主办:陕西省汽车工程学会
ISSN 1671-7988  CN 61-1394/TH
创刊:1976年
汽车实用技术

汽车实用技术 ›› 2024, Vol. 49 ›› Issue (12): 83-88.DOI: 10.16638/j.cnki.1671-7988.2024.012.018

• 设计研究 • 上一篇    

基于 KF32A 微控制器的汽车仪表双分区 BootLoader 设计

惠志洲 1,单 慧 2   

  1. 1.南京协和电子科技有限公司 研发部; 2.桑德斯微电子器件(南京)有限公司 技术部
  • 发布日期:2024-06-27
  • 通讯作者: 惠志洲
  • 作者简介:惠志洲(1984-),男,硕士,高级工程师,研究方向为 CAN 通讯、AutoSAR、UDS、信息安全等,E-mail: hzzhou2000@163.com。

Design of Dual-partition BootLoader for Automotive Instrument Based on KF32A Microcontroller

HUI Zhizhou1 , SHAN Hui2   

  1. 1.R&D Department, Nanjing Xiehe Electronic Technology Company Limiteda; 2.Technology Department, Sangdest Microelectronics (Nanjing) Company Limited
  • Published:2024-06-27
  • Contact: HUI Zhizhou

PDF

摘要: 基于统一诊断服务(UDS)协议的 BootLoader 在升级前需要读取软硬件版本号。当升 级异常中断,仪表黑屏后,可能无法获取到准确的软硬件版本号,升级无法重新进行。为了 解决上述问题,提出了软件回滚的三种方式,分析各自的优缺点,以 A/B 区轮流互为备份的 启动方式设计了一款组合仪表的引导程序 BOOT。当升级异常中断后,应用程序能够自动回 滚到上一个稳定的版本,可以继续工作。利用 CANoe 软件设计 BootLoader 上位机,分别按 照正常升级、升级异常中断、异常中断后再升级三个步骤进行验证。实验结果表明,当升级 中断后,仪表能够回滚到之前的软件版本继续工作,且可以按照原步骤再升级,达到了预期 效果。

关键词: 微控制器;双分区;汽车仪表;软件回滚;BootLoader;CANoe

Abstract: The BootLoader based on the unified diagnostic services (UDS) protocol needs to read the software and hardware version before upgrading. When the upgrade is abnormally interrupted and the automotive instrument screen is black, it may not be able to obtain the accurate software and hardware version, and the upgrade cannot be restarted. In order to solve the above problems, three ways of software rollback are proposed, their advantages and disadvantages are analyzed, and a BOOT program of combined instrument is designed with the boot mode of A/B area alternating with each other. When the upgrade is interrupted abnormally, the application can automatically rolling back to the previous stable version and can continue to work. CANoe software is used to design the upper computer of the BootLoader, and the verification is carried out in three steps: normal upgrade, abnormal upgrade, and upgrade after abnormal interruption. The experimental results show that when the upgrade is interrupted, the instrument can be rolled back to the previous software version to continue to work, and can be upgraded according to the original step, and the expected effect is achieved.

Key words: Microcontroller; Dual-partition; Automotive instrument; Software rollback; BootLoader; CANoe