CN116755737A - OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software - Google Patents

OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software Download PDF

Info

Publication number
CN116755737A
CN116755737A CN202310658044.2A CN202310658044A CN116755737A CN 116755737 A CN116755737 A CN 116755737A CN 202310658044 A CN202310658044 A CN 202310658044A CN 116755737 A CN116755737 A CN 116755737A
Authority
CN
China
Prior art keywords
partition
application
ota
data
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310658044.2A
Other languages
Chinese (zh)
Inventor
蔡伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN202310658044.2A priority Critical patent/CN116755737A/en
Publication of CN116755737A publication Critical patent/CN116755737A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1433Saving, restoring, recovering or retrying at system level during software upgrading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0646Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
    • G06F3/0652Erasing, e.g. deleting, data cleaning, moving of data to a wastebasket
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

The application discloses an automobile software OTA upgrading method, device, equipment, storage medium and program, which can divide a first partition and a second partition in a memory of an automobile in advance, when an OTA application is upgraded, the OTA application determines an effective partition from the first partition and the second partition, downloads new application program data from an upper computer to another partition outside the effective partition, namely a target partition, and sets the previous effective partition as an ineffective partition and sets the target partition as an effective partition after the new application program data is successfully downloaded to the target partition. Thus, the application data update for the OTA application is completed. According to the embodiment, the OTA upgrade is performed based on the two partitions, and even if the upgrade fails, the OTA application can still run based on the application data in the other partition, so that the online embedded software upgrade can be realized more simply, and the reliability of the software system is improved.

Description

OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software
Technical Field
The application belongs to the technical field of automobile OTA (over the air technology), and particularly relates to an automobile software OTA upgrading method, device, equipment, storage medium and program.
Background
In general, a bus manufacturer performs a software refreshing process after updating the content of an embedded software system of a bus, and a traditional software updating mode needs to perform wired software updating by connecting a Bootloader with a diagnostic device.
However, with the rapid iteration of the automobile electronic technology, the technologies such as artificial intelligence, automatic driving, communication and the like are rapidly updated, so that automobile manufacturers need to update the content of an embedded software system of an automobile after the technology is updated, and new version software is introduced. The new version software needs to be pushed to the user in time, and the traditional software refreshing flow needs to carry out wired software updating through a Bootloader connection diagnostic device. Once the necessary software content update occurs, the user also needs to go to the corresponding offline store for processing, which is complicated and seriously affects the safety and stability of the software system. Currently, more and more automobile factories add an Over-the-Air Technology (OTA) function to an application program, and the OTA function is used for online version upgrading of embedded software in an automobile, and compared with wired upgrading, the OTA upgrading is simpler and has higher safety and stability.
However, when the OTA function is used for upgrading the software, the situation of upgrading failure sometimes occurs, and when the upgrading failure occurs in the current OTA software upgrading mode, the software cannot be used any more, so that the reliability of the software is low.
Disclosure of Invention
The embodiment of the application provides an automobile software OTA upgrading method, device, equipment, storage medium and program, which can upgrade software based on two partitions, so that OTA application can continue to run through application program data stored in one of the partitions even if the upgrade fails, and the reliability of the software is improved.
In a first aspect, an embodiment of the present application provides an automobile software OTA upgrading method, which is characterized by including:
partitioning operation is performed on a memory in an automobile in advance to obtain a first partition and a second partition, wherein the first partition and the second partition are used for storing application program data in the automobile,
an OTA application in an automobile responds to receiving an update request sent by an upper computer, determines an effective partition in a first partition and a second partition, wherein the OTA application is an application with OTA function, the effective partition is a partition in which currently running application program data is stored,
The OTA application downloads the new application data from the host computer to a target partition in the memory, the target partition being the other partition of the first partition and the second partition than the active partition,
the OTA application sets a valid partition in the first partition and the second partition as an invalid partition and sets a target partition as a valid partition in response to completion of the downloading.
As one possible implementation manner, in response to receiving an update request sent by the upper computer, the OTA application in the automobile determines an effective partition in the first partition and the second partition, including:
the OTA application detects valid flag bits corresponding to the first partition and the second partition respectively, wherein the valid flag bits are used for identifying whether the application program data in the partitions are valid,
and taking the partition with the corresponding valid flag bit representing the validity as the valid partition.
As one possible implementation, the downloading of new application data from the host computer to the target partition in the memory by the OTA application includes:
the OTA application erases the data stored in the target partition and the data in the valid flag bit corresponding to the target partition,
after the erasure is completed, an upgrade data request is sent to the upper computer,
receiving new application program data returned by the upper computer in response to the upgrade data request,
New application data is written to the target partition.
As one possible implementation, after the OTA application downloads the new application data from the host computer to the target partition in the memory, the method further includes:
the OTA application performs an integrity check on the new application data downloaded into the target partition,
in response to the new application data passing the integrity check, program dependency checking the new application data,
in response to the new application data passing the programmatically lazy check, determining that the new application data was successfully downloaded to the target partition,
the OTA application sets an active partition in the first partition and the second partition as an inactive partition and sets a target partition as an active partition in response to completion of the downloading, comprising:
the OTA application sets a valid partition in the first partition and the second partition as an invalid partition and sets the target partition as a valid partition in response to a successful download of the new application data to the target partition.
As one possible implementation manner, after setting the valid partition in the first partition and the second partition as the invalid partition and setting the target partition as the valid partition, the method further includes:
After the electronic control unit ECU of the car is restarted, the boot loader in the car determines the valid one of the first partition and the second partition,
in response to determining the effective partition, when the OTA application is started, the boot loader copies application program data stored in the effective partition into the memory of the automobile through the Enhanced Direct Memory Access (EDMA) technology, and the starting of the OTA application is completed.
As a possible implementation manner, the method further includes:
in response to not determining a valid partition, a default session mode of the bootloader is entered.
In a second aspect, an embodiment of the present application further provides an apparatus for upgrading an automobile software OTA, including:
a partition module for partitioning the memory in the automobile to obtain a first partition and a second partition, wherein the first partition and the second partition are used for storing application program data in the automobile,
an effective partition determining module, configured to determine an effective partition in the first partition and the second partition in response to receiving an update request sent by the upper computer by an OTA application in the automobile, where the OTA application is an application with an OTA function, the effective partition is a partition in which currently running application program data is stored,
A data downloading module for downloading new application program data from the upper computer to a target partition in the memory by the OTA application, wherein the target partition is the other partition except the effective partition in the first partition and the second partition,
and the partition updating module is used for setting the effective partition in the first partition and the second partition as an ineffective partition and setting the target partition as the effective partition by the OTA application in response to the completion of downloading.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a processor and a memory storing computer program instructions,
the processor, when executing the computer program instructions, implements the car software OTA upgrade method as in the first aspect.
In a fourth aspect, an embodiment of the present application further provides a computer readable storage medium, where computer program instructions are stored, where the computer program instructions, when executed by a processor, implement an automobile software OTA upgrading method as in the first aspect.
In a fifth aspect, embodiments of the present application also provide a computer program product, where instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the method for upgrading automotive software OTA as in the first aspect.
According to the method, the device, the equipment, the storage medium and the program for upgrading the automobile software OTA, the first partition and the second partition can be divided in the memory of the automobile in advance, when the OTA application is upgraded, the OTA application determines an effective partition from the first partition and the second partition, new application data is downloaded to another partition outside the effective partition, namely a target partition, after the new application data is successfully downloaded to the target partition, the previous effective partition is set as an ineffective partition, and the target partition is set as an effective partition. Thus, the application data update for the OTA application is completed. According to the embodiment, the OTA upgrade is performed based on the two partitions, and even if the upgrade fails, the OTA application can still run based on the application data in the other partition, so that the online embedded software upgrade can be realized more simply, and the reliability of the software system is improved.
Drawings
In order to more clearly illustrate the technical solution of the embodiments of the present application, the drawings that are needed to be used in the embodiments of the present application will be briefly described, and it is possible for a person skilled in the art to obtain other drawings according to these drawings without inventive effort.
Figure 1 is a flow chart of an OTA upgrade method for automotive software according to one embodiment of the present application,
figure 2 is a schematic diagram of a NOR Flash chip configuration provided by one embodiment of the present application,
figure 3 is a schematic diagram of an implementation of step S13 provided in one embodiment of the present application,
fig. 4 is a flowchart of an OTA upgrading method for automotive software according to another embodiment of the present application,
figure 5 is a schematic diagram of an EDMA data copy provided by an embodiment of the present application,
fig. 6 is a schematic structural diagram of an apparatus for upgrading an OTA of an automotive software according to an embodiment of the present application,
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail below with reference to the accompanying drawings and the detailed embodiments. It should be understood that the particular embodiments described herein are meant to be illustrative of the application only and not limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the application by showing examples of the application.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
Referring to fig. 1, which is a schematic flow chart of an OTA upgrading method for automotive software according to an embodiment of the present application, as shown in fig. 1, the OTA upgrading method for automotive software according to the present embodiment may include the following steps:
s11, carrying out partition operation on a memory in the automobile in advance to obtain a first partition and a second partition, wherein the first partition and the second partition are used for storing application program data in the automobile,
S12, an OTA application in the automobile responds to receiving an update request sent by an upper computer, determines an effective partition in the first partition and the second partition, wherein the OTA application is an application with an OTA function, the effective partition is a partition in which currently running application program data is stored,
the OTA application downloads new application data from the host computer to a target partition in memory, the target partition being the other of the first partition and the second partition than the active partition,
and S14, in response to completion of downloading, the OTA application sets the valid partition in the first partition and the second partition as an invalid partition, and sets the target partition as the valid partition.
An active partition is also understood to be a partition in which application data that depends on an application running is stored, and a target partition is a partition that is used to store new application data, where a first partition and a second partition may be used alternately as an active partition and a target partition.
According to the method for upgrading the automobile software OTA, the first partition and the second partition are divided in the memory of the automobile in advance, when the OTA application is upgraded, the OTA application determines an effective partition from the first partition and the second partition, new application data is downloaded to another partition outside the effective partition, namely a target partition, after the new application data is successfully downloaded to the target partition, the previous effective partition is set as an ineffective partition, and the target partition is set as an effective partition. Thus, the application data update for the OTA application is completed. According to the embodiment, the OTA upgrade is performed based on the two partitions, and even if the upgrade fails, the OTA application can still run based on the application data in the other partition, so that the online embedded software upgrade can be realized more simply, and the reliability of the software system is improved.
In some embodiments, in S11, the memory in the automobile may be partitioned during the factory design of the automobile, so as to obtain the first partition and the second partition, so that when OTA software in the automobile is upgraded, application program data update may be directly performed based on the two partitions.
As an example, the memory in an automobile may be an off-chip NOR Flash chip, such as MT35XU512ABA1G12-0aates, NOR Flash is a non-volatile Flash memory technology. Based on this, referring to fig. 2, which is a schematic configuration diagram of a NOR Flash chip, as shown in fig. 2, when the memory is partitioned, the memory space of the addresses 0x001a_0000 to 0x009_a0000 of the NOR Flash chip can be allocated to all application programs, wherein the first 4MB (0x001a_0000-0x0059_ffff) of the address is used as the memory space of the first partition APP-a, and the last 4MB (0x005a_0000-0x0099_ffff) of the address is used as the memory space of the second partition APP-B. Further, as shown in fig. 2, the addresses in front of 0x001a_0000 in the memory may be used to store the Self-Test instruction Self-Test DCD, the backup Self-Test DCD (backup) of the Self-Test instruction, the pseudo-instruction DCD, the backup of the pseudo-instruction DCD, that is, DCD (backup), the heterogeneous memory storage engine HSE, the backup HSE (backup) of the heterogeneous memory storage engine, the Bootloader, and the backup Bootloader (backup) of the Bootloader, respectively. The self-detection instruction is mainly used for executing periodic tests during running of the automobile to ensure stable running of the automobile electronics, the pseudo-instruction DCD is generally used for distributing storage units for specific data, meanwhile, initialization of the distributed storage units can be completed, the heterogeneous memory storage engine HSE is used for comprehensively arranging a storage mode of the data in the memory, the performance and durability of the storage system are optimized to a certain extent, the Bootloader is mainly used for running before the kernel of the operating system runs, hardware equipment can be initialized, a memory space map can be built, and therefore the software and hardware environment of the system is brought to a proper state so as to prepare the correct environment for finally calling the kernel of the operating system.
Wherein the Bootloader CAN be EBOOT, which is a Bootloader meeting the CAN protocol. The main roles of Bootloader include: the Bootloader is started first after power-on, which partition is started is determined by the Bootloader according to the valid flag bit, and after the partition is determined to be completed, the Bootloader carries the corresponding partition to the SRAM through EDMA to operate. In addition, under the condition that the abnormal condition of the application program can not be started or the OTA function is invalid, the Bootloader can be used for downloading the wired application program.
In practical application, the storage contents in the first partition and the second partition are not exchanged, and if one partition of the two partitions stores currently running application program data, the other partition is used for storing new version application program data acquired through an OTA technology when OTA upgrading is performed.
Through the partition mode, the partitions can be realized under the condition of ensuring the original functions of the memory, and the mutual noninterference between the two partitions is ensured.
After the automobile manufacturer updates the content of the embedded software system of the automobile and pushes out the new version of software, the automobile manufacturer can send an update request to the OTA application needing to be updated in the automobile through the upper computer so as to inform the OTA application in the automobile that the OTA application can be updated, and therefore after the OTA application in the automobile receives the update request sent by the upper computer, the OTA update can be carried out through the steps S12-S14.
In some embodiments, a valid flag bit may be set for the first partition and the second partition, respectively, where the valid flag bit is used to identify whether the application data in the partition is valid, where the application data valid refers to application data used by the currently running OTA application.
Based on this, correspondingly, the specific implementation manner of the step S12 may include:
OTA application detects the valid zone bit corresponding to the first partition and the second partition respectively, and the partition with the valid zone bit corresponding to the valid zone bit is used as the valid partition.
The valid flag bit corresponding to the partition indicates that the application data stored in the partition is currently running application data.
As an example, for each partition, the valid flag bit corresponding to the partition may be stored in a sector after application data in the partition, for example, taking an address range of 0x001a_0000-0x0059_ffff corresponding to the first partition as an example, where 0x001a_0000-0x0049_feff is used to store application data, a start address of a storage address of the valid flag bit corresponding to the first partition may be 0x0049FF00, and for another example, taking an address range of 0x005a_0000-0x0099_ffff corresponding to the second partition as an example, where 0x005a_0000-0x0089_feff is used to store application data, a start address of a storage address of the valid flag bit corresponding to the second partition may be 0x0089FF00.
Since one address can store one byte of data, the storage address of the valid flag bit is also related to the byte number of the valid flag bit, and taking the valid flag bit as N bytes as an example, the address range of the storage address of the valid flag bit is an address of N bytes from the start address. Continuing with the above example, if the valid flag bit is 8 bytes, the storage address of the valid flag bit in the first partition is 0x0049FF 00-0 x0049FF07, and the storage address of the valid flag bit in the second partition is 0x0089FF07.
The partition is valid and invalid, wherein the data stored in the memory address of the valid flag bit is different for each partition, so that whether the partition is valid can be determined from the data stored in the memory address of the valid flag bit in the partition.
For example, taking the valid flag bit as 8 bytes as an example, when the partition is invalid, all data in the storage address corresponding to the 8-section valid flag bit is set to be invalid 0xFF, when the partition is valid, all data in the storage address corresponding to the 8-byte valid flag bit is set to be 0x55555555FFFFFFFF, that is, all data in the addresses corresponding to the first byte to the fourth byte are set to be 0x55, all data in the addresses corresponding to the fifth byte to the eighth byte are set to be 0xFF, so that whether the partition is valid or invalid can be determined according to the data in the storage address corresponding to the valid flag bit.
The method for determining the effective partition based on the effective zone bit has the advantages of being simple in operation and high in efficiency.
In the embodiment of the application, since two partitions for storing application program data are just in the memory, and the two partitions cannot be used as effective partitions at the same time, after the effective partitions are determined, the other partition is determined not to be the effective partition, and since the effective partition stores the application program data of target operation, in order to avoid influencing the operation of the application program in upgrading, new application data is not stored in the effective partition, but is stored in the other partition outside the effective partition, and therefore the other partition outside the effective partition is taken as the target partition.
After determining the target partition, the OTA application can download the new application data to the target partition in step S13.
In some embodiments, an OTA software flashing procedure may be preset in the OTA application, where the OTA software flashing procedure may be developed based on a Bootloader embedded software flashing procedure, and accords with the UDS14229 diagnostic specification, and after performing relevant verification through relevant diagnostic services 31, 34, 36, 37 and the like in the UDS14229 diagnostic specification, new application data may be downloaded to the target partition. Wherein service 31 represents an erasure service, service 34 represents a request for downloading, service 36 represents a data transmission, and service 37 represents a stop of downloading.
Based on this, as shown in fig. 3, the specific implementation manner of the step S13 may include:
s31, the OTA application erases the data stored in the target partition and the data in the valid flag bit corresponding to the target partition,
s32, after the erasure is completed, sending an upgrade data request to the upper computer,
s33, receiving new application program data returned by the upper computer in response to the upgrade data request,
s34, writing new application program data into the target partition.
In S31, all the data stored in the target partition and the data in the valid flag are erased, that is, all the values of the storage addresses corresponding to the data and the valid flag bits in the target partition are set to 0xFF, so that the valid flag bit of the target partition is invalidated after the erasure is completed.
By way of example, an OTA software refreshing flow for refreshing new application program data can be preset in an OTA application based on a Bootloader embedded software refreshing flow, so that wired software updating can be performed through the Bootloader, wireless software updating of the OTA application can be realized based on the Bootloader refreshing flow, multiplexing of the Bootloader embedded software refreshing process is realized, and the realization process is simpler, more convenient and practical, and higher in economic benefit.
In some embodiments, in order to ensure that the new application data downloaded into the target partition can be used normally, after step S13, the OTA application may further perform the following steps:
the OTA application performs an integrity check on the new application data downloaded into the target partition,
in response to the new application data passing the integrity check, program dependency checking the new application data,
in response to the new application data passing the programmed lazy check, it is determined that the new application data was successfully downloaded to the target partition.
As an example, a CRC (Cyclic Redundancy Check ) check may be used to check the integrity of the new application data. For example, when the CRC32 algorithm is used for checking, in general, when the OTA application downloads new application data into the target partition, in order to improve data transmission efficiency, the upper computer splits the new application into a plurality of logic blocks, then sends the new application data to the OTA application in the form of logic blocks, and the OTA application downloads each logic block respectively, wherein each logic block is protected by a CRC32 value, when the integrity check is performed, the routine performs CRC32 algorithm calculation on each logic block and compares the CRC32 algorithm with the CRC value corresponding to the logic block, which is transmitted by the upper computer, if the CRC32 algorithm is consistent with the CRC value, it is determined that the logic block passes the integrity check, if the CRC32 algorithm does not pass the integrity check, it is determined that the logic block does not pass the integrity check, after the downloading of the new application data into the target partition is completed, if the integrity check is not passed by all the logic blocks, it is determined that the new application data downloaded into the target partition passes the integrity check, and if any logic block does not pass the integrity check.
The program dependency check is carried out again under the condition that the new application program data downloaded into the target partition passes the integrity check is determined, and the program dependency check is not carried out under the condition that the new application program data downloaded into the target partition does not pass the integrity check, because the new application program data does not pass the integrity check, the defect exists in the incompleteness of the new application program, the new application program cannot pass the program dependency check necessarily, and therefore the program dependency check is not carried out at the moment, and resource waste caused by the check can be avoided.
While specific verification content may be vendor defined when programming lazy verification of new application data, the purpose of programming lazy verification is to ensure compatibility and consistency of all logical blocks.
Accordingly, in step S14, the OTA application may set the valid partition in the first partition and the second partition to be an invalid partition and set the target partition to be a valid partition when it is determined that the new application data is successfully downloaded to the target partition.
The integrity and the reliability of the application data can be ensured by carrying out the integrity check and the programming lazy check on the application data downloaded to the target partition, and the effective partition is replaced after the application data verification is confirmed to pass, so that the smooth operation of the OTA application can be ensured.
In some embodiments, if a download interruption occurs for some reason during the process of downloading new application data to the target partition, the valid flag bit of the target partition is unchanged and remains invalid, and the valid flag bit of the valid partition remains valid, so that it can be ensured that the OTA application can still run based on the application data stored in the valid partition.
After S14 is performed, i.e. after the downloading procedure is completed, the ECU in the car may be controlled to restart so that a new application program may be loaded, i.e. the updated OTA application is loaded.
In some embodiments, as shown in fig. 4, the method for upgrading the automobile software OTA provided by the application may further execute the following steps after the electronic control unit ECU in the automobile is restarted:
s41, the Bootloader in the automobile performs judgment of an effective partition once during the previous initialization, namely, determines the effective partition in the first partition and the second partition, executes S42 in response to determining the effective partition, executes S43 in response to not determining the effective partition,
s42, when the OTA application is started, the boot loader copies the application program data stored in the effective partition into the memory of the automobile through the Enhanced Direct Memory Access (EDMA) technology, thereby completing the starting of the OTA application,
S43, entering a default session mode of Bootloader, namely 1001 session mode, and executing related Bootloader functions in the session mode.
As an example, if the address corresponding to the first partition is located before the address corresponding to the second partition, for example, the address corresponding to the first partition is 0x001a_0000-0x0059_ffff, and the address corresponding to the second partition is 0x005a_0000-0x0099_ffff, when determining the effective partitions in the first partition and the second partition, the Bootloader may first read the address 0x0049FF00 of the effective flag bit stored in the first partition by using the flash driver, and when obtaining that the content stored in the current address is 0x55555555ffffff, it is indicated that the effective flag bit is already set, that is, the first partition is valid, it is confirmed that the currently running application data is stored in the first partition, and at this time, it is not necessary to determine the effective flag bit of the second partition. If the storage content of the storage address of the valid flag bit of the first partition is not 0x55555555FFFFFFFF, determining that the first partition is not a valid partition, continuing to read and judge the storage address of the valid flag bit of the second partition, so as to determine whether the application program data of the target operation is stored in the second partition, namely judging whether the second partition is a valid partition. The flash driver is a section of code set in the memory for realizing erasing and writing of the memory.
The reason why the partition with the front address row is judged is that, in general, the OTA application also supports the wired software update performed by the Bootloader connection diagnostic device, when the wired update is performed, only new application data is stored in the partition with the front address row, and when the OTA update is performed, the probabilities that the two partitions are used for storing the new application data are actually the same, so that when the wired update and the OTA update are comprehensively considered, the possibility that the latest application data is stored in the partition with the front address row before the software update is performed is higher, that is, the possibility that the currently running application data is stored in the partition with the front address row is higher, so that the judgment is performed on the partition with the front address row earlier, and the effective partition can be determined more quickly than the judgment on the partition with the rear address row earlier, thereby improving the starting efficiency.
After the effective partition is determined, the application program can be started to jump, the jump can be realized based on the NXP chip, the EDMA function in the NXP chip can be utilized to copy the application program data in the effective partition into the SRAM, and the starting of the program is carried out from the starting address of the application program in the SRAM, so that the starting of the OTA application is completed. The NXP chip may be a chip having an EDMA function such as S42G 274A.
EDMA (Enhanced Direct Memory Access) enhanced Direct Memory Access (DMA) enables application data in an active partition to be copied from off-chip memory to SRAM by EDMA functionality, which provides a high-speed data transfer between peripheral and internal memory or between internal memory and internal memory. And the EDMA data transmission process is realized and completed by an EDMA hardware controller, the transmission process is not controlled by a CPU, and a direct data transmission channel is opened for SRAM and IO equipment directly through hardware, so that the efficiency of the CPU is greatly improved.
Referring to FIG. 5, a schematic diagram of an EDMA data copy is shown, and in view of this prior art, will not be described in any greater detail herein.
According to the OTA upgrading method for the automobile software, which is provided by the embodiment of the application, an OTA upgrading scheme based on the first partition and the second partition is realized, the on-line embedded software refreshing can be realized more simply, and the safety and the stability of a software system are improved. Multiplexing is achieved in the implementation scheme of OTloader embedded software refreshing process, the implementation process is simpler, more convenient and practical, economic benefit is higher, in addition, data copying is conducted through EDMA technology, and the efficiency of a CPU is effectively improved.
Based on the method for upgrading the automobile software OTA provided by the embodiment, correspondingly, the application also provides a specific implementation mode of the device for upgrading the automobile software OTA. Please refer to the following examples.
Referring to fig. 6, an apparatus for upgrading an OTA of an automotive software according to an embodiment of the present application includes the following modules:
a partition module 601, configured to perform a partition operation on a memory in an automobile in advance to obtain a first partition and a second partition, where the first partition and the second partition are used to store application data in the automobile,
an effective partition determining module 602, configured to determine an effective partition in the first partition and the second partition in response to receiving an update request sent by the upper computer by an OTA application in the automobile, where the OTA application is an application with an OTA function, the effective partition is a partition in which currently running application data is stored,
a data downloading module 603, configured to download new application data from the upper computer to a target partition in the memory, where the target partition is another partition other than the valid partition in the first partition and the second partition,
the partition update module 604 is configured to set the valid partition in the first partition and the second partition as an invalid partition and set the target partition as a valid partition in response to the completion of the downloading by the OTA application.
According to the OTA upgrading device for the automobile software, the first partition and the second partition can be divided into the memory of the automobile in advance, when the OTA application is upgraded, the OTA application determines an effective partition from the first partition and the second partition, new application program data is downloaded to the other partition outside the effective partition, namely the target partition, after the new application program data is successfully downloaded to the target partition, the previous effective partition is set as an ineffective partition, and the target partition is set as an effective partition. Thus, the application data update for the OTA application is completed. According to the embodiment, the OTA upgrade is performed based on the two partitions, and even if the upgrade fails, the OTA application can still run based on the application data in the other partition, so that the online embedded software upgrade can be realized more simply, and the reliability of the software system is improved.
In some embodiments, the active partition determination module 602 is configured to:
the OTA application detects valid flag bits corresponding to the first partition and the second partition respectively, wherein the valid flag bits are used for identifying whether the application program data in the partitions are valid,
and taking the partition with the corresponding valid flag bit representing the validity as the valid partition.
In some embodiments, the data download module 603 is configured to:
the OTA application erases the data stored in the target partition and the data in the valid flag bit corresponding to the target partition,
after the erasure is completed, an upgrade data request is sent to the upper computer,
receiving new application program data returned by the upper computer in response to the upgrade data request,
new application data is written to the target partition.
In some embodiments, the apparatus may further comprise: a verification module for:
after the OTA application downloads the new application data from the host computer to the target partition in the memory, the OTA application performs an integrity check on the new application data downloaded to the target partition,
in response to the new application data passing the integrity check, program dependency checking the new application data,
in response to the new application data passing the programmatically lazy check, determining that the new application data was successfully downloaded to the target partition,
partition update module 604 for:
the OTA application sets a valid partition in the first partition and the second partition as an invalid partition and sets the target partition as a valid partition in response to a successful download of the new application data to the target partition.
In some embodiments, the apparatus may further comprise: the partition judging module and the application starting module,
a partition judgment module for determining the effective partition in the first partition and the second partition after the effective partition in the first partition and the second partition is set as the ineffective partition and the target partition is set as the effective partition after the Electronic Control Unit (ECU) of the automobile is restarted,
and the application starting module is used for responding to the determination of the effective partition, and when the OTA application is started, the boot loader copies the application program data stored in the effective partition into the memory of the automobile through the Enhanced Direct Memory Access (EDMA) technology to finish the starting of the OTA application.
In some embodiments, the apparatus may further comprise: a mode setting module for:
and in response to the bootloader not determining a valid partition, entering a default session mode of the bootloader.
The automobile software OTA upgrading device provided by the embodiment of the application can realize each process realized by the embodiment of the automobile software OTA upgrading method, and in order to avoid repetition, the description is omitted.
Fig. 7 shows a schematic hardware structure of an electronic device according to an embodiment of the present application.
The electronic device may include a processor 701 and a memory 702 storing computer program instructions.
In particular, the processor 701 may comprise a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured as one or more integrated circuits implementing embodiments of the present application.
Memory 702 may include mass storage for data or instructions. By way of example, and not limitation, memory 702 may comprise a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, magnetic tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of the foregoing. The memory 702 may include removable or non-removable (or fixed) media, where appropriate. Memory 702 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 702 is a non-volatile solid state memory.
Memory 702 may include read-only memory (ROM), random-access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory 702 includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and which, when executed (e.g., by one or more processors), perform the operations described by any of the automobile software OTA upgrade methods of the above embodiments.
The processor 701 implements any of the above embodiments of the method for upgrading the car software OTA by reading and executing the computer program instructions stored in the memory 702.
In one example, the electronic device may also include a communication interface 703 and a bus 710. As shown in fig. 7, the processor 701, the memory 702, and the communication interface 703 are connected by a bus 710 and perform communication with each other.
The communication interface 703 is mainly used for implementing communication between each module, device, unit and/or apparatus in the embodiment of the present application.
Bus 710 includes hardware, software, or both that couple the components of the online data flow billing device to each other. By way of example, and not limitation, the buses may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a micro channel architecture (MCa) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of the above. Bus 710 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
In addition, in combination with the method for upgrading the automobile software OTA in the above embodiment, the embodiment of the application can be implemented by providing a computer storage medium. The computer storage medium has stored thereon computer program instructions which, when executed by a processor, implement any of the car software OTA upgrade methods of the above embodiments.
It should be understood that the application is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the order between steps, after appreciating the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, or may be performed in a different order from the order in the embodiments, or several steps may be performed simultaneously.
Aspects of the present disclosure are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to being, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware which performs the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the foregoing, only the specific embodiments of the present application are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present application is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present application, and they should be included in the scope of the present application.

Claims (10)

1. An automobile software OTA upgrading method is characterized by comprising the following steps:
partitioning operation is performed on a memory in an automobile in advance to obtain a first partition and a second partition, wherein the first partition and the second partition are used for storing application program data in the automobile,
the OTA application in the automobile responds to the received update request sent by the upper computer, determines the effective partition in the first partition and the second partition, wherein the OTA application is an application with OTA function, the effective partition is a partition in which currently running application program data are stored,
The OTA application downloads new application data from the host computer to a target partition in the memory, the target partition being the other of the first partition and the second partition than the active partition,
the OTA application sets an active partition in the first partition and the second partition as an inactive partition and sets the target partition as an active partition in response to completion of the downloading.
2. The method of claim 1, wherein the determining, by the OTA application in the automobile in response to receiving the update request sent by the host computer, the valid one of the first partition and the second partition comprises:
the OTA application detects valid flag bits corresponding to the first partition and the second partition respectively, wherein the valid flag bits are used for identifying whether application program data in the partitions are valid,
and taking the partition with the corresponding valid flag bit representing the validity as the valid partition.
3. The method of claim 2, wherein the OTA application downloading new application data from the host computer to the target partition in the memory comprises:
the OTA application erases the data stored in the target partition and the data in the valid flag bit corresponding to the target partition,
After the erasure is completed, sending an upgrade data request to the upper computer,
receiving new application program data returned by the upper computer in response to the upgrade data request,
and writing the new application program data into the target partition.
4. The method of claim 1, wherein after the OTA application downloads new application data from the host computer to the target partition in the memory, the method further comprises:
the OTA application performs an integrity check on the new application data downloaded into the target partition,
in response to the new application data passing the integrity check, program dependency checking the new application data,
in response to the new application data passing the programmatically lazy check, determining that the new application data was successfully downloaded to the target partition,
the OTA application setting the valid partition in the first partition and the second partition as an invalid partition and the target partition as a valid partition in response to completion of the downloading, comprising:
the OTA application sets a valid partition in the first partition and the second partition as an invalid partition and sets the target partition as a valid partition in response to the new application data being successfully downloaded to the target partition.
5. The method of claim 1, wherein after the setting the active partition of the first partition and the second partition as the inactive partition and the target partition as the active partition, the method further comprises:
after the electronic control unit ECU of the car is restarted, a boot loader in the car determines the valid one of the first partition and the second partition,
and in response to determining the effective partition, when the OTA application is started, the boot loader copies application program data stored in the effective partition into the memory of the automobile through an Enhanced Direct Memory Access (EDMA) technology, and the starting of the OTA application is completed.
6. The method of claim 5, wherein the method further comprises:
and in response to the valid partition not being determined, entering a default session mode of the boot loader.
7. An automobile software OTA upgrading device, comprising:
a partition module for partitioning the memory in the automobile in advance to obtain a first partition and a second partition, wherein the first partition and the second partition are used for storing application program data in the automobile,
An effective partition determining module, configured to determine an effective partition in the first partition and the second partition in response to receiving an update request sent by an upper computer by an OTA application in the automobile, where the OTA application is an application with an OTA function, the effective partition is a partition in which currently running application data is stored,
a data downloading module, configured to download new application program data from the upper computer to a target partition in the memory, where the target partition is another partition other than the valid partition in the first partition and the second partition,
and the partition updating module is used for setting the effective partition in the first partition and the second partition as an ineffective partition and setting the target partition as the effective partition by the OTA application in response to the completion of downloading.
8. An electronic device, the device comprising: a processor and a memory storing computer program instructions,
the processor, when executing the computer program instructions, implements an automotive software OTA upgrade method as claimed in any one of claims 1-6.
9. A computer readable storage medium, wherein computer program instructions are stored on the computer readable storage medium, which when executed by a processor, implement the car software OTA upgrade method of any one of claims 1-6.
10. A computer program product, characterized in that instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the car software OTA upgrade method of any one of claims 1-6.
CN202310658044.2A 2023-06-05 2023-06-05 OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software Pending CN116755737A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310658044.2A CN116755737A (en) 2023-06-05 2023-06-05 OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310658044.2A CN116755737A (en) 2023-06-05 2023-06-05 OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software

Publications (1)

Publication Number Publication Date
CN116755737A true CN116755737A (en) 2023-09-15

Family

ID=87960022

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310658044.2A Pending CN116755737A (en) 2023-06-05 2023-06-05 OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software

Country Status (1)

Country Link
CN (1) CN116755737A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118051245A (en) * 2024-04-16 2024-05-17 所托(杭州)汽车智能设备有限公司 Dual-partition upgrading method, device, equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118051245A (en) * 2024-04-16 2024-05-17 所托(杭州)汽车智能设备有限公司 Dual-partition upgrading method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110231952B (en) ECU program backup and cyclic upgrade control method and device
CN109933348B (en) Method and device for updating Bootloader in electronic control unit
CN110178114B (en) Vehicle control device and program update system
CN109189445B (en) Method for upgrading program of equipment of Internet of things
US10162625B2 (en) Vehicle control storage methods and systems
TWI384367B (en) System of updating firmware and method thereof
CN111796848A (en) Bootloader software updating method and device, embedded controller and storage medium
CN108279916B (en) Electronic control unit program updating method and device
CN111813428A (en) Method and device for upgrading terminal firmware, electronic equipment and storage medium
CN112000358B (en) Upgrading method of charging pile and intelligent charging pile
CN116755737A (en) OTA (over the air) upgrading method, device, equipment, storage medium and program for automobile software
CN112667265B (en) Method and device for updating bootstrap program
CN110737449A (en) Method, apparatus, and machine-readable storage medium for processing device firmware
CN112540725A (en) Nonvolatile data storage method, embedded system and storage medium
CN114860279A (en) Rapid empty-film upgrading method
CN116932010A (en) System firmware upgrading method, device and server
CN113093694B (en) Vehicle-mounted electronic control unit data flashing method and system based on UDS
CN113220319A (en) Data updating method and device and vehicle
US20220391192A1 (en) Ota master, center, system, method, non-transitory storage medium, and vehicle
US11768669B2 (en) Installing application program code on a vehicle control system
CN112732301A (en) Vehicle upgrading method and device
CN114780114A (en) Firmware upgrading method, system, vehicle and storage medium
CN115280280A (en) Updating method and updating device for updating software comprising a physical address towards a memory of an on-board computer of a vehicle
CN116909609B (en) Software upgrading method and device of vehicle-mounted intelligent equipment and vehicle-mounted intelligent equipment
CN114144759A (en) Method and device for updating software of a vehicle computer comprising an execution memory, a backup memory and a check memory

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination