FOTA Presentation
FOTA Presentation
FOTA Presentation
project proposal
What is FOTA ?
FOTA is an acronym for Firmware Over the Air, a generic mechanism to update ECU software during
runtime wirelessly over the network (“over the air”) without the need to connect directly to the device.
While the current ECU software is executed and fully available from a functional point of view (e.g.,
during driving), a new ECU software shall be programmed in the background.
Due to a growing SW complexity driven by evolving security requirements, distributed, and connected
functions the need to keep a system in a vehicle up to date is continuously increasing.
To avoid time-consuming and recurring service garage visits because of an upcoming update, the SW
deployment to fleets shall be orchestrated over-the-air.
Different wireless techniques (UMTS, LTE, Bluetooth, Wi-Fi, 5G) can be used to connect the vehicle to a
backend/cloud system to provide a capability to download SW to the vehicle.
Facilities of FOTA
Allows manufacturers to provide efficient and timely firmware
updates, which increases customer satisfaction and reduces
technical support requirements.
Allows manufacturers to repair bugs in new units
Allows manufacturers to remotely install new software
updates, features and services - even after a device has been
purchased.
Memory Communication Security
Systems with a
Design
lot of ECUs
Major challenges
System
View
System
View in
Detail
There are three main components to establish a connection to the cloud:
1. Firebase as a server.
Cloud Connection
Telematics Unit
Telematics is a communication system for the automotive industry that
relies on data traveling to and from automobiles over wireless
networks.
In the automotive industry, a telematics control unit (TCU) is an
embedded device onboard a car that wirelessly links the vehicle to
cloud storage or other vehicles through V2X standards over a mobile
network.
It’s used to connect to the firebase cloud and download the update
then will forward the update to the gateway through UART protocol.
Bootloader / Boot manager
A bootloader is an application whose primary purpose is to allow a
systems software to be updated without the use of specialized
hardware.
The OEM will upload the Data to Firebase Cloud storage and send it
over the air to Telematics unit so to prevent hackers attack and
manipulation. Hence, we must apply a strong encryption algorithm
to the data.
OEM uploads the encrypted image on cloud with this key then the
image is decrypted at the gateway with the same key
This Security algorithms need to be executed by a powerful CPU as
they contain huge number of instructions.
Security
Gateway
Gateway Functionality
1. Gateways include information about ECUs IDs, software version of every ECU
and any important data related to the connected ECUs.
2. Decrypt the code before sending it to the target ECU.
3. Check if code is valid, it is important to check before sending to ECU to avoid
sending buggy code.
4. Determine which ECU this code is for, and that is one of the main tasks to make
sure the code is delivered to the correct ECU.
5. Resolve dependencies in case of rollback, and that is why the gateway save
information about every ECU’s software version.
6. Notify the node MCU when the update is complete.
Double-Bank Memory
General Use Case
1. OEM uploads the image on the server.
2. New ECU SW Update notification from OEM servers.
3. Downloading (with user/driver confirmation)
4. Installation (that will be available during normal mode, during driving)
5. Verification of the downloaded update.
6. Activation: using the downloaded update (v2) instead of the existing SW (v1)
7. Rollback (in case of any errors happened).
AUTOSAR
Automotive Open System
Architecture is a global
Development partnership of
automotive interested parties
founded in 2003.
Memory Stack
CAN Stack
Thank you