天天射天天干天天透综合网,国产精品VA在线观看无码,夜夜嗨老熟女av一区,亚洲乱亚洲中文字幕,国产精品资源在线免费观看,91亚洲精品视频在线,欧美 在线 免费 不卡,193在线免费观看黄页网,欧美成人精品色午夜免费观看

在汽車行業(yè)內(nèi)，可升級車載模塊(Reprogrammable Onboard Module)的應(yīng)用已經(jīng)超過25年。但在電子控制遍布各種系統(tǒng)的今天，所有新車車主都明白一個道理，那就是自己車上的電子控制系統(tǒng)總有需要軟件“升級”的時候，而且經(jīng)常不止一次。

事實上，即使是軸承震動等純機械問題，也能通過發(fā)動機模塊中的軟件升級而得到改善。

雖然的確有部分升級純屬是為了提高客戶的滿意度，比如解決空調(diào)系統(tǒng)無法維持設(shè)定溫度這類問題的升級，但目前已經(jīng)出現(xiàn)了越來越多出于安全考慮的升級。在最好的情況下，大約僅有70%的安全召回緊急通知能將顧客帶回到經(jīng)銷商那里進行升級，這也就意味著剩余的車輛可能最終都未進行升級。目前，政府和汽車行業(yè)都在想法設(shè)法地提高這一比例，使獲得升級的車輛其盡可能接近100%。

隨著自動駕駛逐漸進入人們的視野，其安全方面的要求使得“為車輛進行及時升級”的需求變得日益迫切，如今的情況根本不允許等車主有空了，再去預(yù)約經(jīng)銷商進行升級。

特斯拉憑借OTA大獲成功 

最近，特斯拉(Tesla)的空中升級（Over-the-air，下簡稱OTA）服務(wù)非常成功，但由于特斯拉擁有的客戶基數(shù)相對較小，因此對車輛進行識別并不困難。一般而言，特斯拉的常規(guī)升級需要45分鐘。不過由于特斯拉是電動車，需要充電，因此完全可以在充電時完成升級。汽油或柴油車的情況則更為復(fù)雜，因為在升級前必須先判斷電池的剩余電量，確定其能否堅持到升級完成。

事實上，部分汽車升級所需要的時間非常長，甚至可能超過1天。這種情況下，車主就必須去經(jīng)銷商那里利用廠家的專用工具或SAE J2534 “Pass-Thru（直通工具）”來完成升級。此類升級還需用到特種用途的專用電池充電器，因為只有這種充電器才能提供沒有電噪聲的“干凈”電流，而電噪聲則有可能導(dǎo)致升級失敗。 

由于汽車廠商應(yīng)該為升級負責，因此他們可能會為充電設(shè)施安裝可以“過濾”電噪聲的電容器，從而使OTA的普及更加容易。

另一個影響升級的因素是可用帶寬，這與移動網(wǎng)絡(luò)的狀況有很大關(guān)系。正是為了保證相對穩(wěn)定的可用帶寬，特斯拉才推薦車主在Wi-Fi環(huán)境下進行升級。此外，廠商還需為升級增加斷點續(xù)傳功能，這樣車主就能在系統(tǒng)和電池電容可供使用的時候逐步完成升級。

對某個模塊進行的升級，絕非僅僅只是和這個模塊有關(guān)。由于數(shù)據(jù)總線的設(shè)計，有些升級可能需要持續(xù)很長時間。雖然升級本身可能僅針對一個模塊，但總線上的其他模塊也必須做出反應(yīng)，在出現(xiàn)新信息時及時進行學(xué)習(xí)，判斷是該進行識別還是選擇忽略。

目前幾乎所有信息娛樂系統(tǒng)/車載通信系統(tǒng)和Wi-Fi設(shè)備供應(yīng)商都在與汽車廠商合作，開發(fā)特斯拉式的支持OTA升級的系統(tǒng)。但車輛基數(shù)越大、型號越復(fù)雜，這項任務(wù)就越困難。有報道稱，若有一些汽車廠商將在今年開始提供OTA升級。

安全是首要問題 

汽車系統(tǒng)供應(yīng)商風河(Wind River)公司的汽車解決方案架構(gòu)部總監(jiān)Russ Christensen表示，首當其沖的是安全問題。OTA在端與端之間進行，類似云服務(wù)器等升級來源在一端，車輛的信息娛樂系統(tǒng)在另一端。因此，就相當于這兩端都在與一個“確定的可信機構(gòu)”對話。在汽車內(nèi)部，“確定的可信機構(gòu)”一般是指車輛的遠程通信或網(wǎng)關(guān)模塊。

Christensen告訴《SAE汽車工程雜志》記者，在這種結(jié)構(gòu)下，智能手機、智能手表和免鑰入車系統(tǒng)等現(xiàn)在常被忽視的附件，都有可能成為汽車“安全威脅的載體”。他補充說，雖然現(xiàn)在也有一些項目在為CAN（Controller Area Network，即控制器局域網(wǎng)）總線進行加密，但總線本身并未設(shè)計此類功能。

Christensen表示，OTA升級還需要途徑將認證內(nèi)容（這里指升級軟件）下載至車內(nèi)，以及用來存儲這些內(nèi)容的“位置”。在進行升級時，車輛會收到一份清單，上面列明了所有升級項目；當車輛發(fā)出“okay”信號后，云端就會發(fā)送自己的簽名，而后車輛再進行驗證。接著，車輛的ECU模塊就會開始進行首個升級任務(wù)。這就引出了一個問題：如果安裝失敗了，系統(tǒng)必須能夠激活“恢復(fù)(restore)”功能，以便能夠恢復(fù)至升級前的狀態(tài)。

假設(shè)一份清單上有三個升級任務(wù)，如果第三個升級任務(wù)安裝失敗，系統(tǒng)就需要用到“清除(removal)”功能，將系統(tǒng)恢復(fù)至升級前的狀態(tài)。

這些都不困難，”Christensen指出，“我們只需在汽車設(shè)計階段為車輛配備這些功能就行了。”他引用了“原子更新（atomic update）”的例子作為類比，其中所有更新任務(wù)必須一起進行，否則一個也不能安裝。

繞過車主沒問題 

Christenson通過在銀行進行轉(zhuǎn)款的例子，介紹了車輛進行升級安裝時必須遵循的安全協(xié)議。要知道，在銀行轉(zhuǎn)錢時，所有計劃中的數(shù)據(jù)交換都必須瞬時完成，否則整個交易都得恢復(fù)至交易前的狀態(tài)。

當需要進行緊急的安全升級時，由于需要得到車主的“評估”和“同意”，升級的過程相對緩慢，此時可能需要一些變通，比如設(shè)置一些有關(guān)何時可以跳過“需要車主授權(quán)”的規(guī)定，雖然不到萬不得已時，廠商絕不會這樣做。

在OTA升級面臨的所有挑戰(zhàn)中，最為關(guān)鍵的一項是如何準確識別車輛配置。目前很多廠商手中并沒有置信水平可靠的車輛軟件配置表，因此很難保證能為所有車輛選擇合適的軟件。

Christensen表示，“一旦車輛下線，廠商就不能再指望通過車輛識別碼（Vehicle Identification Number，簡稱VIN碼）來辨識車輛配置了，”特別是還有可能存在一些車內(nèi)模塊的更換，情況就更為復(fù)雜了。

作者：

來源：SAE 《汽車工程雜志》

翻譯：SAE 上海辦公室

OTA reflashing: the challenges and solutions

Reprogrammable onboard modules have been in automotive use for more than a quarter century. But as electronic controls inhabit virtually every system today, anyone with a late-model vehicle knows that at some point, one or more of its electronic control systems will need to be "reflashed" with new software—often more than once.

In fact, even where the problem may be all-mechanical, including bearing knock, it can be ameliorated by new software for the engine computer.

While some of the reflashes are for customer satisfaction items, such as the air conditioning system that won't maintain set temperature, an increasing number are safety related. At best, perhaps 70% of the urgent notifications  of a safety recall bring the customer into the dealership, and both government and industry are looking  for ways to bring  it as close to 100% as possible.

With autonomous driving on the horizon, the security and safety aspects create a new urgency for the ability to perform updates on a timeline that doesn't wait for the leisurely pace of a service appointment at the dealership.

Tesla success with OTA 

Tesla's recent use of over-the-air (OTA) reprogramming has been successful, but this emergent OEM has a comparatively small owner base and that makes vehicle identification a simpler task. The typical Tesla reflash takes 45 minutes, but because the vehicles are electric drive, they can be reprogrammed during a recharge. Vehicles powered by gasoline and diesel engines face the more difficult issue of assessing battery state of charge to ensure it is high enough to complete the reflash.

Some automotive reflashes  require so much time (perhaps more than a day) that presently the only way they can be made is with the car in a shop, using a proprietary factory tool or an SAE J2534 "Pass-Thru." Such reprogramming also includes use of a dedicated battery charger made for the specific purpose, so it produces a "clean" current flow that is free of electrical noise ("ripple') that could cause the operation to fail. 

Because the carmakers are responsible for updates, they may start to install capacitors to smooth out the ripples from the charging  system, making OTAs more feasible.

A related factor is available bandwidth, which could be subject to considerable change over a cellular network. That's why Tesla recommends its updates be performed with WiFi. Additionally, the OEM would have to design updates for piecemeal reflashing, so they can be installed incrementally as the system and needed battery capacity are available.

This issue goes beyond the need of a single module. Many updates are lengthy because of the design of the data bus in which it is installed. The update itself may apply for just the one module, but other modules on the bus may need to know about it, whether because there are new messages they must recognize, or know to ignore.

All suppliers of infotainment/ onboard communications and WiFi are working with car makers to develop systems with OTA reprogramming function comparable to Tesla, but the larger and more diverse the vehicle base, the more complex the task. There have been reports that several makers will begin to do some OTA this year.

Security is No. 1 issue 

Russ Christensen, Director of Automotive Solutions Architecture for Wind River, a systems supplier in this area, said the No. 1 issue  has become security. It begins at each end (the source of the update at one, likely a cloud server, and the car's infotainment system at the other) so each is talking to a known authority.  In the car that authority usually would be the telematics/gateway module.

The key to security is in the architecture, he said, telling Automotive Engineering that presently such appendages as the smartphone and watch, and keyless entry, hitherto not so considered, can be "threat vectors" into the car.  He added that the CAN bus (Controller Area Network) was not designed for encryption, although there are some strategies for accomplishing that.

Also required is a way to get an authenticated payload (the updated software) to the car and having an electronic "place" to hold it, Christensen said. A manifest comes down with all updates; the car says okay, a signature comes from the cloud and the car validates it.  The first update is then discharged to the ECU.  Which raises this issue: if the installation fails, the system needs to be able to activate a "restore" function to get the system back to original setting.

If there are three updates in the manifest, and the failure occurs during the third, there may need to be a removal function, so the system reflashes back to the original state.

"None of this is hard," Christensen noted. "We just need the vehicle design to be able to do it." He cited the example of an  "atomic update," where all updates must be installed at once or none should be.

Bypassing owner OK 

Christenson cited banking industry money transfers as an example of the way installations must be executed with secure protocols, where a scheduled data transfer must be completed instantaneously, or the entire transaction goes back to its previous state.

When there is an urgent safety update, the comparatively slow pace that includes owner evaluation and approval may need a work-around. There might be have to be a provision for abrogating authorization, although that would be a last resort for an OEM.

A critical aspect of the entire challenge of OTA updating is identifying the vehicle configuration.  Many OEMs right now do not have software configuration matrixes at a sufficient level of confidence to always be certain of the right software for all vehicles.

"The manufacturer can't even rely on the VIN once the car has left the assembly line," Christensen said, and certainly not if a module has been replaced.