Systems and methods including a framework for migration of live data. The method may comprised, by one or more hardware processors executing program instructions, receiving, at a migration proxy of the framework, code for reading data and writing data compatible with each of a plurality of states of a migration of data in a data store, wherein a service is at least intermittently reading data from and writing data to the data store; determining, by a migration runner of the framework, to perform the migration of the data; initiating, by the migration runner, the migration of the data, wherein the migration comprises a plurality of stages; storing, as the migration progresses through the plurality of stages, and at a migration data store of the framework, a current stage of the migration; and during the migration, using the migration proxy to read data from and write data to the data store.

A vehicle software management system includes a management controller mounted on a vehicle to perform an update of software of a performance controller, and an over-the-air (OTA) server for transmitting a software package for roll back and a software package for the update to the management controller based on whether the management controller has the software package for the roll back, and the management controller performs roll back of the software of the performance controller using the software package for the roll back when the update of the software of the performance controller using the software package for the update fails.

The disclosed embodiments relate to securely booting firmware images. In one embodiment, a method is disclosed comprising receiving, by a memory device, a firmware update; validating, by the memory device, a signature associated with the firmware update; copying, by the memory device, an existing firmware image to an archive location, the archive location storing a plurality of firmware images sorted by version identifiers; booting, by the memory device, and executing the firmware update; and replacing, by the memory device, the firmware update with the existing firmware image stored in the archive location upon detecting an error while booting the firmware update.

A firmware protection module implements a hybrid firmware protection scheme on a computing device. The firmware protection module intercepts a message from a processor to a memory of the computing device. The message includes a command and an address in the memory corresponding to a firmware module stored in the module. The firmware protection module determines whether the command in the message is prohibited and whether the address in the message is protected. Responsive to a determination that the command is prohibited and the address is protected, the firmware protection module prevents at least a portion of the message from reaching the memory.

For computing nodes having a first programmable and comprising a first node and a second node, an update of the first node from the first programmable to a second programmable across an external network is initiated. In response to the update being interrupted, the first programmable is automatically reinstated on the first node by retrieving the first programmable from the second node across an internal network. The second node is automatically updated to the second programmable by retrieving the second programmable from the first node across the internal network in response to completion of the update of the first node to the second programmable.

Provided is a program update management device that includes: an acquiring part that acquires a scene signal indicating a scene in which a vehicle is used; a determining part that determines a level indicating how strongly the vehicle is restricted when respective functions of a plurality of ECUs are impaired, the plurality of ECUs each having the same function in the scene indicated by the scene signal; and a selecting part that selects, from among the plurality of ECUs, an ECU for which a program update is performed, based on the level.

A system and method for monitoring a code overwrite error of a Redriver chip are disclosed. An analog to digital converter (ADC) monitors whether an EEPROM code of a Redriver chip has been overwritten in error. A Switch chip is utilized to separate the Redriver chip from a system management bus (SMbus) controller. A pull-up resistor keeps an SMbus at a Redriver chip/EEPROM side in a pull-up state. The ADC is utilized to monitor the SMbus. When an abnormal low level is monitored, an alarm signal is sent to the SMbus controller to give a risk alarm for an overwrite error. In addition, according to different ADC sampling rates, an SMbus may also be connected between the SMbus controller and an ADC with a high sampling rate, whereby SMbus data can be monitored.

Variables utilized in device firmware that provides various boot and runtime services are repaved in a fault-tolerant manner within a secure store in a durable, non-volatile device memory during an FOTA update process. A spare region in the secure store is utilized to temporarily hold a back-up of a primary region in which the firmware variables are written. Using a transaction-based fault-tolerant write (FTW) process, the variables in the primary region can be repaved with variables contained in a firmware update payload that is delivered from a remote service. In the event of a fault in the variable region repaving process, either the primary or spare region will remain valid so that firmware in a known good state can be utilized to enable the device to boot successfully and the variable region repaving in the FOTA update process may be restarted.

Variables utilized in device firmware that provides various boot and runtime services are repaved in a fault-tolerant manner within a secure store in a durable, non-volatile device memory during an FOTA update process. A spare region in the secure store is utilized to temporarily hold a back-up of a primary region in which the firmware variables are written. Using a transaction-based fault-tolerant write (FTW) process, the variables in the primary region can be repaved with variables contained in a firmware update payload that is delivered from a remote service. In the event of a fault in the variable region repaving process, either the primary or spare region will remain valid so that firmware in a known good state can be utilized to enable the device to boot successfully and the variable region repaving in the FOTA update process may be restarted.

A method of monitoring an automation script modifying software on a server. The method of monitoring comprises monitoring a server for an active customer process by a master application executing on a computer, starting an automation script with multiple sequential instructions for updating the software executing on the server by the master application, monitoring a resultant condition of the automation script after each instruction by the master application, creating a readable log of the resultant condition of the automated script by the master application after each instruction, and generating a user notification with an actionable link by the master application in response to a failure condition of the automated script. When the user activates the actionable link, the master application opens a screen group that includes a screen for instructions to the server from the master application.