Background: Why Automotive OTA Architecture Matters
Modern vehicles are increasingly software-driven, with numerous ECUs und domain controllers responsible for everything from infotainment to critical safety systems. Traditional manual updates are time-consuming, expensive, and often impractical.
Over-the-air (OTA) updates solve these challenges by enabling remote software updates. But OTA deployment in vehicles faces unique issues:
- Heterogeneous ECUs and domains: Multiple modules with different update requirements.
- Safety-critical operations: Updates must not compromise vehicle safety.
- Large firmware packages: Efficient delivery over constrained networks is required.
- Recovery mechanisms: Updates must support rollback in case of failure.
Redstone OTA was designed to address all of these challenges with a modular, distributed architecture.
Redstone OTA Solution Overview
Redstone OTA provides:
- Centralized orchestration: Master OTA (TBox) manages update campaigns, communicates with cloud services, and handles self-upgrades.
- Domain-specific updates: Sub OTA modules in ECUs and domain controllers manage local update logic, verification, and patching.
- Secure and reliable communications: Protocols like DoIP, DoCAN, HTTP/HTTPSund SomeIP enable robust vehicle-to-cloud and intra-vehicle interactions.
- Data-driven monitoring: Logs, analytics, and audit trails provide visibility and accountability for every OTA operation.
Redstone Automotive OTA Architecture Overview
Server-Side Components
Redstone’s cloud platform manages the OTA lifecycle:
- Vehicle Model Management: Maintains vehicle types, configurations, and software baselines.
- ECU Management: Tracks ECU versions, capabilities, and update history.
- Software Package Management: Organizes firmware, delta files, and configuration files.
- Upgrade Task Management: Schedules updates and manages targeting logic.
- Data & Log Management: Enables monitoring, failure analysis, and audit trails.
- Download Services: Optimized with CDN and retry support.
- Third-Party Integration: Secure key management via PKI.
Vehicle-Side Architecture
Vehicles may have multiple OTA-capable domains, each running either Master or Sub OTA:
- Master OTA (TBox):
- Orchestrates updates across domains.
- Interfaces with the cloud and Sub OTA modules.
- Handles logic, safety, UDS-based diagnostics, and patch control.
- Performs self-upgrades for TBox firmware and bootloader.
- Sub OTA (ECUs / Domain Controllers):
- Manages domain-specific updates.
- Handles package downloads, patching, verification, and DoIP communication.
- Supports UDS flashing, security verification, and upgrade control.
- Communicates with Master OTA using SomeIP.
- Communication Protocols:
- DoCAN / DoIP: In-vehicle communications
- HTTP/HTTPS: Vehicle-to-cloud communications
- SomeIP: Internal module interactions
Redundancy and Safety
- Dual-bank A/B partitioning ensures safe, non-disruptive updates.
- UDS-based rollback strategy restores previous firmware on failure.
- Multi-level retry and patch integrity checks maintain reliability in unstable networks.
Redstone Automotive OTA Architecture Diagram
Key Advantages of Redstone Automotive OTA Architecture
- High Reliability: Dual-bank redundancy and rollback strategies guarantee safe updates.
- Modular & Scalable: Supports centralized and decentralized ECUs across diverse vehicle architectures.
- Efficient Distribution: Optimized download services and delta updates reduce network load.
- Enhanced Security: PKI-based authentication ensures software integrity.
- Comprehensive Monitoring: Real-time logs, analytics, and audit trails provide full visibility.
Redstone’s OTA architecture transforms vehicle software management by delivering seamless, safe, and efficient updates. OEMs and Tier-1 suppliers can now provide continuous software improvements and enhanced user experiences without compromising safety or reliability.
Read our blogs for more insights in automotive OTA updates.
