Revolutionizing Vehicle Software Updates:

Over-the-Air Transformation (FOTA)

Doppelio FOTA Testing

The automotive industry is going through a significant change in how vehicles receive essential software updates. The days of old-fashioned and time-consuming methods that required a trip to the garage and a lengthy diagnostic process are becoming obsolete. Instead, over-the-air (OTA) updates have revolutionized the process, allowing for seamless software upgrades in vehicles, much like how we update our smartphones and computers. This article delves into the ever-changing landscape of modern vehicle software updates, emphasizing the distinct contrasts between traditional approaches and the efficiency of OTA updates.

Traditional Firmware Updates

The firmware update in a vehicle in the past was a time-consuming and labor-intensive process. The vehicle had to be taken to a garage and connected to a Vehicle Communication Interface (VCI), which can be thought of as a “PC on wheels” for the car. Various diagnostic software tools were then used on this connected PC to check the vehicle’s condition, identify any existing problems, and determine the current firmware versions.

Once this initial assessment was completed, the update package had to be carefully configured on the PC, often requiring a connection to the original equipment manufacturer’s (OEM) backend system. Finally, the update process would begin, which could take several hours to complete. Throughout this process, the PC played a central role in coordinating the update across the vehicle’s many embedded controllers.

The New Age of Over-the-Air Updates

OTA updates have brought about a new era of vehicle software updates that are quicker, more effective, and a lot more convenient. Additional components need to be integrated to enable OTA updates, and one crucial element is the Connectivity Control Unit (CCU). The CCU serves two important functions: it allows over-the-air cloud connectivity and contains the necessary intelligence to manage the entire update process.

The process of initiating an OTA update starts with an initial authoring stage. Engineers gather the necessary components in this phase to create the update package. This includes essential details such as diagnostic sequences, specific conditions of the vehicle (such as battery status and engine parameters), and whether the update necessitates driver involvement. Once the carefully crafted package is complete, it is uploaded to the FOTA campaign manager.

Within the cloud environment, a constellation of IoT services comes into play. These services oversee the management of update packages, handle roll-up management, and provide comprehensive reporting and analytics capabilities to document and trace all update activities. Equally vital are security-related services, encompassing key management and encryption, ensuring the absolute integrity of firmware updates.

The Role of the Vehicle in OTA Updates

The vehicle regularly scans for updates by communicating with the cloud. Occasionally, the cloud subsystem sends out notifications about available updates to the vehicles. If a new firmware version is accessible, it is quickly downloaded into the vehicle’s system. This procedure is enhanced by transmitting the vehicle’s status back to the cloud, ensuring meticulous record-keeping.

The Complexity of Vehicle Software Updates

The process of OTA updates for vehicles is distinct from that of conventional devices such as smartphones or computers. Vehicle updates are fundamentally based on a baseline, transitioning from one to another. As a result, multiple controllers often need to be updated, and the order in which these updates occur becomes crucial. The vehicle must possess an intelligent component that can effectively orchestrate these complex update processes.

Validation of the FOTA subsystem

The FOTA functionality is susceptible to many failure scenarios related to

(1) device conditions

(2) network issues

(3) performance of the messaging subsystem in the cloud

(4) performance of the FOTA updates storage and network communication subsystems – in contrast to the fully controlled and human monitored updates that happen in the traditional updates in the garage. 

Device conditions

At the device level – some of the parameters that impact FOTA reliability are power cycles of the device, state of the vehicle parameters, state of the vehicle software baseline and available free storage.

Network conditions

Network conditions can impact the device and cloud system. The cloud system is adversely affected by a lot of slow clients that are hogging the connections and threads, erroneous reporting of the vehicle status because of the delayed/dropped/retransmitted messages. The messaging sequences can have delayed, lost, or retransmitted packets that need to be handled meticulously. On the device side, network issues can lead to downloading corrupt images that could brick the vehicle components if the design isn’t fault-tolerant across download, verification, and deployment. Several network parameters lead to this situation such as changes in bandwidth, latency, connection drops and fragmentation.

Doppelio Fota Testing

Performance of FOTA subsystem on the cloud

There are two broad sets of FOTA components in the cloud –

(1) messaging and

(2) storage subsystem.

The messaging system deals with the notifications, status updates, state transitions, traceability and so on. The processing functionality in this area often needs to write the data into the database often. Because of this complexity, the processing pipeline can be slow or get slower with time putting pressure on the queuing system leading to unpredictable failures as the system scales up.

The storage system mainly deals with the retrieval and delivery of the update packages that vary in size from a few Kbs to Couple of GBs (in case of maps and SDV). Here the performance bottlenecks could come from throttles, performance of storage blobs, infrastructure bottlenecks because of the huge amount of data that needs to be transferred. For example, 100K vehicles downloading 1MB adds up to 100 Gigabyte of data to be delivered to the client over a cellular network with its inherent uncertainties of speed and coverage.

This problem compounds exponentially as the load increases and is an ongoing battle as the system scales.

People tend to test for this complexity in 3 ways – HIL setup, testing with simulators (mostly home grown) and field tests with test vehicles. HIL has a lot of limitations on testing FOTA, in terms of the inability to control the different test parameters consistently, and to scale; so it’s mostly the other two are the options. Homegrown simulators generally have critical shortcomings on simulating

(1) network conditions,

(2) testing the FOTA module on the edge, and

(3) has this issue of unrealistic test characteristics for load.

The first two parameters are obvious that it can’t be done, and teams generally rely on field tests for these – even though the field tests are not consistently repeatable.

When it comes to load – QA teams tend to believe, at least until their fingers are burnt, that their simulators are helping them do a good job. What they don’t realize is that, while they could simulate a particular scale of devices, getting the simulation to match with the real-world characteristics is extremely hard. It is complicated as much as scaling the application itself. Reasons being the reality of data streaming with massive concurrency and state fullness.

This is even more complex when it comes to FOTA because of the volume of data that needs to be downloaded at an aggregate level by the devices that are being simulated. This puts stress on the both the hardware and software stack, and network infrastructure of the simulation servers leading to skewed results. It is easy to say that the messaging and download sequences can be stitched together to simulate FOTA behaviour but to deliver on the promise at scale is a herculean task to be delivered by experts who are good at every single layer of the stack.

Doppelio – enables you to test for these conditions across Edge, Cloud and Scale without the said uncertainties – Talk to us to know more on how we are solving FOTA for our large-scale enterprise customers. Over-the-air software updates represent a profound paradigm shift in the automotive industry, streamlining the update process and ensuring that vehicles remain equipped with the latest software enhancements and security measures. As the automotive landscape continues its evolution, OTA updates will undoubtedly play a pivotal role in ensuring vehicles remain safe, reliable, and aligned with the latest innovations – making the reliability of FOTA itself super critical.

Rajesh K Doppelio

Rajesh K, Co-Founder & Head of Products