Modern-day cars do not seem to have changed much in appearance when compared to the cars of yesteryears. However, under the hood, you will uncover a completely different story!
While tracing the evolution of an automobile over the years, you will find that there has been a dramatic change in components and functionalities. Today’s cars are governed by electronic control units (ECUs) that have replaced mechanical components with miraculous efficiency.
With advancements in vehicle technology, safety critical elements such as Advanced Driver Assistance Systems (ADAS) have been introduced; and these components demand higher system complexity.
Such complex systems really need efficient inter-processor communication protocols and safety mechanisms. Hence, automotive ECUs in today’s cars communicate with each other over various networks such as CAN, FlexRay and Ethernet and share data at lightning speed to facilitate complex safety-critical activities. For the Automotive ECUs to work efficiently and be always updated with the latest firmware, OTA update must be enabled in a reliable and secure manner.
In this blog, we explore the importance of remote software update for ADAS applications and the right way to do it.
What is OTA Update for Automobiles?
Over the Air (OTA) update is an inherent part of connected vehicle technology, and it enables the vehicle to receive ECU software updates from the connected IoT ecosystem and cloud.
Using this transformative technology, automotive OEMs can reduce recall possibilities by improving product quality through feature enhancements and boosting operational efficiency of vehicle parts.
Complex systems such as ADAS use multiple sensors to recognize the surroundings of a car. Such systems also utilize complex machine learning algorithms for functioning.
Additionally, these systems can often take control of the vehicle on behalf of the driver. This implies that the steering, acceleration and braking might be performed automatically. This makes ADAS a highly safety-critical (ASIL D) subsystem of the vehicle. And update of safety critical applications should be done with extreme caution.
Key Requirements for OTA Update on ADAS Subsystem
In ADAS subsystems a combination of sensors connected to engine control units gather data that can be used to perform certain tasks. Such functionalities are also rigorously tested by OEMs in order to ensure that all the interconnected devices work properly in tandem.
- In the event of OTA update on an ADAS subsystem, it becomes necessary to ensure that the complete update is performed on all components at the same time. If some of the components are completely updated while others have pending updates, there can be massive safety risks with the ADAS subsystem.
- Reducing the time for software update is another crucial aspect to bear in mind. To accomplish this, OEMs have been using the technology of differential update. This implies that after software is rewritten, only the differences between the new program and the old program are sent to the ECU, instead of the complete updated program.
- Some ADAS components can be updated while the vehicle is in motion. On the other hand, several other ADAS components should be updated very carefully, and only while the vehicle is parked. This makes it necessary for the OEMs to define certain policies around the state of the vehicles for the installation of updates on critical ECUs.
- Another important aspect to consider is the security of Over the Air updates. An end-to-end security mechanism should be in place, complete with authentication and encryption procedures.
Let us take the example of an ADAS application that consists of a camera and a radar. It is necessary for the OTA update to be successfully executed on both the camera and radar together. In the event of update failure on either the camera or the radar, the ADAS subsystem should revert to the last verified state.
Differential updates are significantly smaller than the complete software update. Some ECUs may have limited memory capacity; so, the differential update technology is perfect for such use cases.
Consider the example of OTA update on navigation functionality. The update can run in the background while the vehicle is being driven. However, if an OTA update is pending for the braking ECU, it is important that this update is executed when the vehicle’s engine is off.
During Over the Air update, an OTA object (new software code) from the automotive OEM’s cloud server is passed to the vehicle (the client). The client must verify the server’s identity and also check that the object is received without any tampering. The object should then be protected by the client and stored for update at a suitable time, based on the policy.
From the above examples it is evident that the OTA update functionality for connected vehicles is far more complex than consumer devices such as mobile phones. The presence of multiple sensors and safety critical components in ADAS subsystems makes it necessary to employ multi-ECU OTA update solutions that orchestrate the process smoothly.
Final Thoughts
OTA update offers a multitude of benefits to OEMs and vehicle owners alike. While Over the Air update feature facilitates more reliable ECU updates, it also eases the burden of vehicle owners as they are not expected to drive the car to service stations each time for the upgrade.
OTA update feature also reduces the overall cost of automotive ECU update.
However, this functionality can pose a lot of challenges to OEMs as they are required to find suitable rollback mechanisms to ensure safety, reduce the downtime during software update and avoid adversely impacting the subsystem during the update itself.
These challenges can be mitigated by collaborating with a trusted OTA update solution provider with ample experience in developing such platforms.
