The FOTA approach shall introduce a generic mechanism to update ECU software during runtime. While the current ECU software is executed and fully available from functional point of view (e.g. during driving), a new ECU software shall be downloaded in the background (download & installation phase). At the time of the download, which can be interrupted and continued over several driving cycles, the authenticity and integrity of the new SW shall be verified. In case of positive verification results, the ECU shall be able to activate the new software(installation). The activation of the Software shall always require a special ECU mode (e.g. boot), hence the activation of new Software must not be started or even executed while driving. The activation shall be done in a vehicle safe-state, e.g. standstill, engine off and applied parking brake. In case of detected anomalies or errors after or during activation of the new Software, the ECU shall be able to realize an ECU internal rollback to previous Software. ECU internal rollback implies the approach, that the previous Software is still present on the ECU and can be re-activated.

The FOTA concept can be implemented in the following ways:

1. FOTA Server Authoring / Campaign Orchestration (outside the vehicle)

2. FOTA Master ECU (in vehicle)

3. FOTA Target ECUs (in vehicle)

AVIN provides complete FOTA solutions for FOTA Master ECU and FOTA Target ECUs. AVIN effectively integrates customer proprietary FOTA Server or open source FOTA Reprogramming Management Servers such as Hawkbit.

AVIN Solutions are further explained below:

 FOTA Master ECU

AVIN Systems offers complete FOTA solution for FOTA Server. The FOTA Server is typically part of Connectivity Control ECU (CCU) which communicates with outside world through Ethernet / WIFI / 4G /5G. The CCU uses a High-Performance Computing (HPC) HPC Controller.

The key component of the FOTA Server is UCM Master which is AUTOSAR Adaptive Platform Functional Cluster.

AVIN provides the following FCs / components of Adaptive Platform as services.

• UCM Master

• UCM

• SM

• CM

• EM

• Diagnostic Communication (customized)

AVIN develops the following components as services based on customer specific needs.

• Flashing Adopter (D-PDU API)

• Driver Interaction

• Vehicle State Manager

• OTA Client

• Delta Installer (based on open source)

FOTA Target ECU

AVIN provides complete FOTA Solution in the Target ECUs as services.

The new download image data is received through CAN or Ethernet via appropriate vehicle communication bus (Ethernet / CAN). The DCM download services are used to receive the same and stored in a buffer location. The FOTA Handler CDD uses NVM services (or Bootloader with FOTA capability) flashes the ECU whenever the vehicle is static.

The FOTA Handler CDD can be developed based on customer specific needs.