Boot Loader

The Bootloader is stored in a protected ECU memory area and is started as the first software instance in the boot phase after a reset. It then checks whether a flash request or valid application software exists. If the ECU is to be reprogrammed, the Bootloader starts reprogramming and – after verifying access authorization – loads the flash driver from the bus system to the ECU’s RAM memory if needed. Then it erases the old ECU software and programs the flash memory with the new data it receives over the bus system. A validation of the ECU software is performed after the data transfer. If the flash procedure is interrupted, it can be repeated at any time.

The communication with the flash tool is carried out via the bus-specific communication stack. The Bootloader supports all bus systems: CAN, CAN-FD, LIN, FlexRay, MOST and Ethernet

What is a Flash Bootloader of an Automotive ECU for Re-programming

For all Electronic Control Unit (ECU) in an automobile is executing a specific application. An ESP ECU, for instance, ensures that brakes don’t get locked during braking.

How this works? – the ABS software application-SWC flashed into them ECU hardware, is able to fetch the vehicle speed as an input and is designed to reduce the brake on the wheels speed, based on this input.

Following is the flowchart of the steps involved in ECU reprogramming using Flash Bootloader:

  • The Flash Bootloader module is the first software module that gets activated during the booting of the system (after the power supply of the device is switched on).
  • The control is transferred to the Flash Bootloader, which checks for the updated version of the firmware. If a new version is available, Flash Bootloader analyzes the update to authenticate the source and cross-check all the pre-defined system security parameters. If the authentication is successful then Bootloader Module writes the new updated on the flash memory, at the target address.
  • Next, the updated program is again verified to check the integrity and fidelity of the software .If no anomaly is found, the control is transferred from the Flash Bootloader to the Application.

All these steps, involved in the process of an ECU reprogramming, are performed by two different parts of the Bootloader- the Primary and the Secondary Bootloader.

In the next section, we explain both of them.

Primary Bootloader: Microcontroller Unit Setup

After the microcontroller is reset, the control first comes to Primary Bootloader. This is the part of the Bootloader software that initializes and sets up the MCU resources.

In the context of a CAN based Bootloader, the resources include the CAN protocol and the CAN controller. The CAN controller is initiated to download the update, with the correct CAN speed.

Any update transmitted over CAN BUS is identified by the CAN protocol and subsequent actions are taken.

Secondary Bootloader: Microcontroller Reprogramming

Similar to the primary Bootloader that initializes various functionalities, there is another part of the Bootloader software that gets active upon receiving the firmware update via the communication medium. It is known as the Secondary Bootloader.

Essentially, this secondary Bootloader downloads the updated related to the target application and reprograms the flash memory.

It has all the necessary flash routines and the UDS functions (if the Bootloader is UDS based) that are necessary for storing the updated data on the flash memory.

The Primary Bootloader transfers the control to the Secondary Bootloader, once the application update is received.

Next, the secondary Bootloader initializes Flash Bus Interface Unit (FBUI) on the RAM memoryThis enables the capability to read/write on the flash memory.

Immediately after this step, the communication over CAN is initialized again, so that the Bootloader is ready to receive the UDS request.

Post this, the update is stored in the flash memory. This is when the Secondary Bootloader is erased from the RAM and control once again goes to the Primary Bootloader.