The present invention relates to updating software modules in equipment and more particularly a method, a device and a computer program for the automatic installation or uninstallation of software modules in equipment on board an aircraft.
Modern aircraft increasingly comprise electronic and computerized systems to improve their performance and to assist the pilot as well as the crew members with their tasks. Thus, for example, electric flight controls reduce the mechanical complexity of the transmission of commands to the actuators, and therefore the mass associated with these controls. Similarly, the presentation of relevant information makes it possible for the pilot to optimize flight paths and to respond rapidly to any detected incident. Such information is in particular the speed, position and course and meteorological and navigation data. Taken together, these electronic and computerized systems are generally known as the avionics.
For reasons of reliability, the avionics have often been distributed according to their function, in specific modules also known as LRU (Line Replaceable Unit). In this architecture, a point-to-point transmission mode is used between each module. Thus, for example, the flight controls are managed in a particular device while the electricity supply is managed in another. A specific function is thus associated with each module.
Furthermore, each module supporting a critical function is, preferably, redundant so that failure of a module does not result in the loss of the associated function. Operating an aircraft using a redundant module when the main module has failed can require a maintenance operation.
In order to improve aircraft functionalities, reduce the weight of the electronic equipment by means of greater integration, reduce the costs by using generic modules, and facilitate maintenance operations, the avionics are now increasingly integrated in an architecture known as IMA (Integrated Modular Avionics). In this architecture, as far as possible the functionalities of the avionics systems use generic calculation and input/output resources for their implementation. These resources are distributed in items of equipment that each comprise numerous software modules. A system of segregation or partitioning makes it possible to isolate each of the functionalities so that the failure of one function has no effect on another.
Within each item of equipment of the aircraft, software modules are loaded and updated by an operative who is present on board the aircraft to perform these operations. The role of the operative is in particular to launch the loading of these modules or updates and to verify that the selected configuration has been satisfactorily loaded onto the equipment.
These operations are typically performed by using a centralized loading system that makes it possible to address all of the remotely loadable items of equipment.
FIG. 1 shows an example aircraft 100 comprising an on-board information processing system 105. The system 105 itself comprises a communication network 110, for example a communication network conforming to the AFDX™ standard (Avionic Full DupleX), to which are connected items of equipment referenced here 115 to 135. Among said items of equipment, some may have a particular role in the context of the loading and updating of software modules on the equipment. Thus, for example, the item of equipment 115 can comprise a software module providing a centralized loading system function allowing all of the items of remotely loadable equipment to be addressed, in particular itself. Still by way of illustration, the item of equipment 120 can be used as a storage location, also known as repository, for storing the software modules to be installed on equipment. The item of equipment 120 then typically comprises a reading device, for example a memory card drive or a DVD drive, allowing software modules originating from equipment manufacturers to be transferred to the storage location.
The software modules are generally provided by equipment manufacturers in the form of loads, i.e., sets comprising applications or software functions as well as security elements allowing said applications or software functions to be authenticated, i.e., to demonstrate their integrity and origin.
The operations to be carried out by an operative for loading the equipment can be different from one item of equipment to another, in particular depending on constraints specific to certain items of equipment. Such constraints can be multiple. They can relate, for example, to the order in which installations or deletions are performed. They are linked to the complexity of the software modules and their interactions.
In order to take account of said constraints, the designers of the on-board information processing systems generally write procedures which must be followed by the operatives during the software module loading and updating operations. However, such procedures make the operatives' operations more complex and are time-consuming, constituting a potential source of problems linked to operator errors.
In order to limit said problems, constraints can be met by using batch processing functions. A batch function is here a function allowing the automatic installation of software modules in a given order. However, said function does not allow for all types of constraints. Moreover, batch functions can be regarded as transferring procedures. Consequently, the use of batch functions instead of procedures merely moves part of the complexity linked to the operatives' procedures to the programming of the batch functions. Finally, the number of batch functions to be carried out is linked directly to the number of possible cases of loading of the software modules, which is prohibitive for a standard solution. Moreover, the use of batch functions does not allow all of the constraints to be resolved, in particular constraints between systems and constraints linked to actions to be performed before or after the update.
There is thus a need, in on-board systems, in particular the on-board systems of aircraft, to automate the installation of software module updates and manage the constraints linked to said installations, allowing uniform procedures to be defined for the operatives in charge of said operations. Management of the constraints should not, preferably, require modification of the loads generated by equipment manufacturers to ensure that it is unnecessary to modify the existing loads (so that the existing loads can be used without modification).
The invention makes it possible to solve at least one of the problems set out above.