Automotive vehicles are a unique case study for over-the-air (OTA) updates with immense complexity and greater safety stakes than other types of products. While delivering OTA software updates to vehicles is quite similar to any other type of connected device at a very high level, there are certain aspects of automotive products that make them more advanced for OTA updates. Diving into the requirements and key challenges for OTA software updates in vehicles illuminates not only how OEMs and Tier 1s can implement this critical infrastructure today, but also how to strategize for future support and innovation.
Nearly every vehicle sold today and over the past decade has a method to update some components of the vehicle. Most commonly, certain electronic control units (ECUs) — basically a small, function-specific computer — are updateable with a physical cable connection by an OEM technician during physical service at an OEM location.
Remote OTA updates, on the other hand, are quite limited in scope. OTA updates started with vehicle infotainment systems (or displays). Infotainment systems represented an easy and low risk OTA update application while offering high consumer visibility and directly improving the customer experience.
However, neither of these update mechanisms — onsite or limited remote — provide much value compared to a software-defined vehicle enabling updates for every ECU. Whole-vehicle updates, as envisioned in software-defined vehicles, will unlock powerful new offerings by completely re-configuring the vehicle functionality. For example, an electric vehicle could receive drive range differentiation or optimization solely through software configuration. The possibilities are endless.
Which begs the question: why aren’t OEMs doing this already?
Challenge #1: The ECU sprawl
Automotive OEMs rely heavily on an ecosystem of special-purpose components and ECUs. Evident in recent years, when supply chains tightened, chip manufacturers did not prioritize making the relatively low-volume, special-purpose chips for specific automotive models. In turn, the chip shortage led to OEMs being unable to manufacture their vehicles. OEMs could manufacture 99% of the vehicle, but lacked the critical and special ECUs to finish the job.
Today, a modern vehicle consists of around 100 ECUs — a number which has increased over time. Fortunately, given the supply chain shock and clear supply chain risks, it is likely the ECUs will be consolidated to provide several functions on the same chip (e.g., run both the infotainment system and dashboard) and the number of required ECUs will decrease in coming years. Consolidating ECUs should also, in turn, reduce the costs and risks to manufacture each vehicle.
However, in the meantime, the reality is that every vehicle consists of a large number of different types of ECUs. ECUs must be managed throughout the vehicle’s warranty period. Therefore, each ECU should be supported by an automotive-grade over-the-air (OTA) update system.
Challenge #2: Varying support for OTA updates in ECUs
Automotive ECUs vary across the spectrum in terms of their ability to support OTA updates. Some ECUs cannot be updated at all; the firmware is simply hardcoded on the device. In other cases, the OTA mechanism needs to be customly implemented, and yet, other ECUs include some kind of interface to be updated, such as over Unified Diagnostic Services (UDS). Even when an update mechanism is present, the capabilities of the ECU OTA must also be taken into account. For example, is the ECU OTA system able to roll back to the previously working version if the installation fails for any reason? Does the included OTA system support cryptographic signature verification?
The steps to update a given ECU varies greatly, and also needs to be supported by the OTA update system.
Challenge #3: Varying ECUs by model years
“Continue this approach with the 2021, 2022 and 2023 models, and the ECU complexity increases exponentially.”
Adding to the ECU complexity, each model year of a vehicle may switch out one or more types of ECUs, for example, due to unreliability, unavailability, or identifying a lower-cost option.
Now, imagine a vehicle has a hundred ECUs in the 2019 model year. In the 2020 model year, five of the ECUs are switched to a different revision. So now, the 2020 model year has ninety-five of the same ECUs as the 2019 model year, but five that are different. Continue this approach with the 2021, 2022 and 2023 models, and the ECU complexity increases exponentially.
Therefore, the OTA update system must not only take into account the vehicle model, but also the model year.
Vertical software dependencies
Vertical software dependency management is simplest to understand. Simply, it must be possible to update a single ECU from its current software version to the new one. But why wouldn’t that be possible?
There are cases, in particular when there is a long time lapse between the development of the different ECU software versions, where the new version cannot be simply installed directly. For example, a new configuration format was introduced between versions, which requires some data migration before the new ECU version can “understand” its configuration.
Typically, in these cases, ECUs need to be updated through intermediary versions. For example, instead of going directly from version 1 to version 5, the ECU will need to be updated to version 1, version 3, and then, finally, version 5. So in this example, version 5 vertically depends on version 3.
The only scope for vertical dependency management is the single ECU you are installing on.
Horizontal software dependencies
Horizontal dependency management means dependencies between different ECUs with respect to software versions. Basically, for a given version of software for a given ECU type, other ECUs must also be on a minimum version for the vehicle to function properly as a whole.
As a simple example, if a new communication protocol is introduced into the vehicle, then all the ECUs using this protocol must also be updated. One cannot simply update a single ECU because this can lead to unpredictable and unsafe failures as the ECUs no longer fully “speak the same language.” Complicating dependencies further, one must also roll back all relevant ECUs if one ECU update fails to install properly for any reason.
Thus, horizontal dependency management places requirements on which other ECUs must be updated if a given ECU is updated.
As you can see from the diagram, managing horizontal software dependency, sometimes also referred to in context of software configuration management is complicated with just a few ECUs. However, once you have a real production vehicle with up to 100 of ECUs managing the software dependencies grows with exponential complexity and becomes impossible to solve manually. Therefore, any production-grade OTA software update system must have support for horizontal dependency management in order to be scalable and avoid wasting time.
Software configuration management (SCM)
It is clear: deploying OTA software updates to vehicles is complex and requires a robust OTA update system to be done consistently — so ECUs are updated in a way that the vehicle as a whole functions correctly.
At a high level, this problem is sometimes referred to as vehicle software configuration management, or simply, configuration management. Both terms fit because the vehicle can be viewed as a mix of different ECU software versions, and then, the task of the OTA update system is to “configure” the vehicle with the correct, compatible software versions and install them in the right order.
SCM is in-scope for a full OTA update system
Although some vendors claim this SCM problem is not in-scope for their OTA update system, there is clear overlap. In denying the connection between SCM and OTA updates, vendors avoid providing a full solution and push more responsibility onto the OEMs.
This pattern – delineating scope to avoid solutions – is a very common problem for OEMs. Therefore, OTA update vendors should be solving it instead of avoiding it.
Designing for vehicle SCM in mind
Although there are many details to get right in solving vehicle software configuration management, there are two design principles that naturally fit this scenario.
Desired state is the first design principle. Desired state means that OEMs should only worry about which version(s) a given vehicle model should ultimately be running. The OTA update system should manage the path to transition an actual vehicle from its current version mix to the desired one.
Edge processing is the second principle. Somewhat implied by the first, there must be significant intelligence within the vehicle to discover, compute, and carry out correct upgrade paths. It will not be possible to do this in a reliable way by using server or cloud-side components only, mainly due to lack of robust network connectivity. Intelligence needs to be at the edge.
Pioneering the Future of Automotive Excellence:
Embrace the Power of Software-Defined Vehicles
The road to the future is paved with innovation, and the automotive industry is no exception. As technology advances and customer expectations soar, automotive OEMs face the challenge of delivering cutting-edge solutions that redefine driving experiences. The key to unlocking this potential lies in embracing the transformative power of software-defined vehicles - a realm where possibilities are limitless, and vehicles become more than mere machines.
This white paper dives into the intricacies of over-the-air (OTA) updates for software-defined vehicles, exploring the complexities that come with managing software in the automotive landscape. There are the challenges posed by the ECU sprawl, varying OTA update support in ECUs, model year complexities, and the critical task of managing ECU software dependencies. These hurdles are significant but can be overcome with the right approach and solutions.
Imagine a future where vehicles receive whole-vehicle remote OTA updates, enabling seamless customization and optimizing functionalities to match each customer's preferences. A software-defined vehicle empowers OEMs to offer personalized driving experiences, enhancing customer satisfaction and loyalty.
The next step in this journey of automotive excellence is to collaborate, innovate, and forge ahead as an industry. Automotive OEMs and innovative, best-in-class technology, possess the power to shape the future together. By pooling collective knowledge and experience, an ecosystem is created that fosters open-source solutions, streamlines OTA updates, and simplifies the complexities of software management in vehicles.
At the heart of this transformation is the spirit of innovation and collaboration. It’s time to overcome the challenges and pioneer the future of automotive excellence. By embracing the power of software-defined vehicles, the industry opens doors to a world of opportunities, where vehicles evolve beyond expectations and redefine the driving experience for generations to come.
Watch Duty case study
IoT Show: Get robust IoT devices OTA updates with Mender & 1NCE
