CN-122001761-A - Vehicle ECU (electronic control Unit) security access and firmware online upgrading method based on UDS (Universal digital subscriber System)

Abstract

The invention discloses a vehicle ECU secure access and firmware online upgrading method based on UDS, which comprises the steps of establishing a diagnosis communication link with a target ECU, executing a secure access unlocking flow based on an external configurable secure algorithm component through the diagnosis communication link, controlling the target ECU to enter a programmable session state and complete storage area preparation through the diagnosis communication link after secure access unlocking, analyzing a firmware file to be upgraded into a plurality of data blocks, sequentially transmitting the plurality of data blocks to the prepared storage area of the target ECU based on the diagnosis communication link, and executing reset operation for the target ECU after all the data blocks are transmitted and checked to pass. The invention realizes flexible configuration of a security mechanism and compatibility with multiple manufacturers by executing secure access unlocking through an external configurable security algorithm component, and improves data transmission robustness and firmware upgrading reliability through a blocking transmission check and failure retransmission mechanism.

Inventors

• LUO PU
• Xiang Caihe
• Hu Xingpei
• TANG SHUANG
• JIANG XINRUI
• YANG SONG

Assignees

• 辰致科技有限公司

Dates

Publication Date

20260508

Application Date

20251217

Claims (10)

1. 1. The UDS-based vehicle ECU security access and firmware online upgrading method is characterized by comprising the following steps of: Establishing a diagnostic communication link with the target ECU; Executing a secure access unlocking procedure based on an externally configurable secure algorithm component through the diagnostic communication link; After the secure access is unlocked, controlling the target ECU to enter a programmable session state and completing storage area preparation through the diagnosis communication link; Analyzing the firmware file to be upgraded into a plurality of data blocks; Transmitting the plurality of data blocks to the prepared storage area of the target ECU in turn based on the diagnosis communication link, wherein after transmitting one data block at a time, checking operation for the data block transmitted at the time is executed; and after all the data blocks are transmitted and all the data blocks pass verification, resetting the target ECU.
2. 2. The UDS-based vehicle ECU secure access and firmware online upgrade method of claim 1, wherein the step of establishing a diagnostic communication link with the target ECU includes: According to a preset vehicle diagnosis protocol format, sending a diagnosis session control request aiming at the target ECU to a vehicle-mounted network; receiving a response message returned by the target ECU based on the diagnosis session control request; And according to the response message, confirming that the diagnosis session with the target ECU is successfully established, and completing the establishment of the diagnosis communication link.
3. 3. The UDS-based vehicle ECU secure access and firmware online upgrade method of claim 1, wherein said step of performing a secure access unlocking procedure based on an externally configurable security algorithm component via said diagnostic communication link comprises: Sending a secure access seed request to the target ECU over the diagnostic communication link; Receiving a random seed returned by the target ECU in response to the secure access seed request; Invoking a specified algorithm in the external configurable security algorithm component and generating a corresponding security access key based on the random seed; And sending the generated secure access key to the target ECU through the diagnosis communication link so as to enable the target ECU to finish unlocking verification.
4. 4. The UDS-based vehicle ECU secure access and firmware online upgrade method of claim 3, wherein the step of controlling the target ECU to enter a programmable session state and complete storage area preparation through the diagnostic communication link after the secure access is unlocked comprises: After confirming that the secure access unlocking is successful, sending a programming session entry request to the target ECU through the diagnostic communication link; Receiving a successful entry response returned by the target ECU aiming at the programming session entry request, and confirming that the target ECU enters a programmable session state; After confirming that the programmable session state is entered, a storage area erasing instruction is sent to the target ECU through the diagnosis communication link, and erasing completion confirmation returned by the target ECU is received, so that the storage area preparation is completed.
5. 5. The UDS-based vehicle ECU secure access and firmware online upgrade method of claim 1, wherein the step of parsing the firmware file to be upgraded into a plurality of data blocks comprises: And sequentially dividing the binary content of the firmware file to be upgraded into a plurality of data blocks according to the preset maximum transmission length of the data blocks, and adding a block head containing sequence identification information and block length information for each data block so as to meet the transmission format requirement.
6. 6. The UDS-based vehicle ECU secure access and firmware online upgrade method of claim 5, wherein the step of sequentially transmitting the plurality of data blocks to the prepared storage area of the target ECU based on the diagnostic communication link includes: Sequentially sending diagnostic data writing requests to the target ECU through the diagnostic communication link according to the sequence indicated by the sequence identification information of the plurality of data blocks, wherein the diagnostic data writing requests carry block length information and block content of the corresponding data blocks; Writing the block content indicated by the diagnostic data write request to the prepared storage area of the target ECU.
7. 7. The UDS-based vehicle ECU secure access and firmware online upgrade method of claim 6, wherein the step of performing a reset operation for the target ECU after all of the plurality of data blocks are transmitted and all verified, comprises: After all data block transmission is completed and the verification operation of each data block is passed, sending a hardware reset request to the target ECU through the diagnosis communication link; And receiving a reset response returned by the target ECU aiming at the hardware reset request, and confirming that the reset operation of the target ECU is completed.
8. 8. A UDS-based vehicle ECU secure access and firmware online upgrade system, comprising: The establishing module is used for establishing a diagnosis communication link with the target ECU; The access module is used for executing a security access unlocking flow based on an external configurable security algorithm component through the diagnosis communication link; The control module is used for controlling the target ECU to enter a programmable session state and complete storage area preparation through the diagnosis communication link after the secure access is unlocked; the analysis module is used for analyzing the firmware file to be upgraded into a plurality of data blocks; An upgrade module for sequentially transmitting the plurality of data blocks to a prepared storage area of the target ECU based on the diagnostic communication link; after each data block is transmitted, checking operation for the data block transmitted at the time is executed; retransmitting the data block for which the check operation fails when the check operation for any data block fails; And the resetting module is used for executing resetting operation for the target ECU after all the data blocks are transmitted and all the data blocks pass verification.
9. 9. An electronic device comprising a processor coupled to a memory, the memory having stored therein at least one computer program that is loaded and executed by the processor to cause the electronic device to implement the UDS-based vehicle ECU secure access and firmware online upgrade method of any one of claims 1 to 7.
10. 10. A computer readable storage medium, characterized in that at least one computer program is stored in the computer readable storage medium, which when being executed by a processor implements the UDS-based vehicle ECU security access and firmware online upgrade method according to any one of claims 1 to 7.

Description

Vehicle ECU (electronic control Unit) security access and firmware online upgrading method based on UDS (Universal digital subscriber System) Technical Field The invention relates to the technical field of diagnosis and programming of vehicle electronic control units, in particular to a vehicle ECU (electronic control unit) safety access and firmware online upgrading method based on UDS (Universal description service). Background With the rapid development of automotive electronics, the control and monitoring functions carried by the automotive electronic control unit (Electronic Control Unit, ECU) are increasingly complex. In order to ensure driving safety and continuous iterative optimization of functions, regular updating and maintenance of ECU software have become industry-rigid. The unified diagnosis service protocol (Unified Diagnostic Services, UDS) is used as a vehicle diagnosis communication specification formulated by the international standardization organization, is deeply applied to the core functions of fault diagnosis, data service, program refreshing, safety access and the like of the ECU, and provides a standardized communication framework and basic support for firmware online upgrading. Currently, vehicle ECU firmware upgrades are mainly implemented by specialized diagnostic tools based on the UDS protocol, and typical solutions include commercial diagnostic platforms such as Vector CANoe, ETAS INCA, etc. or specialized programming devices customized by the whole vehicle factory. The tool establishes a communication link with a target ECU through a CAN bus, completes segmented transmission and recombination of data by relying on an ISO-TP protocol, and strictly follows a UDS standard service flow (namely session switching, safe unlocking, memory erasing, firmware downloading, integrity checking and ECU resetting) to realize upgrading operation. The technical implementation level is that the tools deeply integrate CAN communication interface drive and ISO-TP protocol stack, support analysis and segmented transmission of standard format firmware files such as Intel HEX, motorola S19 and the like, and basically guarantee real-time performance and reliability of data transmission. However, the prior art scheme still has the obvious defects that firstly, a security access mechanism is stiff and lacks expandability, a plurality of tools are provided with built-in curing keys or binding hardware encryption modules, different security strategies of different manufacturers are difficult to adapt, the universality and cross-platform capability of the tools are seriously restricted, secondly, an abnormal processing mechanism is not sound, the response strategies such as intelligent retransmission and breakpoint continuous transmission are lacking aiming at abnormal working conditions such as data transmission interruption and verification failure, the upgrading success rate is low, thirdly, the human-computer interaction experience is poor, the upgrading progress feedback form is single, a user is difficult to intuitively control the process state, fourthly, the fault code management function is weak, dynamic monitoring and self-adaptive response cannot be carried out by combining with a specific DTC state, the diagnosis efficiency is influenced, the operation flow is complex, the technical threshold is high, manual intervention of professional engineering personnel is needed, and large-scale deployment and automatic upgrading are not facilitated. In summary, the existing ECU upgrading technology has obvious short boards in the dimensions of flexibility of security mechanism, transmission robustness, intelligent level, usability and the like, and is difficult to meet urgent requirements of the automobile industry on high-efficiency, high-security and high-universality firmware upgrading schemes. Accordingly, there is a need to provide a solution to the above-mentioned problems. Disclosure of Invention In order to solve the technical problems, the invention provides a vehicle ECU security access and firmware online upgrading method based on UDS. In a first aspect, the invention provides a vehicle ECU security access and firmware online upgrade method based on UDS, which has the following technical scheme: Establishing a diagnostic communication link with the target ECU; Executing a secure access unlocking procedure based on an externally configurable secure algorithm component through the diagnostic communication link; After the secure access is unlocked, controlling the target ECU to enter a programmable session state and completing storage area preparation through the diagnosis communication link; Analyzing the firmware file to be upgraded into a plurality of data blocks; Transmitting the plurality of data blocks to the prepared storage area of the target ECU in turn based on the diagnosis communication link, wherein after transmitting one data block at a time, checking operation for the data block