Scope
The concept of E2E protection assumes that safety-related data exchange shall be protected at runtime against the effects of faults within the communication link.
The E2E Library provides mechanisms for E2E protection, according to ASIL-D compliance requirements, for all safety-related functions in scope to RTA-SUM. It only detects such errors for a single signal group received data and returns this information to the callers (e.g. SWCs), which have to react appropriately.
The algorithms of protection mechanisms are implemented in the E2E Library. The callers of the E2E Library are responsible for the correct usage of the library, in particular for providing correct parameters to the E2E Library routines. In fact, the E2E Library will always be used through the E2E Transformer. The E2E Transformer is responsible for the invocation of the E2E Library and instantiates the E2E configuration and E2E state data structures, based on its configuration. It encapsulates the complexity of configuring and handling of the E2E and it offers a standard Transformer interface. Thanks to this, the caller of E2E Transformer does not need to know the E2E internals.
The E2E protection allows the following:
- protects the safety-related data elements to be sent over the RTE by attaching control data (e.g. CRC and SC)
- verifies the safety-related data elements received from the RTE using this control data
- indicates that received safety-related data elements faulty, which then has to be handled by the receiver SWC.
To provide the appropriate solution addressing flexibility and standardization, AUTOSAR specifies a set of flexible E2E profiles that implement an appropriate combination of E2E protection mechanisms. Each specified E2E profile has a fixed behavior, but it has some configuration options by function parameters (e.g. the location of CRC in relation to the data, which are to be protected).
E2E Profiles
Standard E2E Profiles
AUTOSAR E2E Library supports the following profiles1 to provide data protection and check functions:
| E2E Profile | Check Function | Maximum Supported Data Length | Number of Messages | Note |
|---|---|---|---|---|
| E2E Profile 1 | 8-bit SAE J1850 | 30 bytes | low | checks the authenticity of the sender and the sequence |
| E2E Profile 2 | 8-bit Crc8h2f | 256 bytes | high | avoids masquerading of messages |
| E2E Profile 4 | 32-bit Crc32P4 | 4096 bytes | low | - |
| E2E Profile 5 2 | 16-bit Crc16 | 4096 bytes | high | avoids masquerading of messages |
| E2E Profile 6 | 16-bit Crc16 | 4096 bytes (variable) | high | avoids masquerading of messages |
| E2E Profile 7 | 64-bit CRC64 | > 4096 bytes (variable) | low | for communication via Ethernet |
| E2E Profile 11 | 8-bit SAE J1850 | 32 bytes3 | low | for communication via CAN, FlexRay and Lin |
| E2E Profile 22 | 8-bit Crc8h2f | No data | high | for communication via CAN, FlexRay and Lin for systems with low protection requirements |
| E2E Profile 44 | 32-bit CRC32P4 | No data | low | for communication via Ethernet for systems with high protection requirements |
- Source: AUTOSAR_SWS_E2ELibrary.pdf
- The Profiles colored in green are mentioned as the recommended profiles for Protected but non-authenticated data . (SDV-8100_SerialDataTrasferSafetyRequirements_27.27.170P2 page 27)
- This value is inferred from SDV-8100_SerialDataTrasferSafetyRequirements_27.27.170P2 page 27. It is suggested to refer to specifications before assuming this value as as a limit.
How to configure E2E in RTA-CAR
Configure E2E Parameters
In general there are two sets of configurable parameters for the E2E communication. The first one is the shared parameters at the level of the E2E profile. For instance, the parameters of state machine are shared among all the signal groups that use a same profile. The second set, is the signal group specific parameters. These parameters are specific to a signal group and may vary from a signal group to another one.
The following table provides a couple of examples for each set of parameters:
| Profile Parameters | Signal Group Parameters |
|---|---|
ProfileName WindowSize MinOkStateValid ... | DataIds DataLength MaxDataLength ... |
The profile parameters are accessible and modifiable through either of these two ways:
- The GB_ASR_VLM_24_24_164.3p0_PreEcuC_No_ODX.arxml by following this path: /Communication/DataTransformation/E2E_Transformer_Configuration/E2E_Transformer_PROFILE_05
- RTA-CAR → AR Explorer → System → Signals And Signal Groups → Transformer→ E2E_Transformer_Configuration
The signal group parameters can be modified through either of these two ways:
- The GB_ASR_VLM_24_24_164.3p0_PreEcuC_No_ODX.arxml (Note: not suggested)
- RTA-CAR → AR Explorer → System → Signals And Signal Groups→ I Signal Groups → <Desired Signal Group> → EndToEndTransofrmationISignalProps
