CN-122018947-A - Bootloader and APP upgrading method based on flash memory partition

Abstract

The invention discloses a Bootloader and APP upgrading method based on flash memory partition. The method comprises the steps of logically partitioning the flash memory in the MCU, dividing the flash memory into a Bootloader region, an APP A region, an APP B region and a corresponding zone bit A/B, and constructing an A/B redundancy backup mechanism. When the system is initialized, the Bootloader judges the activation and validity states of the APP A/B area through the zone bit area, and determines a starting path. In the upgrading process, upgrading data are received by means of communication modes such as CAN, a new program is temporarily stored in an inactive area, data integrity and legitimacy are ensured through multi-layer verification such as hash verification, CRC verification and digital signature verification, the active area is switched after verification is passed, and the system is automatically rolled back to the original active area when upgrading fails, so that continuous availability of the system is ensured. The invention is suitable for upgrading various automobile electronic control units.

Inventors

• Chen Huocong
• CAO GUANHUI

Assignees

• 浙江奥思伟尔电动科技有限公司

Dates

Publication Date

20260512

Application Date

20260414

Claims (10)

1. 1. A Bootloader and APP upgrading method based on flash memory partition is characterized by comprising the following steps: S1, dividing a logic partition into an MCU internal flash memory, wherein the logic partition comprises a Bootloader region, an APP A region and an APP B region, and one of the APP A region and the APP B region is an activated APP region and the other is an inactivated APP region according to an activation state; S2, initializing hardware after the system is started, reading the partition state, and judging a starting path; s3, bootloader upgrading is carried out by utilizing the logical partition; The step S3 includes: S31, receiving a Bootloader upgrading instruction sent by the vehicle-mounted terminal through a bus; S32, selecting a current non-activated APP area as a temporary storage area of a new Bootloader; S33, the vehicle-mounted terminal transmits the new Bootloader program in a slicing mode, and the receiving end checks and receives the new Bootloader program in a slicing mode; S34, after all the fragments are received, executing first integrity check on a new Bootloader program in the temporary storage area; s35, exchanging activation states of an APP A area and an APP B area, and triggering MCU reset; s36, writing a new Bootloader of the temporary storage area into the Bootloader area; s37, executing second integrity check on the new Bootloader of the Bootloader area, exchanging the activation state again, and recovering the temporary storage area to be an inactive APP area; and S38, triggering the MCU to reset again, starting from the Bootloader area and finishing Bootloader upgrading.
2. 2. The Bootloader and APP upgrade method based on flash memory partition of claim 1, further comprising an APP upgrade procedure, said APP upgrade procedure comprising: S41, receiving an APP upgrade request sent by a vehicle-mounted terminal; s42, using the current inactive APP area as a target storage area; S43, downloading and checking a new APP, and storing the APP in a target storage area; s44, exchanging activation states of the APP A area and the APP B area, and triggering MCU reset; S45, detecting that the new APP is effective and activated by the Bootloader, jumping to a new activated APP area starting address, and starting the new APP.
3. 3. The Bootloader and APP upgrade method based on flash memory partition of claim 2, wherein said logical partition further comprises a flag bit area, said flag bit area comprises a flag bit a area and a flag bit B area, said flag bit a area comprises an activation flag indicating APP a area, a validity flag, an upgrade progress, an error code and a reserved byte, said flag bit B area comprises an activation flag indicating storing APP B area, a validity flag, an upgrade progress, an error code and a reserved byte, said activation status interchange can adopt the following method: writing the original activation mark of the zone A into the activation mark of the zone B, and writing the original activation mark of the zone B into the original activation mark of the zone A; Or after the count value of the activation mark corresponding to the original activation AAP area is added by one, writing the activation mark with a larger count value into the activation mark corresponding to the original non-activation APP area, wherein the activation mark with a smaller count value represents "activation".
4. 4. The flash partition based Bootloader and APP upgrade method of claim 3, wherein the hardware initialization comprises: the communication interface comprises a CAN controller, a LIN controller and a UDS communication protocol stack; initializing a storage controller, configuring erasing time sequence, enabling error detection of a flash memory and locking a zone bit zone; and initializing a basic module, wherein the basic module comprises a clock and a power supply.
5. 5. The flash partition based Bootloader and APP upgrade method of claim 3, wherein the reading the partition status comprises: If the activation flag of the flag bit A area is "activated" and the validity flag is "valid", the activation flag of the flag bit B area is "inactive" or the validity flag is "inactive". The APP A area is judged to be an activated APP area, and the APP B area is judged to be a non-activated APP area; if the activation flag of the flag bit B area is "activated" and the validity flag is "valid", the activation flag of the flag bit A area is "inactive" or the validity flag is "inactive". The APP B area is judged to be an activated APP area, and the APP A area is judged to be an inactive APP area; If the activation marks of the zone A and the zone B are both activated and the validity marks are both valid, setting the APP A zone as an activated APP zone by default, and meanwhile, forcedly changing the activation mark of the zone B into non-activation; If the activation flag of the flag bit A area is 'inactive' or the validity flag is 'inactive', the activation flag of the flag bit B area is 'inactive' or the validity flag is 'inactive', and at the moment, no APP is available, and the system stays in a Bootloader stage.
6. 6. The Bootloader and APP upgrading method based on flash memory partition of claim 3, wherein the fragment checking includes receiving fragment data, checking CRC, if CRC is wrong, sending a request retransmission message, the integrity checking includes calling an encryption algorithm hardware acceleration module to execute hash checking on a new Bootloader program of the temporary storage area, and setting a validity flag to be invalid when the checking fails.
7. 7. The Bootloader and APP upgrade method based on flash memory partitioning as claimed in claim 3, wherein said S43 comprises: The fragments receive a new APP, CRC check values of the fragments are calculated, retransmission is requested when errors occur, and after the errors pass, the target memory area is written; after the receiving is finished, calculating CRC values of all received data in the target storage area, and verifying the integrity of the data; And verifying the digital signature, decrypting the signature by using a preset public key, comparing the decryption result with a hash value calculated according to the new APP, and verifying the program legitimacy.
8. 8. The method for upgrading a Bootloader and an APP based on flash memory partitioning as recited in claim 3, further comprising an exception handling mechanism, wherein said exception handling mechanism comprises communication interrupt exception handling, check failure exception handling, power supply exception handling.
9. 9. The flash partition based Bootloader and APP upgrade method of claim 8, wherein said communication interrupt exception handling comprises: Interrupt detection, namely monitoring the communication state in real time, and judging that the communication is interrupted if a new fragment is not received after the timer is overtime; the progress preservation, namely writing the received maximum fragment sequence number into a zone bit zone, and setting an upgrading progress field as upgrading pause; and (3) interrupt recovery, namely when the vehicle-mounted terminal resends the 'continue upgrading' instruction, the Bootloader reads the progress information of the zone bit zone and requests the vehicle-mounted terminal to send the 'fragments after the interrupt point', or passively waits for the vehicle-mounted terminal to retransmit fragments which fail to upgrade.
10. 10. The flash partition based Bootloader and APP upgrade method of claim 8, wherein the power exception handling comprises: if the power supply voltage is detected to be lower than the MCU minimum working voltage in the upgrading process, triggering 'power supply abnormality' interruption, and enabling a Bootloader to enter an interruption service function; In the emergency treatment, in the interrupt service function, the current upgrading progress is stored in a zone bit zone preferentially, and then all flash memory operations are closed; and restarting and recovering, namely restarting the MCU after recovering the power supply, and reading an upgrading progress mark of the zone bit zone by the Bootloader, triggering breakpoint continuous transmission or waiting for the vehicle-mounted terminal to restart the upgrading process.

Description

Bootloader and APP upgrading method based on flash memory partition Technical Field The invention relates to the field of automobile electronic control, in particular to a Bootloader and APP upgrading method based on flash memory partition. Background The software system of the electronic control unit (ECU, electronic Control Unit ‌) of the automobile is a core for realizing intelligent control of the vehicle, and mainly comprises a bootstrap program (Bootloader), application layer software (APP) and the like. (1) The Bootloader is responsible for firmware loading and updating during the starting of the ECU, and is the basis of system initialization and software upgrading. (2) And the APP realizes complex control logic such as driving condition management, functional scene optimization and the like through cooperation of a plurality of software components. With the rapid development of automobile electronic technology, the software functions are increasingly complex, and the upgrading frequency of ECU software is remarkably improved in order to meet the requirements of performance optimization, defect repair, security hole repair and the like. However, bootloader or APP upgrades for ECU such as motor controller in the prior art have the following problems: (1) Once a design defect or security hole is found, the motor controller is usually disassembled, and Flash of the MCU is rewritten by means of an external writer. The method is complex in operation and low in efficiency, can prolong the maintenance period of the vehicle, seriously affects the usability of the vehicle, and is difficult to adapt to the requirements of modern automobiles on efficient and convenient software updating. (2) Meanwhile, the traditional upgrading mode has strong dependence on hardware equipment and manual operation, increases maintenance cost and operation risk, and has more prominent defects especially in a software updating scene of a batch of vehicles. Therefore, a technical scheme is needed for realizing efficient and safe upgrading of Bootloader and APP through a software layer without disassembling machine and an external burner. Disclosure of Invention Aiming at the defects in the prior art, the invention adopts flash memory AB to realize Bootloader and APP upgrade by one-time partition, and provides a Bootloader and APP upgrade method based on flash memory partition, which comprises the following steps: S1, dividing a logic partition into an MCU internal flash memory, wherein the logic partition comprises a Bootloader region, an APP A region and an APP B region, and one of the APP A region and the APP B region is an activated APP region and the other is an inactivated APP region according to an activation state; S2, initializing hardware after the system is started, reading the partition state, and judging a starting path; s3, carrying out Bootloader upgrading by utilizing the logical partition, wherein the step S3 comprises the following steps: S31, receiving a Bootloader upgrading instruction sent by the vehicle-mounted terminal through a bus; S32, selecting a current non-activated APP area as a temporary storage area of a new Bootloader; S33, the vehicle-mounted terminal transmits the new Bootloader program in a slicing mode, and the receiving end checks and receives the new Bootloader program in a slicing mode; S34, after all the fragments are received, executing first integrity check on a new Bootloader program in the temporary storage area; s35, exchanging activation states of an APP A area and an APP B area, and triggering MCU reset; s36, writing a new Bootloader of the temporary storage area into the Bootloader area; s37, executing second integrity check on the new Bootloader of the Bootloader area, exchanging the activation state again, and recovering the temporary storage area to be an inactive APP area; and S38, triggering the MCU to reset again, starting from the Bootloader area and finishing Bootloader upgrading. Preferably, the method further comprises an APP upgrade process, wherein the APP upgrade process comprises: S41, receiving an APP upgrade request sent by a vehicle-mounted terminal; s42, using the current inactive APP area as a target storage area; S43, downloading and checking a new APP, and storing the APP in a target storage area; s44, exchanging activation states of the APP A area and the APP B area, and triggering MCU reset; S45, detecting that the new APP is effective and activated by the Bootloader, jumping to a new activated APP area starting address, and starting the new APP. Preferably, the logical partition further comprises a zone bit zone, wherein the zone bit zone comprises a zone bit zone A and a zone bit zone B, the zone bit zone A comprises an activation sign, a validity sign, an upgrading progress, an error code and a reserved byte, the zone bit zone B comprises an activation sign, a validity sign, an upgrading progress, an error code and a reserved byte, the activation state interc