10th autosar open conference · 10th autosar open conference autosar nov-2017 building performance...
Post on 04-Jun-2018
242 Views
Preview:
TRANSCRIPT
10th AUTOSAR Open Conference
AUTOSAR Nov-2017
Building Performance ECUs with Adaptive AUTOSAR
Dr. Moritz NeukirchnerElektrobit Automotive GmbH
2© Elektrobit (EB) 2017 | Confidential
Major market trends and their impact
Building Performance ECUs with Adaptive AUTOSAR
2
Trends Impact on E/E architecture Impact on SW architecture
Shrink of powertrain reduces hw complexity
High data volumes
Safety meets performance
Car-to-X connectivity
Update over the air
• Software complexity increase• Central car computer
approach
• Safety on high performance ECUs
• Fail operational systems
• Holistic security approach• Service-oriented architecture
(SOA)• Unsupervised partial updates
E-M
obili
tyAu
tom
ated
Driv
ing
Mob
ility
Se
rvic
e
Industry need
Adaptive AUTOSARis the base technology for• safe• secure• flexible• up-to-date• high performancein-car computers.
3© Elektrobit (EB) 2017 | Confidential
Software over the air updates
• New vehicles features
• Updates and patches
• Silent testing
Building Performance ECUs with Adaptive AUTOSAR
Requirements for performance ECUs
Dynamic deployment
Remote analytics and diagnostics
Dependable systems
Developer oriented, target independent environment
• Migration from „classic ECU“ to high performance controller (HPC) or backend
• Network accessible sensors & actuators
• Remote diagnostics
• Predictive diagnostic
• Fleet campaigns
• Environment independent software
• Easy qualification and deployment
• Small, encapsulated and exchangeable software services (mircoservice)
• Safety
• Security
• Availability
• Reliability
• Maintainability
4© Elektrobit (EB) 2017 | Confidential
Consolidated vehicle infrastructure architecture
Building Performance ECUs with Adaptive AUTOSAR
UIComputing
Cluster
Computing Cluster(s)
Smart Antenna
Gateway IO Concentrators, Actors, Sensors
SmartSensors
SmartSensors
Steering
Braking Battery
EngineBack-end System
Gigabit Ethernet
Reliable ECU
Performance ECU
IO Concentrators
Back-end Server
5© Elektrobit (EB) 2017 | Confidential
Use-case remote update
Building Performance ECUs with Adaptive AUTOSAR
Smart Antenna
Gateway
Back-end System
Reliable ECU
Performance ECU
IO Concentrators
Back-end Server
Architectural principles:• Central external
connection• Distribution of updates
across multiple ECUs
Supporting features:• Coordinated A/B Update
across ECUs• Secure communication• Application
containerization• Layered security
architecture
6© Elektrobit (EB) 2017 | Confidential
Use-case ADAS
Building Performance ECUs with Adaptive AUTOSAR
Smart Antenna
Gateway
Back-end System
Reliable ECU
Performance ECU
IO Concentrators
Back-end Server
Architectural principles :• Separation between
planning and mechatronic parts
• Hierarchical safety architecture
Supporting features:• ASIL-B performance
platform• ASIL-D classic platform• Hierarchical runtime
supervision
Adaptive AUTOSARalone
is not the solution.
Neither is Classic.
8© Elektrobit (EB) 2017 | Confidential
High-performance computer – Software architecture
Building Performance ECUs with Adaptive AUTOSAR
AUTOSAR OS
Adaptive AUTOSAR
App App
High-performance Computer
Classic AUTOSAR
Hypervisor
Adaptive AUTOSAR
App
POSIX OS POSIX OS
Trusted Execution Environment
App
Trusted OS
Classic AUTOSAR
App
Safety Cores
AUTOSAR Safety OS
New CPU-intensive (safety-relevant)
functions:e.g. sensor fusion
Novel user functions: e.g. App Store
Takeover of existing vehicle functions from
Classic AUTOSAR (SWCs)
Secure startup, authentication
Safety-relevant vehicle functions, monitoring of performance partitions
Security Partition Safety Partition
Virtual MachineVirtual Machine Virtual Machine
Performance Cores
Secure Boot
Performance Partitions
Complex software system on heterogeneous performance controllers• Update scheme for applications, OS instances, hypervisor• Distributed health management• ECU state management spanning Adaptive and Classic instances• …
9© Elektrobit (EB) 2017 | Confidential
Building Performance ECUs with Adaptive AUTOSAR
9
Classic AUTOSAR Components
LockstepSafety OS
Core CoreCore Core SafetyCore
SafetyCoreCore…. CoreCore
Bootloader
Hypervisor
Privileged Partition
Adaptive AUTOSAR on Linux
Vehicle Functions Partition
Adaptive AUTOSAR on Linux
Container
Diagnostic Client
Container
Update Service App.
Software Configuration Manager
Execution Manager
Diagnostic Manager
Example: Distributed updates
Classic AUTOSAR
Container
Vehicle Function
Diagnostic Manager
Dcm
TransferImages/Pass control
Flashing ofsoftware
10© Elektrobit (EB) 2017 | Confidential
Building Performance ECUs with Adaptive AUTOSAR
10
Classic AUTOSAR Components
LockstepSafety OS
WDG
Core CoreCore Core SafetyCore
SafetyCoreCore…. CoreCore
Health Control
Bootloader
Hypervisor
Privileged Partition
Adaptive AUTOSAR on Linux
Health Manager
Vehicle Functions Partition
Adaptive AUTOSAR on Linux
Container
VehicleFunction
Virtual Resources
Container
VehicleFunction
Virtual Resources
Container
VehicleFunction
Virtual Resources
Pesistency Manager
Executionmanager
Health Manager
DiagnosticManager
Virtual Resources
Physical Resources
Example: Distributed health management
….
Monitor
Control
Classic AUTOSAR
11© Elektrobit (EB) 2017 | Confidential
• Secure boot• Secure partial updates• Secure communication• Mostly involve dependencies
between hardware, operating system, and AUTOSAR stack
• Must be compatible on the network
• Relating multiple logs across ECUs for debugging complete event chains
• Compatibility of test tools across different stacks
• Synchronized debugging
• Coordinated shutdown/sleep– Between multiple Adaptive and
Classic instances– Use of OS sleep states– Hypervisor
• Network management– With potentially virtualized
Ethernet devices
Security ArchitectureLogging, tracing, debugging and testing
ECU state management
More aspects with relevant interaction
Building Performance ECUs with Adaptive AUTOSAR
12© Elektrobit (EB) 2017 | Confidential
• Classic and Adaptive AUTOSAR form a foundation for complex automotive software systems
• System functionality must be established across individual AUTOSAR instances
• System properties must ensured through system architecture, particularly forSafety // Security // Reliability
• Software platform must be maintained beyond deployment of the vehicle
AUTOSAR as foundation for software systems
Building Performance ECUs with Adaptive AUTOSAR
13© Elektrobit (EB) 2017 | Confidential
High-performance computer – One-stop solution
Building Performance ECUs with Adaptive AUTOSAR
EB tresosAutoCore OS
EB corbos AdaptiveCore
App App
High-performance Computer
EB tresos AutoCore
EB corbos Hypervisor
EB corbos AdaptiveCore
App
EB corbos Linux QNX
Trusted Execution Environment
App
Trusted OS
EB tresos AutoCore
App
Safety Cores
EB tresosSafety OS
Security Partition Safety Partition
Performance Cores
Secure Boot
Performance Partitions
Reference Architecture
EB tresos Studio
Integration
Integration and Qualification Services
EB corbos Studio
Configuration
Code Generation
Modelling
Application Development
Logging and Debugging
14© Elektrobit (EB) 2017 | Confidential
• Adaptive AUTOSAR is not the solution for all performance controllers
• Performance controllers build on a software system architecture on the basis of AUTOSAR
• Use of proven reference architecture reduces risk in system design and integration
• Tooling and development environment are key to master complexity
Conclusion
Building Performance ECUs with Adaptive AUTOSAR
10th AUTOSAR Open Conference
Thank you for your attention!
- AUTOSAR - page 15
moritz.neukirchner@elektrobit.com
Dr. Moritz Neukirchner
top related