19 Dec Automotive Demonstrator: zero-downtime updates and monitoring
The automotive demonstrator of UP2DATE is a joint demonstrator developed as the result of the collaboration between TTTAuto and Marelli.
In this demonstrator, a high-performance mixed-criticality gateway is integrated into the current vehicle architecture. This gateway has the capability of centralizing several vehicle functions of different safety criticalities that were previously executed in distributed Electronic Control Units (ECUs) and provides to the vehicle with over-the-air updating solutions from UP2DATE.
Nowadays, if an end-device (ECU) requires a software update, in the post-production phase, it is necessary to ask the user to take the car to a service point where a specialized technician, with the appropriate instrumentation, would update the device. Similarly, to know the status of the end-device, the user must go to a service point because these two processes are done through a dedicated service tool that needs to be wired to the vehicle’s end-devices.
Instead, with the safe and secure OTASU adaptations of UP2DATE, it is possible to monitor the end-device status and download new software during normal use of the car. By monitoring the end-device register status it is possible to know if there is any problem relative to the software and, if necessary, to perform a rollback to the previous stable software version. With this software architecture when the OEM or Tier 1 requires the loading of a new software, this is possible without the intervention of the end-user. With the new approach, the download of the new software takes place during normal use of the car, while the application software is running. Also in this case, the new software will be used after a reboot of the end-device. The update manager loads the new software to the server, where it gets encrypted and then transmitted (in wireless way) to the gateway, which then downloads it to the end-device. The OEM or Tier 1 can also select the update priority based on whether it is a critical update or not.
In addition, TTTech gateway aims to consolidate a number of automotive functions from different domains inside a single highly integrated, high-performance ECU and thus drive the transition from hardware- to software-defined vehicles of the future. This highly integrated ECU is based on two architecture concepts: i) gateway-server remote communication interface and backends, and ii) a smart-I/O layer that interfaces with the sensors and actuators.
Most relevant processes of this demonstrator, that served to evaluate UP2DATE project results and objectives, are shown in next demonstration video.
Overall, to provide the required safety and security guarantees in the OTASU and monitoring processes, the following factors have been of particular interest for the automotive demonstrator: the security of the communication channels used to transmit the updates, the ability to detect defects in the update procedure and automatically rollback or revert to a previous stable version, and the availability increase thanks to the dual bank approach were the vehicle can be used unaffected while the new update is downloading. In addition, the increased efficiency and cost savings of the centralized mixed-criticality approach shall be highlighted, as well as the flexibility of the reference UP2DATE architecture to accommodate to specific protocols such as UDS.
Obtained results are very promissing in terms of update time reduction in more than 75% with respect to the current approach where it is necessary to drive to a service point, huge availability increase thanks to the dual bank (>99%) during updates and the ability to perform rollbacks and reduce system downtime in case of defects during the updating procedure in more than 77% with respect to current approach. In addition, all this can be achieved while respecting the strict restrictions of resource constrained devices in terms of CPU load and memory footprint.
In the future, it is very likely that OTASU will become even more prevalent in the automotive industry, with the technology becoming a standard feature in many new vehicles. As vehicles become increasingly connected and reliant on software, the ability to deliver updates remotely will become increasingly important to maintain their advanced capabilities, and the advances done as part of UP2DATE project laid the foundations for their implementation.