With the development of smart vehicles in networking, intelligence and architecture technology, there is an irreversible need for software iterative upgrades in both firmware and software. It is required that during the life cycle of the car, the vehicle will continue to be provided with software upgrades, firmware upgrades, after-sales services and other service capabilities based on the car's OTA capabilities. It can be said that the intelligent replacement of cars has become an indispensable mainstream trend for OTA upgrade capabilities.
This article will provide a detailed description of the current needs and regulatory requirements for software upgrades of autonomous vehicles. It is intended to help readers gain an overall understanding of the principles, access requirements and response strategies of the software upgrade process in autonomous driving.
First of all, software-defined cars promote the development and application of vehicle software upgrade technology. Car software upgrades unlock new skills, plug small loopholes, and even push or change personalized configurations for different usage scenarios. As a consensus has been formed on software-defined cars, the risk of software bugs has become a major trend. Vehicle software upgrades can effectively solve software failures, reduce software risks caused by short development cycles through emergency response, and complete the repair of information security vulnerabilities.
Taking the upgrade of the smart driving system and smart cockpit system as an example can well illustrate the principle of the OTA upgrade process and the direction of the data flow. The entire OTA software framework consists of three parts: OTA cloud, multimedia services, and intelligent driving module.
OTA cloud software framework structure mainly includes the following parts: OTA management platform, task scheduling system, upgrade monitoring, version Monitoring and packaging tools package upgrade packages, encryption calculations, signatures, version management, upgrade log reports, upgrade notifications, etc.
The intelligent driving domain (including domain controllers and various sensor components) is iterated through software development. The corresponding software will be packaged into an upgrade package, encrypted, signed and sent to Go to the OTA cloud, and at the same time perform version management locally, record upgrade log reports, and send upgrade notifications to related systems. The software package includes the content to be updated, full or partial, a model, a batch, or a specific group, etc. These packages are placed on the OTA cloud server to start interaction. If a component such as a camera is purely connected to a domain controller, it is necessary to clarify its compatibility with the domain controller before upgrading to clarify the relationship between them. Considering the power of the domain controller module, if there is a need for liquid cooling, the TMS module cannot be upgraded while the domain controller is working during the vehicle upgrade process.
The smart cockpit domain establishes a secure connection between the vehicle and the server through the 4G/5G network to ensure that new, to-be-updated firmware is safely transmitted to each ECU of the vehicle. The main software framework is as follows: obtaining version information, judging and detecting upgrade conditions, uploading upgrade logs to the server, DoIP client, downloading upgrade packages from the service, formulating upgrade strategies, decryption calculation, signature verification, HMI decryption display, upgrade log upload, etc.
The intelligent driving module needs to meet the secure communication of the vehicle, including protocol communication link management and safety authentication. Its main software framework is as follows: upgrade package signature verification, upgrade package progress and result feedback, upgrade package decryption, near miss restoration, DoIP server, 5R1V upgrade, high-precision positioning upgrade, domain controller upgrade, surround view camera upgrade, etc.
The entire upgrade elements include the following:
1) Software upgrade package configuration: Generate the corresponding configuration through the packaging tool File.Config. Then, the configured software package is signed, unpacked, and encrypted for transmission.
2) Software upgrade package packaging: The intelligent cockpit controller parses the received data, decrypts, packages and verifies it; obtains the software upgrade package Compressed package with Config file.
3) Software upgrade package transmission: Read the relevant information in the Config file for communication control interaction, and transmit the software upgrade package to each module of intelligent driving.
4) Software upgrade package delivery: The intelligent driving controller decrypts and differentially restores the software upgrade package, and obtains the software installation package after decryption; finally, use the application The certificate is verified and the self-upgrade task is started.
Secondly, if there is a recall due to software failure, a lot of time and money can be saved. Quickly iterate and improve products and user experience. As software is used more and more widely in automobiles, there are more and more software-related recalls. During this development process, performance changes brought by software will bring many potential quality problems to enterprises. After new energy vehicles are released, the complaint rate is 100%, and 90% of them are software bugs.
Normally, software upgrades can make the original insufficient functions better, while vehicle recalls replace defective items. into or repaired to meet standards and requirements. Therefore, upgrades and recalls are activities to eliminate defects, and return to factory is not a necessary condition. The application of OTA technology through reasonable means can solve the problem in a time-saving, labor-saving and cost-effective manner. It is expected that more and more cars will be recalled in this way.
As a mature industrial product, automobiles need to complete product announcement certification and Licensing and certification of manufacturing companies. The whole vehicle and parts are all fixed, and the software upgrade of the whole vehicle makes everything changeable.
From the overall control of software upgrade, the software OTA process involves cloud security management, OTA connection security management, and vehicle OTA security management Several major items. Among them, cloud security mainly includes server access protection, server attack resistance, server-client authentication, secure storage of upgrade packages, OTA business penetration testing, OTA management platform vulnerability scanning, and OTA business security logs. Secondly, OTA connection security involves Https secure connections, transmission content encryption, APN and other business areas. Finally, car-side OTA security involves car server authentication, upgrade package integrity and security verification, OTA application vulnerability scanning, upgrade package storage security management, upgrade reliability and other aspects.
To some extent, the software upgrade process requires the design and certification of the entire security system: including cloud OTA security design, management-side connection security protection, and car-side OTA security Reinforcement, supplemented by rigorous performance testing, can ensure product reliability and safety.
Advanced intelligent driving vehicles In order to realize the admission of intelligent driving vehicles from a practical level, from the current admission From the perspective of the guidelines, it is necessary to focus on the specific requirements and implementation measures of software upgrades in the actual application process. This is because many new forces often do not have a thorough understanding of the real rules and requirements for software upgrades at the beginning of the design, and abuse upgrades without security control during software version releases. The various software upgrade regulations and access guides that are currently emerging regarding software upgrades provide timely guidance for software upgrades. It will bring more advantages to software upgrades from the following aspects.
In the Chinese market, as of 2019, there have been 213 recalls involving program or software issues, involving 6.8302 million vehicles. Accounting for about 9% of the total number of recalls → There is an obvious upward trend in recalls caused by software.
In order to quickly launch products, some car companies in the current market are launching unfinished car products into the market → deceiving consumers through OTA and using excuses such as upgrades to undermine their own products. to prevaricate, confuse or even cover up the facts of the recall.
Based on the above description of the current situation, the State Administration for Market Regulation issued the "Notice on Further Strengthening the Supervision of Automotive Remote Upgrade (OTA) Technology Recalls" on November 25, 2020. , strive to realize the key point of supervision of OTA: to introduce effective policies and methods to identify the difference between recall and upgrade. This is to prevent OEMs from eliminating defects through OTA and covering up the fact of recalls.
Automobile manufacturers that use the OTA method to carry out technical service activities for sold vehicles should follow the "Defective Automobile Product Recall Management Regulations" and the "Defective Automobile Product Recall Management Regulations" According to the requirements of the Implementation Measures of the Product Recall Management Regulations, it must be filed with the Quality Development Bureau of the State Administration for Market Regulation. OTA technical service activities have been implemented on January 1, 2020, and manufacturers should have completed the corresponding supplementary filings on December 31, 2020.
In addition, on April 15, 2022, the Equipment Industry Development Center of the Ministry of Industry and Information Technology issued the "Notice on Carrying out Online Upgrade Filing of Automobile Software", which clearly stated that the applicant for software upgrade should be the automobile Vehicle manufacturing company. And the upgrade process should complete a series of requirements such as corporate management capability filing, vehicle model and function filing, and specific upgrade activity filing as required. Interpreted, it means that the state's supervision of software upgrades will be more stringent. If subsequent OEMs want to learn from Tesla, the strategy of upgrading first and optimizing later may be a big obstacle.
For software upgrade regulations, the European standard UN/WP29 can be fully applicable to M with software upgrade function International regulations for vehicles such as Class (passenger cars), Class N (trucks), Class O (trailers), Class R (trailers), Class S (tractors), Class T (agricultural vehicles), etc. For the intelligent driving market layout, the applicable scope of regulations for software upgrades is summarized as follows:
For software upgrades, the part stipulated in regulations involves stakeholders (car manufacturers, technical service departments, supervisors department) responsibilities. Software upgrades cover information security, certification compliance, and functional safety requirements. The specific process and steps of software upgrade mainly include vehicle type approval application, SUMS certificate, RX software identification number (RXSWIN) and other major aspects. The above contents are intended to meet the security and reliability requirements of software upgrades.
Intelligent Connected Vehicle Access Guide It is a guideline and standard for how various OEMs currently hope to have their autonomous driving functions recognized. It involves aspects such as functional safety, information security, software upgrades, data recording, simulation/real vehicle testing, etc. Software upgrades mainly include corresponding development content specifications for management systems, standards and specifications, upgrade impacts, testing and verification, adaptability, traceability, notification obligations, and security. A comprehensive summary of the corresponding management requirements and testing requirements is shown below.
For each car company, it is necessary for each company to establish an OTA management and operation system and organization as soon as possible , actively cooperate with the state in supervision and management. To build a complete OTA security system, the process system comes first. Strictly control the software development and delivery system, and conduct verification, release, filing, process supervision and emergency response of the whole process and life cycle management to ensure the safety, reliability and system efficiency of software development. Form a complete OTA vehicle integration testing capability, simultaneously develop functional safety and information security testing capabilities, and form a testing and acceptance plan for OTA functional safety and information security.
This article briefly explains the advantages, difficulties and specification requirements of software upgrade in the design and development of autonomous vehicles. Big aspects. For intelligent driving development, only by understanding the important technical advantages of software upgrades can we devote more energy to the challenges brought by software upgrade technology development and safety management, and can we clearly understand how to make better use of the specifications and standards involved in software upgrades. , regulations and other content to better develop software packages suitable for smart cars. Therefore, understanding this process will make the overall software upgrade process less tricky.
The above is the detailed content of Analysis of software upgrade technology management and regulatory strategies for autonomous vehicles. For more information, please follow other related articles on the PHP Chinese website!