Updating Car ECUs Over-The-Air (FOTA)

Updating Car ECUs Over-The-Air (FOTA)

Technology News |
By eeNews Europe

As the amount of software in automobiles grows, so too does the need to effectively manage that software asset. The telecom industry has a proven solution for remotely updating software on mobile devices. The technology is called Firmware Over-the-Air (FOTA) updating. All major mobile phone manufacturers and tier one operators have adopted FOTA successfully, performing more than 100 million updates per year with the benefit of providing new features and performance improvements, reducing customer care costs, avoiding product recalls, and increasing consumer satisfaction.

Today’s automobile contains many complex electronic systems; each may incorporate a large number of Electronic Control Units (ECUs) performing a single function and communicating via a common bus/network. In 2009, Prof. Manfred Broy of the Munich Technical University stated that in a premium class automobile there are close to 100 million lines of software code, compared to the F-35 Joint Strike Fighter with 5.7 million lines or with the Boeing 787 with about 6.5 million lines. In addition, Prof. Broy states that “the cost of software and electronics can reach 35 to 40 percent of the cost of a car.” Present day automobiles typically contain more than 60 ECUs such as the audio system, brake system, doors, lighting, engine, transmission, batteries, and more. The embedded software package size now amounts to tens of megabytes for engine and transmission controllers, while audio/infotainment systems are usually the largest and most complex software units, often exceeding 100MB.

Slow, Expensive, Complicated: How Updates in Vehicles are Performed Today

There are many control modules in a vehicle, most of which are interconnected over some form of vehicle network interface (CAN, MOST, LIN, FlexRay). However, only a select few will have access to external cellular or Wi-Fi networks, typically the infotainment head unit or Telematics module. It is possible to use an externally connected module as a gateway for updates, where firmware updates for other modules are received by this gateway module and then transferred to the appropriate module over a vehicle network. In any case, each of the vehicle control modules will potentially be subject to updates.

There are several use cases today for updating automobile software: because of recalls (mandatory or voluntary) or customer complaints, during scheduled maintenance or when delivering new features and applications.

The recall case is the most common, and it begins with a vehicle manufacturer finding a problem with the vehicle functionality. The affected functionality can be fixed by changing software in one of the vehicle’s ECUs. The appropriate ECU supplier is then requested to provide a new release. The supplier ships the software release to the Original Equipment Manufacturer (OEM), which tests it for quality assurance (QA). After that, the OEM notifies the dealers and owners of the recall via mail. The OEM sends the new software version to the dealers on a CD by mail as well. The dealer updates the reprogramming (serial communication) tools with the content from the CD. The vehicle owner drops off the vehicle at the dealer shop and the technician starts connecting a serial communication tool to the in-vehicle bus to access the targeted ECU. After performing the update and checking the targeted ECU for the new software version to make sure proper re-flashing happened, the customer picks up the updated vehicle und the dealer charges the OEM for the recall labor.

Fig. 1: Software update process: Over-the-Air vs. CAN bus (Image: Vector)

The update duration changes significantly depending on the module size and the speed of the serial protocol; however due to a lot of overhead, dealers are charging 1-2 hours of labor for such activity. There are some car models where the update can take more than 2 hours. It should be noted that programming tools are rather expensive, so there is a limit to the number of simultaneous re-programming.

Advantages and Disadvantages of the current Software Programming via Cable

There are limitations and constraints with current software distribution and software update processes:

  • Any update is distributed to all dealers. This takes time and resources. It may also cause delays in getting the latest software to the vehicles. In addition, all dealers need to maintain a software version library, which consumes resources.
  • The download process and the manual setup take a long time, resulting in higher cost of labor, inconvenience, and customer dissatisfaction. Due to this long duration, the consumer needs to drop off the vehicle and return later to pick it up – a major inconvenience.
  • The process cannot be scaled or preformed in parallel, as it involves a physical equipment connection.
  • Some existing re-flashing methods require sequential updates, meaning from version 1 to 2 to 3, which can make the entire update process longer.
  • Sometimes (for off-highway vehicles), the re-flashing equipment needs to be mobilized to the vehicle.
  • It may take a long time from when the customer is notified to the time the vehicle is actually updated. Many customers do not respond to recall notices. For older vehicles, the OEM may not have the latest vehicle owner information, meaning some vehicles never receive needed updates. Conducting a successful recall depends on the customer cooperation.
  • Reprogramming of the ECU is performed manually.
  • The customer becomes aware of the problem and overall customer satisfaction decreases.

Of course, there are also some advantages to the current reprogramming (cable-based) method:

  • While FOTA is gaining wide acceptance for new automotive platforms, it will take few years until FOTA is a widely adopted solution in the automotive industry.
  • Reprogramming is performed in the controlled environment.
  • The vehicle is not moving and it is under technician supervision while the reprogramming occurs.
  • This methodology is proven and it has worked in the past.
  • Any problem that occurs has more chances to be detected immediately by a trained technician.
  • Vehicle wired serial communication protocols and algorithms for reprogramming are proprietary and closed source by nature. As such, protocols provide an added layer of security against unauthorized software changes.

Fast, Effective, Cost-efficient: The Firmware Over-The-Air (FOTA) Update Technology

The current method of updating software in cars was suitable when the amount of software was minimal. Now that software has become vital to the operation and feature-set of cars, the method of software updating must be improved.

It is clear that performing the update in the customer location and not in the dealership represents a better and more optimized method in term of cost savings and user experience. However, it can introduce some potential procedure challenges such as how to make sure that the car will not be driven in the middle of the update. Therefore, FOTA adoption in the automotive industry will take more time to become fully operational.


Fig. 2: FOTA update process architecture

The FOTA update process comprises three primary stages: generating the update, managing the delivery of the update, and performing the update.

Generating the Update Package

To perform a FOTA update, a software update package containing defect fixes or new features must be generated. In order to make this package as small as possible (in general it is less than 5% of the original size), the update package includes only the changes (also referred to as the “delta”) between the version that already exists on the ECU and the new version being deployed to the vehicle. This update package is typically generated by the owner of the software, most often a tier I vendor.

Managing the Delivery of the Update Package

Once generated, the update package is published to a distribution platform. In the mobile industry, this platform is managed by either the mobile phone manufacturer or the network operator. In automotive, this platform is managed by the OEM. This platform manages the various versions of the update packages and handles the actual network delivery (download) of the packages to the appropriate vehicle model and specific ECU. There are typically multiple versions of update packages, each intended for particular vehicle models and configurations. This portion of the process can be an integral part of an overall Telematics or over-the-air (OTA) diagnostics system.

A centralized software package repository is used for the FOTA use cases, which are described below. This centralized repository replaces the distribution of software updates to the various dealers. It significantly reduces the Time-To-Market (TTM) of any new software version. This system is also responsible for the delta package delivery to the device. There are several ways to perform such a delivery. In mobile, most market players use a standard protocol developed through the Open Mobile Alliance Device Management (OMA-DM) organization.

Performing the Update

In this third stage of the process, the downloaded update package is used to perform the actual update (re-flashing) of the original software image. The update package and the FOTA update software necessary to perform the update occupy a small amount of memory allocated within the embedded device in the vehicle (to address the challenges associated with the limited memory resources). In this stage, the FOTA update software validates that the correct update package has been received and that the update process has been successfully completed. It is important to mention that the FOTA updates do not need to be sequential and can support any-to-any software version update.

FOTA – The Technology of the Future

The car industry is going through the same trend that the mobile industry experienced eight years ago, where the need to maintain the increasing amount of software is forcing the industry to look for new, more efficient, and more cost-effective methods. Updating car ECUs has become a mandatory operation. The current mode of doing an update is costly, not customer friendly, and not flexible enough to cope with the rapid changes that are happening in the car industry.

FOTA technology is a proven, safe, and cost-effective method for OEMs and car manufactures to manage the car software evolution, which is turning the car from iron driven to code driven. FOTA can help auto makers to save time and costs, mitigate risk, and attract and retain customers. In addition, this can enable car manufactures to establish new ways of up-selling services and deliver new features and applications to consumers throughout the car lifecycle.

Changing the existing update methodology to FOTA should be gradually performed. With the experience and lessons learned in the telecom industry, this migration can be smooth and successful for the automotive industry.

About the Author:

Rudolf von Stokar has been active since 14 years for innovation-driven software companies in the automotive industry. Over the past years he worked with most automotive OEMs and numerous suppliers on the implementation of specific solutions. At Red Bend Software, von Stokar oversees the recently launched German subsidiary.

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News


Linked Articles