How ElectRay Implemented Secure FOTA on AUTOSAR-Based SDV Platforms

The solution was built using the following technologies:

• Software Platform: AUTOSAR Classic
• Hardware Platform: Infineon TC387 microcontroller
• Software Toolchain: Tasking Compiler
• Software Components: COM Stack, Diag Stack, Crypto Stack and Memory stack and CDD

As part of its next-generation software-defined EV platform, the OEM needed a secure and reliable method to update ECU firmware remotely. Manual updates were increasing service downtime and limiting scalability across vehicle programs.

To resolve these limitations, the OEM initiated a AUTOSAR Classic based FOTA framework, ensuring robust data protection, secure communication, and seamless connectivity with backend and AUTOSAR Adaptive modules. The solution had to be efficient, fail-safe, and ready for deployment on Infineon TC387 hardware to support future SDV initiatives.

ElectRay implemented a FOTA solution on an AUTOSAR Classic Drivetrain ECU, enabling secure, reliable, and remote firmware updates without physical intervention. The solution followed AUTOSAR standards and ensured seamless integration with the FOTA Master ECU and cloud-based backend systems, supporting scalable deployment within the OEM’s SDV architecture.

Achieving secure, fail-safe FOTA functionality within strict hardware and integration constraints.

Key challenges included:

• Cross-System Integration: FOTA Master (AUTOSAR Adaptive) and Cloud backend were out of project scope but required strict interface alignment.
• Reliability: Guaranteeing a fail-safe update process to prevent corruption or malfunction during firmware transfer and flashing.
• Hardware Constraints: Managing flash endurance, staging buffers, and memory allocation within the TC387’s available memory.
• Component Coordination: Ensuring efficient data exchange and synchronization across multiple software stacks – Com, Diag, Crypto, Memory, and FOTA Handler.
• Dual Memory Handling: Implementing safe A/B partition switching to prevent data corruption.

Designed and implemented a modular, fail-safe FOTA architecture within the AUTOSAR Classic framework.

Key solution highlights:

• FOTA Handler Implementation: Engineered the FOTA Handler within a Complex Device Driver (CDD) to achieve deterministic control over memory operations and secure update execution aligning with AUTOSAR Classic recommendations.
• Software Stack Integration: Integrated and interfaced the Com, Diag, Crypto, and Memory stacks with the FOTA Handler.
• Dual-Memory Management: Deployed an A/B dual-memory mechanism for reliable rollback and safe updates.
• Verified compatibility with upstream FOTA Master ECU and Backend Server via CAN message interface testing.
• The Drivetrain ECU was based on Infineon TC387 with Tasking Compiler

Delivered a secure, production-ready FOTA system with proven reliability and SDV readiness.