When Automotive Electronics was in its nascent stage, software engineers had not fully utilized the capabilities of a Flash Bootloader software. One Flash Bootloader design doesn’t fit the bill for different business use-cases & automotive applications.
https://www.embitel.com/blog/embedded-blog/different-types-of-flash-bootloader-that-facilitate-ecu-reprogramming
2. Embitel Technologies International presence:
At the point when Automotive Electronics was in its incipient stage, programming engineers had not completely used the
abilities of a Flash Bootloader Software.
The requirement for firmware or application update was not mission-basic, due to not really complex highlights and
frameworks.
Quick forward to the time of Connected Cars, Infotainment, ADAS and Telematics applications, and the requirement for
successive programming refreshes can't be downplayed. Also, who engages these product refreshes? It is your humble Flash
Bootloader Software!
The multifaceted nature of the car applications has additionally implied that one kind of Flash Bootloader arrangement isn't
the best fit for all the business use-cases.
Odds of memory debasement and security dangers has prepared for advancement of development of flash bootloader
solution that contrast dependent on their innovation engineering, safety efforts and availability highlights.
Before we talk about these extraordinary kinds of flash Bootloader, allows first build up their need with regards to changing
car gadgets scene. Each situation will be followed up by the kind of Bootloader, which is intended to relieve the referenced
test.
3. Embitel Technologies International presence:
Scenario 1: An Instance of Memory Corruption by the Flash Driver
Solution: A Bootloader with External Flash Driver
The solution for this issue is to ensure that your Flash Bootloader design doesn’t have an integrated Flash driver.
Instead, the flash driver is loaded inside the Flash Bootloader, only when the ECU reprogramming command is sent by the
external flashing tool.
It implies that at every instance of the ECU flashing, these steps will follow:
• Request for re-programming comes from the external ECU flashing tool
• Flash driver (A small binary file) from the external tool gets downloaded to the Bootloader’s RAM
• Read and Write function is performed by the Bootloader to flash the ECU
• After the re-programming is completed, the flash driver is deleted from the RAM of the Bootloader
Why Use Different Types of Bootloaders? The Scenarios and the Solutions
4. Embitel Technologies International presence:
Scenario 2: Security Threats in ECU Reprogramming
The external ECU flashing tool communicates with the Bootloader over CAN bus. Hence, it is highly likely that the
communication can be hacked and the entire ECU be re-produced.
Some more serious security threats can be:
• Alteration of the firmware image that is being updated
• Reverse engineering of the firmware
• Loading of the unauthorized firmware version in the ECU
Solution: Encryption-Decryption Enabled Bootloader
• Encryption-Decryption Algorithm
• Protocol-level Security Measures
5. Embitel Technologies International presence:
Scenario 3: Flash Bootloader Application Update
So far in the blog, we have discussed only about the ECU application update using the Bootloader. However, the Bootloader
application may itself require some software update time to time.
Solution: Bootloaders with Primary and Secondary Blocks
These specialized Bootloader solutions have a separate block for the purpose called the secondary block. The role of
secondary Bootloader is limited to updating the Bootloader application.
Following is the sequence of Flash Bootloader Application update:
• The external Flash Tool for the ECU (Electronic Control Unit) sends an update command to the Bootloader; Primary
Bootloader receives it
• If the update is for the Bootloader application, the control is shifted to Secondary Bootloader
• The Secondary Bootloader erases the primary Bootloader and writes the new firmware package
• New application is verified and control is again shifted to the Primary Bootloader
6. Embitel Technologies International presence:
Scenario 4: Remote Firmware Upgrade
There are more than several hundreds of ECU applications, which run inside the vehicle. Imagine taking the
vehicle to the service station for updating all such applications. It will be a nightmare for the customers and
even for the OEMs.
They will need to increase the number of service stations and also add more people to their workforce. So
what’s the solution?
Solution: Bootloader with Firmware Over-The-Air Update (FOTA)
A Bootloader with the capability to receive firmware over the Ethernet. Such bootloaders are equipped with
a FOTA module that receives, verifies and execute the update over the air.
7. Embitel Technologies International presence:
Scenario 5: Automotive ECU Application gets corrupted
At ignition, the Bootloader checks the integrity of the control unit application using the Check-sum
calculation and other methods.
If any discrepancy is found, the application is not run and the process is aborted. For critical applications
such as Electronic Stability Program or ABS, failure of application execution can cause serious malfunctions.
Solution: Bootloader with a Golden Image (Clone Image)
There is a golden or clone image of the application stored in the Bootloader, as an auxiliary application
block.
If an issue is found in the existing application, the Bootloader shifts the control to the clone image of the
software and the application need not be aborted. For critical applications, such Bootloader is a life-safer.