10th AUTOSAR Open Conference · 10th AUTOSAR Open Conference AUTOSAR Nov-2017 Building Performance ECUs with Adaptive AUTOSAR. Dr. Moritz Neukirchner. Elektrobit Automotive GmbH

10th AUTOSAR Open Conference

AUTOSAR Nov-2017

Building Performance ECUs with Adaptive AUTOSAR

Dr. Moritz NeukirchnerElektrobit Automotive GmbH

2© Elektrobit (EB) 2017 | Confidential

Major market trends and their impact


2

Trends Impact on E/E architecture Impact on SW architecture

Shrink of powertrain reduces hw complexity

High data volumes

Safety meets performance

Car-to-X connectivity

Update over the air

• Software complexity increase• Central car computer

approach

• Safety on high performance ECUs

• Fail operational systems

• Holistic security approach• Service-oriented architecture

(SOA)• Unsupervised partial updates

E-M

obili

tyAu

tom

ated

Driv

ing

Mob

ility

Se

rvic

e

Industry need

Adaptive AUTOSARis the base technology for• safe• secure• flexible• up-to-date• high performancein-car computers.


Software over the air updates

• New vehicles features

• Updates and patches

• Silent testing


Requirements for performance ECUs

Dynamic deployment

Remote analytics and diagnostics

Dependable systems

Developer oriented, target independent environment

• Migration from „classic ECU“ to high performance controller (HPC) or backend

• Network accessible sensors & actuators

• Remote diagnostics

• Predictive diagnostic

• Fleet campaigns

• Environment independent software

• Easy qualification and deployment

• Small, encapsulated and exchangeable software services (mircoservice)

• Safety

• Security

• Availability

• Reliability

• Maintainability


Consolidated vehicle infrastructure architecture


UIComputing

Cluster

Computing Cluster(s)

Smart Antenna

Gateway IO Concentrators, Actors, Sensors

SmartSensors

SmartSensors

Steering

Braking Battery

EngineBack-end System

Gigabit Ethernet

Reliable ECU

Performance ECU

IO Concentrators

Back-end Server


Use-case remote update


Smart Antenna

Gateway

Back-end System

Reliable ECU

Performance ECU

IO Concentrators

Back-end Server

Architectural principles:• Central external

connection• Distribution of updates

across multiple ECUs

Supporting features:• Coordinated A/B Update

across ECUs• Secure communication• Application

containerization• Layered security

architecture


Use-case ADAS


Smart Antenna

Gateway

Back-end System

Reliable ECU

Performance ECU

IO Concentrators

Back-end Server

Architectural principles :• Separation between

planning and mechatronic parts

• Hierarchical safety architecture

Supporting features:• ASIL-B performance

platform• ASIL-D classic platform• Hierarchical runtime

supervision

Adaptive AUTOSARalone

is not the solution.

Neither is Classic.


High-performance computer – Software architecture


AUTOSAR OS

Adaptive AUTOSAR

App App

High-performance Computer

Classic AUTOSAR

Hypervisor

Adaptive AUTOSAR

App

POSIX OS POSIX OS

Trusted Execution Environment

App

Trusted OS

Classic AUTOSAR

App

Safety Cores

AUTOSAR Safety OS

New CPU-intensive (safety-relevant)

functions:e.g. sensor fusion

Novel user functions: e.g. App Store

Takeover of existing vehicle functions from

Classic AUTOSAR (SWCs)

Secure startup, authentication

Safety-relevant vehicle functions, monitoring of performance partitions

Security Partition Safety Partition

Virtual MachineVirtual Machine Virtual Machine

Performance Cores

Secure Boot

Performance Partitions

Complex software system on heterogeneous performance controllers• Update scheme for applications, OS instances, hypervisor• Distributed health management• ECU state management spanning Adaptive and Classic instances• …



9

Classic AUTOSAR Components

LockstepSafety OS

Core CoreCore Core SafetyCore

SafetyCoreCore…. CoreCore

Bootloader

Hypervisor

Privileged Partition

Adaptive AUTOSAR on Linux

Vehicle Functions Partition


Container

Diagnostic Client

Container

Update Service App.

Software Configuration Manager

Execution Manager

Diagnostic Manager

Example: Distributed updates

Classic AUTOSAR

Container

Vehicle Function

Diagnostic Manager

Dcm

TransferImages/Pass control

Flashing ofsoftware



10

Classic AUTOSAR Components

LockstepSafety OS

WDG

Core CoreCore Core SafetyCore

SafetyCoreCore…. CoreCore

Health Control

Bootloader

Hypervisor

Privileged Partition


Health Manager

Vehicle Functions Partition


Container

VehicleFunction

Virtual Resources

Container

VehicleFunction

Virtual Resources

Container

VehicleFunction

Virtual Resources

Pesistency Manager

Executionmanager

Health Manager

DiagnosticManager

Virtual Resources

Physical Resources

Example: Distributed health management

….

Monitor

Control

Classic AUTOSAR


• Secure boot• Secure partial updates• Secure communication• Mostly involve dependencies

between hardware, operating system, and AUTOSAR stack

• Must be compatible on the network

• Relating multiple logs across ECUs for debugging complete event chains

• Compatibility of test tools across different stacks

• Synchronized debugging

• Coordinated shutdown/sleep– Between multiple Adaptive and

Classic instances– Use of OS sleep states– Hypervisor

• Network management– With potentially virtualized

Ethernet devices

Security ArchitectureLogging, tracing, debugging and testing

ECU state management

More aspects with relevant interaction



• Classic and Adaptive AUTOSAR form a foundation for complex automotive software systems

• System functionality must be established across individual AUTOSAR instances

• System properties must ensured through system architecture, particularly forSafety // Security // Reliability

• Software platform must be maintained beyond deployment of the vehicle

AUTOSAR as foundation for software systems



High-performance computer – One-stop solution


EB tresosAutoCore OS

EB corbos AdaptiveCore

App App

High-performance Computer

EB tresos AutoCore

EB corbos Hypervisor

EB corbos AdaptiveCore

App

EB corbos Linux QNX

Trusted Execution Environment

App

Trusted OS

EB tresos AutoCore

App

Safety Cores

EB tresosSafety OS

Security Partition Safety Partition

Performance Cores

Secure Boot

Performance Partitions

Reference Architecture

EB tresos Studio

Integration

Integration and Qualification Services

EB corbos Studio

Configuration

Code Generation

Modelling

Application Development

Logging and Debugging


• Adaptive AUTOSAR is not the solution for all performance controllers

• Performance controllers build on a software system architecture on the basis of AUTOSAR

• Use of proven reference architecture reduces risk in system design and integration

• Tooling and development environment are key to master complexity

Conclusion


10th AUTOSAR Open Conference

Thank you for your attention!

- AUTOSAR - page 15

[email protected]

Dr. Moritz Neukirchner

Documents

10th AUTOSAR Open Conference · 10th AUTOSAR Open Conference AUTOSAR Nov-2017 Building Performance ECUs with Adaptive AUTOSAR. Dr. Moritz Neukirchner. Elektrobit Automotive GmbH