Flash Bootloader
2
Table of Contents
1 Flash Memory Programming ..................................................................................................................................................... 3
2 Flash Bootloader - ECU programming via CAN, LIN, FlexRay, MOST and Ethernet ........................................................... 3
2.1 Overview of Advantages ........................................................................................................................................................... 3
2.2 Application Areas ....................................................................................................................................................................... 3
2.3 Functions..................................................................................................................................................................................... 4
2.4 Configuration ............................................................................................................................................................................. 4
2.5 Scope of Delivery........................................................................................................................................................................ 5
2.6 Availability .................................................................................................................................................................................. 5
3 Options ........................................................................................................................................................................................ 5
3.1 Option Security (Crypto) .......................................................................................................................................................... 5
3.2 Options for Fast Flash Programming ...................................................................................................................................... 7
3.3 Option Bootloader Updater: Quick update of the Flash Bootloader .................................................................................... 8
3.4 Option XCP: Flashing with XCP during ECU development .................................................................................................... 9
3.5 Option EEPROM Emulation Module (EepM) - EEPROM Emulation in Flash Memory ....................................................... 11
4 The programming tool vFlash ................................................................................................................................................. 12
4.1 Overview of Advantages ......................................................................................................................................................... 12
4.2 Application Areas ..................................................................................................................................................................... 13
4.3 vFlash Bootloader Support ..................................................................................................................................................... 13
V2.1 08/2017
Please consider your responsibility towards the environment before printing this document.
Flash Bootloader
3
1 Flash Memory Programming
Today, systems for downloading software to ECUs are used in all phases of ECU development. Vector offers a number of
software solutions to meet various requirements:
> Flash Bootloader for the bus systems CAN, LIN, FlexRay, MOST and Ethernet
> Data encryption, validation, authorization and authentication with the option “Security”
> Faster flashing with the options Data Compression, Pipelined Programming, pipelined verification and Delta Download
> Replacing the bootloader using the “Bootloader Updater”
> Flashing via XCP during development
> EEPROM Emulation for optimized usage of flash memory
> PC-based flash tools
Figure 1: The Flash Bootloader in the context of the MICROSAR Basic Software
2 Flash Bootloader - ECU programming via CAN, LIN, FlexRay, MOST and Ethernet
2.1 Overview of Advantages
> Efficient and reliable reprogramming of ECUs – without having to remove the ECU
> Low memory requirement in the ECU
> Available for most OEMs and many microcontroller platforms
> Proven flash solution based on more than 10 years of use in numerous development and production projects
2.2 Application Areas
The Vector Flash Bootloader is a universal solution for the reprogramming of ECUs during development, while in production
or while in service. It conforms to the specifications of automotive OEMs and is continually coordinated with them.
Flash Bootloader
4
Reprogramming is executed with a flash tool such as vFlash from Vector. Scripts needed for vFlash are supplied with the
Flash Bootloader.
The Flash Bootloader permits programming on single or multi-processor platforms. It includes the option for programming
different memory types connected either internally or externally. Due to its low memory requirement, the Bootloader is also
well suited for microcontrollers that have limited resources.
2.3 Functions
The flash download is executed according to OEM requirements using either the KWP2000 or UDS diagnostic protocol. The
Bootloader contains the communication stack needed for the specific bus system.
2.3.1 The flash procedure
The Bootloader is stored in a protected ECU memory area and is started as the first software instance in the boot phase
after a reset. It then checks whether a flash request or valid application software exists. If the ECU is to be reprogrammed,
the Bootloader starts reprogramming and - after verifying access authorization - loads the flash driver from the bus system
to the ECU’s RAM memory if needed. Then it erases the old ECU software and programs the flash memory with the new
data it receives over the bus system. A validation of the ECU software is performed after the data transfer. If the flash
procedure is interrupted, it can be repeated at any time.
2.3.2 Bus-specific communication stack
The communication with the flash tool is carried out via the bus-specific communication stack. Hereby, the Vector Flash
Bootloader supports all bus systems: CAN, CAN-FD, LIN, FlexRay, MOST and Ethernet.
2.3.3 Flash driver
The Flash Bootloader includes a flash driver that matches the hardware platform. It contains system-based routines for
reliably erasing and programming nonvolatile memory chips. All Vector flash drivers have low resource requirements, and
they conform to the HIS flash driver specification.
2.4 Configuration
You configure the Bootloader with the DaVinci Configurator Pro or the GENy configuration tool, adapting it to the specific
requirements of your application. Further modifications and extensions are possible using callback functions.
Figure 2: Configuring flash blocks with GENy
Flash Bootloader
5
2.5 Scope of Delivery
> Bootloader as configurable C source code
> Flash driver for your specific hardware platform
> GENy configuration tool
> Flash scripts for controlling the download process
> HexView for preparing flash data and containers during development
> Documentation
2.6 Availability
The Flash Bootloader is available for many commonly used microcontrollers and in OEM-specific variants. For more
information go to www.vector.com/fvd/ or contact us.
3 Options
The following functionalities are available as options for the Vector Flash Bootloader:
> Security (Crypto): Protection against manipulation for ECUs with sensitive vehicle data
> Quick programming of ECUs through data compression, pipelined programming, pipelined verification and delta
download
> Bootloader Updater: Cost-effective updating of the Flash Bootloader
> XCP: Programming flash memory with a calibration tool such as Vector CANape. This can be performed alternatively:
> As supplement to a download via DIAG
> As alternative to a download via DIAG
3.1 Option Security (Crypto)
For standard ECUs unauthorized access is prevented by authorization via simple or OEM-specific Seed/Key methods.
However, in the case of ECUs containing sensitive vehicle data such as an engine immobilizer function or odometer, as well as
in safety relevant ECUs, the Option Security (Crypto) modules are needed to implement extended security measures. The
"Hersteller Initiative Software" (abbr. HIS; “Manufacturers Software Initiative”) has specified cryptographic routines with
standardized interfaces in scalable security classes for this purpose.
Flash Bootloader
6
Figure 3: Seed/Key method within the Option Crypto
3.1.1 Overview of Advantages
> Data encryption: Protection of intellectual property by encryption
> Authorization: Protection against unauthorized ECU access
> Validation: Safeguarding of data integrity in the flash memory
> Authentication: verification of authenticity through signature methods
3.1.2 Application Areas
Option Security for the Vector Flash Bootloader lets you prevent flashing and unauthorized execution of protected software
in the ECU effectively. Upon request, you can also obtain extended Seed/Key methods for ECU access protection.
3.1.3 Functions
Option Security for the Vector Flash Bootloader meets the requirements of HIS. The following modules are available:
> Symmetrical data encryption based on the Advanced Encryption Standard (AES), class AAA.
> Computation of Hash codes with Hash function SHA-1 (alternatively: RIPEMD-160, SHA-256, MD5).
> Validation and authentication of the download process by signatures per security classes
> C: The signature is generated in the flash tool with a confidential symmetrical key and it is verified in the ECU.
> CCC: The signature is generated externally by the RSA method with a confidential private key. In the ECU, the
signature is opened with a public key and is verified.
Despite the methods defined in the HIS standard, further algorithms are available on request.
During ECU development, it is convenient to use the supplied HexView tool for signature computation. In production usage,
the CANdelaFlash tool would be used to generate the entire ODX-F container.
Figure 4: Generating, transmitting and verifying a digital signature
3.1.4 Scope of Delivery
> Configurable library or C source code; integrated in the Bootloader
> Tool HexView for the generation of the signatures in the development phase
> Documentation
Flash Bootloader
7
3.2 Options for Fast Flash Programming
An optimization of transfer times while flashing can be achieved in the field of transferring data, in the programming
workflow and within the verification process. Our options for fast flash programming address to each of these points and
hereby offer efficient and coordinated possibilities to speed up flashing considerably.
3.2.1 Overview of Advantages
> Reduced download times in flashing
> Efficient decompression module for the ECU
> Data compression with the tool HexView
> Bus system independent
3.2.2 Application Areas
The option data compression of the Vector Flash Bootloader lets you efficiently compress all of your flash data. It utilizes a
LZ77 method, is optimized for use in automotive ECUs and available on all microcontrollers for which a Bootloader is
available.
Some automotive OEMs specify the use of data compression in their flash procedures to accelerate the flash procedure at a
constant baudrate. Compression of the flash data saves time even for small quantities of data. Savings are maximized when
flashing large quantities of data (e.g. in the Infotainment area). Compression also offers many benefits when short cycle
times are specified, as in end-of-line programming.
Figure 5: Compression and decompression of flash data
Option "Pipelined programming" lets you program the flash memory in parallel to receiving the next data block. The time for
the physical flash programming is used to transmit the next data block, which significantly shortens download time.
Option "Pipelined verification" lets you verify the written flash data in parallel to receiving the data blocks, similar to parallel
programming of the flash memory,.
Option "Delta download" yields tremendous savings in time and bandwidth, because when updating it is not necessary to
load the entire program code, rather only the changes that occurred compared to the prior version of the program. The new
software level is generated right in the ECU.
Flash Bootloader
8
Figure 6: Saving time in flashing by parallelism
3.2.3 Functions
Data compression: The compression method used in this module enables a compression rate of 40-60%, where the rate
actually attained depends on the flash data itself. Compression is performed with the supplied tool HexView.
Pipelined programming und Pipelined verification: Decompression, programming of flash memory and the necessary checking
of a transmitted data block are already executed during the sending and receiving operations for the next data block; in the
ideal case, these process steps would not require any additional time.
Delta download: An incremental data set is read in here, each of which just contains the difference to the prior software
level. In the ECU, this data set is then merged with the existing code to produce the new software level. There are two ways
to do this:
> Streambased: The resulting image is formed on-the-fly and is programmed section by section
> Monolithic: Here, the delta is initially loaded into a temporary area of the ECU, and then the resulting image is
programmed in its entirety.
3.2.4 Scope of Delivery
> Configurable Library or C source code; integrated in Bootloader
> Tool HexView for compression of the flash data
> Documentation
3.3 Option Bootloader Updater: Quick update of the Flash Bootloader
For reprogramming ECUs via a bus system, Vector provides you with a Flash Bootloader that supports the OEM's
specifications and is aligned with the respective hardware. This enables you to update the application, or parts of the
application, without removing the ECU. The Bootloader remains in flash memory for the lifetime of the ECU to ensure
continuous control over the reprogramming process. In certain cases the requirements of the Bootloader may change over
time, which may make it necessary to replace the Bootloader. In order to replace the Bootloader without having to remove
the ECU, you will need to use an updater configured specifically for the respective Bootloader.
3.3.1 Overview of Advantages
> Exchange of the Flash Bootloader without removing the ECU
> Available for all previously released Vector Flash Bootloaders
> Simple, comprehensive solution for all OEMs and platforms
Flash Bootloader
9
3.3.2 Application Areas
The Bootloader Updater supports the exchange of the Flash Bootloader in the vehicle. It uses the security mechanisms in the
controller for power-up handling to minimize the risk of a complete breakdown of the ECU as a result of external
disturbances.
Depending on the hardware and the Bootloader configuration, the following Updater variants are available. Vector will be
glad to advise you on which solution to choose for your requirements:
> Without boot manager and without hardware support
> With boot manager support
> With boot strap based hardware support
3.3.3 Functions
Initially, following an authentication check, the Bootloader Updater including the new Bootloader and flash driver are
transferred to the flash memory like an application. The next time the ECU is reset by the tester in the garage, the Updater
takes control. The Updater copies the integrated flash driver into RAM and deletes the previous Bootloader from the flash
memory. The Updater then immediately copies the new Bootloader to this location.
On the next ECU reset, the new Flash Bootloader is active. The new application software can then be updated in the ECU
according to the new specifications.
Figure 7: Complete update of the ECU software with the Bootloader Updater
3.3.4 Scope of Delivery
> Updater software as configurable C source code, adapted specifically to the OEM Bootloader
> Documentation
3.4 Option XCP: Flashing with XCP during ECU development
3.4.1 Overview of Advantages
> Simple re-programming of flash memory via existing bus systems; already in early development phases
> Use of a calibration tool such as CANape for flashing
> Failsafe solution available
> OEM-independent solution available
The Universal Measurement and Calibration Protocol (XCP) was developed for measuring and calibrating internal ECU
parameters. It supports different physical interfaces such as CAN, FlexRay, Ethernet, USB and SPI/SCI. This circumstance
Flash Bootloader
10
also allows you to re-program ECUs without having to physically remove them from the vehicle. All that you need is an XCP
software module in the ECU as well as a universal calibration tool such as CANape from Vector.
3.4.2 Application Areas
With XCP and CANape, you can replace calibration data or even entire applications in flash memory. This is especially
attractive for rapid prototyping during the development of ECUs which are difficult to access. Re-programming can simply
be performed with the measurement and calibration tool. You do not need any special tools or flash containers from the
vehicle manufacturer (OEM). This gives you a great deal of flexibility during development of your ECU. All you need in
addition to XCP is a flash module for the ECU. Different solution approaches are available from Vector, where the selected
approach depends on the specific application:
3.4.3 Simple Flashing over XCP using the Flash Kernel
This cost-effective method is well-suited for simple ECUs, in which there are no plans for later flash re-programming in
production use. It is resource-saving, because it does not require any memory space in the protected area.
First, a flash kernel is transferred to the ECU over XCP and is saved in RAM. Along with the actual XCP protocol routines for
communication, the kernel also contains the necessary erasing and programming routines for the flash memories. The
subsequent reprogramming of the flash memory is handled by the kernel on the ECU side, after it has been started by the
application.
The disadvantage of this method is that an interruption of the data transmission during re-programming can lead to total
failure of the ECU. If that is unacceptable, one of the following solutions is advisable.
Figure 8: Simple flashing over XCP, using flash kernel
3.4.4 Failsafe Re-programming
A flash bootloader offers greater safety in re-programming. This involves permanently storing the bootloader in a protected
memory area of the ECU. It is called after every start, and checks the application. The application is only started if it is valid
and complete and no flash operation is requested. If re-programming is interrupted, the bootloader takes control, and the
flash operation can be restarted without any damage. Two types of flash bootloaders are available:
> XCP Bootloader: Compared to the Flash Kernel, this autonomous bootloader is the safe solution for flashing with XCP in
your development project. It is advisable if the OEM does not require a flash bootloader for production use.
> Flash Bootloader with Option XCP: For production projects in which the OEM plans to use the Vector Flash Bootloader,
Vector offers the option XCP. This enables failsafe reprogramming of the ECU in early development phases with
CANape. In production use, this option can be deactivated. Flashing is then exclusively performed in a process-
conformant operation with a flash container over the tool provided by the OEM or over vFlash – the universal flash tool
from Vector. Option XCP is available for any flash bootloader from Vector and is also available in an OEM-independent
version.
Flash Bootloader
11
Figure 9: Options during failsafe flashing
3.4.5 Scope of Delivery
> Flash kernel, XCP bootloader or Option XCP for the bootloader as configurable C source code
> Flash driver for your special HW platform
> GENy configuration tool
> Documentation
3.4.6 Flash tools from Vector
> vFlash is a flexible tool for re-programming ECUs. It supports the flash specifications of various automotive OEMs
through simple enhancements by a plugin concept (vFlash templates). Detail can be found in the chapter "vFlash".
> CANape is the universal measurement and calibration tool from Vector. For Details, please refer to the Product
Information "CANape".
3.4.7 Availability
The Flash Bootloader is available for a large number of commonly used microcontrollers and in OEM-specific variants. You
will find the current list under www.vector.com/fvd/ or contact us.
3.5 Option EEPROM Emulation Module (EepM) - EEPROM Emulation in Flash Memory
In recent years, flash memory has become more cost-effective and faster than conventional EEPROMs. New microcontrollers
are often offered without EEPROM memory, but come along with a larger internal flash memory. An optimized utilization of
the flash memory can only be achieved with the help of an EEPROM emulation however, due to the characteristics of flash
memory.
3.5.1 Overview of Advantages
> Usable for external and internal flash
> Usable for data and program flash
> Conserves resources and optimizes flash lifetime
> Possible to use EEPROM emulation module together with the Vector Flash Bootloader
3.5.2 Characteristics of flash memory
Flash memory cannot be erased or written byte-by-byte, therefore it cannot be used in the same way as conventional
EEPROMs. Essentially, the use of a flash memory requires that the data to be stored is defined in so-called records. The
application defines the length of a record either statically during software configuration or dynamically at runtime,
depending on the configuration. They are addressable by unique identifiers and besides the stored data they also contain
management information. This information assures quick and reliable read access to valid data and includes a Cyclic
Redundancy Checksum (CRC), which assures that the data remains consistent with each access. If the application calls up
nonexistent data, the EepM generates an error message.
Flash Bootloader
12
EEPROM emulation in flash memory makes it possible for an application to store changeable nonvolatile data in a flash
memory in the same way as in a conventional EEPROM.
3.5.3 Functions
The Vector EEPROM Emulation Module (EepM) manages predefined flash areas by taking all hardware-specific constraints
into consideration. Reading and writing of changeable nonvolatile data via the EepM is fully transparent to the application. It
is easy to access the stored data by identifiers that are predefined or flexibly defined at runtime. The EEPROM Emulation
module is configurable and so it can be adapted to the requirements of the application. It hereby enables the following
special functions:
> Simultaneous emulation of multiple EEPROMs
> Integration of different flash hardware
Since all interrupts are blocked during access to flash memory, EEPROM management tasks should be performed at a non-
critical time for the application. We would be glad to offer you consultation in system design.
3.5.4 Configuration
The EepM is configured via a header file.
3.5.5 Availability
Vector offers EEPROM Emulation Modules for a number of hardware platforms with different internal or external flash
memories. You will find additional information on the Internet at http://www.vector.com/vi_eepm_availability_en or upon
request.
3.5.6 Scope of Delivery
> C header files and source code
> Makefiles and sample programs
> Documentation/operating instructions/Readme file
3.5.7 Optional Services
> Consultation in system design and integration in the ECU
> provision of HIS flash drivers
> extension of standard modules according to customers' needs
> Hotline, workshops and training courses on the topic of embedded software
4 The programming tool vFlash
vFlash is a very easy-to-use tool for programming ECUs. It supports CAN, CAN-FD, LIN, FlexRay and Ethernet and more than
50 different flash specifications. Additionally, vFlash can easily be extended by a plugin concept.
Figure 10: Overview of the programming tool vFlash
4.1 Overview of Advantages
> Flashing via CAN, CAN-FD, LIN, FlexRay or Ethernet (DoIP)
Flash Bootloader
13
> Simple exchange of pre-configured flash projects in one package (.vflashpack)
> High transfer rate (Transfer of 1.000 kByte data in 36,6s (27,3kByte/s) in an ideal reference ECU via CAN at 500kBit/s
with STmin = 0, BS = 0)
> Fast and easy creation of flash projects for different bootloaders on the basis of flash templates
> Support of different protocols and flash sequences / flash specifications. Easily expandable by a plugin concept wit
flash templates
> Direct “native” programming of data in Intel-Hex, Motorola-S and binary format
> Flash programming based on container formats such as ODX-F and many OEM specific formats
> Flashing of compressed and encrypted data
> Interactive flashing via the GUI as well as automated flashing over a programming interface (C, C# API)
> Simultaneous flashing of multiple ECUs, each with an individual communication channel.
4.2 Application Areas
vFlash is designed for all users at automotive OEMs and suppliers whose tasks include (re-)programming of ECUs. vFlash lets
users flash efficiently in the laboratory, at programming stations, at a laboratory vehicle or in the vehicle.
You control vFlash either by the GUI or you simply integrate it as a library into an existing environment. The version "vFlash
station" allows parallel flashing of up to 8 ECUs each with an individual communication channel.
4.3 vFlash Bootloader Support
Vector offers prepared flash templates for a large number of different automotive OEMs and bootloader. Please contact us.
Figure 11: vFlash window