product information flash bootloader and accessory bootloader/docs... · reprogramming is executed...

Flash Bootloader

Product Information

Flash Bootloader

2

Table of Contents

1 Flash Memory Programming ..................................................................................................................................................... 3

2 Flash Bootloader - ECU programming via CAN, LIN, FlexRay, MOST and Ethernet ........................................................... 3

2.1 Overview of Advantages ........................................................................................................................................................... 3

2.2 Application Areas ....................................................................................................................................................................... 3

2.3 Functions..................................................................................................................................................................................... 4

2.4 Configuration ............................................................................................................................................................................. 4

2.5 Scope of Delivery........................................................................................................................................................................ 5

2.6 Availability .................................................................................................................................................................................. 5

3 Options ........................................................................................................................................................................................ 5

3.1 Option Security (Crypto) .......................................................................................................................................................... 5

3.2 Options for Fast Flash Programming ...................................................................................................................................... 7

3.3 Option Bootloader Updater: Quick update of the Flash Bootloader .................................................................................... 8

3.4 Option XCP: Flashing with XCP during ECU development .................................................................................................... 9

3.5 Option EEPROM Emulation Module (EepM) - EEPROM Emulation in Flash Memory ....................................................... 11

4 The programming tool vFlash ................................................................................................................................................. 12

4.1 Overview of Advantages ......................................................................................................................................................... 12

4.2 Application Areas ..................................................................................................................................................................... 13

4.3 vFlash Bootloader Support ..................................................................................................................................................... 13

V2.1 08/2017

Please consider your responsibility towards the environment before printing this document.

Flash Bootloader

3

1 Flash Memory Programming

Today, systems for downloading software to ECUs are used in all phases of ECU development. Vector offers a number of

software solutions to meet various requirements:

> Flash Bootloader for the bus systems CAN, LIN, FlexRay, MOST and Ethernet

> Data encryption, validation, authorization and authentication with the option “Security”

> Faster flashing with the options Data Compression, Pipelined Programming, pipelined verification and Delta Download

> Replacing the bootloader using the “Bootloader Updater”

> Flashing via XCP during development

> EEPROM Emulation for optimized usage of flash memory

> PC-based flash tools

Figure 1: The Flash Bootloader in the context of the MICROSAR Basic Software

2 Flash Bootloader - ECU programming via CAN, LIN, FlexRay, MOST and Ethernet

2.1 Overview of Advantages

> Efficient and reliable reprogramming of ECUs – without having to remove the ECU

> Low memory requirement in the ECU

> Available for most OEMs and many microcontroller platforms

> Proven flash solution based on more than 10 years of use in numerous development and production projects

2.2 Application Areas

The Vector Flash Bootloader is a universal solution for the reprogramming of ECUs during development, while in production

or while in service. It conforms to the specifications of automotive OEMs and is continually coordinated with them.

Flash Bootloader

4

Reprogramming is executed with a flash tool such as vFlash from Vector. Scripts needed for vFlash are supplied with the

Flash Bootloader.

The Flash Bootloader permits programming on single or multi-processor platforms. It includes the option for programming

different memory types connected either internally or externally. Due to its low memory requirement, the Bootloader is also

well suited for microcontrollers that have limited resources.

2.3 Functions

The flash download is executed according to OEM requirements using either the KWP2000 or UDS diagnostic protocol. The

Bootloader contains the communication stack needed for the specific bus system.

2.3.1 The flash procedure

The Bootloader is stored in a protected ECU memory area and is started as the first software instance in the boot phase

after a reset. It then checks whether a flash request or valid application software exists. If the ECU is to be reprogrammed,

the Bootloader starts reprogramming and - after verifying access authorization - loads the flash driver from the bus system

to the ECU’s RAM memory if needed. Then it erases the old ECU software and programs the flash memory with the new

data it receives over the bus system. A validation of the ECU software is performed after the data transfer. If the flash

procedure is interrupted, it can be repeated at any time.

2.3.2 Bus-specific communication stack

The communication with the flash tool is carried out via the bus-specific communication stack. Hereby, the Vector Flash

Bootloader supports all bus systems: CAN, CAN-FD, LIN, FlexRay, MOST and Ethernet.

2.3.3 Flash driver

The Flash Bootloader includes a flash driver that matches the hardware platform. It contains system-based routines for

reliably erasing and programming nonvolatile memory chips. All Vector flash drivers have low resource requirements, and

they conform to the HIS flash driver specification.

2.4 Configuration

You configure the Bootloader with the DaVinci Configurator Pro or the GENy configuration tool, adapting it to the specific

requirements of your application. Further modifications and extensions are possible using callback functions.

Figure 2: Configuring flash blocks with GENy

Flash Bootloader

5

2.5 Scope of Delivery

> Bootloader as configurable C source code

> Flash driver for your specific hardware platform

> GENy configuration tool

> Flash scripts for controlling the download process

> HexView for preparing flash data and containers during development

> Documentation

2.6 Availability

The Flash Bootloader is available for many commonly used microcontrollers and in OEM-specific variants. For more

information go to www.vector.com/fvd/ or contact us.

3 Options

The following functionalities are available as options for the Vector Flash Bootloader:

> Security (Crypto): Protection against manipulation for ECUs with sensitive vehicle data

> Quick programming of ECUs through data compression, pipelined programming, pipelined verification and delta

download

> Bootloader Updater: Cost-effective updating of the Flash Bootloader

> XCP: Programming flash memory with a calibration tool such as Vector CANape. This can be performed alternatively:

> As supplement to a download via DIAG

> As alternative to a download via DIAG

3.1 Option Security (Crypto)

For standard ECUs unauthorized access is prevented by authorization via simple or OEM-specific Seed/Key methods.

However, in the case of ECUs containing sensitive vehicle data such as an engine immobilizer function or odometer, as well as

in safety relevant ECUs, the Option Security (Crypto) modules are needed to implement extended security measures. The

"Hersteller Initiative Software" (abbr. HIS; “Manufacturers Software Initiative”) has specified cryptographic routines with

standardized interfaces in scalable security classes for this purpose.

http://www.vector.com/fvd/

Flash Bootloader

6

Figure 3: Seed/Key method within the Option Crypto

3.1.1 Overview of Advantages

> Data encryption: Protection of intellectual property by encryption

> Authorization: Protection against unauthorized ECU access

> Validation: Safeguarding of data integrity in the flash memory

> Authentication: verification of authenticity through signature methods

3.1.2 Application Areas

Option Security for the Vector Flash Bootloader lets you prevent flashing and unauthorized execution of protected software

in the ECU effectively. Upon request, you can also obtain extended Seed/Key methods for ECU access protection.

3.1.3 Functions

Option Security for the Vector Flash Bootloader meets the requirements of HIS. The following modules are available:

> Symmetrical data encryption based on the Advanced Encryption Standard (AES), class AAA.

> Computation of Hash codes with Hash function SHA-1 (alternatively: RIPEMD-160, SHA-256, MD5).

> Validation and authentication of the download process by signatures per security classes

> C: The signature is generated in the flash tool with a confidential symmetrical key and it is verified in the ECU.

> CCC: The signature is generated externally by the RSA method with a confidential private key. In the ECU, the

signature is opened with a public key and is verified.

Despite the methods defined in the HIS standard, further algorithms are available on request.

During ECU development, it is convenient to use the supplied HexView tool for signature computation. In production usage,

the CANdelaFlash tool would be used to generate the entire ODX-F container.

Figure 4: Generating, transmitting and verifying a digital signature

3.1.4 Scope of Delivery

> Configurable library or C source code; integrated in the Bootloader

> Tool HexView for the generation of the signatures in the development phase

> Documentation

Flash Bootloader

7

3.2 Options for Fast Flash Programming

An optimization of transfer times while flashing can be achieved in the field of transferring data, in the programming

workflow and within the verification process. Our options for fast flash programming address to each of these points and

hereby offer efficient and coordinated possibilities to speed up flashing considerably.


> Reduced download times in flashing

> Efficient decompression module for the ECU

> Data compression with the tool HexView

> Bus system independent


The option data compression of the Vector Flash Bootloader lets you efficiently compress all of your flash data. It utilizes a

LZ77 method, is optimized for use in automotive ECUs and available on all microcontrollers for which a Bootloader is

available.

Some automotive OEMs specify the use of data compression in their flash procedures to accelerate the flash procedure at a

constant baudrate. Compression of the flash data saves time even for small quantities of data. Savings are maximized when

flashing large quantities of data (e.g. in the Infotainment area). Compression also offers many benefits when short cycle

times are specified, as in end-of-line programming.

Figure 5: Compression and decompression of flash data

Option "Pipelined programming" lets you program the flash memory in parallel to receiving the next data block. The time for

the physical flash programming is used to transmit the next data block, which significantly shortens download time.

Option "Pipelined verification" lets you verify the written flash data in parallel to receiving the data blocks, similar to parallel

programming of the flash memory,.

Option "Delta download" yields tremendous savings in time and bandwidth, because when updating it is not necessary to

load the entire program code, rather only the changes that occurred compared to the prior version of the program. The new

software level is generated right in the ECU.

Flash Bootloader

8

Figure 6: Saving time in flashing by parallelism

3.2.3 Functions

Data compression: The compression method used in this module enables a compression rate of 40-60%, where the rate

actually attained depends on the flash data itself. Compression is performed with the supplied tool HexView.

Pipelined programming und Pipelined verification: Decompression, programming of flash memory and the necessary checking

of a transmitted data block are already executed during the sending and receiving operations for the next data block; in the

ideal case, these process steps would not require any additional time.

Delta download: An incremental data set is read in here, each of which just contains the difference to the prior software

level. In the ECU, this data set is then merged with the existing code to produce the new software level. There are two ways

to do this:

> Streambased: The resulting image is formed on-the-fly and is programmed section by section

> Monolithic: Here, the delta is initially loaded into a temporary area of the ECU, and then the resulting image is

programmed in its entirety.


> Configurable Library or C source code; integrated in Bootloader

> Tool HexView for compression of the flash data

> Documentation

3.3 Option Bootloader Updater: Quick update of the Flash Bootloader

For reprogramming ECUs via a bus system, Vector provides you with a Flash Bootloader that supports the OEM's

specifications and is aligned with the respective hardware. This enables you to update the application, or parts of the

application, without removing the ECU. The Bootloader remains in flash memory for the lifetime of the ECU to ensure

continuous control over the reprogramming process. In certain cases the requirements of the Bootloader may change over

time, which may make it necessary to replace the Bootloader. In order to replace the Bootloader without having to remove

the ECU, you will need to use an updater configured specifically for the respective Bootloader.


> Exchange of the Flash Bootloader without removing the ECU

> Available for all previously released Vector Flash Bootloaders

> Simple, comprehensive solution for all OEMs and platforms

Flash Bootloader

9


The Bootloader Updater supports the exchange of the Flash Bootloader in the vehicle. It uses the security mechanisms in the

controller for power-up handling to minimize the risk of a complete breakdown of the ECU as a result of external

disturbances.

Depending on the hardware and the Bootloader configuration, the following Updater variants are available. Vector will be

glad to advise you on which solution to choose for your requirements:

> Without boot manager and without hardware support

> With boot manager support

> With boot strap based hardware support

3.3.3 Functions

Initially, following an authentication check, the Bootloader Updater including the new Bootloader and flash driver are

transferred to the flash memory like an application. The next time the ECU is reset by the tester in the garage, the Updater

takes control. The Updater copies the integrated flash driver into RAM and deletes the previous Bootloader from the flash

memory. The Updater then immediately copies the new Bootloader to this location.

On the next ECU reset, the new Flash Bootloader is active. The new application software can then be updated in the ECU

according to the new specifications.

Figure 7: Complete update of the ECU software with the Bootloader Updater


> Updater software as configurable C source code, adapted specifically to the OEM Bootloader

> Documentation

3.4 Option XCP: Flashing with XCP during ECU development


> Simple re-programming of flash memory via existing bus systems; already in early development phases

> Use of a calibration tool such as CANape for flashing

> Failsafe solution available

> OEM-independent solution available

The Universal Measurement and Calibration Protocol (XCP) was developed for measuring and calibrating internal ECU

parameters. It supports different physical interfaces such as CAN, FlexRay, Ethernet, USB and SPI/SCI. This circumstance

Flash Bootloader

10

also allows you to re-program ECUs without having to physically remove them from the vehicle. All that you need is an XCP

software module in the ECU as well as a universal calibration tool such as CANape from Vector.


With XCP and CANape, you can replace calibration data or even entire applications in flash memory. This is especially

attractive for rapid prototyping during the development of ECUs which are difficult to access. Re-programming can simply

be performed with the measurement and calibration tool. You do not need any special tools or flash containers from the

vehicle manufacturer (OEM). This gives you a great deal of flexibility during development of your ECU. All you need in

addition to XCP is a flash module for the ECU. Different solution approaches are available from Vector, where the selected

approach depends on the specific application:

3.4.3 Simple Flashing over XCP using the Flash Kernel

This cost-effective method is well-suited for simple ECUs, in which there are no plans for later flash re-programming in

production use. It is resource-saving, because it does not require any memory space in the protected area.

First, a flash kernel is transferred to the ECU over XCP and is saved in RAM. Along with the actual XCP protocol routines for

communication, the kernel also contains the necessary erasing and programming routines for the flash memories. The

subsequent reprogramming of the flash memory is handled by the kernel on the ECU side, after it has been started by the

application.

The disadvantage of this method is that an interruption of the data transmission during re-programming can lead to total

failure of the ECU. If that is unacceptable, one of the following solutions is advisable.

Figure 8: Simple flashing over XCP, using flash kernel

3.4.4 Failsafe Re-programming

A flash bootloader offers greater safety in re-programming. This involves permanently storing the bootloader in a protected

memory area of the ECU. It is called after every start, and checks the application. The application is only started if it is valid

and complete and no flash operation is requested. If re-programming is interrupted, the bootloader takes control, and the

flash operation can be restarted without any damage. Two types of flash bootloaders are available:

> XCP Bootloader: Compared to the Flash Kernel, this autonomous bootloader is the safe solution for flashing with XCP in

your development project. It is advisable if the OEM does not require a flash bootloader for production use.

> Flash Bootloader with Option XCP: For production projects in which the OEM plans to use the Vector Flash Bootloader,

Vector offers the option XCP. This enables failsafe reprogramming of the ECU in early development phases with

CANape. In production use, this option can be deactivated. Flashing is then exclusively performed in a process-

conformant operation with a flash container over the tool provided by the OEM or over vFlash – the universal flash tool

from Vector. Option XCP is available for any flash bootloader from Vector and is also available in an OEM-independent

version.

Flash Bootloader

11

Figure 9: Options during failsafe flashing


> Flash kernel, XCP bootloader or Option XCP for the bootloader as configurable C source code

> Flash driver for your special HW platform

> GENy configuration tool

> Documentation

3.4.6 Flash tools from Vector

> vFlash is a flexible tool for re-programming ECUs. It supports the flash specifications of various automotive OEMs

through simple enhancements by a plugin concept (vFlash templates). Detail can be found in the chapter "vFlash".

> CANape is the universal measurement and calibration tool from Vector. For Details, please refer to the Product

Information "CANape".

3.4.7 Availability

The Flash Bootloader is available for a large number of commonly used microcontrollers and in OEM-specific variants. You

will find the current list under www.vector.com/fvd/ or contact us.

3.5 Option EEPROM Emulation Module (EepM) - EEPROM Emulation in Flash Memory

In recent years, flash memory has become more cost-effective and faster than conventional EEPROMs. New microcontrollers

are often offered without EEPROM memory, but come along with a larger internal flash memory. An optimized utilization of

the flash memory can only be achieved with the help of an EEPROM emulation however, due to the characteristics of flash

memory.


> Usable for external and internal flash

> Usable for data and program flash

> Conserves resources and optimizes flash lifetime

> Possible to use EEPROM emulation module together with the Vector Flash Bootloader

3.5.2 Characteristics of flash memory

Flash memory cannot be erased or written byte-by-byte, therefore it cannot be used in the same way as conventional

EEPROMs. Essentially, the use of a flash memory requires that the data to be stored is defined in so-called records. The

application defines the length of a record either statically during software configuration or dynamically at runtime,

depending on the configuration. They are addressable by unique identifiers and besides the stored data they also contain

management information. This information assures quick and reliable read access to valid data and includes a Cyclic

Redundancy Checksum (CRC), which assures that the data remains consistent with each access. If the application calls up

nonexistent data, the EepM generates an error message.

Flash Bootloader

12

EEPROM emulation in flash memory makes it possible for an application to store changeable nonvolatile data in a flash

memory in the same way as in a conventional EEPROM.

3.5.3 Functions

The Vector EEPROM Emulation Module (EepM) manages predefined flash areas by taking all hardware-specific constraints

into consideration. Reading and writing of changeable nonvolatile data via the EepM is fully transparent to the application. It

is easy to access the stored data by identifiers that are predefined or flexibly defined at runtime. The EEPROM Emulation

module is configurable and so it can be adapted to the requirements of the application. It hereby enables the following

special functions:

> Simultaneous emulation of multiple EEPROMs

> Integration of different flash hardware

Since all interrupts are blocked during access to flash memory, EEPROM management tasks should be performed at a non-

critical time for the application. We would be glad to offer you consultation in system design.

3.5.4 Configuration

The EepM is configured via a header file.

3.5.5 Availability

Vector offers EEPROM Emulation Modules for a number of hardware platforms with different internal or external flash

memories. You will find additional information on the Internet at http://www.vector.com/vi_eepm_availability_en or upon

request.


> C header files and source code

> Makefiles and sample programs

> Documentation/operating instructions/Readme file

3.5.7 Optional Services

> Consultation in system design and integration in the ECU

> provision of HIS flash drivers

> extension of standard modules according to customers' needs

> Hotline, workshops and training courses on the topic of embedded software

4 The programming tool vFlash

vFlash is a very easy-to-use tool for programming ECUs. It supports CAN, CAN-FD, LIN, FlexRay and Ethernet and more than

50 different flash specifications. Additionally, vFlash can easily be extended by a plugin concept.

Figure 10: Overview of the programming tool vFlash

4.1 Overview of Advantages

> Flashing via CAN, CAN-FD, LIN, FlexRay or Ethernet (DoIP)

http://www.vector.com/vi_eepm_availability_en

Flash Bootloader

13

> Simple exchange of pre-configured flash projects in one package (.vflashpack)

> High transfer rate (Transfer of 1.000 kByte data in 36,6s (27,3kByte/s) in an ideal reference ECU via CAN at 500kBit/s

with STmin = 0, BS = 0)

> Fast and easy creation of flash projects for different bootloaders on the basis of flash templates

> Support of different protocols and flash sequences / flash specifications. Easily expandable by a plugin concept wit

flash templates

> Direct “native” programming of data in Intel-Hex, Motorola-S and binary format

> Flash programming based on container formats such as ODX-F and many OEM specific formats

> Flashing of compressed and encrypted data

> Interactive flashing via the GUI as well as automated flashing over a programming interface (C, C# API)

> Simultaneous flashing of multiple ECUs, each with an individual communication channel.

4.2 Application Areas

vFlash is designed for all users at automotive OEMs and suppliers whose tasks include (re-)programming of ECUs. vFlash lets

users flash efficiently in the laboratory, at programming stations, at a laboratory vehicle or in the vehicle.

You control vFlash either by the GUI or you simply integrate it as a library into an existing environment. The version "vFlash

station" allows parallel flashing of up to 8 ECUs each with an individual communication channel.

4.3 vFlash Bootloader Support

Vector offers prepared flash templates for a large number of different automotive OEMs and bootloader. Please contact us.

Figure 11: vFlash window

More Information

Visit our Website for:

> News

> Products

> Demo-Software

> Support

> Training Classes

> Addresses

www.vector.com

product information flash bootloader and accessory bootloader/docs... · reprogramming is executed...

Documents