deuxième support de données logique (32).
PCT/EP2019/076994 2018-11-12 2019-10-07 Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur WO2020099023A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102018128183.8 2018-11-12
DE102018128183.8A DE102018128183A1 (de) 2018-11-12 2018-11-12 Steuergerät für eine Fahrzeugkomponente, Kit umfassend ein Steuergerät und eine Testereinrichtung, Fahrzeug, Verfahren zum Aktualisieren eines Steuergeräts und computerlesbares Speichermedium

Publications (2)

Publication Number Publication Date
WO2020099023A2 true WO2020099023A2 (fr) 2020-05-22
WO2020099023A3 WO2020099023A3 (fr) 2020-08-13

Family

ID=68208279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/076994 WO2020099023A2 (fr) 2018-11-12 2019-10-07 Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur

Country Status (2)

Country Link
DE (1) DE102018128183A1 (fr)
WO (1) WO2020099023A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022207459A1 (de) 2022-07-21 2024-02-01 Robert Bosch Gesellschaft mit beschränkter Haftung Steuervorrichtung für eine Scheibenwischeranlage

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102016200711A1 (de) * 2016-01-20 2017-07-20 Robert Bosch Gmbh Verfahren zum Aktualisieren von Software eines Steuergerätes, vorzugsweise für ein Kraftfahrzeug

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022207459A1 (de) 2022-07-21 2024-02-01 Robert Bosch Gesellschaft mit beschränkter Haftung Steuervorrichtung für eine Scheibenwischeranlage

Also Published As

Publication number Publication date
WO2020099023A3 (fr) 2020-08-13
DE102018128183A1 (de) 2020-05-14

Similar Documents

Publication Publication Date Title
DE102019109672A1 (de) Rückgängigmachung nach einem teilausfall in mehreren elektronischen steuergeräten mittels over-the-air-updates
DE102011075776A1 (de) Verfahren und System zum Aktualisieren eines gemeinsam genutzten Speichers
DE10003108A1 (de) Wiederherstellbarer Software-Installationsvorgang und Vorrichtung für ein Computersystem
DE112008003061T5 (de) Systeme und Verfahren zum Aktualisieren von Einrichtung- bzw. Geräte-Software
WO2003003200A1 (fr) Procedes de transmission de modules logiciels
DE112008003075T5 (de) Systeme und Verfahren zum Aktualisieren von Einrichtung- bzw Geräte-Software
DE102016201279A1 (de) Verfahren und Vorrichtung zum Überwachen einer Aktualisierung eines Fahrzeuges
WO2017125181A1 (fr) Procédé de mise à jour du logiciel d'un appareil de commande, de préférence pour un véhicule à moteur
WO2020099023A2 (fr) Appareil de commande pour un composant de véhicule, kit comprenant un appareil de commande et un dispositif d'essai, véhicule, procédé pour la mise à jour d'un appareil de commande et support de stockage lisible par ordinateur
DE112019000179T5 (de) Fahrzeugsteuervorrichtung und programmaktualisierungssystem
DE102017220526A1 (de) Verfahren und Vorrichtung zur Aktualisierung von Software
EP1665031A2 (fr) Procede d'installation d'une composante programme
DE102018209248A1 (de) Datenaktualisierungssystem, Verfahren zum Aktualisieren eines auf einem Steuergerät gespeicherten Datensatzes und computerlesbares Speichermedium
DE102022110251A1 (de) Ota-master, center, system, verfahren, nicht-transitorisches speichermedium und fahrzeug
DE102022104321A1 (de) Center, aktualisierungsmanagementverfahren und nicht-transitorisches speichermedium
DE4401891A1 (de) Verfahren zum Ändern der Arbeitsweise eines Steuergeräts von Kraftfahrzeugen
WO2009103728A1 (fr) Procédé et dispositif de stockage de données d’information
WO2022184407A1 (fr) Procédé pour faire fonctionner un dispositif de commande et dispositif de commande
DE102012217312B4 (de) Verfahren und System zur Aktualisierung von Code in Verarbeitungssystemen
DE102021129232A1 (de) Center, managementverfahren und nicht-transitorisches speichermedium
DE102022110824A1 (de) Ota-master, system, verfahren, nicht-transitorisches speichermedium und fahrzeug
DE102015214389A1 (de) Verfahren und Vorrichtung zum Aktualisieren einer auf einer physischen Maschine unter einem Hypervisor betriebenen virtuellen Maschine
DE102020216481A1 (de) Verfahren zum Betreiben eines Steuergeräts und Steuergerät
DE102021128988A1 (de) Center, aktualisierungsmanagementverfahren und nicht-transitorisches speichermedium
DE102020006031A1 (de) Verfahren zum Erzeugen einer Softwarekomponente für eine elektronische Recheneinrichtung eines Kraftfahrzeugs, Computerprogrammprodukt, computerlesbares Speichermedium sowie kraftfahrzeugexternes Aktualisierungssystem

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19786288

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19786288

Country of ref document: EP

Kind code of ref document: A2