Search

EP-4115279-B1 - SOFTWARE UPDATE PROCESS ON A VEHICLE

EP4115279B1EP 4115279 B1EP4115279 B1EP 4115279B1EP-4115279-B1

Inventors

  • VAN WIJK, Gido
  • GOREY, AENGUS
  • REINEKE, Gordon
  • DOWLING, CIAN

Dates

Publication Date
20260506
Application Date
20210305

Claims (15)

  1. A control system (12) for a vehicle, the control system (12) comprising one or more controllers (20) configured to access at least one partitioned memory (22), the control system (12) configured to: receive a software update package (16), the software update package (16) comprising partition validation data and partition distribution data indicative of the position of partitions within the memory (22); determine a current partition distribution data of the partitioned memory (22); compare the current partition distribution data with the partition validation data; and repartition the partitioned memory (22) in dependence on the received partition distribution data if the current partition distribution data matches the partition validation data, wherein the partitioned memory (22) comprises an unused partition area and a used partition area, wherein repartitioning the partitioned memory (22) comprises repartitioning at least a portion of the unused partition area and does not alter the partition structure of the used partition area.
  2. A control system (12) as claimed in Claim 1, wherein the partition distribution data comprises a memory partition update and wherein the partitioned memory (22) is repartitioned according to the memory partition update.
  3. A control system (12) as claimed in Claim 2, wherein the partition validation data is representative of at least a part of a partition structure of the memory partition update.
  4. A control system (12) as claimed in any preceding claim, wherein determining the current partition distribution comprises generating a partition hash value representative of at least a part of a partition distribution structure of the partitioned memory (22).
  5. A control system (12) as claimed in any preceding claim, wherein the control system (12) is configured to inhibit a software update associated with the software update package if the partition distribution data does not match the partition validation data.
  6. A control system (!2) as claimed in any preceding claim, wherein the control system (12) is configured to abort repartitioning the partitioned memory (22) if the received partition distribution data matches the current partition distribution.
  7. A control system (12) as claimed in any preceding claim, wherein the partition validation data comprises a whitelist of allowable partition distributions.
  8. A control system (12) as claimed in Claim 7, wherein the allowable partition distributions are representative of old partition distributions of the partitioned memory.
  9. A control system (12) as claimed in Claim 7 or Claim 8, wherein the allowable partition distributions comprise an allowable partition hash of the allowable partition distributions.
  10. A control system (12) as claimed in any preceding claim, wherein the software update package comprises the current partition distribution.
  11. A control system (12) as claimed in Claim 10, wherein the control system (12) is configured to compare the current partition distribution received in the software update package with the current partition distribution determined by control system (12).
  12. A control system (12) as claimed in Claim 11, wherein the processor is configured to inhibit a software update associated with the software update package if the compared current partition distributions do not match.
  13. A vehicle (10) comprising a control system (12) in accordance with any one of Claims 1 to 12.
  14. A method of repartitioning a control system (12) for a vehicle (10), the control system (12) comprising at least one partitioned memory (22), the method comprising: receiving a software update package (16), the software update package (16) comprising partition validation data and partition distribution data indicative of the position of partitions within the memory (22); determining a current partition distribution data of the partitioned memory (22); comparing the current partition distribution data with the partition validation data; and repartitioning the partitioned memory (22) in dependence on the received partition distribution data if the current partition distribution data matches the partition validation data, wherein the partitioned memory (22) comprises an unused partition area and a used partition area, wherein repartitioning the partitioned memory (22) comprises repartitioning at least a portion of the unused partition area and does not alter the partition structure of the used area.
  15. A non-transitory computer readable medium comprising computer readable instructions that, when executed by a processor, cause performance of the method of Claim 14.

Description

TECHNICAL FIELD The present disclosure relates to a software update process on a vehicle. Aspects of the invention relate to a control system for a vehicle, to a vehicle, and to a method of repartitioning a controller for a vehicle. BACKGROUND Modern vehicles are becoming increasingly connected and have ever increasing amounts of computational power within their on-board vehicle control systems. For example, the main vehicle controller may have 25GB or more of memory that is used by the main system software. The memory of the main vehicle controller is typically partitioned to include, for example, read-only system partitions as well as read/write user data partitions. Furthermore, the memory may include unallocated disk space or an un-used partition to allow for the disk to be updated or reconfigured as required. It is known to re-partition memories by re-flashing partition tables directly to the disk. However, re-partitioning a memory can lead to corrupted data if the re-partitioning process is not performed correctly. Furthermore, to re-partition a vehicle controller or electronic control unit, ECU, a hardware debug interface is required for the ECU which allows the new partition tables to be re-flashed directly to the ECU. However, once an ECU has been installed within a vehicle, physical access to the memory becomes difficult. Additionally, user read/write data partitions that are used to store user data should not be overwritten or lost as a result of re-partitioning. As such, there is a requirement to provide a means of re-partitioning the memory of a vehicle controller without overwriting or corrupting user data or system data that is already stored on the disk. It is known to transmit software updates to vehicles wirelessly using software-over-the-air (SOTA) technologies that utilise the mobile or Wi-Fi (RTM) networks to transmit software update packages to vehicles. This is beneficial as it allows the software to be updated on the vehicle without the need to take the vehicle to a garage. However, software update packages supplied during a software update may become corrupt during transmission. Furthermore, software on vehicles may be modified by third parties (e.g. a vehicle owner may make software modifications outside of the OEM's normal update process). As such, there is a requirement to validate the compatibility of a software update prior to installing it, particularly where the memory is to be re-partitioned, in order to prevent data stored in the vehicle memory becoming corrupt or being overwritten when the software update is installed. Known art includes US 2020/050378 A1 (which describes a vehicle information communication system), US 2017/147226 A1 (which describes embedded memory blocks with adjustable memory boundaries) and US 2016/321063 A1 (which describes a method and device for making differential upgrade package, and method and device for system differential upgrading). It is an aim of the present invention to address one or more of the disadvantages associated with the prior art. SUMMARY OF THE INVENTION Aspects and embodiments of the invention provide a control system for a vehicle, a vehicle, and a method of re-partitioning a partitioned memory on a vehicle as claimed in the appended claims. According to an aspect of the present invention there is provided a control system for a vehicle, the control system comprising one or more controllers configured to access at least one partitioned memory, the control system configured to: receive a software update package, the software update package comprising partition validation data and partition distribution data; determine a current partition distribution data of the memory; compare the current partition distribution data with the partition validation data; and repartition the memory in dependence on the received partition distribution data if the current partition distribution data matches the partition validation data. Re-partitioning the memory when the current partition distribution data matches the partition validation data beneficially prevents the memory being re-partitioned incorrectly and corrupted. The control system is configured to determine the current partition distribution data of the memory and compare it with received partition validation data. The received partition validation data may be, for example, an allowable partition distribution or a whitelist of allowable partition distributions. Comparing the current partition distribution with an allowable partition distribution ensures that the software update package was not corrupted during transmission and that the memory is partitioned as expected and has not been modified. The received partition distribution data is data indicative of the position of partitions within the memory. The received partition distribution data may be a new partition distribution such as a new partition table, partition binary file or partition hash indicative of a partition distribution.