CAN-bus bootloader standards

Question

I'm developping an open source OTA update system for a few MCUs of a certain project. I wonder if there is some "standard" protocol for CAN-bus based bootloaders. Everything I saw online and in Application Notes from the chip manufacturers seem to be using their own brand of communication and thus their own specialized upload software too (mainly for demonstration for ANs).

My question is, am I missing something? Is there some standard way of doing this I'd rather adhere to, or should I just roll my own like they do and call it a day?

Features I'm interested in for the protocol side besides the obvious ones: checksumming, digital signatures, authenticated encryption.

Answer 1

Based on your tag, despite I do not see this from your question, I assume for now that you want to develop a boot-loader for automotive ECUs, which have a CAN connection.

The relevant protocols, which provide the services, are ISO 14229-3 or SAE J1939/73, with the first one much more common to my experience.

For development purposes, also ASAM MCD-1 XCP has support for that.

However, these are just the communication services and does not include usual usage patterns, which differ a lot across the OEMs.

For security, the German OEMs put a document together called "HIS Security. Module Specification", which I unfortunately did not find any more on the web.

They also have a blueprint for the design of a boot-loader. However, this is anyway somewhat outdated, as boot-loaders today often are at least partially based on AUTOSAR, like the applications.

Last from them, you could also get a document partially specifying how the services above are used for flashing an ECU.

If you need further input, feel free to ask. However, you will need yourself access to the non-free industry standards and recommendations.