A major enabler for this new software-powered paradigm will be the ability to update software ‘over-the-air’. Stéphane Strahm, Director Automotive Products Engineering, Wind River, looks at the opportunities and the challenges for carmakers.
The growth of software in cars for both in-vehicle infotainment (IVI) and under-the-hood applications, such as ADAS (advanced driver assistance systems) and autonomous driving, is posing challenges for the automotive industry. For example, how best to deliver new applications and new software releases to vehicles that are already on the road?
The value proposition in automotive has changed significantly compared to some four decades ago, where approximately 90% of a vehicle’s value was tied to solid and tangible aspects of the Bill-of-Material. In the coming decade, that value is expected to be drastically reduced with 50% or more of the vehicle’s value being defined by software and a better user experience, where new applications can create value many times greater than that of the actual assets – see figure 1.
Another key trend that is driving the development of the next generation of vehicles is the emergence of the Internet of Things (IoT). Through the use of software, automotive systems are becoming more connected within the car but also with the outside world. Software is helping to create differentiated driving experiences. The growing role of software in the car and the increasingly interconnectivity of its systems brings a number of challenges, which means that car OEMs will need to have a strong grasp of the holistic software environment to orchestrate a successful vision of the connected car.
Development and deployment lifecycle
The updating of software/firmware over-the-air (SOTA/FOTA) is being seen as a critical methodology to manage software updates with the latest revisions for the entire lifecycle of a system – from the initial architecture design of the hardware and software to the life of the car on the road which could be 10 years or more. It is still very early days for OTA and actual deployment is still in the nascent phase. However, the potential benefits are many, both before and after a car rolls off the production line.
During the vehicle development cycle, software updates will have to be managed across a fleet of pre-production vehicles and usually software is the last thing to be updated prior to the release of a car. The car of today is likely to have a hundred or more control systems or ECUs (electronic control units) and development teams will be faced with several software revision cycles, which could be a versioning nightmare. In addition, car development at major OEMs does not happen in a single geographic location, but is spread across several development centers.
Therefore the management and monitoring of software during development is a challenging prospect. However, delivering software updates wirelessly, or over-the-air, delivers the potential to significantly ease the development process and avoid time-consuming individual car updates, which is a massive cost and time advantage.
In addition, the ability to use OTA to update software or fix issues when the car has left the factory brings significant advantages. It is more convenient, efficient and lower cost than physically bringing cars into dealers or garages. A robust and dependable OTA strategy means that OEMs can update the systems in near real time over the lifetime of the vehicle. Additionally, as the useful life of vehicles continues to grow, there is further opportunity to increase the value of the deployed vehicle base with continuous improvement of the experience, which can also open new revenue streams.
For IVI applications, consider the use case of navigation with OTA. Maps on our mobile devices are updated continuously, whereas map updates for a car’s navigation system may require a customer to visit a dealership every year or so, which tends to lead to low adoption as well as low customer satisfaction. In addition, cars typically will initially come with a subset of maps such as those for the home country or possibly the continent. OTA capabilities can enable maps to be downloaded automatically, and as required, thereby reducing the memory footprint
Consider now the huge opportunity for OTA updates on under-the-hood vehicle systems. Many vehicle functions that were once mechanically operated, such as steering, acceleration and braking, are electronically actuated today. As these functions are critical to vehicle operation, it is essential that they operate with the latest software or necessary updates, as this may have a real impact on safety.
For example, an important use case is software-related recalls or updating software due to a bug. The costs of managing warranty and recalls can have an impact on millions of vehicles and across many geographic markets, potentially costing many billions of dollars for an OEM. The cost per vehicle can be in the hundreds of dollars per vehicle by conventional means, not taking into account the time required to perform the update. However, OTA can dramatically reduce the cost and time of software update implementation, benefitting both the carmaker and their customers.
Although OTA makes it possible to upgrade multiple systems in the car, implementing an OTA system introduces new challenges for carmakers such as security, robust connectivity, bandwidth, and also designing for the infrastructure in different global markets. Specific questions on OTA include software update verification; potential impact on other systems within the car; and unauthorized access to vehicle software. In addition, the potential use of OTA may challenge existing elements of the current automotive industry: for example, potentially reducing customer visits to dealerships can have a significant impact on the dealership revenue model.
To enable real-time data usage, connectivity is a key piece of the OTA puzzle. As updates will need to be properly implemented, today carmakers are performing OTA for select systems such as IVI applications, rather than those under-the-hood. In addition, these OTA updates are being performed in well-controlled environments such as in dealerships where updates can be properly supervised and verified. But over time, connectivity speeds and bandwidth will improve with greater investment in data networks and communications infrastructure in general. Data centers will grow and many of them will be specifically dedicated to specific automotive profiles. In addition, the increasing realization of the IoT – gathering and using real-time and actionable insights from the car and its surrounding environment – will continue to create new value propositions for automotive.
Security is clearly a priority for OTA: as well as the loss of private information, a software hack could compromise non-IVI systems and pose significant safety risks. Securing the car is fundamental challenge for the automotive industry that will be need to be addressed in terms of hardware, software and the cloud, and especially the applications that move between all these.
There are many places along the data connection chain that need to be secured and to follow the appropriate protocol: this begins with the embedded device and goes up to the data center, potentially being hosted by the OEM. Partitioning is a particularly important technology to mitigate risk. At a basic level this means separating critical functions so that accessing one function offers little to no risk to an adjacent function, but it offers significantly more than this. Wind River has a substantial knowledge base in understanding how to partition, transmit/receive and validate data.
An absolute must for security is the development of standards and this will need to involve government agencies, car companies and technology/software vendors. Transit authorities such as the NHTSA are currently in the process of defining standards for safety and security. However, this effort transcends more than just OTA and has an impact on connected vehicles and related issues such as autonomous driving.
To help carmakers meet the challenges of OTA and other next-generation automotive technology challenges, Wind River has introduced the Helix Chassis framework of products (figure 2), which includes offerings such as Helix Cockpit and Helix Drive and provides continued expertise for infotainment, telematics and digital cluster systems; safety-oriented systems including ADAS and autonomous driving; and cloud-based development tools and enhancements for the applications.
Helix Cockpit was designed to meet the intersecting needs of automotive and the IoT and is a GENIVI-aligned and Linux Yocto Project based software platform that helps customers develop IVI, telematics, and instrument cluster systems. It is a flexible, extensible and pre-integrated platform that supports various industry-standard hardware and HMI tools. It can welcome market leaders SOTA solutions such Arynga, Movimento or Redbend. Cockpit also provides access to Wind River Helix App Cloud – a cloud-based software development environment for building IoT applications across multiple development centers.
Additionally, Helix Drive is a software platform based on Wind River RTOS (VxWorks) that helps carmakers develop ISO26262-certifiable safety-critical applications.
The next generation of vehicles will increasingly make use of the software utilities that we already have in our personal connected devices, and OTA is an important enabler to deliver a richer and more user-defined driving experience via automotive-specific applications and better real-time access to information. Carmakers are already beginning to tap into the vast potential of OTA, today primarily focusing upon IVI functionality.
As many of these new IVI technologies are more costly to implement, these are likely to be integrated into higher-end or luxury vehicles before trickling down to higher-volume cars. However, as OTA processes become more solidified and proven, OEMs will migrate to OTA for the implementation of software updates for the more critical under-the-hood vehicle functionality over time, and increasingly across a more diverse range of mass-market cars.
About the author
Stephane Strahm is Director Automotive Product Engineering at Wind River – www.windriver.com