View Categories

System – Defined OTA and Software Update Strategy

A vehicle is a complex network of interconnected Electronic Control Units (ECUs) that must withstand significant environmental variations and have a lifespan far beyond that of a typical consumer electronic device. Therefore, it’s crucial to establish a clear update strategy during the vehicle’s design phase to ensure future updates are compatible with the vehicle’s hardware. This strategy should also define the ‘condition(s) in which updates can take place, robust enough to accommodate changes in the vehicle’s state. Factors such as the vehicle’s charge, whether it’s in motion, and other vehicle properties may be considered when defining the ‘safe state’.

Additional information, can be found here:

“ENISA Good practices for Security of Smart Cars” (ENISA, 2019) R156 “Proposal for a New UN Regulation on Uniform Provisions Concerning the Approval of Vehicles with Regards to Software Update and Software Updates Management System” (UN ECE Software Update and Software Updates Management System)

Main Question

Is there a clearly defined OTA and software update strategy to manage the end-to-end process?

Sub-Questions

  1. Is there a defined vehicle state when updates can and cannot be completed?
  2. Vehicle state: is a robust strategy put in place to manage updates when the vehicle is required in a certain state and partway through the update the state changes?
  3. Location: are certain updates only available at predefined locations, such as the registered address of the vehicle?
  4. Status of network connectivity: do updates require local wireless networks, or can some be installed using a cellular network connection?
  5. Is there an appropriate V&V strategy to check software updates before they are sent out?

References