Specification of NVRAM Manager

AUTOSAR CP R22-11

Document Title Specification of NVRAM

Manager
Document Owner AUTOSAR
Document Responsibility AUTOSAR
Document Identification No 033

Document Status published

Part of AUTOSAR Standard Classic Platform
Part of Standard Release R22-11

Document Change History

Date Release Changed by Description

AUTOSAR • Obsolete requirements related to

2022-11-24 R22-11 Release Mode Switch are removed
Management • Immediate block with CRC condition
was transitioned to recommendation
• Changes related to the concept 691
AUTOSAR MemoryStackRework
2021-11-25 R21-11 Release • Clarification regarding validation in
Management NvM_WriteBlock
• Migration from doc to latex
• InitBlockCallback and ROM block are
AUTOSAR mutually exclusive
2020-11-30 R20-11 Release • Removal for DET error NVM_E_
Management PARAM_BLOCK_TYPE
• NvM partitioning for multi-core
• Changes related to NVM_E_WRITE_
AUTOSAR PROTECTED
2019-11-28 R19-11 Release • Port Prototypes are generated for
Management block only if needed
• Changed Document Status from
Final to published

1 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• Removed NvM_GetActiveService
API
AUTOSAR • Remove EcuMfixed completely
2018-10-31 4.4.0 Release • Changed single and multi block
Management callbacks
• minor corrections / clarifications /
editorial changes; For details please
refer to the ChangeDocumentation
• Correction for write protection and
erase requests for
AUTOSAR NvMWriteBlockOnce blocks
2017-12-08 4.3.1 Release • Clarification regarding implicit
Management recovery of dataset blocks
• minor corrections / clarifications /
editorial changes; For details please
refer to the ChangeDocumentation
• Added NvM_FirstInitAll and NvM_
GetActiveService functionalities
AUTOSAR • NvM_SetRamBlockStatus works also
2016-11-30 4.3.0 Release for explicit synchronization blocks
Management • The interaction between NvM and
BswM is clarified.
• Other small clarifications and
updates.
• Clarified behavior related to restoring
default data for blocks and for
handling of MEMIF_BLOCK_
INVALID job result
AUTOSAR • Added additional information related
2015-07-31 4.2.2 Release to the block states in chapter
Management 7.2.2.14 and related subchapters
• Updated NvM_Init and NvM_
ValidateAll function prototypes
• Debugging support marked as
obsolete
• Detailed pass/fail conditions for
production errors
AUTOSAR • Added the NvM_ValidateAll
2014-10-31 4.2.1 Release functionality
Management • Updated return values for Init and
SingleBlock callbacks
• Other small clarifications

2 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• Removed job postpone in case of

explicit synchronization failed after
AUTOSAR configured number of retries
2014-03-31 4.1.3 Release • Updated Service Interfaces tables
Management • Renamed configuration parameter
NvMRamBlockHeaderInclude to
NvMBlockHeaderInclude
• Editorial changes
• Added NvMRamBlockHeaderInclude
and NvMMainFunctionPeriod
configuration parameters
• Corrected bugs for
AUTOSAR NvMWriteVerificationDataSize and
2013-10-31 4.1.2 Release NvMNvramBlockIdentifier
Management parameters
• Other small clarifications in
requirement
• Editorial changes
• Removed chapter(s) on change
documentation
• Added NvM_ReadPRAMBlock,
NvM_WritePRAMBlock and NvM_
RestorePRAMBlockDefaults APIs
• Production Errors and Extended
Production Errors classification
• Clarifications for explicit
synchronization mechanism
AUTOSAR • Modeling of Services: introduction of
2013-03-15 4.1.1 Release formal descriptions of service
Management interfaces
• Changes regarding NvM_
CancelJobs API,
NvmSetRamBlockStatus API, Init
callback, handling of redundant
blocks,queue sizes and usage of
MemoryMapping
• Reworked according to the new
SWS_BSWGeneral

3 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• Added NvM_CancelJobs behaviour

• Added NvM and BswM interaction
• Added NvM_SetBlockLockStatus
AUTOSAR API functional description
2011-12-22 4.0.3 Release • Corrected inconsistency between
Management C-interface and port interface
• Updated Include structure
• Updated configuration parameters
description and range
• Behavior specified to prevent
possible loss of data during
shutdown
• References to DEM for production
errors, new config container
NvmDemEventParameterRefs
• NvMMaxNoOfWriteRetries renamed
to NvMMaxNumOfWriteRetries
• Note in chapter 7.1.4.5 completed
• Null pointer handling changed
• Chapter "Version check" updated
AUTOSAR • New DET error NVM_E_PARAM_
2010-09-30 3.1.5 Release POINTER
Management • Chapter 10 updated,
NvMMainFunctionCycleTime moved,
NvMSelectBlockForWriteAll added,
some ranges corrected
• Behavior specified when NVRAM
block ID 1 shall be written
• Chapter 12 updated
• Handling of single-block callbacks
during asynchronous multi-block
specified.
• Some minor changes, typos
corrected

4 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• The following features had impact on

this document:
• Debugging concept
• Error handler concept
• Memory related concepts
AUTOSAR • The following major features were
2010-02-02 3.1.4 Release necessary to implement these
Management concepts:
• Static Block Id Check
• Write Verification
• Read Retry
• buffered read/write-operations
• Legal disclaimer revised
• Technical Office SWS Improvements
are incorporated.
• Requirement IDs for configuration
parameters (chapter 10) added.
AUTOSAR • Management of the RAM block state
2008-08-13 3.1.1 Release specified more precisely.
Management • The NVRAM Manager doesn’t
support non-sequential NVRAM
block IDs any longer.
• Document meta information
extended
• Small layout adaptations made
AUTOSAR
2007-12-21 3.0.1 Release • Legal disclaimer revised
Management
• AUTOSAR service description added
in chapter 11
• Reentrancy of callback functions
AUTOSAR specified
2007-01-24 2.1.15 Release • Details regarding memory hardware
Management abstraction addressing scheme
added
• Legal disclaimer revised
• "Advice for users" revised
• "Revision Information" added

5 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• Document structure adapted to

AUTOSAR common Release 2.0 SWS
2006-05-16 2.0 Release Template.
Management • Major changes in chapter 10
• Structure of document changed
partly
AUTOSAR
2005-05-31 1.0 Release • Initial release
Management

6 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Disclaimer

This work (specification and/or software implementation) and the material contained in
it, as released by AUTOSAR, is for the purpose of information only. AUTOSAR and the
companies that have contributed to it shall not be liable for any use of the work.
The material contained in this work is protected by copyright and other types of intel-
lectual property rights. The commercial exploitation of the material contained in this
work requires a license to such intellectual property rights.
This work may be utilized or reproduced without any modification, in any form or by
any means, for informational purposes only. For any other purpose, no part of the work
may be utilized or reproduced, in any form or by any means, without permission in
writing from the publisher.
The work has been developed for automotive applications only. It has neither been
developed, nor tested for non-automotive applications.
The word AUTOSAR and the AUTOSAR logo are registered trademarks.

7 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Contents
1 Introduction and functional overview 12

2 Acronyms and Abbreviations 14

3 Related documentation 15
3.1 Input documents & related standards and norms . . . . . . . . . . . . 15
3.2 Related specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4 Constraints and assumptions 17
4.1 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2 Applicability to car domains . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 Conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5 Dependencies to other modules 18
5.1 File structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.1.1 Header file structure . . . . . . . . . . . . . . . . . . . . . . . 18
5.2 Memory abstraction modules . . . . . . . . . . . . . . . . . . . . . . . 18
5.3 CRC module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.4 Capability of the underlying drivers . . . . . . . . . . . . . . . . . . . . 18
6 Requirements Tracing 19

7 Functional specification 27
7.1 Basic architecture guidelines . . . . . . . . . . . . . . . . . . . . . . . 27
7.1.1 Layer structure . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1.2 Addressing scheme for the memory hardware abstraction . . 27
7.1.2.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . 28
7.1.3 Basic storage objects . . . . . . . . . . . . . . . . . . . . . . 29
7.1.3.1 NV block . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.1.3.2 RAM block . . . . . . . . . . . . . . . . . . . . . . . . 30
7.1.3.3 ROM block . . . . . . . . . . . . . . . . . . . . . . . 31
7.1.3.4 Administrative block . . . . . . . . . . . . . . . . . . 32
7.1.3.5 NV Block Header . . . . . . . . . . . . . . . . . . . . 32
7.1.4 Block management types . . . . . . . . . . . . . . . . . . . . 33
7.1.4.1 Block management types overview . . . . . . . . . . 33
7.1.4.2 NVRAM block structure . . . . . . . . . . . . . . . . 34
7.1.4.3 NVRAM block descriptor table . . . . . . . . . . . . . 34
7.1.4.4 Native NVRAM block . . . . . . . . . . . . . . . . . . 35
7.1.4.5 Redundant NVRAM block . . . . . . . . . . . . . . . 35
7.1.4.6 Dataset NVRAM block . . . . . . . . . . . . . . . . . 37
7.1.4.7 NVRAM Manager API configuration classes . . . . . 38
7.1.5 Scan order / priority scheme . . . . . . . . . . . . . . . . . . 41
7.2 General behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
7.2.1 Functional requirements . . . . . . . . . . . . . . . . . . . . . 42
7.2.2 Design notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

8 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.1 NVRAM manager startup . . . . . . . . . . . . . . . 44

7.2.2.2 NVRAM manager shutdown . . . . . . . . . . . . . . 45
7.2.2.3 (Quasi) parallel write access to the NvM module . . 45
7.2.2.4 NVRAM block consistency check . . . . . . . . . . . 45
7.2.2.5 Error recovery . . . . . . . . . . . . . . . . . . . . . . 46
7.2.2.6 Recovery of a RAM block with ROM data . . . . . . 46
7.2.2.7 Implicit recovery of a RAM block with ROM default data 46
7.2.2.8 Explicit recovery of a RAM block with ROM default data 47
7.2.2.9 Detection of an incomplete write operation to a NV
block . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
7.2.2.10 Termination of a single block request . . . . . . . . . 48
7.2.2.11 Termination of a multi block request . . . . . . . . . . 48
7.2.2.12 General handling of asynchronous requests/ job pro-
cessing . . . . . . . . . . . . . . . . . . . . . . . . . 49
7.2.2.13 NVRAM block write protection . . . . . . . . . . . . . 49
7.2.2.14 Validation and modification of RAM block data . . . . 50
7.2.2.15 Communication and implicit synchronization be-
tween application and NVRAM manager . . . . . . . 54
7.2.2.16 Normal and extended runtime preparation of
NVRAM blocks . . . . . . . . . . . . . . . . . . . . . 57
7.2.2.17 Communication and explicit synchronization be-
tween application and NVRAM manager . . . . . . . 58
7.2.2.18 Static Block ID Check . . . . . . . . . . . . . . . . . 62
7.2.2.19 Read Retry . . . . . . . . . . . . . . . . . . . . . . . 63
7.2.2.20 Write Verification . . . . . . . . . . . . . . . . . . . . 63
7.2.2.21 Comparing NV data in NvM . . . . . . . . . . . . . . 64
7.2.2.22 NvM and BswM interaction . . . . . . . . . . . . . . 64
7.2.2.23 NvM behaviour in case of Block locked . . . . . . . . 65
7.2.2.24 Block Compression . . . . . . . . . . . . . . . . . . . 66
7.2.2.25 Block Ciphering . . . . . . . . . . . . . . . . . . . . . 67
7.3 Error Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
7.3.1 Development Errors . . . . . . . . . . . . . . . . . . . . . . . 69
7.3.2 Runtime Errors . . . . . . . . . . . . . . . . . . . . . . . . . . 76
7.3.3 Transient Faults . . . . . . . . . . . . . . . . . . . . . . . . . 76
7.3.4 Production Errors . . . . . . . . . . . . . . . . . . . . . . . . 76
7.3.4.1 NVM_E_HARDWARE . . . . . . . . . . . . . . . . . 76
7.3.5 Extended Production Errors . . . . . . . . . . . . . . . . . . . 77
7.3.5.1 NVM_E_INTEGRITY_FAILED . . . . . . . . . . . . . 78
7.3.5.2 NVM_E_REQ_FAILED . . . . . . . . . . . . . . . . . 78
7.3.5.3 NVM_E_WRONG_BLOCK_ID . . . . . . . . . . . . 79
7.3.5.4 NVM_E_VERIFY_FAILED . . . . . . . . . . . . . . . 79
7.3.5.5 NVM_E_LOSS_OF_REDUNDANCY . . . . . . . . . 80
8 API specification 81
8.1 Imported types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
8.2 Type definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

9 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.2.1 NvM_ConfigType . . . . . . . . . . . . . . . . . . . . . . . . . 81
8.2.2 NvM_MultiBlockRequestType . . . . . . . . . . . . . . . . . . 82
8.3 Function definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
8.3.1 Synchronous requests . . . . . . . . . . . . . . . . . . . . . . 82
8.3.1.1 NvM_Init . . . . . . . . . . . . . . . . . . . . . . . . . 82
8.3.1.2 NvM_SetDataIndex . . . . . . . . . . . . . . . . . . . 83
8.3.1.3 NvM_GetDataIndex . . . . . . . . . . . . . . . . . . 84
8.3.1.4 NvM_SetBlockProtection . . . . . . . . . . . . . . . . 85
8.3.1.5 NvM_GetErrorStatus . . . . . . . . . . . . . . . . . . 85
8.3.1.6 NvM_GetVersionInfo . . . . . . . . . . . . . . . . . . 86
8.3.1.7 NvM_SetRamBlockStatus . . . . . . . . . . . . . . . 87
8.3.1.8 NvM_SetBlockLockStatus . . . . . . . . . . . . . . . 89
8.3.1.9 NvM_CancelJobs . . . . . . . . . . . . . . . . . . . . 89
8.3.2 Asynchronous single block requests . . . . . . . . . . . . . . 90
8.3.2.1 NvM_ReadBlock . . . . . . . . . . . . . . . . . . . . 90
8.3.2.2 NvM_WriteBlock . . . . . . . . . . . . . . . . . . . . 94
8.3.2.3 NvM_RestoreBlockDefaults . . . . . . . . . . . . . . 97
8.3.2.4 NvM_EraseNvBlock . . . . . . . . . . . . . . . . . . 99
8.3.2.5 NvM_InvalidateNvBlock . . . . . . . . . . . . . . . . 100
8.3.2.6 NvM_ReadPRAMBlock . . . . . . . . . . . . . . . . 101
8.3.2.7 NvM_WritePRAMBlock . . . . . . . . . . . . . . . . 104
8.3.2.8 NvM_RestorePRAMBlockDefaults . . . . . . . . . . 106
8.3.3 Asynchronous multi block requests . . . . . . . . . . . . . . . 108
8.3.3.1 NvM_ReadAll . . . . . . . . . . . . . . . . . . . . . . 108
8.3.3.2 NvM_WriteAll . . . . . . . . . . . . . . . . . . . . . . 115
8.3.3.3 NvM_CancelWriteAll . . . . . . . . . . . . . . . . . . 118
8.3.3.4 NvM_ValidateAll . . . . . . . . . . . . . . . . . . . . 119
8.3.3.5 NvM_FirstInitAll . . . . . . . . . . . . . . . . . . . . . 120
8.3.3.6 Callback notifications . . . . . . . . . . . . . . . . . . 124
8.4 Scheduled functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
8.5 Expected interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
8.5.1 Mandatory Interfaces . . . . . . . . . . . . . . . . . . . . . . 127
8.5.2 Optional Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 127
8.5.3 Configurable interfaces . . . . . . . . . . . . . . . . . . . . . 128
8.6 API Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
8.7 Service Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
8.7.1 Client-Server-Interfaces . . . . . . . . . . . . . . . . . . . . . 133
8.7.1.1 NvM_Admin . . . . . . . . . . . . . . . . . . . . . . . 133
8.7.1.2 NvM_Mirror . . . . . . . . . . . . . . . . . . . . . . . 133
8.7.1.3 NvM_NotifyInitBlock . . . . . . . . . . . . . . . . . . 134
8.7.1.4 NvM_NotifyJobFinished . . . . . . . . . . . . . . . . 135
8.7.1.5 NvM_Service . . . . . . . . . . . . . . . . . . . . . . 136
8.7.2 Implementation Data Types . . . . . . . . . . . . . . . . . . . 140
8.7.2.1 ImplementationDataType NvM_RequestResultType . 140
8.7.2.2 ImplementationDataType NvM_BlockIdType . . . . . 141
8.7.2.3 ImplementationDataType NvM_InitBlockRequestType 141

10 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7.2.4 ImplementationDataType NvM_BlockRequestType . 142

8.7.3 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
8.7.3.1 NvM_PAdmin_{Block} . . . . . . . . . . . . . . . . . 143
8.7.3.2 NvM_PM_{Block} . . . . . . . . . . . . . . . . . . . . 143
8.7.3.3 NvM_PNIB_{Block} . . . . . . . . . . . . . . . . . . . 144
8.7.3.4 NvM_PNJF_{Block} . . . . . . . . . . . . . . . . . . 144
8.7.3.5 NvM_PS_{Block} . . . . . . . . . . . . . . . . . . . . 145
9 Sequence diagrams 146
9.1 Synchronous calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
9.1.1 NvM_Init . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
9.1.2 NvM_SetDataIndex . . . . . . . . . . . . . . . . . . . . . . . 146
9.1.3 NvM_GetDataIndex . . . . . . . . . . . . . . . . . . . . . . . 147
9.1.4 NvM_SetBlockProtection . . . . . . . . . . . . . . . . . . . . 147
9.1.5 NvM_GetErrorStatus . . . . . . . . . . . . . . . . . . . . . . 148
9.1.6 NvM_GetVersionInfo . . . . . . . . . . . . . . . . . . . . . . 148
9.2 Asynchronous calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
9.2.1 Asynchronous call with polling . . . . . . . . . . . . . . . . . 148
9.2.2 Asynchronous call with callback . . . . . . . . . . . . . . . . 149
9.2.3 Cancellation of a Multi Block Request . . . . . . . . . . . . . 150
9.2.4 BswM Interraction . . . . . . . . . . . . . . . . . . . . . . . . 151
10 Configuration specification 156
10.1 How to read this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . 156
10.2 Containers and configuration parameters . . . . . . . . . . . . . . . . . 156
10.2.1 NvM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
10.2.2 NvMCommon . . . . . . . . . . . . . . . . . . . . . . . . . . 157
10.2.3 NvMBlockDescriptor . . . . . . . . . . . . . . . . . . . . . . . 164
10.2.4 NvMInitBlockCallback . . . . . . . . . . . . . . . . . . . . . . 179
10.2.5 NvMSingleBlockCallback . . . . . . . . . . . . . . . . . . . . 180
10.2.6 NvMTargetBlockReference . . . . . . . . . . . . . . . . . . . 181
10.2.7 NvMEaRef . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
10.2.8 NvMFeeRef . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
10.2.9 NvmDemEventParameterRefs . . . . . . . . . . . . . . . . . 182
10.2.10 NvMBlockCiphering . . . . . . . . . . . . . . . . . . . . . . . 185
10.3 Published Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
A Not applicable requirements 188

11 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

1 Introduction and functional overview

This specification describes the functionality, API and the configuration of the
AUTOSAR Basic Software module NVRAM Manager (NvM).
The NvM module shall provide services to ensure the data storage and maintenance of
NV (non volatile) data according to their individual requirements in an automotive en-
vironment. The NvM module shall be able to administrate the NV data of an EEPROM
and/or a FLASH EEPROM emulation device.
The NvM module shall provide the required synchronous/asynchronous services for
the management and the maintenance of NV data (init/read/write/control).
The relationship between the different blocks can be visualized in the following picture:
-

Figure 1.1: Memory Structure of Different Block Types

12 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 1.2: Logical Structure of Different Block Types

13 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

2 Acronyms and Abbreviations

The glossary below includes acronyms and abbreviations relevant to the NvM module
that are not included in the [1, AUTOSAR glossary].
Abbreviation / Acronym: Description:
• Basic Storage Object • A "Basic Storage Object" is the smallest entity of a
"NVRAM block". Several "Basic Storage Objects"
can be used to build a NVRAM Block. A "Basic
Storage Object" can reside in different memory
locations (RAM/ROM/NV memory).
• NVRAM Block • The "NVRAM Block" is the entire structure, which is
needed to administrate and to store a block of NV
data.
• NV data • The data to be stored in Non-Volatile memory.
• Block Management Type • Type of the NVRAM Block. It depends on the
(configurable) individual composition of a NVRAM
Block in chunks of different mandatory/optional
Basic Storage Objects and the subsequent handling
of this NVRAM block.
• RAM Block • The "RAM Block" is a "Basic Storage Object". It
represents the part of a "NVRAM Block" which
resides in the RAM.
• See [SWS_NvM_00126]
• ROM Block • The "ROM Block" is a "Basic Storage Object". It
represents the part of a "NVRAM Block" which
resides in the ROM. The "ROM Block" is an optional
part of a "NVRAM Block". [SWS_NvM_00020]
• NV Block • The "NV Block" is a "Basic Storage Object". It
represents the part of a "NVRAM Block" which
resides in the NV memory. The "NV Block" is a
mandatory part of a "NVRAM Block".
[SWS_NvM_00125]
• NV Block Header • Additional information included in the NV Block if the
mechanism "Static Block ID" is enabled.
• Administrative Block • The "Administrative Block" is a "Basic Storage
Object". It resides in RAM. The "Administrative
Block" is a mandatory part of a "NVRAM Block".
[SWS_NvM_00135]
• DET • Default Error Tracer - module to which development
errors are reported.
• DEM • Diagnostic Event Manager - module to which
production relevant errors are reported
• NV • Non volatile
• FEE • Flash EEPROM Emulation
• EA • EEPROM Abstraction
• FCFS • First come first served

14 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

3 Related documentation

3.1 Input documents & related standards and norms

[1] Glossary
AUTOSAR_TR_Glossary
[2] General Specification of Basic Software Modules
AUTOSAR_SWS_BSWGeneral
[3] Layered Software Architecture
AUTOSAR_EXP_LayeredSoftwareArchitecture
[4] Specification of EEPROM Abstraction
AUTOSAR_SWS_EEPROMAbstraction
[5] Specification of Flash EEPROM Emulation
AUTOSAR_SWS_FlashEEPROMEmulation
[6] Specification of Memory Abstraction Interface
AUTOSAR_SWS_MemoryAbstractionInterface
[7] Specification of CRC Routines
AUTOSAR_SWS_CRCLibrary
[8] Specification of EEPROM Driver
AUTOSAR_SWS_EEPROMDriver
[9] Specification of Flash Driver
AUTOSAR_SWS_FlashDriver
[10] Requirements on I/O Hardware Abstraction
AUTOSAR_SRS_IOHWAbstraction
[11] Requirements on Memory Services
AUTOSAR_SRS_MemoryServices
[12] General Requirements on Basic Software Modules
AUTOSAR_SRS_BSWGeneral
[13] Requirements on Software Component Template
AUTOSAR_RS_SoftwareComponentTemplate
[14] Specification of RTE Software
AUTOSAR_SWS_RTE

3.2 Related specification

AUTOSAR provides a General Specification on Basic Software modules [2, SWS BSW
General], which is also valid for NVRAMManager.

15 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Thus, the specification SWS BSW General shall be considered as additional and re-
quired specification for NVRAMManager.

16 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4 Constraints and assumptions

4.1 Limitations
Limitations are given mainly by the finite number of "Block Management Types" and
their individual treatment of NV data. These limits can be reduced by an enhanced
user defined management information, which can be stored as a structured part of
the real NV data. In this case the user defined management information has to be
interpreted and handled by the application at least.

4.2 Applicability to car domains

No restrictions.

4.3 Conflicts
The NvM can be configured to use functionality from other modules or integrator code.
Examples include the en/decryption of block data using Csm or the compression of
block data. It is the responsibility of the integrator to ensure that:
• the required functionality is available at the time NvM uses it (e.g. the called
Csm is already initialized [or not yet de-initialized]; needed main functions in
called modules are executed; ...)
• the required time is available (e.g. cryptographic algorithms may need some
time and therefore the read/write functionality of the NvM may take much longer
for blocks which need an en/decryption)

17 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

5 Dependencies to other modules

This section describes the relations to other modules within the basic software.

5.1 File structure

5.1.1 Header file structure

The include file structure shall be as follows:

[SWS_NvM_00554] dNvM module shall include NvM.h, Dem.h, MemIf.h.c()
[SWS_NvM_00691] dOnly NvM.h shall be included by the upper layer.c()

5.2 Memory abstraction modules

The memory abstraction modules abstract the NvM module from the subordinated
drivers which are hardware dependent [ref. to doc. [3]]. The memory abstraction
modules provide a runtime translation of each block access initiated by the NvM mod-
ule to select the corresponding driver functions which are unique for all configured
EEPROM or FLASH storage devices. The memory abstraction module is chosen via
the NVRAM block device ID which is configured for each NVRAM block. NvM access
the memory abstraction modules through memory abstraction interface module, Mem
If. [ref. to doc. [4], [5], [6]]

5.3 CRC module

The NvM module uses CRC generation routines (8/16/32 bit) to check and to gener-
ate CRC for NVRAM blocks as a configurable option. The CRC routines have to be
provided externally [ref. to ch. 8.5.2].[ref. to doc. [7]]

5.4 Capability of the underlying drivers

A set of underlying driver functions has to be provided for every configured NVRAM
device as, for example, internal or external EEPROM or FLASH devices. The unique
driver functions inside each set of driver functions are selected during runtime via a
memory hardware abstraction module (see chapter 5.2). A set of driver functions has
to include all the needed functions to write to, to read from or to maintain (e.g. erase)
a configured NVRAM device.[ref. to doc. [8], [9]]

18 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

6 Requirements Tracing
The following tables reference the requirements specified in [10], [11], [12] and links to
the fulfillment of these. Please note that if column “Satisfied by” is empty for a specific
requirement this means that this requirement is not fulfilled by this document.
Requirement Description Satisfied by
[SRS_BSW_00005] Modules of the µC Abstraction [SWS_NvM_NA_00744]
Layer (MCAL) may not have
hard coded horizontal interfaces
[SRS_BSW_00006] The source code of software [SWS_NvM_NA_00744]
modules above the µC
Abstraction Layer (MCAL) shall
not be processor and compiler
dependent.
[SRS_BSW_00007] All Basic SW Modules written in [SWS_NvM_NA_00744]
C language shall conform to the
MISRA C 2012 Standard.
[SRS_BSW_00009] All Basic SW Modules shall be [SWS_NvM_NA_00744]
documented according to a
common standard.
[SRS_BSW_00010] The memory consumption of all [SWS_NvM_NA_00744]
Basic SW Modules shall be
documented for a defined
configuration for all supported
platforms.
[SRS_BSW_00101] The Basic Software Module shall [SWS_NvM_00399] [SWS_NvM_00400]
be able to initialize variables and
hardware in a separate
initialization function
[SRS_BSW_00160] Configuration files of AUTOSAR [SWS_NvM_NA_00744]
Basic SW module shall be
readable for human beings
[SRS_BSW_00161] The AUTOSAR Basic Software [SWS_NvM_NA_00744]
shall provide a microcontroller
abstraction layer which provides
a standardized interface to
higher software layers
[SRS_BSW_00162] The AUTOSAR Basic Software [SWS_NvM_NA_00744]
shall provide a hardware
abstraction layer
[SRS_BSW_00164] The Implementation of interrupt [SWS_NvM_NA_00744]
service routines shall be done
by the Operating System,
complex drivers or modules
[SRS_BSW_00168] SW components shall be tested [SWS_NvM_NA_00744]
by a function defined in a
common API in the Basis-SW
[SRS_BSW_00170] The AUTOSAR SW Components [SWS_NvM_NA_00744]
shall provide information about
their dependency from faults,
signal qualities, driver demands

19 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Requirement Description Satisfied by

[SRS_BSW_00172] The scheduling strategy that is [SWS_NvM_00464]
built inside the Basic Software
Modules shall be compatible
with the strategy used in the
system
[SRS_BSW_00302] All AUTOSAR Basic Software [SWS_NvM_NA_00744]
Modules shall only export
information needed by other
modules
[SRS_BSW_00304] All AUTOSAR Basic Software [SWS_NvM_NA_00744]
Modules shall use only
AUTOSAR data types instead of
native C data types
[SRS_BSW_00306] AUTOSAR Basic Software [SWS_NvM_NA_00744]
Modules shall be compiler and
platform independent
[SRS_BSW_00307] Global variables naming [SWS_NvM_NA_00744]
convention
[SRS_BSW_00308] AUTOSAR Basic Software [SWS_NvM_NA_00744]
Modules shall not define global
data in their header files, but in
the C file
[SRS_BSW_00309] All AUTOSAR Basic Software [SWS_NvM_NA_00744]
Modules shall indicate all global
data with read-only purposes by
explicitly assigning the const
keyword
[SRS_BSW_00312] Shared code shall be reentrant [SWS_NvM_NA_00744]
[SRS_BSW_00314] All internal driver modules shall [SWS_NvM_NA_00744]
separate the interrupt frame
definition from the service
routine
[SRS_BSW_00321] The version numbers of [SWS_NvM_NA_00744]
AUTOSAR Basic Software
Modules shall be enumerated
according specific rules
[SRS_BSW_00323] All AUTOSAR Basic Software [SWS_NvM_00027]
Modules shall check passed API
parameters for validity
[SRS_BSW_00325] The runtime of interrupt service [SWS_NvM_NA_00744]
routines and functions that are
running in interrupt context shall
be kept short
[SRS_BSW_00327] Error values naming convention [SWS_NvM_00027] [SWS_NvM_91004]
[SRS_BSW_00328] All AUTOSAR Basic Software [SWS_NvM_NA_00744]
Modules shall avoid the
duplication of code
[SRS_BSW_00330] It shall be allowed to use macros [SWS_NvM_NA_00744]
instead of functions where
source code is used and runtime
is critical
[SRS_BSW_00331] All Basic Software Modules shall [SWS_NvM_00027] [SWS_NvM_91004]
strictly separate error and status
information

20 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Requirement Description Satisfied by

[SRS_BSW_00333] For each callback function it [SWS_NvM_00467] [SWS_NvM_00468]
shall be specified if it is called [SWS_NvM_00469]
from interrupt context or not
[SRS_BSW_00334] All Basic Software Modules shall [SWS_NvM_NA_00744]
provide an XML file that contains
the meta data
[SRS_BSW_00335] Status values naming [SWS_NvM_NA_00744]
convention
[SRS_BSW_00336] Basic SW module shall be able [SWS_NvM_NA_00744]
to shutdown
[SRS_BSW_00337] Classification of development [SWS_NvM_91004]
errors
[SRS_BSW_00341] Module documentation shall [SWS_NvM_NA_00744]
contains all needed informations
[SRS_BSW_00342] It shall be possible to create an [SWS_NvM_NA_00744]
AUTOSAR ECU out of modules
provided as source code and
modules provided as object
code, even mixed
[SRS_BSW_00343] The unit of time for specification [SWS_NvM_NA_00744]
and configuration of Basic SW
modules shall be preferably in
physical time unit
[SRS_BSW_00344] BSW Modules shall support [SWS_NvM_NA_00744]
link-time configuration
[SRS_BSW_00347] A Naming seperation of different [SWS_NvM_NA_00744]
instances of BSW drivers shall
be in place
[SRS_BSW_00348] All AUTOSAR standard types [SWS_NvM_NA_00744]
and constants shall be placed
and organized in a standard type
header file
[SRS_BSW_00353] All integer type definitions of [SWS_NvM_NA_00744]
target and compiler specific
scope shall be placed and
organized in a single type
header
[SRS_BSW_00360] AUTOSAR Basic Software [SWS_NvM_00467] [SWS_NvM_00468]
Modules callback functions are [SWS_NvM_00469]
allowed to have parameters
[SRS_BSW_00373] The main processing function of [SWS_NvM_00464]
each AUTOSAR Basic Software
Module shall be named
according the defined
convention
[SRS_BSW_00375] Basic Software Modules shall [SWS_NvM_NA_00744]
report wake-up reasons
[SRS_BSW_00378] AUTOSAR shall provide a [SWS_NvM_NA_00744]
boolean type
[SRS_BSW_00383] The Basic Software Module [SWS_NvM_00465] [SWS_NvM_00466]
specifications shall specify
which other configuration files
from other modules they use at
least in the description

21 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Requirement Description Satisfied by

[SRS_BSW_00384] The Basic Software Module [SWS_NvM_00465] [SWS_NvM_00466]
specifications shall specify at
least in the description which
other modules they require
[SRS_BSW_00385] List possible error notifications [SWS_NvM_00027] [SWS_NvM_91004]
[SRS_BSW_00386] The BSW shall specify the [SWS_NvM_00027] [SWS_NvM_91004]
configuration and conditions for
detecting an error
[SRS_BSW_00398] The link-time configuration is [SWS_NvM_NA_00744]
achieved on object code basis in
the stage after compiling and
before linking
[SRS_BSW_00399] Parameter-sets shall be located [SWS_NvM_NA_00744]
in a separate segment and shall
be loaded after the code
[SRS_BSW_00400] Parameter shall be selected [SWS_NvM_NA_00744]
from multiple sets of parameters
after code has been loaded and
started
[SRS_BSW_00404] BSW Modules shall support [SWS_NvM_NA_00744]
post-build configuration
[SRS_BSW_00405] BSW Modules shall support [SWS_NvM_NA_00744]
multiple configuration sets
[SRS_BSW_00406] A static status variable denoting [SWS_NvM_00027] [SWS_NvM_00399]
if a BSW module is initialized [SWS_NvM_00400] [SWS_NvM_91004]
shall be initialized with value 0
before any APIs of the BSW
module is called
[SRS_BSW_00414] Init functions shall have a pointer [SWS_NvM_00447]
to a configuration structure as
single parameter
[SRS_BSW_00415] Interfaces which are provided [SWS_NvM_NA_00744]
exclusively for one module shall
be separated into a dedicated
header file
[SRS_BSW_00416] The sequence of modules to be [SWS_NvM_NA_00744]
initialized shall be configurable
[SRS_BSW_00417] Software which is not part of the [SWS_NvM_NA_00744]
SW-C shall report error events
only after the Dem is fully
operational.
[SRS_BSW_00422] Pre-de-bouncing of error status [SWS_NvM_NA_00744]
information is done within the
Dem
[SRS_BSW_00423] BSW modules with AUTOSAR [SWS_NvM_NA_00744]
interfaces shall be describable
with the means of the SW-C
Template
[SRS_BSW_00425] The BSW module description [SWS_NvM_00464]
template shall provide means to
model the defined trigger
conditions of schedulable
objects

22 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager


Requirement Description
[SRS_BSW_00426] BSW Modules shall ensure data
consistency of data which is
shared between BSW modules
[SRS_BSW_00427] ISR functions shall be defined
and documented in the BSW
module description template
[SRS_BSW_00429] Access to OS is restricted
[SRS_BSW_00432] Modules should have separate
main processing functions for
read/receive and write/transmit
data path
[SRS_BSW_00457] Callback functions of Application
software components shall be
invoked by the Basis SW
[SRS_LIBS_08533] No description
[SRS_LIBS_08535] No description
[SRS_Mem_00011] The NVRAM manager shall be
independent from its underlying
memory hardware.
[SRS_Mem_00013] The NVRAM manager shall
provide a mechanism to handle
multiple, concurrent read / write
requests
[SRS_Mem_00016] The NVRAM manager shall
provide functionality to read out
data associated with an NVRAM
block from the non-volatile
memory
[SRS_Mem_00017] The NVRAM manager shall
provide functionality to store
data associated with an NVRAM
block in the non-volatile memory
[SRS_Mem_00018] The NVRAM manager shall
provide functionality to restore
an NVRAM block’s associated
data from ROM defaults
[SRS_Mem_00020] The NVRAM manager shall
provide functionality to read out
the status of read/write
operations
[SRS_Mem_00027] The NVRAM manager shall
provide an implicit way of
accessing blocks in the NVRAM
and in the shared memory
(RAM).
23 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager
Specification of NVRAM Manager
AUTOSAR CP R22-11
Satisfied by
[SWS_NvM_NA_00744]
[SWS_NvM_NA_00744]
[SWS_NvM_00332]
[SWS_NvM_NA_00744]
[SWS_NvM_00467] [SWS_NvM_00468]
[SWS_NvM_00469] [SWS_NvM_00539]
[SWS_NvM_00540]
[SWS_NvM_00454] [SWS_NvM_00460]
[SWS_NvM_00540] [SWS_NvM_00764]
[SWS_NvM_00461]
[SWS_NvM_00157]
[SWS_NvM_00162] [SWS_NvM_00698]
[SWS_NvM_00699]
[SWS_NvM_00010] [SWS_NvM_00051]
[SWS_NvM_00122] [SWS_NvM_00195]
[SWS_NvM_00196] [SWS_NvM_00454]
[SWS_NvM_00629] [SWS_NvM_00764]
[SWS_NvM_00765] [SWS_NvM_00766]
[SWS_NvM_00825] [SWS_NvM_00898]
[SWS_NvM_00899]
[SWS_NvM_00051] [SWS_NvM_00122]
[SWS_NvM_00210] [SWS_NvM_00410]
[SWS_NvM_00455] [SWS_NvM_00622]
[SWS_NvM_00793] [SWS_NvM_00794]
[SWS_NvM_00897] [SWS_NvM_00900]
[SWS_NvM_00901]
[SWS_NvM_00012] [SWS_NvM_00051]
[SWS_NvM_00122] [SWS_NvM_00266]
[SWS_NvM_00267] [SWS_NvM_00435]
[SWS_NvM_00456] [SWS_NvM_00813]
[SWS_NvM_00814] [SWS_NvM_00816]
[SWS_NvM_00817] [SWS_NvM_00893]
[SWS_NvM_00894] [SWS_NvM_00902]
[SWS_NvM_00903] [SWS_NvM_00951]
[SWS_NvM_00015] [SWS_NvM_00451]
[SWS_NvM_00895] [SWS_NvM_00896]
[SWS_NvM_00442]
 Specification of NVRAM Manager
AUTOSAR CP R22-11

Requirement Description Satisfied by

[SRS_Mem_00030] The NVRAM manager shall [SWS_NvM_00164] [SWS_NvM_00897]
implement mechanisms for
consistency/integrity checks of
data saved in NVRAM
[SRS_Mem_00034] Write accesses of the NVRAM [SWS_NvM_00162]
manager to persistent memory
shall be executed quasi-parallel
to normal operation of the ECU
[SRS_Mem_00038] Treatable errors shall not affect [SWS_NvM_00748] [SWS_NvM_00825]
other software components [SWS_NvM_00910] [SWS_NvM_00911]
[SWS_NvM_00948]
[SRS_Mem_00041] Each application shall be [SWS_NvM_00051] [SWS_NvM_00122]
enabled to declare the memory
requirements at configuration
time
[SRS_Mem_00125] For each block a notification [SWS_NvM_00463]
shall be configurable
[SRS_Mem_00127] The NVRAM manager shall [SWS_NvM_00016] [SWS_NvM_00450]
allow enabling/disabling a write [SWS_NvM_00748]
protection for each NVRAM
block individually
[SRS_Mem_00129] The NVRAM manager shall [SWS_NvM_00165] [SWS_NvM_00582]
repair data in blocks of
management type ’NVRAM
redundant’
[SRS_Mem_00135] The NVRAM manager shall have [SWS_NvM_00034]
an unique configuration identifier
[SRS_Mem_00136] The NVRAM manager shall [SWS_NvM_00849] [SWS_NvM_00850]
provide functionality for [SWS_NvM_00852] [SWS_NvM_00853]
determining updates of data [SWS_NvM_00854] [SWS_NvM_00906]
associated with an NVRAM [SWS_NvM_00909]
Block during runtime
[SRS_Mem_00137] The NVRAM manager shall [SWS_NvM_00855] [SWS_NvM_00856]
provide a service for [SWS_NvM_00857] [SWS_NvM_00858]
auto-validating NVRAM blocks [SWS_NvM_00859] [SWS_NvM_00860]
[SWS_NvM_00861] [SWS_NvM_00862]
[SWS_NvM_00863]
[SRS_Mem_08000] The NVRAM manager shall be [SWS_NvM_00051] [SWS_NvM_00123]
able to access multiple [SWS_NvM_00442]
non-volatile memory devices
[SRS_Mem_08007] The NVRAM manager shall [SWS_NvM_00448]
provide a service for the
selection of valid dataset NV
blocks
[SRS_Mem_08009] The NVRAM Manager shall [SWS_NvM_00325] [SWS_NvM_00326]
allow a static configuration of a [SWS_NvM_00577]
default write protection (on/off)
for each NVRAM block
[SRS_Mem_08010] The NVRAM manager shall copy [SWS_NvM_00171] [SWS_NvM_00172]
the ROM default data to the data
area of the corresponding RAM
block if it can not read data from
NV into RAM

24 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Requirement Description Satisfied by

[SRS_Mem_08011] The NVRAM manager shall [SWS_NvM_00421] [SWS_NvM_00459]
provide a service to invalidate a
block of data in the non-volatile
memory
[SRS_Mem_08014] The NVRAM manager shall [SWS_NvM_00051] [SWS_NvM_00122]
allow a non-continuous RAM [SWS_NvM_00442]
block allocation in the global
RAM area
[SRS_Mem_08015] Some of the NV Blocks in the [SWS_NvM_00397]
NVRAM shall never be erased
nor be replaced with the default
ROM data after first initialization
[SRS_Mem_08534] The NVRAM manager shall [SWS_NvM_00904]
support two classes of RAM
data blocks
[SRS_Mem_08540] The NVRAM manager shall [SWS_NvM_00019] [SWS_NvM_00458]
provide a function for aborting
the shutdown process
[SRS_Mem_08541] The NVRAM manager shall [SWS_NvM_00208] [SWS_NvM_00384]
guarantee that an accepted [SWS_NvM_00472] [SWS_NvM_00622]
write request will be processed [SWS_NvM_00748] [SWS_NvM_00798]
[SRS_Mem_08542] The NVRAM manager shall [SWS_NvM_00032] [SWS_NvM_00378]
provide a prioritization for job [SWS_NvM_00564]
processing order
[SRS_Mem_08544] The NVRAM manager shall [SWS_NvM_00415] [SWS_NvM_00457]
provide a service to erase the
NV block(s) associated with an
NVRAM block
[SRS_Mem_08545] The NVRAM Manager shall [SWS_NvM_00241] [SWS_NvM_00405]
provide a service for marking the [SWS_NvM_00453] [SWS_NvM_00906]
permanent RAM data block of [SWS_NvM_00909]
an NVRAM block valid
[SRS_Mem_08546] It shall be possible to protect [SWS_NvM_00240] [SWS_NvM_00548]
permanent RAM data blocks
against data loss due to reset
[SRS_Mem_08547] The NVRAM Manager shall be [SWS_NvM_00132] [SWS_NvM_00164]
able to distinguish between [SWS_NvM_00165] [SWS_NvM_00174]
explicitly invalidated and [SWS_NvM_00571]
inconsistent data
[SRS_Mem_08548] The NVRAM Manager shall [SWS_NvM_00629] [SWS_NvM_00700]
request default data from the [SWS_NvM_00893] [SWS_NvM_00894]
application
[SRS_Mem_08549] The NVRAM manager shall [SWS_NvM_00171]
provide functionality to
automatically initialize RAM data
blocks after a software update
[SRS_Mem_08550] The NVRAM Manager shall [SWS_NvM_00344] [SWS_NvM_00345]
provide a service for marking [SWS_NvM_00696] [SWS_NvM_00906]
permanent RAM data blocks as [SWS_NvM_00909]
modified/unmodified

25 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Requirement Description Satisfied by

[SRS_Mem_08554] The NVRAM manager shall retry [SWS_NvM_00213] [SWS_NvM_00526]
read and write operations on [SWS_NvM_00527] [SWS_NvM_00529]
NVRAM blocks if they have not [SWS_NvM_00581] [SWS_NvM_00804]
succeeded up to a configurable [SWS_NvM_00897] [SWS_NvM_00907]
number of times [SWS_NvM_00908]
[SRS_Mem_08555] The NVRAM manager shall [SWS_NvM_00523] [SWS_NvM_00524]
provide mechanisms for static [SWS_NvM_00593]
verification of the block identifier
when reading an NVRAM block
[SRS_Mem_08556] The NVRAM manager shall [SWS_NvM_00527] [SWS_NvM_00528]
provide a mechanism for [SWS_NvM_00529] [SWS_NvM_00897]
verification of the written block
data by again reading and
comparing it
[SRS_Mem_08558] The NVRAM manager shall [SWS_NvM_00458]
provide a mechanism to remove
all unprocessed requests
associated with a NVRAM block
[SRS_Mem_08560] Each NVRAM block shall be [SWS_NvM_00535] [SWS_NvM_00536]
configurable for shared access
[SWS_BSW_- No description [SWS_NvM_00447]
00047]
[SWS_NvM_08541] No description [SWS_NvM_00897]

26 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7 Functional specification

7.1 Basic architecture guidelines

7.1.1 Layer structure

The figure below shows the communication interaction of module NvM.

Figure 7.1: NVRAM Manager interactions overview

7.1.2 Addressing scheme for the memory hardware abstraction

[SWS_NvM_00051] dThe Memory Abstraction Interface, the underlying Flash EEP-

ROM Emulation and EEPROM Abstraction Layer provide the NvM module with a
virtual linear 32bit address space which is composed of a 16bit block number and
a 16bit block address offset.c(SRS_Mem_00041, SRS_Mem_08000, SRS_Mem_-
08014, SRS_Mem_00016, SRS_Mem_00017, SRS_Mem_00018)

27 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Hint: According to [SWS_NvM_00051], the NvM module allows for a (theoretical) max-
imum of 65536 logical blocks, each logical block having a (theoretical) maximum size
of 64 Kbytes.
[SWS_NvM_00122] dThe NvM module shall further subdivide the 16bit Fee/Ea block
number into the following parts:
• NV block base number (NVM_NV_BLOCK_BASE_NUMBER) with a bit width of
(16 -NVM_DATASET_SELECTION_BITS)
• Data index with a bit width of (NVM_DATASET_SELECTION_BITS)
c(SRS_Mem_00041, SRS_Mem_08014, SRS_Mem_00016, SRS_Mem_00017,
SRS_Mem_00018)
[SWS_NvM_00343] dHandling/addressing of redundant NVRAM blocks shall be done
towards the memory hardware abstraction in the same way like for dataset NVRAM
blocks, i.e. the redundant NV blocks shall be managed by usage of the configuration
parameter NvMDatasetSelectionBits.c()
[SWS_NvM_00123] dThe NV block base number (NVM_NV_BLOCK_BASE_NUM-
BER) shall be located in the most significant bits of the Fee/Ea block number.c(SRS_-
Mem_08000)
[SWS_NvM_00442] dThe configuration tool shall configure the block identifiers.c
(SRS_Mem_08000, SRS_Mem_00027, SRS_Mem_08014)
[SWS_NvM_00443] dThe NvM module shall not modify the configured block identi-
fiers.c()

7.1.2.1 Examples

To clarify the previously described addressing scheme which is used for NVRAM man-
ager ↔ memory hardware abstraction interaction, the following examples shall help to
understand the correlations between the configuration parameters NvMNvBlockBase
Number, NvMDatasetSelectionBits on NVRAM manager side and EA_BLOCK_NUM-
BER / FEE_BLOCK_NUMBER on memory hardware abstraction side (see 10.2.3).
For the given examples A and B a simple formula is used:
FEE/EA_BLOCK_NUMBER = (NvMNvBlockBaseNumber << NvMDatasetSelection
Bits) + DataIndex.
Example A:
• The configuration parameter NvMDatasetSelectionBits is configured to be 2. This
leads to the result that 14 bits are available as range for the configuration param-
eter NvMNvBlockBaseNumber.
• Range of NvMNvBlockBaseNumber: 0x1..0x3FFE

28 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• Range of data index: 0x0..0x3(=2ˆNvMDatasetSelectionBits-1)

• Range of FEE_BLOCK_NUMBER/EA_BLOCK_NUMBER: 0x4..0xFFFB
With this configuration the FEE/EA_BLOCK_NUMBER computes using the formula
mentioned before should look like in the examples below:
For a native NVRAM block with NvMNvBlockBaseNumber = 2:
• NV block is accessed with FEE/EA_BLOCK_NUMBER = 8
For a redundant NVRAM block with NvMNvBlockBaseNumber = 3:
• 1st NV block with data index 0 is accessed with FEE/EA_BLOCK_NUMBER = 12
• 2nd NV block with data index 1 is accessed with FEE/EA_BLOCK_NUMBER =
13
For a dataset NVRAM block with NvMNvBlockBaseNumber = 4, NvMNvBlockNum = 3:
• NV block #0 with data index 0 is accessed with FEE/EA_BLOCK_NUMBER = 16
• NV block #1 with data index 1 is accessed with FEE/EA_BLOCK_NUMBER = 17
• NV block #2 with data index 2 is accessed with FEE/EA_BLOCK_NUMBER = 18
Example B:
• The configuration parameter NvMDatasetSelectionBits is configured to be 4. This
leads to the result that 12 bits are available as range for the configuration param-
eter NvMNvBlockBaseNumber.
• Range of NvMNvBlockBaseNumber: 0x1..0xFFE
• Range of data index: 0x0..0xF(=2ˆNvMDatasetSelectionBits-1)
• Range of FEE/EA Block Number: 0x10..0xFFEF

7.1.3 Basic storage objects

7.1.3.1 NV block

[SWS_NvM_00125] dThe NV block is a basic storage object and represents a memory

area consisting of NV user data and (optionally) a CRC value and (optionally) a NV
block header.c()

29 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.2: NV Block layout

Note: This figure does not show the physical memory layout of an NV block. Only the
logical clustering is shown.

7.1.3.2 RAM block

[SWS_NvM_00126] dThe RAM block is a basic storage object and represents an area
in RAM consisting of user data and (optionally) a CRC value and (optionally) a NV
block header.c()
[SWS_NvM_00127] dRestrictions on CRC usage on RAM blocks. CRC is only avail-
able if the corresponding NV block(s) also have a CRC. CRC has to be of the same
type as that of the corresponding NV block(s).c()
Note: For more information on Crc configuration, see chapter 10.2.3.
[SWS_NvM_00129] dThe user data area of a RAM block can reside in a different RAM
address location (global data section) than the state of the RAM block.c()
[SWS_NvM_00130] dThe data area of a RAM block shall be accessible from NVRAM
Manager and from the application side (data passing from/to the corresponding NV
block).c()

30 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.3: RAM Block layout

Note: This figure does not show the physical memory layout of a RAM block. Only the
logical clustering is shown.
As the NvM module doesn’t support alignment, this could be managed by configu-
ration, i.e. the block length could be enlarged by adding padding to meet alignment
requirements.
[SWS_NvM_00373] dThe RAM block data shall contain the permanently or temporarily
assigned user data.c()
[SWS_NvM_00370] dIn case of permanently assigned user data, the address of the
RAM block data is known during configuration time.c()
[SWS_NvM_00372] dIn case of temporarily assigned user data, the address of the
RAM block data is not known during configuration time and will be passed to the NvM
module during runtime.c()
[SWS_NvM_00088] dIt shall be possible to allocate each RAM block without address
constraints in the global RAM area. The whole number of configured RAM blocks
needs not be located in a continuous address space.c()

7.1.3.3 ROM block

[SWS_NvM_00020] dThe ROM block is a basic storage object, resides in the ROM
(FLASH) and is used to provide default data in case of an empty or damaged NV
block.c()

31 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.4: ROM block layout

7.1.3.4 Administrative block

[SWS_NvM_00134] dThe Administrative block shall be located in RAM and shall con-
tain a block index which is used in association with Dataset NV blocks. Additionally, at-
tribute/error/status information of the corresponding NVRAM block shall be contained.c
()
[SWS_NvM_00128] dThe NvM module shall use state information of the permanent
RAM block or of the RAM mirror in the NvM module in case of explicit syncronization
(invalid/valid) to determine the validity of the permanent RAM block user data.c()
[SWS_NvM_00132] dThe RAM block state "invalid" indicates that the data area of the
respective RAM block is invalid. The RAM block state "valid" indicates that the data
area of the respective RAM block is valid.c(SRS_Mem_08547)
[SWS_NvM_00133] dThe value of "invalid" shall be represented by all other values
except "valid".c()
[SWS_NvM_00135] dThe Administrative block shall be invisible for the application and
is used exclusively by the NvM module for security and administrative purposes of the
RAM block and the NVRAM block itself.c()
[SWS_NvM_00054] dThe NvM module shall use an attribute field to manage the NV
block write protection in order to protect/unprotect a NV block data field.c()
[SWS_NvM_00136] dThe NvM module shall use an error/status field to manage the
error/status value of the last request.c()

7.1.3.5 NV Block Header

[SWS_NvM_00522] dThe NV Block header shall be included first in the NV Block, if

the mechanism Static Block ID is enabled.c()

32 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.5: NV block layout with Static Block ID enabled

7.1.4 Block management types

7.1.4.1 Block management types overview

[SWS_NvM_00137] dThe following types of NVRAM storage shall be supported by the

NvM module implementation:
• NVM_BLOCK_NATIVE
• NVM_BLOCK_REDUNDANT
• NVM_BLOCK_DATASET
c()
[SWS_NvM_00557] dNVM_BLOCK_NATIVE type of NVRAM storage shall consist of
the following basic storage objects:
• NV Blocks: 1
• RAM Blocks: 1
• ROM Blocks: 0..1
• Administrative Blocks:1
c()
[SWS_NvM_00558] dNVM_BLOCK_REDUNDANT type of NVRAM storage shall con-
sist of the following basic storage objects:
• NV Blocks: 2

33 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• RAM Blocks: 1
• ROM Blocks: 0..1
• Administrative Blocks:1
c()
[SWS_NvM_00559] dNVM_BLOCK_DATASET type of NVRAM storage shall consist
of the following basic storage objects:
• NV Blocks: 1..(m<256)*
• RAM Blocks: 1
• ROM Blocks: 0..n
• Administrative Blocks:1
• * The number of possible datasets depends on the configuration parameter Nv
MDatasetSelectionBits.
c()

7.1.4.2 NVRAM block structure

[SWS_NvM_00138] dThe NVRAM block shall consist of the mandatory basic storage
objects NV block, RAM block and Administrative block.c()
[SWS_NvM_00139] dThe basic storage object ROM block is optional.c()
[SWS_NvM_00140] dThe composition of any NVRAM block is fixed during configura-
tion by the corresponding NVRAM block descriptor.c()
[SWS_NvM_00141] dAll address offsets are given relatively to the start addresses of
RAM or ROM in the NVRAM block descriptor. The start address is assumed to be
zero.c()
Hint: A device specific base address or offset will be added by the respective device
driver if needed.
For details of the NVRAM block descriptor see chapter 7.1.4.3.

7.1.4.3 NVRAM block descriptor table

[SWS_NvM_00069] dA single NVRAM block to deal with will be selected via the NvM
module API by providing a subsequently assigned Block ID.c()
[SWS_NvM_00143] dAll structures related to the NVRAM block descriptor table and
their addresses in ROM (FLASH) have to be generated during configuration of the Nv
M module.c()

34 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.1.4.4 Native NVRAM block

The Native NVRAM block is the simplest block management type. It allows storage to/
retrieval from NV memory with a minimum of overhead.
[SWS_NvM_00000] dThe Native NVRAM block consists of a single NV block, RAM
block and Administrative block.c()

7.1.4.5 Redundant NVRAM block

In addition to the Native NVRAM block, the Redundant NVRAM block provides en-
hanced fault tolerance, reliability and availability. It increases resistance against data
corruption.
[SWS_NvM_00001] dThe Redundant NVRAM block consists of two NV blocks, a RAM
block and an Administrative block.c()
The following figure reflects the internal structure of a redundant NV block:

35 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.6: Redundant NVRAM block layout

Note: This figure does not show the physical NV memory layout of a redundant NVRAM
block. Only the logical clustering is shown.
[SWS_NvM_00531] dIn case one NV Block associated with a Redundant NVRAM
block is deemed invalid (e.g. during read), an attempt shall be made to recover the
NV Block using data from the incorrupt NV Block.c()
[SWS_NvM_00546] dIn case the recovery fails then this shall be reported to the DEM
using the code NVM_E_LOSS_OF_REDUNDANCY.c()
Note: "Recovery" denotes the re-establishment of redundancy. This usually means
writing the recovered data back to the NV Block.

36 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.1.4.6 Dataset NVRAM block

The Dataset NVRAM block is an array of equally sized data blocks (NV/ROM). The
application can at one time access exactly one of these elements.
[SWS_NvM_00006] dThe Dataset NVRAM block consists of multiple NV user data,
(optionally) CRC areas, (optional) NV block headers, a RAM block and an Administra-
tive block.c()
[SWS_NvM_00144] dThe index position of the dataset is noticed via a separated field
in the corresponding Administrative block.c()
[SWS_NvM_00374] dThe NvM module shall be able to read all assigned NV blocks.c()
[SWS_NvM_00375] dThe NvM module shall only be able to write to all assigned NV
blocks if (and only if) write protection is disabled.c()
[SWS_NvM_00146] dIf the basic storage object ROM block is selected as optional
part, the index range which normally selects a dataset is extended to the ROM to make
it possible to select a ROM block instead of a NV block. The index covers all NV/ROM
blocks which may build up the NVRAM Dataset block.c()
[SWS_NvM_00376] dThe NvM module shall be able to only read optional ROM blocks
(default datasets).c()
[SWS_NvM_00377] dThe NvM module shall treat a write to a ROM block like a write
to a protected NV block.c()
[SWS_NvM_00444] dThe total number of configured datasets (NV+ROM blocks) shall
be in the range of 1..255.c()
[SWS_NvM_00445] dIn case of optional ROM blocks, data areas with an index from 0
up to NvMNvBlockNum - 1 represent the NV blocks with their CRC in the NV memory.
Data areas with an index from NvMNvBlockNum up to NvMNvBlockNum + NvMRom
BlockNum - 1 represent the ROM blocks.c()

37 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.7: Dataset NVRAM block layout

Note: This figure does not show the physical NV memory layout of a Dataset NVRAM
block. Only the logical clustering is shown.

7.1.4.7 NVRAM Manager API configuration classes

[SWS_NvM_00149] dTo have the possibility to adapt the NvM module to limited hard-
ware resources, three different API configuration classes shall be defined:
• API configuration class 3: All specified API calls are available. A maximum of
functionality is supported.

38 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• API configuration class 2: An intermediate set of API calls is available.

• API configuration class 1: Especially for matching systems with very limited hard-
ware resources this API configuration class offers only a minimum set of API calls
which are required in any case.
c()
[SWS_NvM_00560] dAPI configuration class 3 shall consist of the following API:
• Type 1:
• NvM_SetDataIndex(...)
• NvM_GetDataIndex(...)
• NvM_SetBlockProtection(...)
• NvM_GetErrorStatus(...)
• NvM_SetRamBlockStatus(...)
• NvM_SetBlockLockStatus()
• Type 2:
• NvM_ReadBlock(...)
• NvM_WriteBlock(...)
• NvM_RestoreBlockDefaults(...)
• NvM_EraseNvBlock(...)
• NvM_InvalidateNvBlock(...)
• NvM_CancelJobs(...)
• NvM_ReadPRAMBlock(...)
• NvM_WritePRAMBlock(...)
• NvM_RestorePRAMBlockDefaults(...)
• Type 3:
• NvM_ReadAll(...)
• NvM_WriteAll(...)
• NvM_CancelWriteAll(...)
• NvM_ValidateAll(...)
• NvM_FirstInitAll(...)
• Type 4:
• NvM_Init(...)

39 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

c()
[SWS_NvM_00561] dAPI configuration class 2 shall consist of the following API:
• Type 1:
• NvM_SetDataIndex(...)
• NvM_GetDataIndex(...)
• NvM_GetErrorStatus(...)
• NvM_SetRamBlockStatus(...)
• NvM_SetBlockLockStatus(...)
• Type 2:
• NvM_ReadBlock(...)
• NvM_WriteBlock(...)
• NvM_RestoreBlockDefaults(...)
• NvM_CancelJobs(...)
• NvM_ReadPRAMBlock(...)
• NvM_WritePRAMBlock(...)
• NvM_RestorePRAMBlockDefaults(...)
• Type 3:
• NvM_ReadAll(...)
• NvM_WriteAll(...)
• NvM_CancelWriteAll(...)
• NvM_ValidatedAll(...)
• Type 4:
• NvM_Init(...)
c()
[SWS_NvM_00562] dAPI configuration class 1 shall consist of the following API:
• Type 1:
• NvM_GetErrorStatus(...)
• NvM_SetRamBlockStatus(...)
• NvM_SetBlockLockStatus(...)
• Type 2:

40 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• –
• Type 3:
• NvM_ReadAll(...)
• NvM_WriteAll(...)
• NvM_CancelWriteAll(...)
• Type 4:
• NvM_Init(...)
• Note: For API configuration class 1 no queues are needed, no immediate data
can be written. Furthermore the API call NvM_SetRamBlockStatus is only avail-
able if configured by NvMSetRamBlockStatusApi.
c()
[SWS_NvM_00365] dWithin API configuration class 1, the block management type
NVM_BLOCK_DATASET is not supported.c()
For information regarding the definition of Type 1. . . 4 refer to chapter 8.6.
[SWS_NvM_00150] dThe NvM module shall only contain that code that is needed to
handle the configured block types.c()

7.1.5 Scan order / priority scheme

[SWS_NvM_00032] dThe NvM module shall support a priority based job processing.c
(SRS_Mem_08542)
[SWS_NvM_00564] dBy configuration parameter NvMJobPrioritization priority based
job processing shall be enabled/disabled.c(SRS_Mem_08542)
Note: For more information on parameter NvMJobPrioritization, see chapter 10.2.2.
[SWS_NvM_00378] dIn case of priority based job processing order, the NvM module
shall use two queues, one for immediate write jobs (crash data) another for all other
jobs (including immediate read/erase jobs).c(SRS_Mem_08542)
[SWS_NvM_00379] dIf priority based job processing is disabled via configuration, the
NvM module shall not support immediate write jobs. In this case, the NvM module
processes all jobs in FCFS order.c()
[SWS_NvM_00380] dThe job queue length for multi block requests originating from
any of the NvM_ReadAll, NvM_ValidateAll, NvM_FirstInitAll and NvM_WriteAll APIs
shall be one (only one multi block job is queued).c()
[SWS_NvM_00381] dThe NvM module shall not interrupt jobs originating from the Nv
M_ReadAll request by other requests.c()

41 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note: The only exception to the rule given in [SWS_NvM_00381], [SWS_NvM_00567]

is a write job with immediate priority which shall preempt the running read / write job
[SWS_NvM_00182]. The preempted job shall subsequently be resumed / restarted by
the NvM module.
[SWS_NvM_00567] dThe NvM module shall not interrupt jobs originating from the Nv
M_WriteAll request by other requests.c()
[SWS_NvM_00568] dThe NvM module shall rather queue read jobs that are requested
during an ongoing NvM_ReadAll request and executed them subsequently.c()
[SWS_NvM_00569] dThe NvM module shall rather queue write jobs that are requested
during an ongoing NvM_WriteAll request and executed them subsequently.c()
[SWS_NvM_00725] dThe NvM module shall rather queue write jobs that are requested
during an ongoing NvM_ReadAll request and executed them subsequently.c()
[SWS_NvM_00726] dThe NvM module shall rather queue read jobs that are requested
during an ongoing NvM_WriteAll request and executed them subsequently.c()
Note: The NvM_WriteAll request can be aborted by calling NvM_CancelWriteAll. In
this case, the current block is processed completely but no further blocks are written
[SWS_NvM_00238].
Hint: It shall be allowed to dequeue requests, if they became obsolete by completion
of the regarding NVRAM block.
[SWS_NvM_00570] dThe preempted job shall subsequently be resumed / restarted by
the NvM module. This behavior shall apply for single block requests as well as for multi
block requests.c()

7.2 General behavior

7.2.1 Functional requirements

[SWS_NvM_00383] dFor each asynchronous request, a notification of the caller after

completion of the job shall be a configurable option.c()
[SWS_NvM_00384] dThe NvM module shall provide a callback interface
[SWS_NvM_00113].c(SRS_Mem_08541)
Hint: The NvM module’s environment shall access the non-volatile memory via the Nv
M module only. It shall not be allowed for any module (except for the NvM module) to
access the non-volatile memory directly.
[SWS_NvM_00038] dThe NvM module only provides an implicit way of accessing
blocks in the NVRAM and in the shared memory (RAM). This means, the NvM module
copies one or more blocks from NVRAM to the RAM and the other way round.c()

42 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00692] dThe application accesses the RAM data directly, with respect to
given restrictions (e.g. synchronization).c()
[SWS_NvM_00385] dThe NvM module shall queue all asynchronous "single block"
read/write/control requests if the block with its specific ID is not already queued or
currently in progress (multitasking restrictions).c()
[SWS_NvM_00386] dThe NvM module shall accept multiple asynchronous "single
block" requests as long as no queue overflow occurs.c()
[SWS_NvM_00155] dThe highest priority request shall be fetched from the queues by
the NvM module and processed in a serialized order.c()
[SWS_NvM_00040] dThe NvM module shall implement implicit mechanisms for con-
sistency / integrity checks of data saved in NV memory [SWS_NvM_00165].c()
Depending on implementation of the memory stack, callback routines provided and/or
invoked by the NvM module may be called in interrupt context.
Hint: The NvM module providing routines called in interrupt context has therefore to
make sure that their runtime is reasonably short.
[SWS_NvM_00085] dIf there is no default ROM data available at configuration time or
no callback defined by NvMInitBlockCallback then the application shall be responsible
for providing the default initialization data.c()
Note: In this case, the application has to use NvM_GetErrorStatus() to be able to
distinguish between first initialization and corrupted data (see 10.2.3).
[SWS_NvM_00387] dDuring processing of NvM_ReadAll, the NvM module shall be
able to detect corrupted RAM data by performing a checksum calculation. [ECUC_Nv
M_00476].c()
[SWS_NvM_00226] dDuring processing of NvM_ReadAll, the NvM module shall be
able to detect invalid RAM data by testing the validity of a data within the administrative
block [ECUC_NvM_00476].c()
[SWS_NvM_00388] dDuring startup phase and normal operation of NvM_ReadAll and
if the NvM module has detected an unrecoverable error within the NV block, the NvM
module shall copy default data (if configured) to the corresponding RAM block.c()
[SWS_NvM_00332] dTo make use of the OS services, the NvM module shall only use
the BSW scheduler instead of directly making use of OS objects and/or related OS
services.c(SRS_BSW_00429)
[SWS_NvM_00985] dThe NvM module shall use the internal mirror as a buffer for all
operations that read and write the RAM block of the NVRAM blocks with configured
permanent RAM (or RAM passed by API parameter) for which the RAM (start) is not
aligned to the NvMBufferAlignmentValue.c()

43 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2 Design notes

7.2.2.1 NVRAM manager startup

[SWS_NvM_00693] dNvM_Init shall be invoked by the BSW Mode Manager exclu-

sively.c()
[SWS_NvM_00091] dDue to strong constraints concerning the ECU startup time, the
NvM_Init request shall not contain the initialization of the configured NVRAM blocks.c
()
[SWS_NvM_00157] dThe NvM_Init request shall not be responsible to trigger the ini-
tialization of underlying drivers and memory hardware abstraction. This shall also be
handled by the BSW Mode Manager.c(SRS_Mem_00011)
[SWS_NvM_00158] dThe initialization of the RAM data blocks shall be done by another
request, namely NvM_ReadAll.c()
NvM_ReadAll shall be called exclusively by BSW Mode Manager.
[SWS_NvM_00694] dSoftware components which use the NvM module shall be re-
sponsible for checking global error/status information resulting from the NvM mod-
ule startup. The BSW Mode Manager shall use polling by using NvM_GetErrorSta-
tus [SWS_NvM_00015] (reserved block ID 0) or callback notification (configurable op-
tion NvM_MultiBlockCallback) to derive global error/status information resulting from
startup. If polling is used, the end of the NVRAM startup procedure shall be detected
by the global error/status NVM_REQ_OK or NVM_REQ_NOT_OK (during startup
NVM_REQ_PENDING). If callbacks are chosen for notification, software components
shall be notified automatically if an assigned NVRAM block has been processed
[SWS_NvM_00281].c()
Note 1: If callbacks are configured for each NVRAM block which is processed within
NvM_ReadAll, they can be used by the RTE to start e.g. SW-Cs at an early point of
time.
Note 2: To ensure that the DEM is fully operational at an early point of time, i.e. its NV
data is restored to RAM, DEM related NVRAM blocks should be configured to have a
low ID to be processed first within NvM_ReadAll.
Note 3: For more information on NvM_MultiBlockCallback, see chapter 10.2.2.
[SWS_NvM_00160] dThe NvM module shall not store the currently used Dataset index
automatically in a persistent way.
Software components shall check the specific error/status of all blocks they are respon-
sible for by using NvM_GetErrorStatus [SWS_NvM_00015] with specific block IDs to
determine the validity of the corresponding RAM blocks.c()
[SWS_NvM_00695] dFor all blocks of the block management type "NVRAM Dataset"
[SWS_NvM_00006] the software component shall be responsible to set the proper
index position by NvM_SetDataIndex [SWS_NvM_00014]. E.g. the current index po-

44 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

sition can be stored/maintained by the software component in a unique NVRAM block.

To get the current index position of a "Dataset Block", the software component shall
use the NvM_GetDataIndex [SWS_NvM_00021] API call.c()

7.2.2.2 NVRAM manager shutdown

[SWS_NvM_00092] dThe basic shutdown procedure shall be done by the request Nv

M_WriteAll [SWS_NvM_00018].c()
Hint: NvM_WriteAll shall be invoked by the BSW Mode Manager.

7.2.2.3 (Quasi) parallel write access to the NvM module

[SWS_NvM_00162] dThe NvM module shall receive the requests via an asynchronous
interface using a queuing mechanism. The NvM module shall process all requests
serially depending on their priority.c(SRS_Mem_00013, SRS_Mem_00034)

7.2.2.4 NVRAM block consistency check

[SWS_NvM_00164] dThe NvM module shall provide implicit techniques to check

the data consistency of NVRAM blocks [ECUC_NvM_00476], [SWS_NvM_00040].c
(SRS_Mem_08547, SRS_Mem_00030)
[SWS_NvM_00571] dThe data consistency check of a NVRAM block shall be done by
CRC recalculations of its corresponding NV block(s).c(SRS_Mem_08547)
[SWS_NvM_00165] dThe implicit way of a data consistency check shall be provided by
configurable options of the internal functions. The implicit consistency check shall be
configurable for each NVRAM block and depends on the configurable parameters Nv
MBlockUseCrc and NvMCalcRamBlockCrc.c(SRS_Mem_08547, SRS_Mem_00129)
Note: For more information on NvMBlockUseCrc and NvMCalcRamBlockCrc, see
chapter 10.2.3.
[SWS_NvM_00724] dNvMBlockUseCrc should be enabled for NVRAM blocks where
NvMWriteBlockOnce = TRUE. NvMBlockWriteProt should be disabled for NVRAM
blocks where NvMWriteBlockOnce = TRUE, to enable the user to write data to the
NVRAM block in case of CRC check is failed.c()
[SWS_NvM_00544] dDepending on the configurable parameters NvMBlockUseCrc
and NvMCalcRamBlockCrc, NvM module shall allocate memory for the largest CRC
used.c()
Hint: NvM users should not know anything about CRC memory (e.g. size, location) for
their data in a RAM block.

45 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.5 Error recovery

[SWS_NvM_00047] dThe NvM module shall provide techniques for error recovery. The
error recovery depends on the NVRAM block management type [SWS_NvM_00001].c
()
[SWS_NvM_00389] dThe NvM module shall provide error recovery on read for every
kind of NVRAM block management type by loading of default values.c()
[SWS_NvM_00390] dThe NvM module shall provide error recovery on read for NVRAM
blocks of block management type NVM_BLOCK_REDUNDANT by loading the RAM
block with default values.c()
[SWS_NvM_00168] dThe NvM module shall provide error recovery on write by per-
forming write retries regardless of the NVRAM block management type.c()
[SWS_NvM_00169] dThe NvM module shall provide read error recovery on startup for
all NVRAM blocks with configured RAM block CRC in case of RAM block revalidation
failure.c()

7.2.2.6 Recovery of a RAM block with ROM data

[SWS_NvM_00171] dThe NvM module shall provide implicit and explicit recovery
techniques to restore ROM data to its corresponding RAM block in case of unre-
coverable data inconsistency of a NV block [SWS_NvM_00387], [SWS_NvM_00226],
[SWS_NvM_00388].c(SRS_Mem_08549, SRS_Mem_08010)

7.2.2.7 Implicit recovery of a RAM block with ROM default data

[SWS_NvM_00172] dThe data content of the corresponding NV block shall remain

unmodified during the implicit recovery.c(SRS_Mem_08010)
[SWS_NvM_00572] dThe implicit recovery shall not be provided during startup (part
of NvM_ReadAll), neither by NvM_ReadBlock nor by NvM_ReadPRAMBlock for each
NVRAM block when no default data is configured (by the parameter NvMRomBlock
DataAddress or NvMInitBlockCallback).c()
[SWS_NvM_00573] dThe implicit recovery shall not be provided during startup (part
of NvM_ReadAll), neither by NvM_ReadBlock nor by NvM_ReadPRAMBlock for each
NVRAM block for the following conditions:
• The default data is configured (by the parameter NvMRomBlockDataAddress or
the parameter NvMInitBlockCallback).
• The permanent RAM block or the content of the RAM mirror in the NvM module (
in case of explicit synchronization) state is valid and CRC (data) is consistent.
c()

46 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00574] dThe implicit recovery shall not be provided during startup (part
of NvM_ReadAll), neither by NvM_ReadBlock nor by NvM_ReadPRAMBlock for each
NVRAM block for the following conditions:
• The default data is configured (by the parameter NvMRomBlockDataAddress or
the parameter NvMInitBlockCallback).
• The permanent RAM block or the content of the RAM mirror in the NvM module (
in case of explicit synchronization) state is invalid and CRC (data) is inconsistent.
• Read attempt from NV succeeds.
c()
[SWS_NvM_00575] dThe implicit recovery shall be provided during startup (part of Nv
M_ReadAll) and by NvM_ReadBlock or NvM_ReadPRAMBlock for each NVRAM block
for the following conditions:
• The default data is configured (by the parameter NvMRomBlockDataAddress or
the parameter NvMInitBlockCallback).
• The permanent RAM block state or the content of the RAM mirror in the NvM
module ( in case of explicit synchronization) is invalid and CRC (data) is incon-
sistent.
• Read attempt from NV fails.
c()
[SWS_NvM_00951] dImplicit recovery shall be provided during NvM_ReadBlock() or
NvM_ReadPRAMBlock() requests for NVRAM blocks of type NVM_BLOCK_NATIVE
and NVM_BLOCK_REDUNDANT.c(SRS_Mem_00018)

7.2.2.8 Explicit recovery of a RAM block with ROM default data

[SWS_NvM_00391] dFor explicit recovery with ROM block data the NvM module shall
provide functions NvM_RestoreBlockDefaults and NvM_RestorePRAMBlockDefaults
[SWS_NvM_00012] to restore ROM data to its corresponding RAM block.c()
[SWS_NvM_00392] dThe function NvM_RestoreBlockDefaults and NvM_Restore
PRAMBlockDefaults shall remain unmodified the data content of the corresponding
NV block.
Hint: The function NvM_RestoreBlockDefaults or NvM_RestorePRAMBlockDefaults
shall be used by the application to restore ROM data to the corresponding RAM block
every time it is needed.c()

47 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.9 Detection of an incomplete write operation to a NV block

[SWS_NvM_00174] dThe detection of an incomplete write operation to a NV block

is out of scope of the NvM module. This is handled and detected by the memory
hardware abstraction. The NvM module expects to get information from the memory
hardware abstraction if a referenced NV block is invalid or inconsistent and cannot be
read when requested. SW-Cs may use NvM_InvalidateNvBlock to prevent lower layers
from delivering old data.c(SRS_Mem_08547)

7.2.2.10 Termination of a single block request

[SWS_NvM_00175] dAll asynchronous requests provided by the NvM module (except

for NvM_CancelWriteAll) shall indicate their result in the designated error/status field
of the corresponding Administrative block [SWS_NvM_00000].c()
[SWS_NvM_00176] dThe optional configuration parameter NvMSingleBlockCallback
configures the notification via callback on the termination of an asynchronous block
request (and for NvM_ReadAll).c()
Note 1: In communication with application SW-C, the ECUC configuration parame-
ter NvMSingleBlockCallback (ECUC_NvM_00506) should be configured to the corre-
sponding Rte_call_<p>_<o> API.
Note 2: For more information on NvMSingleBlockCallback, see chapter 10.2.3.

7.2.2.11 Termination of a multi block request

[SWS_NvM_00393] dThe NvM module shall use a separate variable to store the result
of an asynchronous multi block request (NvM_ReadAll, NvM_WriteAll including NvM_
CancelWriteAll, NvM_ValidateAll).c()
[SWS_NvM_00394] dThe function NvM_GetErrorStatus [SWS_NvM_00015] shall re-
turn the most recent error/status information of an asynchronous multi block request
(including NvM_CancelWriteAll) in conjunction with a reserved block ID value of 0.c()
[SWS_NvM_00395] dThe result of a multi block request shall represent only a common
error/status information.c()
[SWS_NvM_00396] dThe multi block requests provided by the NvM module shall indi-
cate their detailed error/status information in the designated error/status field of each
affected Administrative block.c()
[SWS_NvM_00179] dThe optional configuration parameter NvMMultiBlockCallback
configures the notification via callback on the termination of an asynchronous multi
block request.c()
Note: For more information on NvMMultiBlockCallback, see chapter 10.2.2.

48 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.12 General handling of asynchronous requests/ job processing

[SWS_NvM_00180] dEvery time when CRC calculation is processed within a request,

the NvM module shall calculate the CRC in multiple steps if the referenced NVRAM
block length exceeds the number of bytes configured by the parameter NvMCrcNumOf
Bytes.c()
[SWS_NvM_00351] dFor CRC calculation, the NvM module shall use initial values
which are published by the CRC module.c()
[SWS_NvM_00181] dMultiple concurrent single block requests shall be queueable.c()
[SWS_NvM_00182] dThe NvM module shall interrupt asynchronous request/job pro-
cessing in favor of jobs with immediate priority (crash data).c()
[SWS_NvM_00184] dIf the invocation of an asynchronous function on the NvM module
leads to a job queue overflow, the function shall return with E_NOT_OK.c()
[SWS_NvM_00185] dOn successful enqueuing a request, the NvM module shall set
the request result of the corresponding NVRAM block to NVM_REQ_PENDING.c()
[SWS_NvM_00270] dIf the NvM module has successfully processed a job, it shall re-
turn NVM_REQ_OK as request result.c()

7.2.2.13 NVRAM block write protection

The NvM module shall offer different kinds of write protection which shall be config-
urable. Every kind of write protection is only related to the NV part of NVRAM block,
i.e. the RAM block data can be modified but not be written to NV memory.
[SWS_NvM_00325] dEnabling/Disabling of the write protection is allowed using NvM_
SetBlockProtection function when the NvMWriteBlockOnce is FALSE regardless of the
value (True/False) configured for NvMBlockWriteProt.c(SRS_Mem_08009)
[SWS_NvM_00577] dEnabling/Disabling of the write protection is not allowed using Nv
M_SetBlockProtection function when the NvMWriteBlockOnce is TRUE regardless of
the value (True/False) configured for NvMBlockWriteProt.c(SRS_Mem_08009)
[SWS_NvM_00326] dFor all NVRAM blocks configured with NvMBlockWriteProt =
TRUE, the NvM module shall enable a default write protection.c(SRS_Mem_08009)
[SWS_NvM_00578] dThe NvM module’s environment can explicitly disable the write
protection using the NvM_SetBlockProtection function.c()
[SWS_NvM_00397] dFor NVRAM blocks configured with NvMWriteBlockOnce ==
TRUE [ECUC_NvM_00072], the NvM module shall only write once to the associated
NV memory, i.e in case of a blank NV device.c(SRS_Mem_08015)

49 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00398] dFor NVRAM blocks configured with NvMWriteBlockOnce ==

TRUE, the NvM module shall not allow disabling the write protection explicitly using
the NvM_SetBlockProtection function.[SWS_NvM_00450]c()
[SWS_NvM_00952] dFor a block configured with NVM_WRITE_BLOCK_ONCE
(TRUE), NvM shall reject any Write/Erase/Invalidate request made prior to the first
read request.c()
Note: In case of a reset, the write protection flag of a block configured with NVM_
WRITE_BLOCK_ONCE (TRUE), from the NvM Administrative block, is cleared. In
order to reactivate the protection, the block has to be read prior to a first Write/Erase/
Invalidate request being processed, in order to set the write proctection only for a block
that is valid and consistent. The first read request can be done either as a single block
request or as part of NvM_ReadAll.

7.2.2.14 Validation and modification of RAM block data

This chapter shall give summarized information regarding the internal handling of
NVRAM Manager status bits. Depending on different API calls, the influence on the
status of RAM blocks shall be described in addition to the specification items located
in chapter 8.3. The following figures depict the state transitions of RAM blocks.

50 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.8: RAM Block States

Since entering and preserving a state can be done based on multiple conditions and
placing them all in the above figure would make it difficult to understand, more detailed
explanations are provided in the following subchapters. The INVALID / CHANGED
state is not detailed as it can never be reached (as mentioned in the figure above).
After the Initialization the RAM Block is in state INVALID/UNCHANGED until it is up-
dated via NvM_ReadAll, which causes a transition to state VALID/UNCHANGED. In
this state WriteAll is not allowed. This state is left, if the NvM_SetRamBlockStatus is
invoked. If there occurs a CRC error the RAM Block changes to state INVALID again,
which than can be left via the implicit or explicit error recovery mechanisms. After error
recovery the block is in state VALID/CHANGED as the content of the RAM differs from
the NVRAM content.

51 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00344] dIf the API for modifying the RAM block status has been disabled
in configuration (via NvMSetRamBlockStatusApi or NvMBlockUseSetRamBlockStatus)
the NvM module shall treat a RAM block or the RAM mirror in the NvM module (in case
of explicit synchronization) as valid and changed when writing data in the correspond-
ing NV block, i.e. during NvM_WriteAll, the NvM module shall write each permanent
RAM block to NV memory.c(SRS_Mem_08550)
[SWS_NvM_00345] dIf the API for modifying the RAM block status has been disabled
in configuration (via NvMSetRamBlockStatusApi or NvMBlockUseSetRamBlockStatus)
the NvM module shall treat a RAM block as invalid when reading data from NV block,
i.e. during NvM_ReadAll, the NvM module shall copy each NVRAM block to RAM if
configured accordingly.c(SRS_Mem_08550)
[SWS_NvM_00696] dIn case of an unsuccessful block read attempt, it is the respon-
sibility of the application to provide valid data before the next write attempt.c(SRS_-
Mem_08550)
[SWS_NvM_00472] dIn case a RAM block is successfully copied to NV memory the
RAM block state shall be set to "valid/unmodified" afterwards.c(SRS_Mem_08541)

7.2.2.14.1 The VALID / UNCHANGED state

This state implies that the contents of the RAM Block are either identical to the contents
of the corresponding NV Block or - if the application has accessed the RAM Block - a
potential change was not yet indicated. For a DATASET block these conditions apply to
he RAM contents of the instance that was last processed. Also, the last block operation
was successful and the block was not invalidated by request.
To enter the VALID / UNCHANGED state, at least of the following has to occur:
1. NvM_ReadAll() read successfully the block
2. NvM_ReadBlock finished successfully for the block
3. NvM_WriteBlock finished successfully for the block
4. NvM_WriteAll() wrote successfully the block
The VALID / UNCHANGED state is preserved while:
• the last read or write for a BlockID was successful (no error and no retrieval of
default data)
AND
• the application has not indicated a potential change of RAM block since last read
or write

52 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.14.2 The VALID / CHANGED state

This state implies that the contents of the RAM Block potentially differ from the contents
of the corresponding NV Block. For a DATASET block this condition applies to the
RAM contents of the instance that was last processed. Also, the last operation for the
block was successsful and the block was not invalidated by request. The block owner
can signal a potential RAM contents changed for the block causing the block state to
become VALID / CHANGED.
To enter the VALID / CHANGED state, at least one of the following has to occur:
1. NvM_SetRamBlockStatus called with TRUE for the block
2. NvM_WriteBlock is called for the block
3. NvM_WriteAll will also process the block
4. NvM_ReadBlock called for the block gives default data
5. NvM_RestoreBlockDefaults called for the block finishes successfully
6. NvM_ReadAll gives default data when processign the block
7. NvM_ValidateAll processed successfully the block
The VALID / CHANGED state is preserved while:
• a block owner has indicated a potential change of RAM block
OR
• default data was retrieved (implicitly or explicitly) for the block upon last read

7.2.2.14.3 The INVALID / UNCHANGED state

This state implies that the NV Block is invalid. For a DATASET block this means that
the NV Block contents are invalid for the last instance that was processed.
To enter the INVALID / UNCHANGED state, at least one of the following has to occur:
1. NvM_SetRamBlockStatus called with FALSE for the block
2. NvM_ReadBlock indicates invalidation by user request for the block
3. NvM_ReadBlock indicates corrupted data (if CRC configured) for the block
4. NvM_ReadBlock indicates wrong StaticID (if configured) for the block
5. NvM_WriteBlock finished non-successfully for the block
6. NvM_WriteAll non-successful write for the block
7. NvM_InvalidateNvBlock finished successfully for the block

53 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8. NvM_EraseNvBlock finished successfully for the block

The INVALID / UNCHANGED state is preserved while:
• the block state is unknown at the time (early init, until ReadAll or first operation
requested for a given block)
OR
• the block was detected as corrupted or with wrong StaticID
OR
• the last successful operation on the block was an invalidation
OR
• the current read failed and no default data
OR
• the last successful operation on the block was an erase

7.2.2.15 Communication and implicit synchronization between application and

NVRAM manager

To minimize locking/unlocking overhead or the use of other synchronization methods,

the communication between applications and the NvM module has to follow a strict
sequence of steps which is described below. This ensures a reliable communication
between applications and the NvM module and avoids data corruption in RAM blocks
and a proper synchronization is guaranteed.
This access model assumes that two parties are involved in communication with a RAM
block: The application and the NvM module.
[SWS_NvM_00697] dIf several applications are using the same RAM block it is not the
job of the NvM module to ensure the data integrity of the RAM block. In this case,
the applications have to synchronize their accesses to the RAM block and have to
guarantee that no unsuitable accesses to the RAM block take place during NVRAM
operations (details see below). Especially if several applications are sharing a NVRAM
block by using (different) temporary RAM blocks, synchronization between applications
becomes more complex and this is not handled by the NvM module, too. In case of
using callbacks as notification method, it could happen that e.g. an application gets a
notification although the request has not been initiated by this application.
All applications have to adhere to the following rules.c()

54 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.15.1 Write requests (NvM_WriteBlock or NvM_WritePRAMBlock)

[SWS_NvM_00698] dApplications have to adhere to the following rules during write

request for implicit synchronization between application and NVRAM manager:
1. The application fills a RAM block with the data that has to be written by the NvM
module
2. The application issues the NvM_WriteBlock or NvM_WritePRAMBlock request
which transfers control to the NvM module.
3. From now on the application should not modify the RAM block until success or
failure of the request is signaled or derived via polling. In the meantime the
contents of the RAM block may be read.
4. An application can use polling to get the status of the request or can be informed
via a callback function asynchronously.
5. After completion of the NvM module operation, the RAM block is reusable for
modifications.
c(SRS_Mem_00013)

7.2.2.15.2 Read requests (NvM_ReadBlock or NvM_ReadPRAMBlock)

[SWS_NvM_00699] dApplications have to adhere to the following rules during read

request for implicit synchronization between application and NVRAM manager:
1. The application provides a RAM block that has to be filled with NVRAM data from
the NvM module’s side.
2. The application issues the NvM_ReadBlock request which transfers control to the
NvM module.
3. From now on the application should not read or write to the RAM block until
success or failure of the request is signaled or derived via polling.
4. An application can use polling to get the status of the request or can be informed
via a callback function.
5. After completion of the NvM module operation, the RAM block is available with
new data for use by the application.
c(SRS_Mem_00013)

55 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.15.3 Restore default requests (NvM_RestoreBlockDefaults and NvM_Re-

storePRAMBlockDefaults)

[SWS_NvM_00700] dApplications have to adhere to the following rules during restore

default requests for implicit synchronization between application and NVRAM man-
ager:
1. The application provides a RAM block, which has to be filled with ROM data from
the NvM modules side.
2. The application issues the NvM_RestoreBlockDefaults or NvM_RestorePRAM-
BlockDefaults request which transfers control to the NvM module.
3. From now on the application should not read or write to the RAM block until
success or failure of the request is signaled or derived via polling.
4. An application can use polling to get the status of the request or can be informed
via a callback function.
5. After completion of the NvM module operation, the RAM block is available with
the ROM data for use by the application.
c(SRS_Mem_08548)

7.2.2.15.4 Multi block read requests (NvM_ReadAll)

This request may be triggered only by the BSW Mode Manager at system startup.
This request fills all configured permanent RAM blocks with necessary data for startup.
If the request fails or the request is handled only partially successful, the NVRAM-
Manager signals this condition to the DEM and returns an error to the BSW Mode
Manager. The DEM and the BSW Mode Manager have to decide about further mea-
sures that have to be taken. These steps are beyond the scope of the NvM module
and are handled in the specifications of DEM and BSW Mode Manager.
[SWS_NvM_00701] dApplications have to adhere to the following rules during multi
block read requests for implicit synchronization between application and NVRAM man-
ager:
The BSW Mode Manager issues the NvM_ReadAll.
1. The BSW Mode Manager can use polling to get the status of the request or can
be informed via a callback function.
2. During NvM_ReadAll, a single block callback (if configured) will be invoked after
having completely processed a NVRAM block. These callbacks enable the RTE
to start each SW-C individually.
c()

56 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.2.2.15.5 Multi block write requests (NvM_WriteAll)

This request should only be triggered by the BSW Mode Manager at shutdown of the
system. This request writes the contents of all modified permanent RAM blocks to NV
memory. By calling this request only during ECU shutdown, the BSW Mode Manager
can ensure that no SW component is able to modify data in the RAM blocks until the
end of the operation. These measures are beyond the scope of the NvM module and
are handled in the specifications of the BSW Mode Manager.
[SWS_NvM_00702] dApplications have to adhere to the following rules during multi
block write requests for implicit synchronization between application and NVRAM man-
ager:
1. The BSW Mode Manager issues the NvM_WriteAll request which transfers con-
trol to the NvM module.
2. The BSW Mode Manager can use polling to get the status of the request or can
be informed via a callback function.
c()

7.2.2.15.6 Cancel Operation (NvM_CancelWriteAll)

This request cancels a pending NvM_WriteAll request. This is an asynchronous re-

quest and can be called to terminate a pending NvM_WriteAll request.
[SWS_NvM_00703] dNvM_CancelWriteAll request shall only be used by the BSW
Mode Manager.c()

7.2.2.15.7 Modification of administrative blocks

For administrative purposes an administrative block is part of each configured NVRAM

block (ref. to ch. 7.1.3.4).
[SWS_NvM_00704] dIf there is a pending single-block operation for a NVRAM block,
the application is not allowed to call any operation that modifies the administrative
block, like NvM_SetDataIndex, NvM_SetBlockProtection, NvM_SetRamBlockStatus,
until the pending job has finished.c()

7.2.2.16 Normal and extended runtime preparation of NVRAM blocks

This subchapter is supposed to provide a short summary of normal and extended

runtime preparation of NVRAM blocks. The detailed behavior regarding the handling
of NVRAM blocks during start-up is specified in chapter 8.3.3.1.

57 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Depending on the two configuration parameters NvMDynamicConfiguration and Nv

MResistantToChangedSw the NVRAM Manager shall behave in different ways during
start-up, i.e. while processing the request NvM_ReadAll().
If NvMDynamicConfiguration is set to FALSE, the NVRAM Manager shall ignore the
stored configuration ID (see SWS_NvM_00034) and continue with the normal runtime
preparation of NVRAM blocks. In this case the RAM block shall be checked for its
validity. If the RAM block content is detected to be invalid the NV block shall be checked
for its validity. A NV block which is detected to be valid shall be copied to its assigned
RAM block. If an invalid NV Block is detected default data shall be loaded.
If NvMDynamicConfiguration is set to TRUE and a configuration ID mismatch is de-
tected, the extended runtime preparation shall be performed for those NVRAM blocks
which are configured with NvMResistantToChangedSw(FALSE). In this case default
data shall be loaded independent of the validity of an assigned RAM or NV block.

7.2.2.17 Communication and explicit synchronization between application and

NVRAM manager

In contrast to the implicit synchronization between the application and the NvM module
(see section 7.2.2.15) an optional (i.e. configurable) explicit synchronization mech-
anism is available. It is realized by a RAM mirror in the NvM module. The data is
transferred by the application in both directions via callback routines, called by the Nv
M module.
Here is a short analysis of this mechanism:
The advantage is that applications can control their data in a better way. They are
responsible for copying consistent data to and from the NvM module’s RAM mirror, so
they know the point in time. The RAM block is never in an inconsistent state due to
concurrent accesses.
The drawbacks are the additional RAM which needs to have the same size as the
largest NVRAM block that uses this mechanism and the necessity of an additional
copy between two RAM locations for every operation.
This mechanism especially enables the sharing of NVRAM blocks by different applica-
tions, if there is a module that synchronizes these applications and is the owner of the
NVRAM block from the NvM module’s perspective.
[SWS_NvM_00511] dFor every NVRAM block there shall be the possibility to configure
the usage of an explicit synchronization mechanism by the parameter NvMBlockUse
SyncMechanism.c()
[SWS_NvM_00512] dThe NvM module shall not allocate a RAM mirror if no block is
configured to use the explicit synchronization mechanism.c()
[SWS_NvM_00513] dThe NvM module shall allocate only one RAM mirror if at least
one block is configured to use the explicit synchronization mechanism. This RAM mirror

58 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

should not exceed the size of the longest NVRAM block configured to use the explicit
synchronization mechanism.c()
[SWS_NvM_00514] dThe NvM module shall use the internal mirror as buffer for all
operations that read and write the RAM block of those NVRAM blocks with NvMBlock
UseSyncMechanism == TRUE. The buffer should not be used for the other NVRAM
blocks.c()
[SWS_NvM_00515] dThe NvM module shall call the routine NvMWriteRamBlockToNv
Callback in order to copy the data from the RAM block to the mirror for all NVRAM
blocks with NvMBlockUseSyncMechanism == TRUE. This routine shall not be used for
the other NVRAM blocks.c()
[SWS_NvM_00516] dThe NvM module shall call the routine NvMReadRamBlockFrom
NvCallback in order to copy the data from the mirror to the RAM block for all NVRAM
blocks with NvMBlockUseSyncMechanism == TRUE. This routine shall not be used for
the other NVRAM blocks.c()
[SWS_NvM_00517] dDuring a single block request if the routines NvMReadRamBlock
FromNvCallback return E_NOT_OK, then the NvM module shall retry the routine call
NvMRepeatMirrorOperations times. Thereafter the single block read job shall set the
block specific request result to NVM_REQ_NOT_OK and shall report NVM_E_REQ_
FAILED to the DEM.c()
[SWS_NvM_00839] dIn the case the NvMReadRamBlockFromNvCallback routine re-
turns E_NOT_OK, the NvM module shall retry the routine call in the next call of the Nv
M_MainFunction.c()
[SWS_NvM_00579] dDuring a single block request if the routines NvMWriteRamBlock
ToNvCallback return E_NOT_OK, then the NvM module shall retry the routine call Nv
MRepeatMirrorOperations times. Thereafter the single block write job shall set the
block specific request result to NVM_REQ_NOT_OK and shall report NVM_E_REQ_
FAILED to the DEM.c()
[SWS_NvM_00840] dIn the case the NvMWriteRamBlockToNvCallback routine returns
E_NOT_OK, the NvM module shall retry the routine call in the next call of the NvM_
MainFunction.c()
[SWS_NvM_00837] dDuring a multi block request (NvM_WriteAll) if the routines Nv
MWriteRamBlockToNvCallback return E_NOT_OK, then the NvM module shall retry
the routine call NvMRepeatMirrorOperations times. Thereafter the job of the function
NvM_WriteAll shall set the block specific request result to NVM_REQ_NOT_OK and
shall report NVM_E_REQ_FAILED to the DEM.c()
[SWS_NvM_00838] dDuring a multi block request (NvM_ReadAll) if the routines Nv
MReadRamBlockFromNvCallback return E_NOT_OK, then the NvM module shall retry
the routine call NvMRepeatMirrorOperations times. Thereafter the job of the function
NvM_ReadAll shall set the block specific request result to NVM_REQ_NOT_OK and
shall report NVM_E_REQ_FAILED to the DEM.c()

59 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00904] dIf a block has explicit synchronization configured for it then it shall
not have a permanent RAM image configured.c(SRS_Mem_08534)
The following two sections clarify the differences when using the explicit synchroniza-
tion mechanism, compare to 7.2.2.17.1 and 7.2.2.17.2.

7.2.2.17.1 Write requests (NvM_WriteBlock or NvM_WritePRAMBlock)

[SWS_NvM_00705] dApplications have to adhere to the following rules during write

request for explicit synchronization between application and NVRAM manager:
1. The application fills a RAM block with the data that has to be written by the NvM
module.
2. The application issues the NvM_WriteBlock or NvM_WritePRAMBlock request.
3. The application might modify the RAM block until the routine NvMWriteRamBlock
ToNvCallback is called by the NvM module.
4. If the routine NvMWriteRamBlockToNvCallback is called by the NvM module, then
the application has to provide a consistent copy of the RAM block to the destina-
tion requested by the NvM module.
The application can use the return value E_NOT_OK in order to signal that data
was not consistent. The NvM module will accept this NvMRepeatMirrorOpera-
tions times and then postpones the request and continues with its next request.
5. Continuation only if data was copied to the NvM module:
6. From now on the application can read and write the RAM block again.
7. An application can use polling to get the status of the request or can be informed
via a callback routine asynchronously.
Note: The application may combine several write requests to different positions in one
RAM block, if NvM_WriteBlock or NvM_WritePRAMBlock was requested, but not yet
processed by the NvM module. The request was not processed, if the callback routine
NvMWriteRamBlockToNvCallback was not called.c()

7.2.2.17.2 Read requests (NvM_ReadBlock or NvM_ReadPRAMBlock)

[SWS_NvM_00706] dApplications have to adhere to the following rules during read

request for explicit synchronization between application and NVRAM manager:
1. The application provides a RAM block that has to be filled with NVRAM data from
the NvM module’s side.
2. The application issues the NvM_ReadBlock or NvM_ReadPRAMBlock request.

60 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

3. The application might modify the RAM block until the routine NvMReadRamBlock
FromNvCallback is called by the NvM module.
4. If the routine NvMReadRamBlockFromNvCallback is called by the NvM module,
then the application copy the data from the destination given by the NvM module
to the RAM block.The application can use the return value E_NOT_OK in order
to signal that data was not copied. The NvM module will accept this NvMRepeat
MirrorOperations times and then postpones the request and continues with its
next request.
5. Continuation only if data was copied from the NvM module:
6. Now the application finds the NV block values in the RAM block.
7. The application can use polling to get the status of the request or can be informed
via a callback routine.
Note: The application may combine several read requests to different positions in one
NV block, if NvM_ReadBlock or NvM_ReadPRAMBlock was requested, but not yet
processed by the NvM module. The request was not processed, if the callback routine
NvMReadRamBlockFromNvCallback was not called.
Note: NvM_RestoreBlockDefaults and NvM_RestorePRAMBlockDefaults works simi-
larly to NvM_ReadBlock.c()

7.2.2.17.3 Multi block read requests (NvM_ReadAll)

This request may be triggered only by the BSW Mode Manager at system startup. This
request fills all configured permanent RAM blocks with necessary data for startup.
If the request fails or the request is handled only partially successful, the NVRAM-
Manager signals this condition to the DEM and returns an error to the BSW Mode
Manager. The DEM and the BSW Mode Manager have to decide about further mea-
sures that have to be taken. These steps are beyond the scope of the NvM module
and are handled in the specifications of DEM and BSW Mode Manager.
Normal operation:
1. The BSW Mode Manager issues the NvM_ReadAll.
2. The BSW Mode Manager can use polling to get the status of the request or can
be informed via a callback function.
3. During NvM_ReadAll job, if a synchronization callback (NvM_ReadRamBlock
FromNvm) is configured for a block it will be called by the NvM module. In this
callback the application shall copy the data from the destination given by the Nv
M module to the RAM block.The application can use the return value E_NOT_OK
in order to signal that data was not copied. The NvM module will accept this Nv
MRepeatMirrorOperations times and then report the read operation as failed.

61 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4. Now the application finds the NV block values in the RAM block if the read oper-
ation was successful.
5. During NvM_ReadAll, a single block callback (if configured) will be invoked after
having completely processed a NVRAM block. These callbacks enable the RTE
to start each SW-C individually.
6. After processing of the last block and calling its single block callback (if config-
ured), the multi block callback (if configured) will be invoked.

7.2.2.17.4 Multi block write requests (NvM_WriteAll)

This request should only be triggered by the BSW Mode Manager at shutdown of the
system. This request writes the contents of all modified permanent RAM blocks to NV
memory. By calling this request only during ECU shutdown, the BSW Mode Manager
can ensure that no SW component is able to modify data in the RAM blocks until the
end of the operation. These measures are beyond the scope of the NvM module and
are handled in the specifications of the BSW Mode Manager.
Normal operation:
1. The BSW Mode Manager issues the NvM_WriteAll request which transfers con-
trol to the NvM module.
2. During NvM_WriteAll job, if a synchronization callback (NvM_WriteRamBlockTo
NvM) is configured for a block it will be called by the NvM module. In this call-
back the application has to provide a consistent copy of the RAM block to the
destination requested by the NvM module.
The application can use the return value E_NOT_OK in order to signal that data
was not consistent. The NvM module will accept this NvMRepeatMirrorOpera-
tions times and then report the write operation as failed.
3. Now the application can read and write the RAM block again.
4. The BSW Mode Manager can use polling to get the status of the request or can
be informed via a callback function.

7.2.2.18 Static Block ID Check

Note: NVRAM Manager stores the NV Block Header including the Static Block ID in
the NV Block each time the block is written to NV memory. When a block is read, its
Static Block ID is compared to the requested block ID. This permits to detect hardware
failures which cause a wrong block to be read.
[SWS_NvM_00523] dThe NVRAM Manager shall store the Static Block ID field of the
Block Header each time the block is written to NV memory.c(SRS_Mem_08555)

62 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00524] dThe NVRAM Manager shall check the Block Header each time
the block is read from NV memory.c(SRS_Mem_08555)
[SWS_NvM_00525] dIf the Static Block ID check fails then the failure NVM_E_
WRONG_BLOCK_ID is reported to DEM.c()
[SWS_NvM_00580] dIf the Static Block ID check fails then the read error recovery is
initiated. Hint: A check shall be made during configuration to ensure that all Static
Block IDs are unique.c()

7.2.2.19 Read Retry

[SWS_NvM_00526] dIf the NVRAM manager detects a failure during a read operation
from NV memory, a CRC error then one or more additional read attempts shall be
made, as configured by NVM_MAX_NUM_OF_READ_RETRIES, before continuing to
read the redundant NV Block.c(SRS_Mem_08554)
[SWS_NvM_00581] dIf the NVRAM manager detects a failure during a read operation
from NV memory, a CRC error then one or more additional read attempts shall be
made, as configured by NVM_MAX_NUM_OF_READ_RETRIES, before continuing to
read the ROM Block.c(SRS_Mem_08554)
[SWS_NvM_00582] dIf the NVRAM manager detects a failure during a read operation
from NV memory, a Static Block ID check then one or more additional read attempts
shall be made, as configured by NVM_MAX_NUM_OF_READ_RETRIES, before con-
tinuing to read the redundant NV Block.c(SRS_Mem_00129)
[SWS_NvM_00583] dIf the NVRAM manager detects a failure during a read operation
from NV memory, a Static Block ID check then one or more additional read attempts
shall be made, as configured by NVM_MAX_NUM_OF_READ_RETRIES, before con-
tinuing to read the ROM Block.c()

7.2.2.20 Write Verification

When a RAM Block is written to NV memory the NV block shall be immediately read
back and compared with the original content in RAM Block if the behaviour is enabled
by NVM_WRITE_VERIFICATION.
[SWS_NvM_00527] dComparison between original content in RAM Block and the
block read back shall be performed in steps so that the number of bytes read and com-
pared is not greater than as specified by the configuration parameter NVM_WRITE_
VERIFICATION_DATA_SIZE.c(SRS_Mem_08554, SRS_Mem_08556)
[SWS_NvM_00528] dIf the original content in RAM Block is not the same as read back
then the production code error NVM_E_VERIFY_FAILED shall be reported to DEM.c
(SRS_Mem_08556)

63 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00529] dIf the original content in RAM Block is not the same as read
back then write retries shall be performed as specified in this document.c(SRS_Mem_-
08554, SRS_Mem_08556)
[SWS_NvM_00530] dIf the read back operation fails then no read retries shall be per-
formed.c()
[SWS_NvM_00897] dIf the original content in RAM Block is not the same as read
back, for the initial write attempt as well as for all the configured retries, then NvM shall
set as request result NVM_REQ_NOT_OK.c(SRS_Mem_00017, SRS_Mem_08554,
SWS_NvM_08541, SRS_Mem_00030, SRS_Mem_08556)

7.2.2.21 Comparing NV data in NvM

In order to avoid unnecessary write operations in NV memory, if the NV data of a

specific RAM Block was not updated during runtime, the NvM module offers a CRC
based compare mechanism which can be applied while processing a write job.
[SWS_NvM_00849] dThe NvM module shall provide an option to skip writing of un-
changed data by implementing a CRC based compare mechanism.c(SRS_Mem_-
00136)
Note: In general, there is a risk that some changed content of an RAM Block leads
to the same CRC as the initial content so that an update might be lost if this option
is used. Therefore this option should be used only for blocks where this risk can be
tolerated.
[SWS_NvM_00850] dFor every NVRAM Block there shall be the possibility to configure
the usage of the CRC based compare mechanism by the parameter NvMBlockUse
CRCCompMechanism if the parameter NvMBlockUseCrc is set to true.c(SRS_Mem_-
00136)

7.2.2.22 NvM and BswM interaction

[SWS_NvM_00745] dThe NvM shall use the BswM API BswM_NvM_CurrentJob

Mode() when it needs to inform the BswM about a multiblock request state change.c()
[SWS_NvM_00950] dIf NvMBswMMultiBlockJobStatusInformation is true, the NvM
shall not call the configured multiblock callback.c()
[SWS_NvM_00746] dThe NvM shall use the BswM API BswM_NvM_CurrentBlock
Mode() when it needs to inform the BswM about a single block request acceptance
(as being pending) and result.c()
[SWS_NvM_00888] dIf NvMBswMMultiBlockJobStatusInformation is true, when NvM
accepts a multiblock operation the NvM shall inform the BswM about the accepted

64 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

multiblock operation as being pending, by calling the BswM_NvM_CurrentJobMode

with the related multiblock request type and, as mode, NVM_REQ_PENDING.c()
[SWS_NvM_00889] dIf NvMBswMMultiBlockJobStatusInformation is true, when a
multiblock operation finishes or is canceled the NvM shall inform the BswM about the
result of the multiblock operation, by calling the BswM_NvM_CurrentJobMode with the
related multiblock request type and, as mode, the outcome of the multiblock operation.c
()
[SWS_NvM_00890] dIf NvMBswMBlockStatusInformation is true, when NvM accepts
a single block operation the NvM shall inform the BswM about the accepted single
block operation as being pending, by calling the BswM_NvM_CurrentBlockMode with
the related Block ID and, as mode, NVM_REQ_PENDING.c()
[SWS_NvM_00891] dIf NvMBswMBlockStatusInformation is true, when a single block
operation finishes or is canceled the NvM shall inform the BswM about the result of the
single block operation, by calling the BswM_NvM_CurrentBlockMode with the related
Block ID and, as mode, the outcome of the singleblock operation.c()
[SWS_NvM_00892] dIf NvMBswMBlockStatusInformation is true and NvM has a multi-
block operation ongoing, for each block processed due to the multiblock operation, Nv
M shall inform the BswM when it starts to process the block, as being pending, by call-
ing the BswM_NvM_CurrentBlockMode with the related Block ID and, as mode, NVM_
REQ_PENDING.c()
[SWS_NvM_00949] dIf NvMBswMBlockStatusInformation is true and NvM has a multi-
block operation ongoing, for each block processed due to the multiblock operation, Nv
M shall inform the BswM about the result of the processing of the block when the block
is finished processing, by calling the BswM_NvM_CurrentBlockMode with the related
Block ID and, as mode, the outcome of the singleblock operation.c()

7.2.2.23 NvM behaviour in case of Block locked

The NvM_SetBlockLockStatus API service shall only be usable by BSW Components,

it is not published as Service in the SWC-Description. Thus it will not be accessible via
RTE.
[SWS_NvM_00751] dIf the function NvM_SetBlockLockStatus was called with the pa-
rameter BlockLocked as TRUE, the NvM shall guarantee that the NV contents asso-
ciated to the NVRAM block identified by BlockId, will not be modified by any request.
The Block shall be skipped during NvM_WriteAll, other requests, that are NvM_Write
Block, NvM_WritePRAMBlock, NvM_InvalidateNvBlock, NvM_EraseNvBlock, shall be
rejected.c()
[SWS_NvM_00752] dIf the function NvM_SetBlockLockStatus was called with the pa-
rameter BlockLocked as TRUE, the NvM shall guarantee that at next start-up, during
processing of NvM_ReadBlock or NvM_ReadPRAMBlock, this NVRAM block shall be
loaded from NV memory.c()

65 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00753] dIf the function NvM_SetBlockLockStatus was called with the pa-
rameter BlockLocked as FALSE, the NvM shall guarantee normal processing of this
NVRAM block as specified by AUTOSAR.c()
[SWS_NvM_00754] dThe BlockLocked setting made using the function NvM_SetBlock
LockStatus shall not be changeable by NvM_SetRamBlockStatus, nor by NvM_Set
BlockProtection.c()

7.2.2.23.1 Use Case

Save new Data for an NVRAM block via diagnostic services into NV memory. These
data shall be made available to the SW-C(s) with next ECU start-up, i.e. they shall
neither be overwritten by a request originating from an SW-C, nor be overwritten with
permanent RAM block’s data during shut-down (NvM_WriteAll).

7.2.2.23.2 Usage (by DCM):

1. DCM requests NvM_SetBlockLockStatus(<BlockId>, FALSE), in order to re-

enable writing to this block. (It might be locked by executing this procedure be-
fore).
2. DCM requests NvM_WriteBlock(<blockId>, <DataBuffer>)
3. DCM polls for completion of write request (using NvM_GetErrorStatus())
4. On success (NVM_REQ_OK), the DCM issues NvM_SetBlockLockStatus(<Block
Id>, TRUE).

7.2.2.24 Block Compression

The block data is compressed before it is written to NV memory. The type of compres-
sion (block split, compression, delta) is vendor-specific.
The use-case is for larger data blocks with changes of only smaller junks (like drive-
cycle logging). The goal is that not the whole block needs to be written to NV memory
to reduce the overall write-cycles.
The block split would divide the block in multiple sub-blocks and only the changed sub-
blocks would be written. Alternatively, only the changed delta could be written. Anyway,
any data compression algorithm could be used.
The drawback is always a higher runtime for writing or reading the data.

66 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 7.9: NvM block compression

[SWS_NvM_00966] dDRAFT In case the NvMBlockUseCompression is set to true, the

NvM shall compress the stored data in NV memory.c()

7.2.2.25 Block Ciphering

For security purposes NvM supports synchronous encryption and decryption via CSM
module using symmetric 16 byte aligned algorithms, e.g. AES128.
The user always works with plain data, the NV RAM stores the ciphered data:
> Write data: NvM encrypts the plain user data and then forwards the ciphered data to
the device.
> Read data: NvM reads the ciphered data from device, decrypts the data and finally
provides the plain data to the user.
To check the integrity of the ciphered data a CRC can be configured (as usual). NvM
will then calculate the CRC over encrypted data and recalculate and check the CRC
before decryption: the CRC always matches the ciphered data.
[SWS_NvM_00976] dIn case NvMBlockCipheringRef is given, the NvM shall before
forwarding the write request to MemIf encrypt the plain data using Csm_Encrypt() with
the CSM job given in NvMCsmEncryptionJobReference.

67 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

The CRC calculation (if configured) shall be done over the encrypted data.c()
[SWS_NvM_00977] dIn case Csm_Encrypt() returns a CRYPTO_E_BUSY, the NvM
shall retry to redo the job. After NvMCsmRetryCounter times of retry the NvM shall
abort the write job and set the NvM result to NVM_REQ_NOT_OK and signal an error
via NvM_JobErrorNotification().c()
[SWS_NvM_00978] dIn case Csm_Encrypt() returns any other error than CRYPTO_
E_BUSY or CRYPTO_E_OK, the NvM shall abort the write job and set the NvM result
to NVM_REQ_NOT_OK and signal an error via NvM_JobErrorNotification().c()
[SWS_NvM_00979] dIn case Csm_Encrypt() returns successfully with CRYPTO_E_
OK, the NvM shall continue the write job (e.g. with the CRC calculation) with the new
length given in NvMNvBlockNVRAMDataLength.
In case of the returned length in resultLengthPtr is different to the NvMNvBlock
NVRAMDataLength the development error NVM_E_BLOCK_CHIPHER_LENGTH_
MISSMATCH shall be triggerd.c()
[SWS_NvM_00980] dIn case NvMBlockCipheringRef is given, the NvM shall before
forwarding the read request to application decrypt the stored data using Csm_Decrypt()
with the CSM job given in NvMCsmDecryptionJobReference. The CRC check (if con-
figured) shall be done over the encrypted data. If the CRC does not match, NvM will
not decrypt the data but abort the job with NVM_REQ_INTEGRITY_FAILED.c()
[SWS_NvM_00981] dIn case Csm_Decrypt() returns a CRYPTO_E_BUSY, the NvM
shall retry to redo the job. After NvMCsmRetryCounter times of retry the NvM shall
abort the read job and set the NvM result to NVM_REQ_NOT_OK and signal an error
via NvM_JobErrorNotification().c()
[SWS_NvM_00982] dIn case Csm_Decrypt() returns any other error than CRYPTO_
E_BUSY or CRYPTO_E_OK, the NvM shall abort the read job and set the NvM result
to NVM_REQ_NOT_OK and signal an error via NvM_JobErrorNotification().c()
[SWS_NvM_00983] dIn case Csm_Decrypt() returns successfully with CRYPTO_E_
OK, the NvM shall continue the read job with the new length given in NvMNvBlock
Length.
In case of the returned length in resultLengthPtr is different to the NvMNvBlockLength
the development error NVM_E_BLOCK_CHIPHER_LENGTH_MISSMATCH shall be
triggerd.c()

68 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.3 Error Classification

7.3.1 Development Errors

[SWS_NvM_91004] d
Type of error Related error code Error value
API is called with wrong parameter block ID NVM_E_PARAM_BLOCK_ID 0x0A
API is called with wrong parameter block data NVM_E_PARAM_BLOCK_DATA_IDX 0x0C
API is called with wrong parameter address NVM_E_PARAM_ADDRESS 0x0D
API is called with wrong parameter data NVM_E_PARAM_DATA 0x0E
API is called with wrong parameter pointer NVM_E_PARAM_POINTER 0x0F
API is called for a block without defaults when NVM_E_BLOCK_WITHOUT_DEFAULTS 0x11
either the NvM_RestoreBlockDeafults or NvM_
RestorePRAMBlockDefaults is called for a valid
block ID that has no default data and no NvMInit
BlockCallback configured for the block
API is called when NVRAM manager is not NVM_E_UNINIT 0x14
initialized yet
read/write/control API is called for a block which is NVM_E_BLOCK_PENDING 0x15
already listed or in progress
Service is not possible with this block configuration NVM_E_BLOCK_CONFIG 0x18
write API is called for a block which RAM block is NVM_E_BLOCK_LOCKED 0x19
locked
write/erase/invalidate API is called for a block with NVM_E_WRITE_ONCE_STATUS_UNKNOWN 0x1A
MVM_WRITE_BLOCK_ONCE (TRUE) prior to the
first read request for that block
The length resulting from encryption or decription NVM_E_BLOCK_CHIPHER_LENGTH_ 0x1B
do not match with the given length in the MISSMATCH
configuration.

c(SRS_BSW_00385, SRS_BSW_00386, SRS_BSW_00406, SRS_BSW_00337,

SRS_BSW_00327, SRS_BSW_00331) (SRS_BSW_00385, SRS_BSW_00386,
SRS_BSW_00406, SRS_BSW_00337, SRS_BSW_00327)
[SWS_NvM_00961] dThe development error NVM_E_WRITE_PROTECTED (0x1B)
shall be detectable by the NvM module when a write attempt to a NVRAM block with
write protection (which write protection can be either configured or set by explicit re-
quest) occurs.c()
[SWS_NvM_00027] dIf development error detection is enabled for NvM module, the
function NvM_SetDataIndex shall report the DET error NVM_E_UNINIT when NVM is
not yet initialized.c(SRS_BSW_00323, SRS_BSW_00385, SRS_BSW_00386, SRS_-
BSW_00406, SRS_BSW_00327, SRS_BSW_00331)
•
[SWS_NvM_00598] dIf development error detection is enabled for NvM module, the
function NvM_SetDataIndex shall report the DET error NVM_E_BLOCK_PENDING
when NVRAM block identifier is already queued or currently in progress.c()
•

69 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00599] dIf development error detection is enabled for NvM module, the
function NvM_SetDataIndex shall report the DET error NVM_E_PARAM_BLOCK_
DATA_IDX when DataIndex parameter exceeds the total number of configured datasets
(Check: [SWS_NvM_00444], [SWS_NvM_00445]).c()
[SWS_NvM_00601] dIf development error detection is enabled for NvM module, the
function NvM_SetDataIndex shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00602] dIf development error detection is enabled for NvM module, the
function NvM_GetDataIndex shall report the DET error NVM_E_UNINIT when NVM
not yet initialized.c()
[SWS_NvM_00604] dIf development error detection is enabled for NvM module, the
function NvM_GetDataIndex shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00605] dIf development error detection is enabled for NvM module, the
function NvM_GetDataIndex shall report the DET error NVM_E_PARAM_DATA when
a NULL pointer is passed via the parameter DataIndexPtr.c()
[SWS_NvM_00606] dIf development error detection is enabled for NvM module, the
function NvM_SetBlockProtection shall report the DET error NVM_E_UNINIT when
NVM is not yet initialized.c()
[SWS_NvM_00607] dIf development error detection is enabled for NvM module, the
function NvM_SetBlockProtection shall report the DET error NVM_E_BLOCK_PEND-
ING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00608] dIf development error detection is enabled for NvM module, the
function NvM_SetBlockProtection shall report the DET error NVM_E_BLOCK_CON-
FIG when the NVRAM block is configured with NvMWriteBlockOnce = TRUE.c()
[SWS_NvM_00609] dIf development error detection is enabled for NvM module,
the function NvM_SetBlockProtection shall report the DET error NVM_E_PARAM_
BLOCK_ID when the passed BlockID is out of range.c()
[SWS_NvM_00759] dIf development error detection is enabled for NvM module,
the function NvM_SetBlockProtection shall report the DET error NVM_E_BLOCK_
LOCKED when the block is locked.c()
[SWS_NvM_00610] dIf development error detection is enabled for NvM module, the
function NvM_GetErrorStatus shall report the DET error NVM_E_UNINIT when NVM
is not yet initialized.c()
[SWS_NvM_00611] dIf development error detection is enabled for NvM module, the
function NvM_GetErrorStatus shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00612] dIf development error detection is enabled for NvM module, the
function NvM_GetErrorStatus shall report the DET error NVM_E_PARAM_DATA when
a NULL pointer is passed via the parameter RequestResultPtr.c()

70 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00613] dIf development error detection is enabled for NvM module, the
function NvM_GetVersionInfo shall report the DET error NVM_E_PARAM_POINTER
when a NULL pointer is passed via the parameter versioninfo.c()
[SWS_NvM_00614] dIf development error detection is enabled for NvM module, the
function NvM_ReadBlock shall report the DET error NVM_E_UNINIT when NVM is not
yet initialized.c()
[SWS_NvM_00615] dIf development error detection is enabled for NvM module, the
function NvM_ReadBlock shall report the DET error NVM_E_BLOCK_PENDING when
NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00616] dIf development error detection is enabled for NvM module, the
function NvM_ReadBlock shall report the DET error NVM_E_PARAM_ADDRESS
when no permanent RAM block and no explicit synchronization are configured and
a NULL pointer is passed via the parameter NvM_DstPtr.c()
[SWS_NvM_00618] dIf development error detection is enabled for NvM module, the
function NvM_ReadBlock shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00823] dIf development error detection is enabled for NvM module, the
function NvM_ReadPRAMBlock shall report the DET error NVM_E_UNINIT when NVM
is not yet initialized.c()
[SWS_NvM_00824] dIf development error detection is enabled for NvM module, the
function NvM_ReadPRAMBlock shall report the DET error NVM_E_BLOCK_PEND-
ING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00825] dIf development error detection is enabled for NvM module,
the function NvM_ReadPRAMBlock shall report the DET error NVM_E_PARAM_AD-
DRESS when no permanent RAM block and no explicit synchronization are configured,
for the received block ID.c(SRS_Mem_00016, SRS_Mem_00038)
[SWS_NvM_00826] dIf development error detection is enabled for NvM module, the
function NvM_ReadPRAMBlock shall report the DET error NVM_E_PARAM_BLOCK_
ID when the passed BlockID is out of range.c()
[SWS_NvM_00619] dIf development error detection is enabled for NvM module, the
function NvM_WriteBlock shall report the DET error NVM_E_UNINIT when NVM not
yet initialized.c()
[SWS_NvM_00620] dIf development error detection is enabled for NvM module, the
function NvM_WriteBlock shall report the DET error NVM_E_BLOCK_PENDING when
NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00622] dIf development error detection is enabled for NvM module,
the function NvM_WriteBlock shall report the DET error NVM_E_PARAM_ADDRESS
when no permanent RAM block and no explicit synchronization are configured and
a NULL pointer is passed via the parameter NvM_SrcPtr.c(SRS_Mem_00017, SRS_-
Mem_08541)

71 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00624] dIf development error detection is enabled for NvM module, the
function NvM_WriteBlock shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00748] dIf development error detection is enabled for NvM module, the
function NvM_WriteBlock shall report the DET error NVM_E_BLOCK_LOCKED when
the block is locked.c(SRS_Mem_08541, SRS_Mem_00127, SRS_Mem_00038)
[SWS_NvM_00827] dIf development error detection is enabled for NvM module, the
function NvM_WritePRAMBlock shall report the DET error NVM_E_UNINIT when NVM
not yet initialized.c()
[SWS_NvM_00828] dIf development error detection is enabled for NvM module, the
function NvM_WritePRAMBlock shall report the DET error NVM_E_BLOCK_PEND-
ING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00893] dIf development error detection is enabled for NvM module,
the function NvM_WritePRAMBlock shall report the DET error NVM_E_PARAM_AD-
DRESS when no permanent RAM block and no explicit synchronization are config-
ured.c(SRS_Mem_00018, SRS_Mem_08548)
[SWS_NvM_00829] dIf development error detection is enabled for NvM module, the
function NvM_WritePRAMBlock shall report the DET error NVM_E_PARAM_BLOCK_
ID when the passed BlockID is out of range.c()
[SWS_NvM_00830] dIf development error detection is enabled for NvM module, the
function NvM_WritePRAMBlock shall report the DET error NVM_E_BLOCK_LOCKED
when the block is locked.c()
[SWS_NvM_00625] dIf development error detection is enabled for NvM module, the
function NvM_RestoreBlockDefaults shall report the DET error NVM_E_UNINIT when
NVM is not yet initialized.c()
[SWS_NvM_00626] dIf development error detection is enabled for NvM module,
the function NvM_RestoreBlockDefaults shall report the DET error NVM_E_BLOCK_
PENDING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00894] dIf development error detection is enabled for NvM module,
the function NvM_RestorePRAMBlockDefaults shall report the DET error NVM_E_
PARAM_ADDRESS when no permanent RAM block and no explicit synchronization
are configured.c(SRS_Mem_00018, SRS_Mem_08548)
[SWS_NvM_00629] dIf development error detection is enabled for NvM module, the
function NvM_RestoreBlockDefaults shall report the DET error NVM_E_PARAM_AD-
DRESS when no permanent RAM block and no explicit synchronization are configured
and a NULL pointer is passed via the parameter NvM_DstPtr.c(SRS_Mem_00016,
SRS_Mem_08548)
[SWS_NvM_00630] dIf development error detection is enabled for NvM module,
the function NvM_RestoreBlockDefaults shall report the DET error NVM_E_PARAM_
BLOCK_ID when the passed BlockID is out of range.c()

72 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00831] dIf development error detection is enabled for NvM module, the
function NvM_RestorePRAMBlockDefaults shall report the DET error NVM_E_UNINIT
when NVM is not yet initialized.c()
[SWS_NvM_00832] dIf development error detection is enabled for NvM module,
the function NvM_RestorePRAMBlockDefaults shall report the DET error NVM_E_
BLOCK_PENDING when NVRAM block identifier is already queued or currently in
progress.c()
[SWS_NvM_00834] dIf development error detection is enabled for NvM module,
the function NvM_RestorePRAMBlockDefaults shall report the DET error NVM_E_
PARAM_BLOCK_ID when the passed BlockID is out of range.c()
[SWS_NvM_00631] dIf development error detection is enabled for NvM module, the
function NvM_EraseNvBlock shall report the DET error NVM_E_UNINIT when the
NVM is not yet initialized.c()
[SWS_NvM_00632] dIf development error detection is enabled for NvM module, the
function NvM_EraseNvBlock shall report the DET error NVM_E_BLOCK_PENDING
when the NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00635] dIf development error detection is enabled for NvM module, the
function NvM_EraseNvBlock shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00636] dIf development error detection is enabled for NvM module, the
function NvM_EraseNvBlock shall report the DET error NVM_E_BLOCK_CONFIG
when the NVRAM block has not immediate priority.c()
[SWS_NvM_00757] dIf development error detection is enabled for NvM module, the
function NvM_EraseNvBlock shall report the DET error NVM_E_BLOCK_LOCKED
when the block is locked.c()
[SWS_NvM_00637] dIf development error detection is enabled for NvM module, the
function NvM_CancelWriteAll shall report the DET error NVM_E_UNINIT when NVM
is not yet initialized.c()
[SWS_NvM_00638] dIf development error detection is enabled for NvM module, the
function NvM_InvalidateNvBlock shall report the DET error NVM_E_UNINIT when
NVM is not yet initialized.c()
[SWS_NvM_00639] dIf development error detection is enabled for NvM module, the
function NvM_InvalidateNvBlock shall report the DET error NVM_E_BLOCK_PEND-
ING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00642] dIf development error detection is enabled for NvM module, the
function NvM_InvalidateNvBlock shall report the DET error NVM_E_PARAM_BLOCK_
ID when the passed BlockID is out of range.c()
[SWS_NvM_00756] dIf development error detection is enabled for NvM module, the
function NvM_InvalidateNvBlock shall report the DET error NVM_E_BLOCK_LOCKED
when the block is locked.c()

73 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00643] dIf development error detection is enabled for NvM module, the
function NvM_SetRamBlockStatus shall report the DET error NVM_E_UNINIT when
NVM not yet initialized.c()
[SWS_NvM_00644] dIf development error detection is enabled for NvM module, the
function NvM_SetRamBlockStatus shall report the DET error NVM_E_BLOCK_PEND-
ING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00645] dIf development error detection is enabled for NvM module,
the function NvM_SetRamBlockStatus shall report the DET error NVM_E_PARAM_
BLOCK_ID when the passed BlockID is out of range.c()
[SWS_NvM_00758] dIf development error detection is enabled for NvM module,
the function NvM_SetRamBlockStatus shall report the DET error NVM_E_BLOCK_
LOCKED when the block is locked.c()
[SWS_NvM_00646] dIf development error detection is enabled for NvM module, the
function NvM_ReadAll shall report the DET error NVM_E_UNINIT when NVM is not
yet initialized.c()
[SWS_NvM_00647] dIf development error detection is enabled for NvM module, the
function NvM_WriteAll shall report the DET error NVM_E_UNINIT when NVM is not
yet initialized.c()
[SWS_NvM_00648] dIf development error detection is enabled for NvM module, the
function NvM_CancelJobs shall report the DET error NVM_E_UNINIT when NVM is
not yet initialized.c()
[SWS_NvM_00649] dIf development error detection is enabled for NvM module, the
function NvM_CancelJobs shall report the DET error NVM_E_PARAM_BLOCK_ID
when the passed BlockID is out of range.c()
[SWS_NvM_00728] dIf development error detection is enabled for NvM module, the
function NvM_SetBlockLockStatus shall report the DET error NVM_E_UNINIT when
NVM is not yet initialized.c()
[SWS_NvM_00729] dIf development error detection is enabled for NvM module, the
function NvM_SetBlockLockStatus shall report the DET error NVM_E_BLOCK_PEND-
ING when NVRAM block identifier is already queued or currently in progress.c()
[SWS_NvM_00730] dIf development error detection is enabled for NvM module, the
function NvM_SetBlockLockStatus shall report the DET error NVM_E_BLOCK_CON-
FIG when the NVRAM block is configured with NvMWriteBlockOnce = TRUE.c()
[SWS_NvM_00731] dIf development error detection is enabled for NvM module,
the function NvM_SetBlockLockStatus shall report the DET error NVM_E_PARAM_
BLOCK_ID when the passed BlockID is out of range.c()
[SWS_NvM_00863] dIf development error detection is enabled for NvM module, the
function NvM_ValidateAll shall report the DET error NVM_E_UNINIT when NVM is not
yet initialized.c(SRS_Mem_00137)

74 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00954] dIf development error detection is enabled for NvM module, the
function NvM_WriteBlock shall report the DET error NVM_E_WRITE_ONCE_STA-
TUS_UNKNOWN when a write request is made for a block configured with NVM_
WRITE_BLOCK_ONCE (TRUE) for which no read request was made prior to this.c()
[SWS_NvM_00955] dIf development error detection is enabled for NvM module, the
function NvM_WritePRAMBlock shall report the DET error NVM_E_WRITE_ONCE_
STATUS_UNKNOWN when a write request is made for a block configured with NVM_
WRITE_BLOCK_ONCE (TRUE) for which no read request was made prior to this.c()
[SWS_NvM_00956] dIf development error detection is enabled for NvM module, the
job of the function NvM_WriteAll shall report the DET error NVM_E_WRITE_ONCE_
STATUS_UNKNOWN when the processing of a block configured with NVM_WRITE_
BLOCK_ONCE (TRUE) for which no read request was made prior to this.c()
[SWS_NvM_00957] dIf development error detection is enabled for NvM module, the
job of the function NvM_EraseNvBlock shall report the DET error NVM_E_WRITE_
ONCE_STATUS_UNKNOWN when a write request is made for a block configured with
NVM_WRITE_BLOCK_ONCE (TRUE) for which no read request was made prior to
this.c()
[SWS_NvM_00958] dIf development error detection is enabled for NvM module, the
job of the function NvM_InvalidateNvBlock shall report the DET error NVM_E_WRITE_
ONCE_STATUS_UNKNOWN when a write request is made for a block configured with
NVM_WRITE_BLOCK_ONCE (TRUE) for which no read request was made prior to
this.c()
[SWS_NvM_00962] dIf development error detection is enabled for NvM module, the
function NvM_WriteBlock shall report the DET error NVM_E_WRITE_PROTECTED
when the block is write protected.c()
[SWS_NvM_00963] dIf development error detection is enabled for NvM module, the
function NvM_WritePRAMBlock shall report the DET error NVM_E_WRITE_PRO-
TECTED when the block is write protected.c()
[SWS_NvM_00964] dIf development error detection is enabled for NvM module,
the function NvM_EraseNvBlock shall report the DET error NVM_E_WRITE_PRO-
TECTED when the block is write protected.c()
[SWS_NvM_00965] dIf development error detection is enabled for NvM module, the
function NvM_InvalidateNvBlock shall report the DET error NVM_E_WRITE_PRO-
TECTED when the block is write protected.c()

75 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.3.2 Runtime Errors

[SWS_NvM_00947] d
Type of error Related error code Error value
NvM queue is full so the request cannot be NVM_E_QUEUE_FULL 0xA0
queued, be the request either standard or
immediate.

c()
[SWS_NvM_00948] dThe run-time error NVM_E_QUEUE_FULL shall be reported to
Det, by the NvM module, each time a request cannot be queued because the related
queue is full.c(SRS_Mem_00038)

7.3.3 Transient Faults

There are no transient faults.

7.3.4 Production Errors

7.3.4.1 NVM_E_HARDWARE

[SWS_NvM_00835] d
Error Name: NVM_E_HARDWARE
Short Description: Reading from or writing to non volatile memory failed
Long Description: If read job (multi job or single job read) fails either because the MemIf reports
MEMIF_JOB_FAILED, MEMIF_BLOCK_INCONSISTENT or a CRC mismatch
occurs or if a write/invalidate/erase job fails because the MemIf reports MEMIF_
JOB_FAILED, NvM shall report NVM_E_HARDWARE to the DEM.
Detection Criteria: Fail MemIf reports MEMIF_JOB_FAILED,
MEMIF_BLOCK_INCONSISTENT or a
CRC mismatch occurs during read /
write / invalidate / erase operation.
Pass Read / write / invalidate / erase is
successfull.
(MemIf does not report MEMIF_JOB_
FAILED , MEMIF_BLOCK_
INCONSISTENT and no CRC
mismatch occurs)
Secondary Parameters: The condition under which the FAIL and/or PASS detection is active:
Every time a read / write / invalidate / erase is requested for the block NvM shall
report if the condition of the block changed.
Time Required: Not applicabale. (there is no timeout monitoring in the NvM)
Monitor Frequency continous

c()

76 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.3.5 Extended Production Errors

Type or error Related error code Value [hex]

The processing of the read service NVM_E_INTEGRITY_FAILED Assigned by DEM
detects an inconsistency
The processing of the service fails NVM_E_REQ_FAILED Assigned by DEM
The Static Block ID check during read NVM_E_WRONG_BLOCK_ID Assigned by DEM
failed
The write verification failed NVM_E_VERIFY_FAILED Assigned by DEM
There is a loss of redundancy for a NVM_E_LOSS_OF_REDUNDANCY Assigned by DEM
block of redundant type

[SWS_NvM_00591] dThe extended production error NVM_E_INTEGRITY_FAILED

(value assigned by DEM, see container NvmDemEventParameterRefs) shall be de-
tectable by the NvM module when API request integrity failed, depending on whether
the build version mode is in production mode.c()
[SWS_NvM_00592] dThe extended production error NVM_E_REQ_FAILED (value as-
signed by DEM, see container NvmDemEventParameterRefs) shall be detectable by
the NvM module when API request failed, depending on whether the build version
mode is in production mode.c()
[SWS_NvM_00593] dThe extended production error NVM_E_WRONG_BLOCK_ID
(value assigned by DEM, see container NvmDemEventParameterRefs) shall be de-
tectable by the NvM module when Static Block ID check failed, depending on whether
the build version mode is in production mode.c(SRS_Mem_08555)
[SWS_NvM_00594] dThe extended production error NVM_E_VERIFY_FAILED (value
assigned by DEM, see container NvmDemEventParameterRefs) shall be detectable by
the NvM module when write Verification failed, depending on whether the build version
mode is in production mode.c()
[SWS_NvM_00595] dThe extended production error NVM_E_LOSS_OF_REDUN-
DANCY (value assigned by DEM, see container NvmDemEventParameterRefs) shall
be detectable by the NvM module when loss of redundancy, depending on whether the
build version mode is in production mode.c()
[SWS_NvM_00871] dEach time a request is made to the NvM, the job of that request,
if encountering an error situation, shall report the corresponding production error.c()

77 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

7.3.5.1 NVM_E_INTEGRITY_FAILED

Error Name: NVM_E_INTEGRITY_FAILED

Short Description: Processin of the read service detects an inconsistency.
Long Description: If the read for a block detects that the data and/or CRC are corrupted based on
the CRC check performed after the read was finished successfully (JobEnd
Notification from underlyinh memory module). This only applies for blocks
configured with CRC.
Detection Criteria: Fail See SWS_NvM_00864
Pass See SWS_NvM_00872
Secondary Parameters: The condition under which the FAIL or PASS detection is active:
CRC checking is performed each time a block with CRC is read successfully by
the underlying memory module and it will indicate failure or pass.
Time Required: Not applicable. There is no timeout monitoring or constraint for NvM.
Monitor Frequency continous

[SWS_NvM_00864] dFail condition: NVM_E_INTEGRITY_FAILED is reported by the

NvM module if the processing of a read request will detect, via the CRC checking,
corruption of the data and/or CRC of the block that was subject to the read operation.c
()
[SWS_NvM_00872] dPass condition: when requirement SWS_NvM_00864 does not
apply, meaning the data of the block is not corrupted in terms of CRC checking.c()

7.3.5.2 NVM_E_REQ_FAILED

Error Name: NVM_E_REQ_FAILED

Short Description: Processin of the read service failed at a lower layer in the MemStack architecture,
including all retries.
Long Description: If the underlying layer reports JobErrorNotification, indicating that the request
failed, either after it was accepted by the underlying memory module or because
the module refused the request. This is done after all retries also failed.
Detection Criteria: Fail See SWS_NvM_00865
Pass See: SWS_NvM_00873
Secondary Parameters: The condition under which the FAIL or PASS detection is active:
check is performed to see if the job was accepted or not and, if accepted, to see if
it finished successfully or not.
Time Required: Not applicable. There is no timeout monitoring or constraint for NvM.
Monitor Frequency continous

[SWS_NvM_00865] dFail condition: NVM_E_REQ_FAILED is reported by the NvM

module if a user request is either rejected and the number of configured retries expired
or if it was accepted and then failed, while being processed by the underlying memory
stack module.c()
[SWS_NvM_00873] dPass condition: when requirement SWS_NvM_00865 does not
apply, meaning that the user request was accepted by the undelying layer, either from

78 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

the first attempt or from one of the retries, and that it finished successfully, from the
point of view of the underlying layer (request result is MEMIF_JOB_OK).c()

7.3.5.3 NVM_E_WRONG_BLOCK_ID

Error Name: NVM_E_WRONG_BLOCK_ID

Short Description: Static block ID check, during read, indicates failure.
Long Description: If the read was successfully finished by the underlying memory module but the
Static ID check failed (meaning the block ID that was read is not the same as the
block ID for which the read was requested).
Detection Criteria: Fail See SWS_NvM_00866
Pass See SWS_NvM_00874
Secondary Parameters: The condition under which the FAIL or PASS detection is active:
check is performed each time the reading of a block is finished successfully by the
underlying memory module, if the block is configured to have the Static ID
checking performed for it.
Time Required: Not applicable. There is no timeout monitoring or constraint for NvM.
Monitor Frequency continous

[SWS_NvM_00866] dFail condition: NVM_E_WRONG_BLOCK_ID is reported by the

NvM module if, after the block data is successfully read from the non-volatile memory,
the Static ID that was retrieved is not the same as the current one, for the block the
read was requested for.c()
[SWS_NvM_00874] dPass condition: when requirement SWS_NvM_00866 does not
apply, meaning that the block ID that was read from the non-volatile memory is the
same as the block ID for which the read was requested.c()

7.3.5.4 NVM_E_VERIFY_FAILED

Error Name: NVM_E_VERIFY_FAILED

Short Description: The write verification failed.
Long Description: If, after a successfully finished write, the verification for the written data fails.
Detection Criteria: Fail See SWS_NvM_00867
Pass See SWS_NvM_00875
Secondary Parameters: The condition under which the FAIL or PASS detection is active:
a check is performed each time a block that is configured to have write verification
performed on it, has a write operation successfully finished.
Time Required: Not applicable. There is no timeout monitoring or constraint for NvM.
Monitor Frequency continous

[SWS_NvM_00867] dFail condition: NVM_E_VERIFY_FAILED is reported by the Nv

M module if, after a successful write, the write verification indicates failure and the
configured number of retries has expired.c()

79 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00875] dPass condition: when requirement SWS_NvM_00867 does not

apply, meaning that the write verification indicates success, the latest for the last retry
attempt.c()

7.3.5.5 NVM_E_LOSS_OF_REDUNDANCY

Error Name: NVM_E_LOSS_OF_REDUNDANCY

Short Description:
Long Description:
Detection Criteria:
Secondary Parameters:
Time Required:
Monitor Frequency
A redundant block has lost the redundancy.
A redundant block has the same contents written in two different block instances -
hence the redundancy. If the contents are different, if the first instance becomes
corrupted or if the first instance cannot be read then NvM will report this fault.
Fail See SWS_NvM_00868
Pass See SWS_NvM_00876
The condition under which the FAIL or PASS detection is active:
checks are performed whenever a reading is requested for a redundant block.
Not applicable. There is no timeout monitoring or constraint for NvM.
continous

[SWS_NvM_00868] dFail condition: NVM_E_LOSS_OF_REDUNDANCY is reported

by the NvM module if the reading performed over a REDUNDANT block indicates the
block has lost its redundancy.c()
Note: The loss of redundancy is detected if the reading of the first instance of the block
fails and the reading of the second instance of the block is finished successfully.
[SWS_NvM_00876] dPass condition: when requirement SWS_NvM_00868 does not
apply, meaning that the NvM did not detect the loss of redundancy for a REDUNDANT
block.c()

80 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8 API specification

8.1 Imported types

• In this chapter all types included from the following modules are listed:
[SWS_NvM_00446] d
Module Header File Imported Type
Dem Rte_Dem_Type.h Dem_EventIdType
Rte_Dem_Type.h Dem_EventStatusType
MemIf MemIf.h MemIf_JobResultType (obsolete)
MemIf.h MemIf_StatusType
Std Std_Types.h Std_ReturnType
Std_Types.h Std_VersionInfoType

c()

8.2 Type definitions

8.2.1 NvM_ConfigType

[SWS_NvM_00880] d
Name NvM_ConfigType
Kind Structure
Elements implementation specific
Type –
Comment –
Description Configuration data structure of the NvM module.
Available via NvM.h

c() Since this type is used for compliance purposes only (meaning that NvM_Init will
now have a pointer to this type as parameter, based on SWS_BSW_00047) it will be
left to the developer to chose how to implement it, considering it has no use for the Nv
M module in any way.

81 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.2.2 NvM_MultiBlockRequestType

[SWS_NvM_91003] d
Name NvM_MultiBlockRequestType
Kind Enumeration
Range NVM_READ_ALL 0x00 NvM_ReadAll was performed
NVM_WRITE_ALL 0x01 NvM_WriteAll was performed
NVM_VALIDATE_ALL 0x02 NvM_ValidateAll was performed
NVM_FIRST_INIT_ALL 0x03 NvM_FirstInitAll was performed
NVM_CANCEL_WRITE_ 0x04 NvM_CancelWriteAll was performed
ALL
Description Identifies the type of request performed on multi block when signaled via the callback function or
when reporting to BswM
Available via NvM.h

c()

8.3 Function definitions

8.3.1 Synchronous requests

8.3.1.1 NvM_Init

[SWS_NvM_00447] d
Service Name NvM_Init
Syntax void NvM_Init (
const NvM_ConfigType* ConfigPtr
)
Service ID [hex] 0x00
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) ConfigPtr Pointer to the selected configuration set.
Parameters (inout) None
Parameters (out) None
Return value None
Description Service for resetting all internal variables.
Available via NvM.h

c(SRS_BSW_00414, SWS_BSW_00047)
[SWS_NvM_00881] dThe Configuration pointer ConfigPtr shall always have a NULL_
PTR value.c()
The Configuration pointer ConfigPtr is currently not used and shall therefore be set to
a NULL_PTR value when calling the NvM_Init API.
[SWS_NvM_00399] dThe function NvM_Init shall reset all internal variables, e.g. the
queues, request flags, state machines, to their initial values. It shall signal "INIT DONE"

82 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

internally, e.g. to enable job processing and queue management.c(SRS_BSW_00101,

SRS_BSW_00406)
[SWS_NvM_00400] dThe function NvM_Init shall not modify the permanent RAM block
contents or call explicit synchronization callback, as this shall be done on NvM_Read
All.c(SRS_BSW_00101, SRS_BSW_00406)
[SWS_NvM_00192] dThe function NvM_Init shall set the dataset index of all NVRAM
blocks of type NVM_BLOCK_DATASET to zero.c()
[SWS_NvM_00193] dThe function NvM_Init shall not initialize other modules (it is as-
sumed that the underlying layers are already initialized).c()
The function NvM_Init is affected by the common 10.2.2 and published configuration
parameter.
Hint: The time consuming NVRAM block initialization and setup according to the block
descriptor 10.2.3 shall be done by the NvM_ReadAll request.

8.3.1.2 NvM_SetDataIndex

[SWS_NvM_00448] d
Service Name NvM_SetDataIndex
Syntax Std_ReturnType NvM_SetDataIndex (
NvM_BlockIdType BlockId,
uint8 DataIndex
)
Service ID [hex] 0x01
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
DataIndex Index position (association) of a NV/ROM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: The index position was set successfully.
E_NOT_OK: An error occurred.
Description Service for setting the DataIndex of a dataset NVRAM block.
Available via NvM.h

c(SRS_Mem_08007)
[SWS_NvM_00014] dThe function NvM_SetDataIndex shall set the index to access a
certain dataset of a NVRAM block (with/without ROM blocks).c()
[SWS_NvM_00263] dThe function NvM_SetDataIndex shall leave the content of the
corresponding RAM block unmodified.c()

83 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00264] dFor blocks with block management different from NVM_BLOCK_

DATASET, NvM_SetDataIndex shall return without any effect in production mode. Fur-
ther, E_NOT_OK shall be returned.c()
[SWS_NvM_00707] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_SetDataIndex.c()

8.3.1.3 NvM_GetDataIndex

[SWS_NvM_00449] d
Service Name NvM_GetDataIndex
Syntax Std_ReturnType NvM_GetDataIndex (
NvM_BlockIdType BlockId,
uint8* DataIndexPtr
)
Service ID [hex] 0x02
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) DataIndexPtr Pointer to where to store the current dataset index (0..255)
Return value Std_ReturnType E_OK: The index position has been retrieved successfully.
E_NOT_OK: An error occurred.
Description Service for getting the currently set DataIndex of a dataset NVRAM block
Available via NvM.h

c()
[SWS_NvM_00021] dThe function NvM_GetDataIndex shall get the current index (as-
sociation) of a dataset NVRAM block (with/without ROM blocks).c()
[SWS_NvM_00265] dFor blocks with block management different from NVM_BLOCK_
DATASET, NvM_GetDataIndex shall set the index pointed by DataIndexPtr to zero.
Further, E_NOT_OK shall be returned.c()
[SWS_NvM_00708] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_GetDataIndex.c()

84 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.3.1.4 NvM_SetBlockProtection

[SWS_NvM_00450] d
Service Name NvM_SetBlockProtection
Syntax Std_ReturnType NvM_SetBlockProtection (
NvM_BlockIdType BlockId,
boolean ProtectionEnabled
)
Service ID [hex] 0x03
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
ProtectionEnabled TRUE: Write protection shall be enabled FALSE: Write protection
shall be disabled
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: The block was enabled/disabled as requested
E_NOT_OK: An error occured.
Description Service for setting/resetting the write protection for a NV block.
Available via NvM.h

c(SRS_Mem_00127)
[SWS_NvM_00016] dThe function NvM_SetBlockProtection shall set/reset the write
protection for the corresponding NV block by setting the write protection attribute in the
administrative part of the corresponding NVRAM block.c(SRS_Mem_00127)
[SWS_NvM_00709] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_SetBlockProtection.c()

8.3.1.5 NvM_GetErrorStatus

[SWS_NvM_00451] d
Service Name NvM_GetErrorStatus
Syntax Std_ReturnType NvM_GetErrorStatus (
NvM_BlockIdType BlockId,
NvM_RequestResultType* RequestResultPtr
)
Service ID [hex] 0x04
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
5

85 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Parameters (out) RequestResultPtr Pointer to where to store the request result. See NvM_Request
ResultType .
Return value Std_ReturnType E_OK: The block dependent error/status information was read
successfully.
E_NOT_OK: An error occured.
Description Service to read the block dependent error/status information.
Available via NvM.h

c(SRS_Mem_00020)
[SWS_NvM_00015] dThe function NvM_GetErrorStatus shall read the block depen-
dent error/status information in the administrative part of a NVRAM block. The status/
error information of a NVRAM block shall be set by a former or current asynchronous
request.c(SRS_Mem_00020)
[SWS_NvM_00710] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_GetErrorStatus.c()

8.3.1.6 NvM_GetVersionInfo

[SWS_NvM_00452] d
Service Name NvM_GetVersionInfo
Syntax void NvM_GetVersionInfo (
Std_VersionInfoType* versioninfo
)
Service ID [hex] 0x0f
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) versioninfo Pointer to where to store the version information of this module.
Return value None
Description Service to get the version information of the NvM module.
Available via NvM.h

c()

86 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.3.1.7 NvM_SetRamBlockStatus

[SWS_NvM_00453] d
Service Name NvM_SetRamBlockStatus
Syntax Std_ReturnType NvM_SetRamBlockStatus (
NvM_BlockIdType BlockId,
boolean BlockChanged
)
Service ID [hex] 0x05
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
BlockChanged TRUE: Validate the permanent RAM block or the explicit
synchronization and mark block as changed. FALSE: Invalidate
the permanent RAM block or the explicit synchronization and
mark block as unchanged.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: The status of the permanent RAM block or the explicit
synchronization was changed as requested.
E_NOT_OK: An error occurred.
Description Service for setting the RAM block status of a permanent RAM block or the status of the explicit
synchronization of a NVRAM block.
Available via NvM.h

c(SRS_Mem_08545)
[SWS_NvM_00240] dThe function NvM_SetRamBlockStatus shall only work on
NVRAM blocks with a permanently configured RAM block or on NVRAM blocks config-
ured to support explicit synchronization, that have NvMBlockUseSetRamBlockStatus
enabled and shall have no effect to other NVRAM blocks.c(SRS_Mem_08546)
[SWS_NvM_00241] dThe function NvM_SetRamBlockStatus shall assume that a
changed permanent RAM block or the content of the RAM mirror in the NvM module (
in case of explicit synchronization) is valid (basic assumption).c(SRS_Mem_08545)
[SWS_NvM_00405] dWhen the "BlockChanged" parameter passed to the function Nv
M_SetRamBlockStatus is FALSE the corresponding RAM block is either invalid or un-
changed (or both).c(SRS_Mem_08545)
[SWS_NvM_00406] dWhen the "BlockChanged" parameter passed to the function Nv
M_SetRamBlockStatus is TRUE, the corresponding permanent RAM block or the con-
tent of the RAM mirror in the NvM module ( in case of explicit synchronization) is valid
and changed.c()
[SWS_NvM_00121] dFor blocks with a permanently configured RAM, the function Nv
M_SetRamBlockStatus shall request the recalculation of CRC in the background, i.e.
the CRC recalculation shall be processed by the NvM_MainFunction, if the given "Block
Changed" parameter is TRUE and CRC calculation in RAM is configured (i.e. NvMCalc
RamBlockCrc == TRUE).c()

87 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note: If a block processed by the job of the function NvM_SetRamBlockStatus has

explicit synchronization configured for it then the block owner should provide the related
RAM data for the comparison. The call made by NvM to the explicit synchronization
’write’ callback should be successful.
Hint: In some cases, a permanent RAM block cannot be validated neither by a reload
of its NV data, nor by a load of its ROM data during the execution of a NvM_ReadAll
command (startup). The application is responsible to fill in proper data to the RAM
block and to validate the block via the function NvM_SetRamBlockStatus before this
RAM block can be written to its corresponding NV block by NvM_WriteAll.
It is expected that the function NvM_SetRamBlockStatus will be called frequently for
NVRAM blocks which are configured to be protected in RAM via CRC. Otherwise this
function only needs to be called once to mark a block as "changed" and to be processed
during NvM_WriteAll.
[SWS_NvM_00906] dIf the function NvM_SetRamBlockStatus is called for a block that
does not have permanent RAM but it does have explicit synchronization and the "Block
Changed" parameter is TRUE then the job of the function NvM_SetRamBlockStatus
shall use the explicit synchronization callback for data storage (write) in order to obtain
the data over which to calculate the CRC for the block.c(SRS_Mem_08550, SRS_-
Mem_08545, SRS_Mem_00136)
[SWS_NvM_00907] dIf the explicit synchronization callback that is called by the job of
the function NvM_SetRamBlockStatus returns E_NOT_OK then NvM shall retry to call
the callback for the number of retries that are configured for the explicit synchroniza-
tion.c(SRS_Mem_08554)
[SWS_NvM_00908] dIf the explicit synchronization callback that is called by the job of
the function NvM_SetRamBlockStatus returns E_NOT_OK then NvM shall perform the
configured retries, one per NvM_MainFunction call.c(SRS_Mem_08554)
[SWS_NvM_00909] dIf the explicit synchronization callback that is called by the job
of the function NvM_SetRamBlockStatus returns E_NOT_OK for the initial call and for
all retry attempts then NvM will consider the job completed, keep the block marked as
"BlockChanged" and continue as though it finished successfully.c(SRS_Mem_08550,
SRS_Mem_08545, SRS_Mem_00136)
[SWS_NvM_00910] dThe function NvM_SetRamBlockStatus shall not change the re-
quest result for the block ID received as parameter.c(SRS_Mem_00038)
[SWS_NvM_00911] dA queued background CRC calculation done by the function Nv
M_SetRamBlockStatus shall not change the request result for the received block ID.c
(SRS_Mem_00038)
[SWS_NvM_00711] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_SetRamBlockStatus.c()
[SWS_NvM_00408] dThe NvM module shall provide the function NvM_SetRamBlock
Status only if it is configured via NvMSetRamBlockStatusApi.c()

88 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note: For more information on NvMSetRamBlockStatusApi, see chapter 10.2.2.

8.3.1.8 NvM_SetBlockLockStatus

[SWS_NvM_00548] d
Service Name NvM_SetBlockLockStatus
Syntax void NvM_SetBlockLockStatus (
NvM_BlockIdType BlockId,
boolean BlockLocked
)
Service ID [hex] 0x13
Sync/Async Synchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
BlockLocked TRUE: Mark the RAM.block as locked FALSE: Mark the
RAM.block as unlocked
Parameters (inout) None
Parameters (out) None
Return value None
Description Service for setting the lock status of a permanent RAM block or of the explicit synchronization
of a NVRAM block.
Available via NvM.h

c(SRS_Mem_08546)
[SWS_NvM_00732] dThe function NvM_SetBlockLockStatus shall only work on
NVRAM blocks with a permanently configured RAM block or on NVRAM blocks con-
figured to support explicit synchronization and shall have no effect to other NVRAM
blocks.
Hint: This function is to be used mainly by DCM, but it can also be used by complex
device drivers. The function is not included in the ServicePort interface.c()

8.3.1.9 NvM_CancelJobs

[SWS_NvM_00535] d
Service Name NvM_CancelJobs
Syntax Std_ReturnType NvM_CancelJobs (
NvM_BlockIdType BlockId
)
Service ID [hex] 0x10
Sync/Async Synchronous
Reentrancy Reentrant
5

89 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: The job was successfully removed from queue.
E_NOT_OK: The job could not be found in the queue.
Description Service to cancel all jobs pending for a NV block.
Available via NvM.h

c(SRS_Mem_08560)
[SWS_NvM_00536] dThe function NvM_CancelJobs shall cancel all jobs pending in
the queue for the specified NV Block. If requested the result type for the canceled
blocks is NVM_REQ_CANCELED.c(SRS_Mem_08560)
[SWS_NvM_00537] dA currently processed job is not canceled, and shall continue
even after the call of NvM_CancelJobs.c()
[SWS_NvM_00225] dThe function NvM_CancelJobs shall set the block specific re-
quest result for the specified NVRAM block to NVM_REQ_CANCELED if the request
is accepted.c()
Hint: The intent is just to empty the queue during the cleanup phase in case of termi-
nation or restart of a partition, to avoid later end of job notification.
[SWS_NvM_00984] dThe function NvM_CancelJobs shall set the canceled block’s
RAM block state to INVALID/UNCHANGED.c()

8.3.2 Asynchronous single block requests

8.3.2.1 NvM_ReadBlock

[SWS_NvM_00454] d
Service Name NvM_ReadBlock
Syntax Std_ReturnType NvM_ReadBlock (
NvM_BlockIdType BlockId,
void* NvM_DstPtr
)
Service ID [hex] 0x06
Sync/Async Asynchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) NvM_DstPtr Pointer to the RAM data block.
5

90 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to copy the data of the NV block to its corresponding RAM block.
Available via NvM.h

c(SRS_LIBS_08533, SRS_Mem_00016)
[SWS_NvM_00010] dThe job of the function NvM_ReadBlock shall copy the data of
the NV block to the corresponding RAM block.c(SRS_Mem_00016)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00195] dThe function NvM_ReadBlock shall take over the given parame-
ters, queue the read request in the job queue and return.c(SRS_Mem_00016)
[SWS_NvM_00196] dIf the function NvM_ReadBlock is provided with a valid RAM
block address then it is used.c(SRS_Mem_00016)
[SWS_NvM_00898] dIf the function NvM_ReadBlock is provided with NULL_PTR as a
RAM block address and it has a permanent RAM block configured then the permanent
RAM block is used.c(SRS_Mem_00016)
[SWS_NvM_00899] dIf the function NvM_ReadBlock is provided with NULL_PTR as a
RAM block address and it has the explicit synchronization configured then the explicit
synchronization is used.c(SRS_Mem_00016)
[SWS_NvM_00278] dThe job of the function NvM_ReadBlock shall provide the possi-
bility to copy NV data to a temporary RAM block although the NVRAM block is config-
ured with a permanent RAM block or explicit synchronization callbacks. In this case,
the parameter NvM_DstPtr has to be unequal to the NULL pointer. Otherwise a DET-
Parameter error (see Section 7.3) shall be emitted.c()
[SWS_NvM_00198] dThe function NvM_ReadBlock shall set the RAM block state to
INVALID/UNCHANGED immediately when the block is successfully enqueued.c()
[SWS_NvM_00199] dThe job of the function NvM_ReadBlock shall initiate a read at-
tempt on the second NV block if the passed BlockId references a NVRAM block of type
NVM_BLOCK_REDUNDANT and the read attempts on the first NV block fail.c()
[SWS_NvM_00340] dIn case of NVRAM block management type NVM_BLOCK_
DATASET, the job of the function NvM_ReadBlock shall copy only that NV block to
the corresponding RAM block which is selected via the data index in the administrative
block.c()
[SWS_NvM_00355] dThe job of the function NvM_ReadBlock shall not copy the NV
block to the corresponding RAM block if the NVRAM block management type is NVM_
BLOCK_DATASET and the NV block selected by the dataset index is invalidate.c()

91 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00651] dThe job of the function NvM_ReadBlock shall not copy the NV
block to the corresponding RAM block if the NVRAM block management type is NVM_
BLOCK_DATASET and the NV block selected by the dataset index is inconsistent.c()
[SWS_NvM_00354] dThe job of the function NvM_ReadBlock shall copy the ROM
block to RAM and set the request result to NVM_REQ_OK if the NVRAM block man-
agement type is NVM_BLOCK_DATASET and the dataset index points at a ROM
block.c()
[SWS_NvM_00200] dThe job of the function NvM_ReadBlock shall set the RAM block
to valid and assume it to be unchanged after a successful copy process of the NV block
to RAM.c()
[SWS_NvM_00366] dThe job of the function NvM_ReadBlock shall set the RAM block
to valid and assume it to be changed if the default values are copied to the RAM
successfully.c()
[SWS_NvM_00206] dThe job of the function NvM_ReadBlock shall set the request
result to NVM_REQ_OK if the NV block was copied successfully from NV memory to
RAM.c()
[SWS_NvM_00341] dThe job of the function NvM_ReadBlock shall set the request re-
sult to NVM_REQ_NV_INVALIDATED if the MemIf reports MEMIF_BLOCK_INVALID.c
()
[SWS_NvM_00652] dThe job of the function NvM_ReadBlock shall report no error to
the DEM if the MemIf reports MEMIF_BLOCK_INVALID.c()
[SWS_NvM_00358] dThe job of the function NvM_ReadBlock shall set the request
result to NVM_REQ_INTEGRITY_FAILED if:
• the MemIf reports MEMIF_BLOCK_INCONSISTENT and
• NvMRomBlockDataAddress is not configured (no ROM block with default data is
available) for the block and
• NvMInitBlockCallback is not configured (no init callback) for the block.
c()
[SWS_NvM_00653] dThe job of the function NvM_ReadBlock shall report NVM_E_
INTEGRITY_FAILED to the DEM if the MemIf reports MEMIF_BLOCK_INCONSIS-
TENT.c()
Note: After the production of an ECU / a car, on the production line all blocks shall have
been written with valid data (may be default data) and all diagnostic events (errors)
shall have been deleted. If the process does not allow to write all NV blocks during
production than the NvM will report diagnostic events (errors) because of blocks that
were never written and reported as MEMIF_BLOCK_INCONSISTENT by MemIf.
[SWS_NvM_00359] dThe job of the function NvM_ReadBlock shall set the request
result to NVM_REQ_NOT_OK if:

92 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• the MemIf reports MEMIF_JOB_FAILED and

• NvMRomBlockDataAddress is not configured (no ROM block with default data is
available) for the block and
• NvMInitBlockCallback is not configured (no init callback) for the block.
c()
[SWS_NvM_00654] dThe job of the function NvM_ReadBlock shall report NVM_E_
REQ_FAILED to the DEM if the MemIf reports MEMIF_JOB_FAILED.c()
[SWS_NvM_00279] dThe job of the function NvM_ReadBlock shall set the request
result to NVM_REQ_OK if the block management type of the given NVRAM block is
NVM_BLOCK_REDUNDANT and one of the NV blocks was copied successfully from
NV memory to RAM.c()
[SWS_NvM_00655] dThe job of the function NvM_ReadBlock shall report no error to
the DEM if the block management type of the given NVRAM block is NVM_BLOCK_
REDUNDANT and one of the NV blocks was copied successfully from NV memory to
RAM.c()
[SWS_NvM_00316] dThe job of the function NvM_ReadBlock shall mark every
NVRAM block that has been configured with NVM_WRITE_BLOCK_ONCE (TRUE)
as write protected if that block is valid and with consistent data. This write protection
cannot be cleared by NvM_SetBlockProtection.c()
[SWS_NvM_00317] dThe job of the function NvM_ReadBlock shall invalidate a
NVRAM block of management type redundant if both NV blocks have been invali-
dated.c()
[SWS_NvM_00201] dThe job of the function NvM_ReadBlock shall request a CRC
recalculation over the RAM block data after the copy process [SWS_NvM_00180] if
the NV block is configured with CRC, i.e. if NvMCalRamBlockCrC == TRUE for the NV
block.c()
[SWS_NvM_00202] dThe job of the function NvM_ReadBlock shall load the default
values according to processing of NvM_RestoreBlockDefaults (also set the request
result to NVM_REQ_RESTORED_DEFAULTS) if the recalculated CRC is not equal to
the CRC stored in NV memory.c()
[SWS_NvM_00658] dNvM_ReadBlock: If there are no default values available, the
RAM blocks shall remain invalid.c()
[SWS_NvM_00657] dThe job of the function NvM_ReadBlock shall load the default val-
ues according to processing of NvM_RestoreBlockDefaults (also set the request result
to NVM_REQ_RESTORED_DEFAULTS) if the read request passed to the underlying
layer fails (MemIf reports MEMIF_JOB_FAILED or MEMIF_BLOCK_INCONSISTENT)
and if the default values are available.c()
[SWS_NvM_00203] dThe job of the function NvM_ReadBlock shall report NVM_E_
INTEGRITY_FAILED to the DEM if a CRC mismatch occurs.c()

93 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00204] dThe job of the function NvM_ReadBlock shall set the request
result to NVM_REQ_INTEGRITY_FAILED if:
• a CRC mismatch occurs and
• NvMRomBlockDataAddress is not configured (no ROM block with default data is
available) for the block and
• NvMInitBlockCallback is not configured (no init callback) for the block.
c()
[SWS_NvM_00712] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_ReadBlock.c()

8.3.2.2 NvM_WriteBlock

[SWS_NvM_00455] d
Service Name NvM_WriteBlock
Syntax Std_ReturnType NvM_WriteBlock (
NvM_BlockIdType BlockId,
const void* NvM_SrcPtr
)
Service ID [hex] 0x07
Sync/Async Asynchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
NvM_SrcPtr Pointer to the RAM data block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to copy the data of the RAM block to its corresponding NV block.
Available via NvM.h

c(SRS_Mem_00017)
[SWS_NvM_00410] dThe job of the function NvM_WriteBlock shall copy the data of
the RAM block to its corresponding NV block.c(SRS_Mem_00017)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00749] dThe function NvM_WriteBlock shall return with E_NOT_OK, if a
locked NVRAM block is referenced by the passed BlockId parameter. and a DET error
(see Section 7.3) shall be emitted.c()
[SWS_NvM_00208] dThe function NvM_WriteBlock shall take over the given parame-
ters, queue the write request in the job queue and return.c(SRS_Mem_08541)

94 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00209] dThe function NvM_WriteBlock shall check the NVRAM block pro-
tection when the request is enqueued but not again before the request is executed.c
()
[SWS_NvM_00300] dThe function NvM_WriteBlock shall cancel a pending job imme-
diately in a destructive way if the passed BlockId references a NVRAM block configured
to have immediate priority. The immediate job shall be the next active job to be pro-
cessed.c()
[SWS_NvM_00210] dIf the function NvM_WriteBlock is provided with a valid RAM
block address then it is used.c(SRS_Mem_00017)
[SWS_NvM_00900] dIf the function NvM_WriteBlock is provided with NULL_PTR as a
RAM block address and it has a permanent RAM block configured then the permanent
RAM block is used.c(SRS_Mem_00017)
[SWS_NvM_00901] dIf the function NvM_WriteBlock is provided with NULL_PTR as a
RAM block address and it has the explicit synchronization configured then the explicit
synchronization is used.c(SRS_Mem_00017)
[SWS_NvM_00280] dThe job of the function NvM_WriteBlock shall provide the pos-
sibility to copy a temporary RAM block to a NV block although the NVRAM block is
configured with a permanent RAM block or explicit synchronization callbacks. In this
case, the parameter NvM_SrcPtr has to be unequal to a NULL pointer. Otherwise a
DET-Parameter error (see Section 7.3) shall be emittedc()
[SWS_NvM_00212] dThe job of the function NvM_WriteBlock shall request a CRC
recalculation before the RAM block will be copied to NV memory if the NV block is
configured with CRC [SWS_NvM_00180].c()
[SWS_NvM_00852] dThe job of the function NvM_WriteBlock shall skip writing and
consider the job as successfully finished if the NvMBlockUseCRCCompMechanism
attribute of the NVRAM Block is set to true and the RAM block CRC calculated by
the write job is equal to the CRC calculated during the last successful read or write
job. This mechanism shall not be applied to blocks for which a loss of redundancy has
been detected.c(SRS_Mem_00136)
[SWS_NvM_00338] dThe job of the function NvM_WriteBlock shall copy the RAM block
to the corresponding NV block which is selected via the data index in the administra-
tive block if the NVRAM block management type of the given NVRAM block is NVM_
BLOCK_DATASET.c()
[SWS_NvM_00303] dIf the block is successfully enqueued and if the RAM block state
is VALID/UNCHANGED or INVALID/UNCHANGED, the function NvM_WriteBlock shall
set the RAM block state to VALID/CHANGED.c()
Note: If the block has an explicit synchronization callback (NvM_WriteRamBlockTo
Nvm) configured the validation will be done just after NvM_WriteRamBlockToNvm is
successfully processed.

95 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note/Hint: The job of the function NvM_WriteBlock shall assume a referenced perma-
nent RAM block or the RAM mirror in the NvM module in case of explicit synchroniza-
tion to be valid when the request is passed to the NvM module.
[SWS_NvM_00213] dThe job of the function NvM_WriteBlock shall check the number
of write retries using a write retry counter to avoid infinite loops. Each negative result
reported by the memory interface shall be followed by an increment of the retry counter.
In case of a retry counter overrun, the job of the function NvM_WriteBlock shall set the
request result to NVM_REQ_NOT_OK.c(SRS_Mem_08554)
[SWS_NvM_00659] dThe job of the function NvM_WriteBlock shall check the number
of write retries using a write retry counter to avoid infinite loops. Each negative result
reported by the memory interface shall be followed by an increment of the retry counter.
In case of a retry counter overrun, the job of the function NvM_WriteBlock shall report
NVM_E_REQ_FAILED to the DEM.c()
[SWS_NvM_00216] dThe configuration parameter NVM_MAX_NUM_OF_WRITE_
RETRIES shall prescribe the maximum number of write retries for the job of the func-
tion NvM_WriteBlock when RAM block data cannot be written successfully to the cor-
responding NV block.c()
Note: For more information on NvMMaxNumOfWriteRetries, see chapter 10.2.2.
[SWS_NvM_00760] dThe job of the function NvM_WriteBlock shall copy the data con-
tent of the RAM block to both corresponding NV blocks if the NVRAM block manage-
ment type of the processed NVRAM block is NVM_BLOCK_REDUNDANT.c()
[SWS_NvM_00761] dIf the processed NVRAM block is of type NVM_BLOCK_REDUN-
DANT the job of the function NvM_WriteBlock shall start to copy the data of the RAM
block to NV block which has not been read during the jobs started by NvM_ReadBlock,
NvM_ReadPRAMBlock or NvM_ReadAll then continue to copy the other NV block.c()
[SWS_NvM_00284] dThe job of the function NvM_WriteBlock shall set NVM_REQ_
OK as request result if the passed BlockId references a NVRAM block of type NVM_
BLOCK_REDUNDANT and at least one of the NV blocks has been written success-
fully.c()
[SWS_NvM_00328] dThe job of the function NvM_WriteBlock shall set the write pro-
tection flag in the administrative block immediately if the NVRAM block is configured
with NvMWriteBlockOnce == TRUE and the data has been written successfully to the
NV block.c()
[SWS_NvM_00713] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_WriteBlock.c()
Hint: To avoid the situation that in case of redundant NVRAM blocks two different
NV blocks are containing different but valid data at the same time, each client of the
function NvM_WriteBlock may call NvM_InvalidateNvBlock in advance.

96 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00547] dThe job of the function NvM_WriteBlock with Block ID 1 shall

write the compiled NVRAM configuration ID to the stored NVRAM configuration ID
(block 1).c()
Hint: If a pristine ECU is flashed for the first time, such a call invoked by will ensure
that after a power-off without a proper shutdown, everything is as expected at the next
start-up. Otherwise, the new configuration ID would not be stored in NV RAM and all
ROM defaultd would be used. A macro scan be used to indicate this usage.

8.3.2.3 NvM_RestoreBlockDefaults

[SWS_NvM_00456] d
Service Name NvM_RestoreBlockDefaults
Syntax Std_ReturnType NvM_RestoreBlockDefaults (
NvM_BlockIdType BlockId,
void* NvM_DestPtr
)
Service ID [hex] 0x08
Sync/Async Asynchronous
Reentrancy Non Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) NvM_DestPtr Pointer to the RAM data block.
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to restore the default data to its corresponding RAM block.
Available via NvM.h

c(SRS_Mem_00018)
[SWS_NvM_00012] dThe job of the function NvM_RestoreBlockDefaults shall restore
the default data to its corresponding RAM block.c(SRS_Mem_00018)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00224] dThe function NvM_RestoreBlockDefaults shall take over the
given parameters, queue the request in the job queue and return.c()
[SWS_NvM_00267] dThe job of the function NvM_RestoreBlockDefaults shall load the
default data from a ROM block if a ROM block is configured.c(SRS_Mem_00018)
[SWS_NvM_00266] dThe NvM module’s environment shall call the function NvM_
RestoreBlockDefaults to obtain the default data if no ROM block is configured for a
NVRAM block and an application callback routine is configured via the parameter Nv
MInitBlockCallback.c(SRS_Mem_00018)

97 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00353] dThe function NvM_RestoreBlockDefaults shall return with E_

NOT_OK if the block management type of the given NVRAM block is NVM_BLOCK_
DATASET, at least one ROM block is configured and the data index points at a NV
block.c()
[SWS_NvM_00435] dIf the function NvM_RestoreBlockDefaults is provided with a valid
RAM block address then it is used.c(SRS_Mem_00018)
[SWS_NvM_00902] dIf the function NvM_RestoreBlockDefaults is provided with
NULL_PTR as a RAM block address and it has a permanent RAM block configured
then the permanent RAM block is used.c(SRS_Mem_00018)
[SWS_NvM_00903] dIf the function NvM_RestoreBlockDefaults is provided with
NULL_PTR as a RAM block address and it has the explicit synchronization configured
then the explicit synchronization is used.c(SRS_Mem_00018)
[SWS_NvM_00436] dThe NvM module’s environment shall pass a pointer unequal to
NULL via the parameter NvM_DstPtr to the function NvM_RestoreBlockDefaults in or-
der to copy ROM data to a temporary RAM block although the NVRAM block is con-
figured with a permanent RAM block or explicit synchronization callbacks. Otherwise a
DET-Parameter error (see Section 7.3) shall be emittedc()
[SWS_NvM_00227] dThe function NvM_RestoreBlockDefaults shall set the RAM
block state to INVALID/UNCHANGED immediately when the block is successfully en-
queued.c()
[SWS_NvM_00228] dThe job of the function NvM_RestoreBlockDefaults shall validate
and assume a RAM block to be changed if the requested RAM block is permanent
or after explicit synchronization callback (NvMReadRamBlockFromNvCallback) that is
called returns E_OK and the copy process of the default data to RAM was successful
.c()
[SWS_NvM_00229] dThe job of the function NvM_RestoreBlockDefaults shall request
a recalculation of CRC from a RAM block after the copy process/validation if a CRC is
configured for this RAM block.c()
[SWS_NvM_00714] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_RestoreBlockDefaults.c()
Hint: For the block management type NVM_BLOCK_DATASET, the application has to
ensure that a valid dataset index is selected (pointing to ROM data).
[SWS_NvM_00883] dIf the block has no ROM default data and no NvMInitBlockCall-
back configured for it then the function NvM_RestoreBlockDefaults shall leave the block
status unchanged and return E_NOT_OK as result.c()
[SWS_NvM_00885] dIf the block has no default data, it has no InitBlockCallbackFunc-
tion configured and the development error detection is enabled then the NvM_Restore
BlockDefaults API shall report the error NVM_E_BLOCK_WITHOUT_DEFAULTS error
to the Det module.c()

98 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.3.2.4 NvM_EraseNvBlock

[SWS_NvM_00457] d
Service Name NvM_EraseNvBlock
Syntax Std_ReturnType NvM_EraseNvBlock (
NvM_BlockIdType BlockId
)
Service ID [hex] 0x09
Sync/Async Asynchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to erase a NV block.
Available via NvM.h

c(SRS_Mem_08544)
[SWS_NvM_00415] dThe job of the function NvM_EraseNvBlock shall erase a NV
block.c(SRS_Mem_08544)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00231] dThe function NvM_EraseNvBlock shall take over the given pa-
rameters, queue the request and return.c()
[SWS_NvM_00418] dThe function NvM_EraseNvBlock shall queue the request to
erase in case of disabled write protection.c()
[SWS_NvM_00416] dThe job of the function NvM_EraseNvBlock shall leave the con-
tent of the RAM block unmodified.c()
[SWS_NvM_00959] dThe job of the function NvM_EraseNvBlock shall leave the write
protection unchanged for the blocks configured with NVM_WRITE_BLOCK_ONCE
(TRUE).c()
[SWS_NvM_00661] dThe function NvM_EraseNvBlock shall return with E_NOT_OK if
a ROM block of a dataset NVRAM block is referenced.c()
[SWS_NvM_00662] dNvM_EraseNvBlock: The NvM module shall not re-check the
write protection before fetching the job from the job queue.c()
[SWS_NvM_00269] dIf the referenced NVRAM block is of type NVM_BLOCK_RE-
DUNDANT, the function NvM_EraseNvBlock shall only succeed when both NV blocks
have been erased.c()
[SWS_NvM_00271] dThe job of the function NvM_EraseNvBlock shall set the request
result to NVM_REQ_NOT_OK if the processing of the service fails.c()

99 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00663] dThe job of the function NvM_EraseNvBlock shall report NVM_E_

REQ_FAILED to the DEM if the processing of the service fails.c()
[SWS_NvM_00357] dThe function NvM_EraseNvBlock shall return with E_NOT_OK,
when development error detection is enabled and the referenced NVRAM block is con-
figured with standard priority.c()
[SWS_NvM_00715] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_EraseNvBlock.c()

8.3.2.5 NvM_InvalidateNvBlock

[SWS_NvM_00459] d
Service Name NvM_InvalidateNvBlock
Syntax Std_ReturnType NvM_InvalidateNvBlock (
NvM_BlockIdType BlockId
)
Service ID [hex] 0x0b
Sync/Async Asynchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to invalidate a NV block.
Available via NvM.h

c(SRS_Mem_08011)
[SWS_NvM_00421] dThe job of the function NvM_InvalidateNvBlock shall invalidate a
NV block.c(SRS_Mem_08011)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00422] dThe job of the function NvM_InvalidateNvBlock shall leave the
RAM block unmodified.c()
[SWS_NvM_00960] dThe job of the function NvM_InvalidateNvBlock shall leave the
write protection unchanged for the blocks configured with NVM_WRITE_BLOCK_
ONCE (TRUE).c()
[SWS_NvM_00424] dThe function NvM_InvalidateNvBlock shall queue the request if
the write protection of the corresponding NV block is disabled.c()
[SWS_NvM_00239] dThe function NvM_InvalidateNvBlock shall take over the given
parameters, queue the request and return.c()

100 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00664] dThe function NvM_InvalidateNvBlock shall return with E_NOT_

OK if a ROM block of a dataset NVRAM block is referenced by the BlockId parameter.c
()
[SWS_NvM_00665] dThe NvM module shall not recheck write protection before fetch-
ing the job from the job queue.c()
[SWS_NvM_00274] dIf the referenced NVRAM block is of type NVM_BLOCK_RE-
DUNDANT, the function NvM_InvalidateNvBlock shall only set the request result NvM_
RequestResultType to NVM_REQ_OK when both NV blocks have been invalidated.c()
[SWS_NvM_00275] dThe function NvM_InvalidateNvBlock shall set the request result
to NVM_REQ_NOT_OK if the processing of this service fails.c()
[SWS_NvM_00666] dThe function NvM_InvalidateNvBlock shall report NVM_E_REQ_
FAILED to the DEM if the processing of this service fails.c()
[SWS_NvM_00717] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function function NvM_InvalidateNvBlock.c()

8.3.2.6 NvM_ReadPRAMBlock

[SWS_NvM_00764] d
Service Name NvM_ReadPRAMBlock
Syntax Std_ReturnType NvM_ReadPRAMBlock (
NvM_BlockIdType BlockId
)
Service ID [hex] 0x16
Sync/Async Asynchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to copy the data of the NV block to its corresponding permanent RAM block.
Available via NvM.h

c(SRS_LIBS_08533, SRS_Mem_00016)
[SWS_NvM_00765] dThe job of the function NvM_ReadPRAMBlock shall copy the
data of the NV block to the permanent RAM block.c(SRS_Mem_00016)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00766] dThe function NvM_ReadPRAMBlock shall take over the given
parameters, queue the read request in the job queue and return.c(SRS_Mem_00016)

101 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00767] dIf the block is successfully enqueued, the function NvM_Read

PRAMBlock shall set the RAM block state to INVALID/UNCHANGED.c()
[SWS_NvM_00768] dThe job of the function NvM_ReadPRAMBlock shall initiate a
read attempt on the second NV block if the passed BlockId references a NVRAM block
of type NVM_BLOCK_REDUNDANT and the read attempts on the first NV block fail.c
()
[SWS_NvM_00769] dIn case of NVRAM block management type NVM_BLOCK_
DATASET, the job of the function NvM_ReadPRAMBlock shall copy only that NV block
to the corresponding RAM block which is selected via the data index in the administra-
tive block.c()
[SWS_NvM_00770] dThe job of the function NvM_ReadPRAMBlock shall not copy the
NV block to the corresponding RAM block if the NVRAM block management type is
NVM_BLOCK_DATASET and the NV block selected by the dataset index is invalidate.c
()
[SWS_NvM_00771] dThe job of the function NvM_ReadPRAMBlock shall not copy the
NV block to the corresponding RAM block if the NVRAM block management type is
NVM_BLOCK_DATASET and the NV block selected by the dataset index is inconsis-
tent.c()
[SWS_NvM_00772] dThe job of the function NvM_ReadPRAMBlock shall copy the
ROM block to RAM and set the request result to NVM_REQ_OK if the NVRAM block
management type is NVM_BLOCK_DATASET and the dataset index points at a ROM
block.c()
[SWS_NvM_00773] dThe job of the function NvM_ReadPRAMBlock shall set the RAM
block to valid and assume it to be unchanged after a successful copy process of the
NV block to RAM.c()
[SWS_NvM_00774] dThe job of the function NvM_ReadPRAMBlock shall set the RAM
block to valid and assume it to be changed if the default values are copied to the RAM
successfully.c()
[SWS_NvM_00775] dThe job of the function NvM_ReadPRAMBlock shall set the re-
quest result to NVM_REQ_OK if the NV block was copied successfully from NV mem-
ory to RAM.c()
[SWS_NvM_00776] dThe job of the function NvM_ReadPRAMBlock shall set the re-
quest result to NVM_REQ_NV_INVALIDATED if the MemIf reports MEMIF_BLOCK_
INVALID.c()
[SWS_NvM_00777] dThe job of the function NvM_ReadPRAMBlock shall report no
error to the DEM if the MemIf reports MEMIF_BLOCK_INVALID.c()
[SWS_NvM_00778] dThe job of the function NvM_ReadPRAMBlock shall set the re-
quest result to NVM_REQ_INTEGRITY_FAILED if the MemIf reports MEMIF_BLOCK_
INCONSISTENT.c()

102 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00779] dThe job of the function NvM_ReadPRAMBlock shall report NVM_

E_INTEGRITY_FAILED to the DEM if the MemIf reports MEMIF_BLOCK_INCONSIS-
TENT.c()
[SWS_NvM_00780] dThe job of the function NvM_ReadPRAMBlock shall set the re-
quest result to NVM_REQ_NOT_OK if the MemIf reports MEMIF_JOB_FAILED.c()
[SWS_NvM_00781] dThe job of the function NvM_ReadPRAMBlock shall report NVM_
E_REQ_FAILED to the DEM if the MemIf reports MEMIF_JOB_FAILED.c()
[SWS_NvM_00782] dThe job of the function NvM_ReadPRAMBlock shall set the re-
quest result to NVM_REQ_OK if the block management type of the given NVRAM block
is NVM_BLOCK_REDUNDANT and one of the NV blocks was copied successfully from
NV memory to RAM.c()
[SWS_NvM_00783] dThe job of the function NvM_ReadPRAMBlock shall report no
error to the DEM if the block management type of the given NVRAM block is NVM_
BLOCK_REDUNDANT and one of the NV blocks was copied successfully from NV
memory to RAM.c()
[SWS_NvM_00784] dThe job of the function NvM_ReadPRAMBlock shall mark every
NVRAM block that has been configured with NVM_WRITE_BLOCK_ONCE (TRUE)
as write protected if that block is valid and with consistent data. This write protection
cannot be cleared by NvM_SetBlockProtection.c()
[SWS_NvM_00785] dThe job of the function NvM_ReadPRAMBlock shall invalidate
a NVRAM block of management type redundant if both NV blocks have been invali-
dated.c()
[SWS_NvM_00786] dThe job of the function NvM_ReadPRAMBlock shall request a
CRC recalculation over the RAM block data after the copy process [SWS_NvM_00180]
if the NV block is configured with CRC, i.e. if NvMCalRamBlockCrC == TRUE for the
NV block.c()
[SWS_NvM_00787] dThe job of the function NvM_ ReadPRAMBlock shall load the
default values according to processing of NvM_RestorePRAMBlockDefaults if the re-
calculated CRC is not equal to the CRC stored in NV memory.c()
[SWS_NvM_00788] dNvM_ReadPRAMBlock: If there are no default values available,
the RAM blocks shall remain invalid.c()
[SWS_NvM_00789] dThe job of the function NvM_ReadPRAMBlock shall load the de-
fault values according to processing of NvM_RestorePRAMBlockDefaults if the read
request passed to the underlying layer fails.c()
[SWS_NvM_00790] dThe job of the function NvM_ReadPRAMBlock shall report NVM_
E_INTEGRITY_FAILED to the DEM if a CRC mismatch occurs.c()
[SWS_NvM_00791] dThe job of the function NvM_ReadPRAMBlock shall set the re-
quest result NVM_REQ_INTEGRITY_FAILED if a CRC mismatch occurs.c()

103 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00792] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_ReadPRAMBlock.c()
[SWS_NvM_00882] dThe job of the function NvM_ReadPRAMBlock shall load the de-
fault values according to processing of NvM_RestorePRAMBlockDefaults (also set the
request result to NVM_REQ_RESTORED_DEFAULTS) if the read request passed to
the underlying layer fails (MemIf reports MEMIF_JOB_FAILED or MEMIF_BLOCK_IN-
CONSISTENT) and if the default values are available.c()

8.3.2.7 NvM_WritePRAMBlock

[SWS_NvM_00793] d
Service Name NvM_WritePRAMBlock
Syntax Std_ReturnType NvM_WritePRAMBlock (
NvM_BlockIdType BlockId
)
Service ID [hex] 0x17
Sync/Async Asynchronous
Reentrancy Reentrant
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to copy the data of the permanent RAM block to its corresponding NV block.
Available via NvM.h

c(SRS_Mem_00017)
[SWS_NvM_00794] dThe job of the function NvM_WritePRAMBlock shall copy the
data of the permanent RAM block to its corresponding NV block.c(SRS_Mem_00017)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00797] dThe function NvM_WritePRAMBlock shall return with E_NOT_
OK, if a locked NVRAM block is referenced by the passed BlockId parameter. and a
DET error (see Section 7.3) shall be emitted.c()
[SWS_NvM_00798] dThe function NvM_WritePRAMBlock shall take over the given
parameters, queue the write request in the job queue and return.c(SRS_Mem_08541)
[SWS_NvM_00799] dThe function NvM_WritePRAMBlock shall check the NVRAM
block protection when the request is enqueued but not again before the request is
executed.c()
[SWS_NvM_00800] dThe function NvM_WritePRAMBlock shall cancel a pending job
immediately in a destructive way if the passed BlockId references a NVRAM block

104 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

configured to have immediate priority. The immediate job shall be the next active job
to be processed.c()
[SWS_NvM_00801] dThe job of the function NvM_WritePRAMBlock shall request a
CRC recalculation before the RAM block will be copied to NV memory if the NV block
is configured with CRC [SWS_NvM_00180].c()
[SWS_NvM_00853] dThe job of the function NvM_WritePRAMBlock shall skip writing
and consider the job as successfully finished if the NvMBlockUseCRCCompMecha-
nism attribute of the NVRAM Block is set to true and the RAM block CRC calculated
by the write job is equal to the CRC calculated during the last successful read or write
job. This mechanism shall not be applied to blocks for which a loss of redundancy has
been detected.c(SRS_Mem_00136)
[SWS_NvM_00802] dThe job of the function NvM_WritePRAMBlock shall copy the
RAM block to the corresponding NV block which is selected via the data index in the
administrative block if the NVRAM block management type of the given NVRAM block
is NVM_BLOCK_DATASET.c()
[SWS_NvM_00803] dIf the block is successfully enqueued and if the RAM block state is
VALID/UNCHANGED or INVALID/UNCHANGED, the function NvM_WritePRAMBlock
shall set the RAM block state to VALID/CHANGED.c()
Note: If the block has an explicit synchronization callback (NvM_WriteRamBlockTo
Nvm) configured the validation will be done just after NvM_WriteRamBlockToNvm is
successfully processed.
Note/Hint: The job of the function NvM_WritePRAMBlock shall assume a referenced
permanent RAM block or the RAM mirror in the NvM module in case of explicit syn-
chronization to be valid when the request is passed to the NvM module.
[SWS_NvM_00804] dThe job of the function NvM_WritePRAMBlock shall check the
number of write retries using a write retry counter to avoid infinite loops. Each nega-
tive result reported by the memory interface shall be followed by an increment of the
retry counter. In case of a retry counter overrun, the job of the function NvM_Write
PRAMBlock shall set the request result to NVM_REQ_NOT_OK.c(SRS_Mem_08554)
[SWS_NvM_00805] dThe job of the function NvM_WritePRAMBlock shall check the
number of write retries using a write retry counter to avoid infinite loops. Each nega-
tive result reported by the memory interface shall be followed by an increment of the
retry counter. In case of a retry counter overrun, the job of the function NvM_Write
PRAMBlock shall report NVM_E_REQ_FAILED to the DEM.c()
[SWS_NvM_00806] dThe configuration parameter NVM_MAX_NUM_OF_WRITE_
RETRIES shall prescribe the maximum number of write retries for the job of the func-
tion NvM_WritePRAMBlock when RAM block data cannot be written successfully to
the corresponding NV block.c()
Note: For more information on NvMMaxNumOfWriteRetries, see chapter 10.2.2.

105 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00807] dThe job of the function NvM_WritePRAMBlock shall copy the

data content of the RAM block to both corresponding NV blocks if the NVRAM block
management type of the processed NVRAM block is NVM_BLOCK_REDUNDANT.c()
[SWS_NvM_00808] dIf the processed NVRAM block is of type NVM_BLOCK_REDUN-
DANT the job of the function NvM_WritePRAMBlock shall start to copy the data of the
RAM block to NV block which has not been read during the jobs started by NvM_Read
Block, NvM_ReadPRAMBlock or NvM_ReadAll then continue to copy the other NV
block.c()
[SWS_NvM_00809] dThe job of the function NvM_WritePRAMBlock shall set NVM_
REQ_OK as request result if the passed BlockId references a NVRAM block of type
NVM_BLOCK_REDUNDANT and at least one of the NV blocks have been written suc-
cessfully.c()
[SWS_NvM_00810] dThe job of the function NvM_WritePRAMBlock shall set the write
protection flag in the administrative block immediately if the NVRAM block is configured
with NvMWriteBlockOnce == TRUE and the data has been written successfully to the
NV block.c()
[SWS_NvM_00811] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_WritePRAMBlock.c()
Hint: To avoid the situation that in case of redundant NVRAM blocks two different
NV blocks are containing different but valid data at the same time, each client of the
function NvM_WritePRAMBlock may call NvM_InvalidateNvBlock in advance.
[SWS_NvM_00812] dThe job of the function NvM_WritePRAMBlock with Block ID 1
shall write the compiled NVRAM configuration ID to the stored NVRAM configuration
ID (block 1).c()
Hint: If a pristine ECU is flashed for the first time, such a call invoked by will ensure
that after a power-off without a proper shutdown, everything is as expected at the next
start-up. Otherwise, the new configuration ID would not be stored in NV RAM and all
ROM defaultd would be used. A macro scan be used to indicate this usage.

8.3.2.8 NvM_RestorePRAMBlockDefaults

[SWS_NvM_00813] d
Service Name NvM_RestorePRAMBlockDefaults
Syntax Std_ReturnType NvM_RestorePRAMBlockDefaults (
NvM_BlockIdType BlockId
)
Service ID [hex] 0x18
Sync/Async Asynchronous
Reentrancy Non Reentrant
5

106 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Parameters (in) BlockId The block identifier uniquely identifies one NVRAM block
descriptor. A NVRAM block descriptor contains all needed
information about a single NVRAM block.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: request has been accepted
E_NOT_OK: request has not been accepted
Description Service to restore the default data to its corresponding permanent RAM block.
Available via NvM.h

c(SRS_Mem_00018)
[SWS_NvM_00814] dThe job of the function NvM_RestorePRAMBlockDefaults shall
restore the default data to its corresponding permanent RAM block.c(SRS_Mem_-
00018)
Note: The error/status NVM_REQ_OK will be set if the job succeeds. (See SWS_Nv
M_00270)
[SWS_NvM_00815] dThe function NvM_RestorePRAMBlockDefaults shall take over
the given parameters, queue the request in the job queue and return.c()
[SWS_NvM_00816] dThe job of the function NvM_RestorePRAMBlockDefaults shall
load the default data from a ROM block if a ROM block is configured.c(SRS_Mem_-
00018)
[SWS_NvM_00817] dThe NvM module’s environment shall call the function NvM_Re-
storePRAMBlockDefaults to obtain the default data if no ROM block is configured for a
NVRAM block and an application callback routine is configured via the parameter Nv
MInitBlockCallback.c(SRS_Mem_00018)
[SWS_NvM_00818] dThe function NvM_RestorePRAMBlockDefaults shall return with
E_NOT_OK if the block management type of the given NVRAM block is NVM_BLOCK_
DATASET, at least one ROM block is configured and the data index points at a NV
block.c()
[SWS_NvM_00819] dThe function NvM_RestorePRAMBlockDefaults shall set the
RAM block state to INVALID/UNCHANGED immediately when the block is success-
fully enqueued.c()
[SWS_NvM_00820] dThe job of the function NvM_RestorePRAMBlockDefaults shall
validate and assume a RAM block to be changed if the requested RAM block is perma-
nent or after explicit synchronization callback (NvMReadRamBlockFromNvCallback)
that is called returns E_OK and the copy process of the default data to RAM was suc-
cessful .c()
[SWS_NvM_00821] dThe job of the function NvM_RestorePRAMBlockDefaults shall
request a recalculation of CRC from a RAM block after the copy process/validation if a
CRC is configured for this RAM block.c()

107 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00822] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_RestorePRAMBlockDefaults.c()
Hint: For the block management type NVM_BLOCK_DATASET, the application has to
ensure that a valid dataset index is selected (pointing to ROM data).
[SWS_NvM_00884] dIf the block has no ROM default data and no NvMInitBlockCall-
back configured for it then the function NvM_RestorePRAMBlockDefaults shall leave
the block status unchanged and return E_NOT_OK as result.c()
[SWS_NvM_00886] dIf the block has no default data, it has no InitBlockCallbackFunc-
tion configured and the development error detection is enabled then the NvM_Re-
storePRAMBlockDefaults API shall report the error NVM_E_BLOCK_WITHOUT_DE-
FAULTS error to the Det module.c()

8.3.3 Asynchronous multi block requests

8.3.3.1 NvM_ReadAll

[SWS_NvM_00460] d
Service Name NvM_ReadAll
Syntax void NvM_ReadAll (
void
)
Service ID [hex] 0x0c
Sync/Async Asynchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description Initiates a multi block read request.
Available via NvM.h

c(SRS_LIBS_08533)
[SWS_NvM_00356] dThe multi block service NvM_ReadAll shall provide two distinct
functionalities.
• Initialize the management data for all NVRAM blocks (see SWS_NvM_00304 ff)
• Copy data to the permanent RAM blocks or call explicit synchronization call-
back(NvM_ReadRamBlockFromNvm) for those NVRAM blocks which are con-
figured accordingly.
Note: The two functionalities can be implemented in one loop.c()
[SWS_NvM_00243] dThe function NvM_ReadAll shall signal the request to the NvM
module and return. The NVRAM Manager shall defer the processing of the requested
ReadAll until all single block job queues are empty.c()

108 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00304] dThe job of the function NvM_ReadAll shall set each proceeding
block specific request result for NVRAM blocks in advance.c()
[SWS_NvM_00667] dThe job of the function NvM_ReadAll shall set the multi block
request result to NVM_REQ_PENDING in advance.c()
[SWS_NvM_00895] dThe job of the function NvM_ReadAll shall set the multi block
request result to NVM_REQ_OK if no NVRAM block processing fails.c(SRS_Mem_-
00020)
Note: When the result of an individual block processing (in the context of a multi-block
job) is different than NVM_REQ_OK, the individual block processing is considered as
failed.
[SWS_NvM_00244] dThe job of the function NvM_ReadAll shall iterate over all user
NVRAM blocks, i.e. except for reserved Block Ids 0 (multi block request result) and 1
(NV configuration ID), beginning with the lowest Block Id.c()
[SWS_NvM_00245] dBlocks of management type NVM_BLOCK_DATASET shall not
be loaded automatically upon start-up. Thus the selection of blocks, which belong to
block management type NVM_BLOCK_DATASET, shall not be possible for the service
NvM_ReadAll.c()
[SWS_NvM_00362] dThe NvM module shall initiate the recalculation of the RAM CRC
for every NVRAM block with a valid permanent RAM block or explicit synchronization
callback configured and NvmCalcRamBlockCrc == TRUE during the processing of Nv
M_ReadAll.c()
Note:
If a block processed by the job of the function NvM_ReadAll has explicit synchroniza-
tion configured for it then the block owner should provide the related RAM data for
the comparison. The call made by NvM to the explicit synchronization ’write’ callback
should be successful.
[SWS_NvM_00364] dThe job of the function NvM_ReadAll shall treat the data for every
recalculated RAM CRC which matches the stored RAM CRC as valid and set the block
specific request result to NVM_REQ_OK.c()
Note: This mechanism enables the NVRAM Manager to avoid overwriting of maybe
still valid RAM data with outdated NV data.
[SWS_NvM_00246] dThe job of the function NvM_ReadAll shall validate the configu-
ration ID by comparing the stored NVRAM configuration ID vs. the compiled NVRAM
configuration ID.c()
[SWS_NvM_00669] dNvM_ReadAll: The NVRAM block with the block ID 1 (redundant
type with CRC) shall be reserved to contain the stored NVRAM configuration ID.c()
[SWS_NvM_00247] dThe job of the function NvM_ReadAll shall process the nor-
mal runtime preparation for all configured NVRAM blocks in case of configuration ID
match.c()

109 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00670] dThe job of the function NvM_ReadAll shall set the error/status
information field of the corresponding NVRAM block’s administrative block to NVM_
REQ_OK in case of configuration ID match.c()
[SWS_NvM_00305] dThe job of the function NvM_ReadAll shall report the extended
production error NVM_E_REQ_FAILED to the DEM if the configuration ID cannot be
read because of an error detected by one of the subsequent SW layers.c()
[SWS_NvM_00671] dThe job of the function NvM_ReadAll shall set the error status
field of the reserved NVRAM block to NVM_REQ_INTEGRITY_FAILED if the configu-
ration ID cannot be read because of an error detected by one of the subsequent SW
layers. The NvM module shall behave in the same way as if a configuration ID mis-
match was detected.c()
[SWS_NvM_00307] dThe job of the function NvM_ReadAll shall set the error/status
information field of the reserved NVRAM block with ID 1 to NVM_REQ_NOT_OK in the
case of configuration ID mismatch.c()
[SWS_NvM_00306] dIn case the NvM module can not read the configuration ID be-
cause the corresponding NV blocks are empty or invalidated, the job of the function Nv
M_ReadAll shall not report an extended production error or a production error to the
DEM.c()
[SWS_NvM_00672] dIn case the NvM module can not read the configuration ID be-
cause the corresponding NV blocks are empty or invalidated, the job of the function Nv
M_ReadAll shall set the error/status information field in this NVRAM block’s adminis-
trative block to NVM_REQ_NV_INVALIDATED.c()
[SWS_NvM_00673] dNvM_ReadAll: In case the NvM module can not read the configu-
ration ID because the corresponding NV blocks are empty or invalidated, NVM module
shall update the configuration ID from the RAM block assigned to the reserved NVRAM
block with ID 1 according to the new (compiled) configuration ID. The NvM module shall
behave the same way as if the configuration ID matched.c()
[SWS_NvM_00248] dThe job of the function NvM_ReadAll shall ignore a configuration
ID mismatch and behave normal if NvMDynamicConfiguration == FALSE.c()
Note: For more information on NvMDynamicConfiguration, see chapter 10.2.2.
[SWS_NvM_00249] dThe job of the function NvM_ReadAll shall process an extended
runtime preparation for all blocks which are configured with NvMResistantToChanged
Sw == FALSE and NvMDynamicConfiguration == TRUE and configuration ID mismatch
occurs.c()
[SWS_NvM_00674] dThe job of the function NvM_ReadAll shall process the normal
runtime preparation of all NVRAM blocks when they are configured with NvMResistant
ToChangedSw == TRUE and NvMDynamicConfiguration == TRUE and if a configura-
tion ID mismatch occurs.c()
[SWS_NvM_00314] dThe job of the function NvM_ReadAll shall mark every NVRAM
block that has been configured with NVM_WRITE_BLOCK_ONCE (TRUE) as write

110 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

protected if that block is valid and with consistent data. This write protection cannot be
cleared by NvM_SetBlockProtection.c()
[SWS_NvM_00315] dThe job of the function NvM_ReadAll shall only invalidate a
NVRAM block of management type NVM_BLOCK_REDUNDANT if both NV blocks
have been invalidated.c()
[SWS_NvM_00718] dThe NvM module’s environment shall use the multi block request
NvM_ReadAll to load and validate the content of configured permanent RAM or to do
the explicit synchronization for configured blocks during start-up [SWS_NvM_00091].c
()
[SWS_NvM_00118] dThe job of the function NvM_ReadAll shall process only the per-
manent RAM blocks or call explicit synchronization callback (NvM_ReadRamBlock
FromNvm) for blocks which are configured with NvmSelectBlockForReadall == TRUE.c
()
[SWS_NvM_00287] dThe job of the function NvM_ReadAll shall set the request result
to NVM_REQ_BLOCK_SKIPPED for each NVRAM block configured to be processed
by the job of the function NvM_ReadAll (NvMSelectBlockForReadAll is checked) and
which has not been read during processing of the NvM_ReadAll job.c()
[SWS_NvM_00308] dThe job of the function NvM_ReadAll shall restore the default
data to the corresponding RAM blocks either if configured by the parameter NvMRom
BlockDataAddress or by the parameter NvMInitBlockCallback, and set the error/status
field in the administrative block to NVM_REQ_RESTORED_DEFAULTS when process-
ing the extended runtime preparation.c()
[SWS_NvM_00309] dWhen executing the extended runtime preparation, the job of
the function NvM_ReadAll shall treat the affected NVRAM blocks as invalid or blank
in order to allow rewriting of blocks configured with NVM_BLOCK_WRITE_ONCE ==
TRUE.c()
[SWS_NvM_00310] dThe job of the function NvM_ReadAll shall update the configura-
tion ID from the RAM block assigned to the reserved NVRAM block with ID 1 according
to the new (compiled) configuration ID, mark the NVRAM block to be written during Nv
M_WriteAll and request a CRC recalculation if a configuration ID mismatch occurs and
if the NVRAM block is configured with NvMDynamicConfiguration == TRUE.c()
[SWS_NvM_00311] dThe NvM module shall allow applications to send any request
for the reserved NVRAM Block ID 1 if (and only if) NvMDynamicConfiguration is set to
TRUE, including NvM_WriteBlock and NvM_WritePRAMBlock.c()
[SWS_NvM_00312] dThe NvM module shall not send a request for invalidation of the
reserved configuration ID NVRAM block to the underlying layer, unless requested so
by the application. This shall ensure that the NvM module’s environment can rely on
this block to be only invalidated at the first start-up of the ECU or if desired by the
application.c()

111 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00313] dIn case of a Configuration ID match, the job of the function Nv

M_ReadAll shall not automatically write to the Configuration ID block stored in the
reserved NVRAM block 1.c()
[SWS_NvM_00288] dThe job of the function NvM_ReadAll shall initiate a read attempt
on the second NV block for each NVRAM block of type NVM_BLOCK_REDUNDANT
[SWS_NvM_00118], where the read attempt of the first block fails (see also SWS_Nv
M_00531).c()
[SWS_NvM_00290] dThe job of the function NvM_ReadAll shall set the block specific
request result to NVM_REQ_OK if the job has successfully copied the corresponding
NV block from NV memory to RAM.c()
[SWS_NvM_00342] dThe job of the function NvM_ReadAll shall set the block specific
request result to NVM_REQ_NV_INVALIDATED if the MemIf reports MEMIF_BLOCK_
INVALID.c()
[SWS_NvM_00676] dThe job of the function NvM_ReadAll shall report no error to the
DEM if the MemIf reports MEMIF_BLOCK_INVALID.c()
[SWS_NvM_00360] dThe job of the function NvM_ReadAll shall set the block specific
request result to NVM_REQ_INTEGRITY_FAILED if:
• - the MemIf reports MEMIF_BLOCK_INCONSISTENT and
• - NvMRomBlockDataAddress is not configured (no ROM block with default data
is available) for the block and
• - NvMInitBlockCallback is not configured (no init callback) for the block.
c()
[SWS_NvM_00677] dThe job of the function NvM_ReadAll shall report NVM_E_
INTEGRITY_FAILED to the DEM if the MemIf reports MEMIF_BLOCK_INCONSIS-
TENT.c()
Note: After the production of an ECU / a car, on the production line all blocks shall have
been written with valid data (may be default data) and all diagnostic events (errors)
shall have been deleted. If the process does not allow to write all NV blocks during
production than the NvM will report diagnostic events (errors) because of blocks that
were never written and reported as MEMIF_BLOCK_INCONSISTENT by MemIf.
[SWS_NvM_00361] dThe job of the function NvM_ReadAll shall set the block specific
request result to NVM_REQ_NOT_OK if:
• - the MemIf reports MEMIF_JOB_FAILED and
• - NvMRomBlockDataAddress is not configured (no ROM block with default data
is available) for the block and
• - NvMInitBlockCallback is not configured (no init callback) for the block.
c()

112 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00678] dThe job of the function NvM_ReadAll shall report NVM_E_REQ_

FAILED to the DEM, if the MemIf reports MEMIF_JOB_FAILED.c()
[SWS_NvM_00291] dThe job of the function NvM_ReadAll shall set the block specific
request result to NVM_REQ_OK if the corresponding block management type is NVM_
BLOCK_REDUNDANT and the function has successfully copied one of the NV blocks
from NV memory to RAM.c()
[SWS_NvM_00292] dThe job of the function NvM_ReadAll shall request a CRC re-
calculation over the RAM block data after the copy process SWS_NvM_00180 if the
NV block is configured with CRC, , i.e. if NvMCalRamBlockCrC == TRUE for the NV
block.c()
[SWS_NvM_00293] dThe job of the function NvM_ReadAll shall load the default values
to the RAM blocks according to the processing of NvM_RestoreBlockDefaults (also set
the corresponding request result to NVM_REQ_RESTORED_DEFAULTS):
• - if the recalculated CRC is not equal to the CRC stored in NV memory and if the
• default values are available, or
• - if the blocks are marked as invalid (MemIf reports MEMIF_BLOCK_INVALID)
and the default values are available.
•
c()
[SWS_NvM_00679] dThe job of the function NvM_ReadAll shall load the default values
to the RAM blocks according to the processing of NvM_RestoreBlockDefaults (also set
the request result to NVM_REQ_RESTORED_DEFAULTS) if the read request passed
to the underlying layer fails (MemIf reports MEMIF_JOB_FAILED or MEMIF_BLOCK_
INCONSISTENT) and if the default values are available.c()
[SWS_NvM_00680] dNvM_ReadAll: If the read request passed to the underlying layer
fails and there are no default values available, the job shall leave the RAM blocks
invalid.c()
[SWS_NvM_00294] dThe job of the function NvM_ReadAll shall report NVM_E_IN-
TEGRITY_FAILED to the DEM if a CRC mismatch occurs.c()
[SWS_NvM_00295] dThe job of the function NvM_ReadAll shall set a block specific
request result to NVM_REQ_INTEGRITY_FAILED if:
• - a CRC mismatch occurs and
• - NvMRomBlockDataAddress is not configured (no ROM block with default data
is available) for the block and
• - NvMInitBlockCallback is not configured (no init callback) for the block.
c()

113 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00302] dThe job of the function NvM_ReadAll shall report NVM_E_REQ_

FAILED to the DEM if the referenced NVRAM Block is not configured with CRC and
the corresponding job process has failed.c()
[SWS_NvM_00301] dThe job of the function NvM_ReadAll shall set the multi block
request result to NVM_REQ_NOT_OK if the processing of at least one NVRAM block
fails.c()
Note: When the result of an individual block processing (in the context of a multi-block
job) is different than NVM_REQ_OK, the individual block processing (or individual job)
is considered as failed.
[SWS_NvM_00281] dIf configured by NvMSingleBlockCallback, the job of the function
NvM_ReadAll shall call the single block callback after having completely processed
a NVRAM block. For the last block, NvMSingleBlockCallback (if configured) is called
before MultiBlockCallback.c()
Note: The idea behind using the single block callbacks also for NvM_ReadAll is to
speed up the software initialization process:
A single-block callback issued from an NvM_ReadAll will result in an RTE event.
If the RTE is initialized after or during the asynchronous NvM_ReadAll, all or some of
these RTE events will get lost because they are overwritten during the RTE initialization
(see SWS_Rte_2536).
After its initialization, the RTE can use the "surviving" RTE events to start software
components even before the complete NvM_ReadAll has been finished.
For those RTE events that got lost during the initialization: the RTE will start those
software components and the software components either query the status of the NV
block they want to access or request that NV block to be read. This is exactly the same
behavior if the single-block callbacks would not be used in NvM_ReadAll.
[SWS_NvM_00251] dThe job of the function NvM_ReadAll shall mark a NVRAM block
as "valid/unmodified" if NV data has been successfully loaded to the RAM Block.c()
[SWS_NvM_00367] dThe job of the function NvM_ReadAll shall set a RAM block to
valid and assume it to be changed if the job has successfully copied default values to
the corresponding RAM.c()
[SWS_NvM_00719] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_ReadAll.c()
The DEM shall already be able to accept error notifications.
[SWS_NvM_00968] dThe job of the function NvM_ReadAll shall set the block specific
request result to NVM_REQ_INTEGRITY_FAILED if:
• the extended runtime preparation is executed for the block
• NvMRomBlockDataAddress is not configured (no ROM block with default data is
available) for the block and

114 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

• NvMInitBlockCallback is not configured (no init callback) for the block.

•
c()
[SWS_NvM_00970] dThe multi block service NvM_ReadAll shall only be provided by
the NvM master.c()

8.3.3.2 NvM_WriteAll

[SWS_NvM_00461] d
Service Name NvM_WriteAll
Syntax void NvM_WriteAll (
void
)
Service ID [hex] 0x0d
Sync/Async Asynchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description Initiates a multi block write request.
Available via NvM.h

c(SRS_LIBS_08535)
[SWS_NvM_00018] dThe job of the function NvM_WriteAll shall synchronize the con-
tents of permanent RAM blocks to their corresponding NV blocks or call explicit syn-
chronization callback (NvM_WriteRamBlockToNvm) on shutdown.c()
[SWS_NvM_00733] dIf NVRAM block ID 1 (which holds the configuration ID of the
memory layout) is marked as "to be written during NvM_WriteAll", the job of the func-
tion NvM_WriteAll shall write this block in a final step (last write operation) to prevent
memory layout mismatch in case of a power loss failure during write operation.c()
[SWS_NvM_00254] dThe function NvM_WriteAll shall signal the request to the NvM
module and return. The NVRAM Manager shall defer the processing of the requested
WriteAll until all single block job queues are empty.c()
[SWS_NvM_00549] dThe job of the function NvM_ WriteAll shall set each proceeding
block specific request result for NVRAM blocks and the multi block request result to
NVM_REQ_PENDING in advance.c()
[SWS_NvM_00896] dThe job of the function NvM_WriteAll shall set the multi block
request result to NVM_REQ_OK if no NVRAM block processing fails.c(SRS_Mem_-
00020)

115 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note: When the result of an individual block processing (in the context of a multi-block
job) is different than NVM_REQ_OK, the individual block processing is considered as
failed.
[SWS_NvM_00252] dThe job of the function NvM_WriteAll shall process only the per-
manent RAM blocks or call explicit synchronization callback (NvM_WriteRamBlockTo
Nvm) for all blocks for which the corresponding NVRAM block parameter NvMSelect
BlockForWriteAll is configured to true.c()
[SWS_NvM_00432] dThe job of the function NvM_WriteAll shall check the write-
protection for each RAM block in advance.c()
[SWS_NvM_00682] dThe job of the function NvM_WriteAll shall check the "valid/mod-
ified" state for each RAM block in advance.c()
[SWS_NvM_00433] dThe job of the function NvM_WriteAll shall only write the content
of a RAM block to its corresponding NV block for non write-protected NVRAM blocks.c
()
[SWS_NvM_00474] dThe job of the function NvM_WriteAll shall correct the redundant
data (if configured) if the redundancy has been lost. In this case the job of the function
NvM_WriteAll shall ignore write protection for this block in order to be able to repair it.c
()
Note: If NvM implementation detects loss of redundancy during read operation the user
(application) should ensure that redundant block is read (e.g. during NvM_ReadAll by
configuring the block to be read during NvM_ReadAll). If the block is not read then the
NVM will not be able to correct the redundant block’s data.
[SWS_NvM_00434] dThe job of the function NvM_WriteAll shall skip every write-
protected NVRAM block without error notification.c()
[SWS_NvM_00750] dThe job of the function NvM_WriteAll shall skip every locked
NVRAM block without error notification.c()
[SWS_NvM_00854] dThe job of the function NvM_WriteAll shall skip an NVRAM block
if the NvMBlockUseCRCCompMechanism attribute is set to true and the RAM block
CRC calculated by the write job is equal to the CRC calculated during the last suc-
cessful read or write job. This mechanism shall not be applied to blocks for which a
loss of redundancy has been detected.c(SRS_Mem_00136)
[SWS_NvM_00298] dThe job of the function NvM_WriteAll shall set the request result
to NVM_REQ_BLOCK_SKIPPED for each NVRAM block configured to be processed
by the job of the function NvM_WriteAll (NvMSelectBlockForWriteAll is checked) and
which has not been written during processing of the NvM_WriteAll job.c()
[SWS_NvM_00339] dIn case of NVRAM block management type NVM_BLOCK_
DATASET, the job of the function NvM_WriteAll shall copy only the RAM block to
the corresponding NV block which is selected via the data index in the administrative
block.c()

116 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00253] dThe job of the function NvM_WriteAll shall request a CRC recal-
culation and renew the CRC from a NVRAM block before writing the data if a CRC is
configured for this NVRAM block.c()
[SWS_NvM_00296] dThe job of the function NvM_WriteAll shall check the number of
write retries by a write retry counter to avoid infinite loops. Each unsuccessful result
reported by the MemIf module shall be followed by an increment of the retry counter.c
()
[SWS_NvM_00683] dThe job of the function NvM_WriteAll shall set the block specific
request result to NVM_REQ_NOT_OK if the write retry counter becomes greater than
the configured NVM_MAX_NUM_OF_WRITE_RETRIES.c()
[SWS_NvM_00684] dThe job of the function NvM_WriteAll shall report NVM_E_REQ_
FAILED to the DEM if the write retry counter becomes greater than the configured
NVM_MAX_NUM_OF_WRITE_RETRIES.c()
[SWS_NvM_00762] dThe job of the function NvM_WriteAll shall copy the data content
of the RAM block to both corresponding NV blocks if the NVRAM block management
type of the processed NVRAM block is NVM_BLOCK_REDUNDANT.c()
[SWS_NvM_00763] dIf the processed NVRAM block is of type NVM_BLOCK_REDUN-
DANT the job of the function NvM_WriteAll shall start to copy the data of the RAM block
to NV block which has _not_ been read during the jobs started by NvM_ReadBlock, Nv
M_ReadPRAMBlock or NvM_ReadAll then continue to copy the other NV block.c()
[SWS_NvM_00337] dThe job of the function NvM_WriteAll shall set the single block re-
quest result to NVM_REQ_OK if the processed NVRAM block is of type NVM_BLOCK_
REDUNDANT and at least one of the NV blocks has been written successfully.c()
[SWS_NvM_00238] dThe job of the function NvM_WriteAll shall complete the job in a
non-destructive way for the NVRAM block currently being processed if a cancellation
of NvM_WriteAll is signaled by a call of NvM_CancelWriteAll.c()
[SWS_NvM_00237] dThe NvM module shall set the multi block request result to NVM_
REQ_CANCELED in case of cancellation of NvM_WriteAll.c()
[SWS_NvM_00685] dNvM_WriteAll: The NvM module shall anyway report the error
code condition, due to a failed NVRAM block write, to the DEM.c()
[SWS_NvM_00318] dThe job of the function NvM_WriteAll shall set the multi block
request result to NVM_REQ_NOT_OK if the processing of at least one NVRAM block
fails.c()
Note: When the result of an individual block processing (in the context of a multi-block
job) is different than NVM_REQ_OK, the individual block processing is considered as
failed.
[SWS_NvM_00329] dIf the job of the function NvM_WriteAll has successfully written
data to NV memory for a NVRAM block configured with NvMWriteBlockOnce == TRUE,
the job shall immediately set the corresponding write protection flag in the administra-
tive block.c()

117 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00720] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_WriteAll.c()
No other multiblock request shall be pending when the NvM module’s environment calls
the function NvM_WriteAll.
Note: To avoid the situation that in case of redundant NVRAM blocks two different NV
blocks are containing different but valid data at the same time, each client of the NvM_
WriteAll service may call NvM_InvalidateNvBlock in advance.
[SWS_NvM_00971] dThe multi block service NvM_WriteAll shall only be provided by
the NvM master.c()

8.3.3.3 NvM_CancelWriteAll

[SWS_NvM_00458] d
Service Name NvM_CancelWriteAll
Syntax void NvM_CancelWriteAll (
void
)
Service ID [hex] 0x0a
Sync/Async Asynchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description Service to cancel a running NvM_WriteAll request.
Available via NvM.h

c(SRS_Mem_08558, SRS_Mem_08540)
[SWS_NvM_00019] dThe function NvM_CancelWriteAll shall cancel a running NvM_
WriteAll request. It shall terminate the NvM_WriteAll request in a way that the data
consistency during processing of a single NVRAM block is not compromisedc(SRS_-
Mem_08540)
[SWS_NvM_00232] dThe function NvM_CancelWriteAll shall signal the request to the
NvM module and return.c()
[SWS_NvM_00233] dThe function NvM_CancelWriteAll shall be without any effect if
no NvM_WriteAll request is pending.c()
[SWS_NvM_00234] dThe function NvM_CancelWriteAll shall treat multiple requests to
cancel a running NvM_WriteAll request as one request, i.e. subsequent requests will
be ignored.c()
[SWS_NvM_00235] dThe request result of the function NvM_CancelWriteAll shall be
implicitly given by the result of the NvM_WriteAll request to be canceled.c()

118 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00236] dThe function NvM_CancelWriteAll shall only modify the error/sta-

tus attribute field of the pending blocks to NVM_REQ_CANCELED and for the currently
written block after the processing of a single NVRAM block is finished to NVM_REQ_
OK or NVM_REQ_NOT_OK depending on the success of the write operation.c()
[SWS_NvM_00716] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function function NvM_CancelWriteAll.c()
[SWS_NvM_00420] dThe function NvM_CancelWriteAll shall signal the NvM module
and shall not be queued, i.e. there can be only one pending request of this type.c()

8.3.3.4 NvM_ValidateAll

[SWS_NvM_00855] d
Service Name NvM_ValidateAll
Syntax void NvM_ValidateAll (
void
)
Service ID [hex] 0x19
Sync/Async Asynchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description Initiates a multi block validation request.
Available via NvM.h

c(SRS_Mem_00137)
[SWS_NvM_00856] dIf auto validation is configured for an NVRAM Block (NvMBlock
UseAutoValidation == TRUE), the function NvM_ValidateAll shall set the RAM Block
status to "VALID / CHANGED".c(SRS_Mem_00137)
[SWS_NvM_00857] dFor blocks which meet the conditions of SWS_NvM_00856 and
in addition have CRC calculation in RAM configured the function NvM_ValidateAll shall
request the recalculation of CRC in the background, i.e. the CRC recalculation shall
be processed by the NvM_MainFunction.c(SRS_Mem_00137)
[SWS_NvM_00858] dThe function NvM_ValidateAll shall signal the request to the NvM
module and return. The NVRAM Manager shall defer the processing of the requested
NvM_ValidateAll function until all single block job queues are empty.c(SRS_Mem_-
00137)
[SWS_NvM_00859] dThe NvM module’s environment shall have initialized the NvM
module before it calls the function NvM_ValidateAll.c(SRS_Mem_00137)
[SWS_NvM_00860] dThe job of the function NvM_ValidateAll shall process only the
permanent RAM blocks or call explicit synchronization callback (NvM_WriteRamBlock

119 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

ToNvm) for all blocks for which the corresponding NVRAM Block parameter NvMBlock
UseAutoValidation is configured to true.c(SRS_Mem_00137)
[SWS_NvM_00861] dThe job of the function NvM_ValidateAll shall set each proceed-
ing block specific request result for NVRAM blocks and the multi block request result to
NVM_REQ_PENDING in advance.c(SRS_Mem_00137)
[SWS_NvM_00862] dThe job of the function NvM_ValidateAll shall set the block spe-
cific request result to NVM_REQ_OK if the RAM block was successfully validated.c
(SRS_Mem_00137)

8.3.3.5 NvM_FirstInitAll

[SWS_NvM_91001] d
Service Name NvM_FirstInitAll
Syntax void NvM_FirstInitAll (
void
)
Service ID [hex] 0x14
Sync/Async Asynchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description The function initiates a multi block first initialization request. The job of the function does not
care if a block exists in the non-volatile memory or not OR if it is valid (i.e. not corrupted) or not,
when processing it.
Available via NvM.h

c()
For each processed block, the job of the function will either write it with default data (if
it is not of type DATASET and it has default data) or invalidate the block (if it is of type
DATASET or without default data).
The term "default data" means the data from the ROM block (if any) or the one provided
inside the InitBlockCallback (if any) by the related block owner.
If NvM_FirstInitAll is called after NvM_ReadAll, then an inconsistency between the Nv
M user’s expectation of RAM block contents and the actual RAM block contents can
occur. Even worse, also concurrent writes to the RAM block content from NvM user
side and NvM_FirstInitAll could occur. Hence, calling NvM_FirstInitAll after NvM_Read
All should generally be avoided.
In light of the above, the following requirements apply:
[SWS_NvM_00912] dThe job of the function NvM_FirstInitAll shall also process the
block with ID 1 (which holds the configuration ID of the NvM module), if this block has
been configured to be processed by it and dynamic configuration is enabled.c()

120 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00913] dIf a block of type NATIVE that is processed by the NvM_FirstInit

All has default data, the NV block shall be written with its default data.c()
[SWS_NvM_00914] dIf a NATIVE block that is processed by the NvM_FirstInitAll has
neither permanent RAM nor explicit synchronization then that block shall be processed
by using the internal NvM buffer as its RAM and, upon processing, its RAM block state
shall be left untouched.c()
[SWS_NvM_00915] dIf a NATIVE block that has either permanent RAM or explicit syn-
chronization is processed by the NvM_FirstInitAll and the block has default data (ROM
or Init Callback) then the blocks RAM will be updated with the default data, just like for
the processing of a NvM_RestoreBlockDefaults request.c()
[SWS_NvM_00916] dIf a block of type REDUNDANT that is processed by the NvM_
FirstInitAll has default data, both block instances shall be written with that default data.c
()
[SWS_NvM_00917] dIf a REDUNDANT block that is processed by the NvM_FirstInit
All has neither permanent RAM nor explicit synchronization then that block shall be
processed by using the internal NvM buffer as its RAM and, upon processing, its RAM
block state shall be left untouched.c()
[SWS_NvM_00918] dIf a REDUNDANT block that has either permanent RAM or ex-
plicit synchronization is processed by the NvM_FirstInitAll and the block has default
data (ROM or Init Callback) then the blocks RAM will be updated with the default data,
just like for the processing of a NvM_RestoreBlockDefaults request.c()
[SWS_NvM_00919] dIf a block of type NATIVE that is processed by the NvM_FirstInit
All does not have default data, the block shall be invalidated using the same mechanism
as for NvM_InvalidateNvBlock.c()
[SWS_NvM_00920] dIf a block of type REDUNDANT that is processed by the NvM_
FirstInitAll does not have default data, both block instances shall be invalidated using
the same mechanism as for NvM_InvalidateNvBlock.c()
[SWS_NvM_00921] dIf a NATIVE block that is processed by the NvM_FirstInitAll has
only the Init Callback configured and the return value of the callback is not E_OK then
the job of the function NvM_FirstInitAll shall invalidate the block.c()
[SWS_NvM_00922] dIf a REDUNDANT block that is processed by the NvM_FirstInit
All has only the Init Callback configured and the return value of the callback is not E_
OK then the job of the function NvM_FirstInitAll shall invalidate both instances of the
block.c()
Note: An Init Callback returning something else than E_OK is interpreted as a runtime
decision of the block owner not to provide default data via this callback. In this case, in
order for the state of the block not to remain ambiguous, it is invalidated.
[SWS_NvM_00923] dThe job of the function NvM_FirstInitAll shall invalidate all blocks
that are of type DATASET and that have been configured to be processed by it.c()

121 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00924] dThe job of the function NvM_FirstInitAll shall invalidate all NV

block instances of a block of type DATASET, if the block was configured to be processed
by it.c()
[SWS_NvM_00925] dIf the writing of a block of type NATIVE with its default data fails,
the job of the function NvM_FirstInitAll shall set the request result to NVM_REQ_NOT_
OK.c()
[SWS_NvM_00926] dIf the writing of a block of type REDUNDANT with its default data
fails for both instances, the job of the function NvM_FirstInitAll shall set the request
result to NVM_REQ_NOT_OK.c()
[SWS_NvM_00927] dIf the invalidation of a block of type NATIVE fails, the job of the
function NvM_FirstInitAll shall set the request result to NVM_REQ_NOT_OK.c()
[SWS_NvM_00928] dIf the invalidation of a block of type REDUNDANT fails for at
least one of the two block instances, the job of the function NvM_FirstInitAll shall set
the request result to NVM_REQ_NOT_OK.c()
Note: Since the purpose of the FirstInitAll is to have all selected NvM blocks in a well
defined state (either written successfully with the default data or invalidated), if one of
the two duplicates of the REDUNDANT block was not invalidated successfully, this has
to be known. This is not like the "write" case (see requirements SWS_NvM_00284 and
SWS_NvM_00274 for more details).
[SWS_NvM_00929] dIf the invalidation of a block of type DATASET fails for at least
one of its NV block instances then the job of the function NvM_FirstInitAll shall set the
request result to NVM_REQ_NOT_OK.c()
Note: Since the purpose of the FirstInitAll is to have all selected NvM blocks in a
well defined state if at least one of the NV block instances of the DATASET block was
not invalidated successfully, this has to be known. The NvM_FirstInitAll processing of
blocks of type DATASET implies invalidating all NV block instances of all processed
blocks of type DATASET.
[SWS_NvM_00930] dBlocks without permanent RAM block and without explicit syn-
chronization can be configured to be processed by the NvM_FirstInitAll.c()
[SWS_NvM_00931] dThe write protection status of a block shall be completely ignored
by the NvM_FirstInitAll functionality.c()
Note: The block write protection needs to be handled by the caller of the NvM_FirstInit
All or by the block owner (which should know about the execution of the NvM_FirstInit
All function and related job). This is due to the fact that, upon successful completion of
the job of the NvM_FirstInitAll, all selected blocks should have a well known and well
defined state.
[SWS_NvM_00932] dThe write block once functionality shall not be triggered by NvM_
FirstInitAll.c()

122 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note: The reason behind this is to allow the blocks that are Write Once Only to be
written via the NvM_WriteBlock API with valid values, after being initialized by the job
of the function NvM_FirstInitAll.
[SWS_NvM_00933] dThe locked status of a block shall be completely ignored by the
NvM_FirstInitAll functionality.c()
Note: The block locking needs to be handled by the caller of the NvM_FirstInitAll or
by the block owner (which should know about the execution of the NvM_FirstInitAll
function and related job). This is due to the fact that, upon successful completion of
the job of the NvM_FirstInitAll, all selected blocks should have a well known and well
defined state.
[SWS_NvM_00934] dIf a block that has either permanent RAM or explicit synchroniza-
tion has been successfully written into the non-volatile memory by the job of the func-
tion NvM_FirstInitAll then its RAM block state shall be set to VALID / UNCHANGED.c
()
[SWS_NvM_00935] dIf a block that has either permanent RAM or explicit synchroniza-
tion has been successfully invalidated by the job of the function NvM_FirstInitAll then
its RAM block state shall be left untouched.c()
[SWS_NvM_00936] dThe job of the function NvM_FirstInitAll shall not be started while
there are single block requests that need to be processed by the NvM module.c()
[SWS_NvM_00937] dThe job of the function NvM_FirstInitAll, once started, shall not be
interrupted by any single block requests except write requests for immediate blocks.c()
[SWS_NvM_00938] dIf the NvM module is not initialized and the function NvM_FirstInit
All is called, it shall report the Det error NVM_E_UNINIT and return without performing
any other activities.c()
[SWS_NvM_00939] dIf a multi block operation is PENDING and the function NvM_
FirstInitAll is called, it shall report the Det error NVM_E_BLOCK_PENDING and return
without performing any other activities.c()
Note: The error NVM_E_BLOCK_PENDING is used to indicate that another multiblock
operation is accepted but not completed by NvM. This is due to the fact that the NvM
module can only accept and process one multiblock operation at a time.
[SWS_NvM_00940] dThe job of the function NvM_FirstInitAll shall set the multi block
request result to NVM_REQ_NOT_OK if the processing of at least one NVRAM block
fails.c()
Note: When the result of an individual block processing (in the context of a multi-block
job) is different than NVM_REQ_OK, the individual block processing is considered as
failed.

123 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.3.3.6 Callback notifications

[SWS_NvM_00438] dThe NvM module shall provide callback functions to be used by

the underlying memory abstraction (EEPROM abstraction / FLASH EEPROM Emula-
tion) to signal end of job state with or without error.c()

8.3.3.6.1 NVRAM Manager job end notification without error

[SWS_NvM_00462] d
Service Name NvM_JobEndNotification
Syntax void NvM_JobEndNotification (
void
)
Service ID [hex] 0x11
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description Function to be used by the underlying memory abstraction to signal end of job without error.
Available via NvM_MemIf.h

c()
[SWS_NvM_00111] dThe callback function NvM_JobEndNotification is used by the
underlying memory abstraction to signal end of job without error.
Note: Successful job end notification of the memory abstraction:
• Read finished & OK
• Write finished & OK
• Erase finished & OK
This routine might be called in interrupt context, depending on the calling function. All
memory abstraction modules should be configured to use the same mode (callback/
polling).c()
[SWS_NvM_00440] dThe NvM module shall only provide the callback function NvM_
JobEndNotification if polling mode is disabled via NvMPollingMode.c()
Note: The function NvM_JobEndNotification is affected by the common 10.2.2 config-
uration parameters.

124 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.3.3.6.2 NVRAM Manager job end notification with error

[SWS_NvM_00463] d
Service Name NvM_JobErrorNotification
Syntax void NvM_JobErrorNotification (
void
)
Service ID [hex] 0x12
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) None
Return value None
Description Function to be used by the underlying memory abstraction to signal end of job with error.
Available via NvM_MemIf.h

c(SRS_Mem_00125)
[SWS_NvM_00112] dThe callback function NvM_JobErrorNotification is to be used by
the underlying memory abstraction to signal end of job with error.
• Note: Unsuccessful job end notification of the memory abstraction:
• Read aborted or failed
• Write aborted or failed
• Erase aborted or failed
This routine might be called in interrupt context, depending on the calling function. All
memory abstraction modules should be configured to use the same mode (callback/
polling).
c()
[SWS_NvM_00441] dThe NvM module shall only provide the callback function NvM_
JobErrorNotification if polling mode is disabled via NvMPollingMode.c()
Note: The function NvM_Job ErrorNotification is affected by the common 10.2.2 con-
figuration parameters.

8.4 Scheduled functions

These functions are directly called by Basic Software Scheduler. The following func-
tions shall have no return value and no parameter. All functions shall be non reentrant.

125 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00464] d
Service Name NvM_MainFunction
Syntax void NvM_MainFunction (
void
)
Service ID [hex] 0x0e
Description Service for performing the processing of the NvM jobs.
Available via SchM_NvM.h

c(SRS_BSW_00425, SRS_BSW_00373, SRS_BSW_00172)

[SWS_NvM_00256] dThe function NvM_MainFunction shall perform the processing of
the NvM module jobs.c()
[SWS_NvM_00333] dThe function NvM_MainFunction shall perform the CRC recalcu-
lation if requested for a NVRAM block in addition to SWS_NvM_00256.c()
[SWS_NvM_00334] dThe NvM module shall only start writing of a block (i.e. hand over
the job to the lower layers) after CRC calculation for this block has been finished.c()
[SWS_NvM_00257] dThe NvM module shall only do/start job processing, queue man-
agement and CRC recalculation if the NvM_Init function has internally set an "INIT
DONE" signal.c()
[SWS_NvM_00258] dThe function NvM_MainFunction shall restart a destructively can-
celed request caused by an immediate priority request after the NvM module has pro-
cessed the immediate priority request [SWS_NvM_00182].c()
[SWS_NvM_00259] dThe function NvM_MainFunction shall supervise the immediate
priority queue (if configured) regarding the existence of immediate priority requests.c()
[SWS_NvM_00346] dIf polling mode is enabled, the function NvM_MainFunction shall
check the status of the requested job sent to the lower layer.c()
[SWS_NvM_00347] dIf callback routines are configured, the function NvM_MainFunc-
tion shall call callback routines to the upper layer after completion of an asynchronous
service.c()
[SWS_NvM_00350] dIn case of processing an NvM_WriteAll multi block request, the
function NvM_MainFunction shall not call callback routines to the upper layer as long
as the service MemIf_GetStatus returns MEMIF_BUSY_INTERNAL for the reserved
device ID MEMIF_BROADCAST_ID [6]. For this purpose (status is MEMIF_BUSY_IN-
TERNAL), the function NvM_MainFunction shall cyclically poll the status of the Memory
Hardware Abstraction independent of being configured for polling or callback mode.c()
[SWS_NvM_00349] dThe function NvM_MainFunction shall return immediately if no
further job processing is possible.c()

126 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.5 Expected interfaces

In this chapter all interfaces required from other modules are listed.
[SWS_NvM_00969] dThe NvM shall call the expected interface in the same partition
context to which its functionality is mapped:
• The master partition for all general functionality, not directly related to an individ-
ual NV block
• The corresponding satellite partition for all functionality directly related to an indi-
vidual NV block
c()

8.5.1 Mandatory Interfaces

The following table defines all interfaces which are required to fulfill the core function-
ality of the module.
[SWS_NvM_00465] d
API Function Header File Description
MemIf_Cancel MemIf.h Invokes the "Cancel" function of the underlying
memory abstraction module selected by the
parameter DeviceIndex.
MemIf_EraseImmediateBlock MemIf.h Invokes the "EraseImmediateBlock" function of the
underlying memory abstraction module selected by
the parameter DeviceIndex.
MemIf_GetJobResult MemIf.h Invokes the "GetJobResult" function of the
underlying memory abstraction module selected by
the parameter DeviceIndex.
MemIf_GetStatus MemIf.h Invokes the "GetStatus" function of the underlying
memory abstraction module selected by the
parameter DeviceIndex.
MemIf_InvalidateBlock MemIf.h Invokes the "InvalidateBlock" function of the
underlying memory abstraction module selected by
the parameter DeviceIndex.
MemIf_Read MemIf.h Invokes the "Read" function of the underlying
memory abstraction module selected by the
parameter DeviceIndex.
MemIf_Write MemIf.h Invokes the "Write" function of the underlying
memory abstraction module selected by the
parameter DeviceIndex.

c(SRS_BSW_00383, SRS_BSW_00384)

8.5.2 Optional Interfaces

The following table defines all interfaces which are required to fulfill an optional func-
tionality of the module.

127 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

[SWS_NvM_00466] d
API Function
Crc_CalculateCRC16
Crc_CalculateCRC32
Crc_CalculateCRC8
Dem_SetEventStatus
Det_ReportError
Header File Description
Crc.h This service makes a CRC16 calculation on Crc_
Length data bytes.
Crc.h This service makes a CRC32 calculation on Crc_
Length data bytes.
Crc.h This service makes a CRC8 calculation on Crc_
Length data bytes, with SAE J1850 parameters
Dem.h Called by SW-Cs or BSW modules to report monitor
status information to the Dem. BSW modules calling
Dem_SetEventStatus can safely ignore the return
value. This API will be available only if ({Dem/Dem
ConfigSet/DemEventParameter/DemEvent
ReportingType} == STANDARD_REPORTING)
Det.h Service to report development errors.

c(SRS_BSW_00383, SRS_BSW_00384)

8.5.3 Configurable interfaces

In this chapter, all interfaces are listed for which the target function can be configured.
The target function is usually a callback function. The names of these interfaces are
not fixed because they are configurable.
[SWS_NvM_00113] dThe notification of a caller via an asynchronous callback routine
(NvMSingleBlockCallback) shall be optionally configurable for all NV blocks.c()
Note: For more information on NvMSingleBlockCallback, see chapter 10.2.3.
[SWS_NvM_00740] dIf a callback is configured for a NVRAM block, every asyn-
chronous block request to the block itself shall be terminated with an invocation of
the callback routine.c()
[SWS_NvM_00742] dIf no callback is configured for a NVRAM block, there shall be no
asynchronous notification of the caller in case of an asynchronous block request.c()
[SWS_NvM_00260] dA common callback entry (NvMMultiBlockCallback) which is not
bound to any NVRAM block shall be optionally configurable for all asynchronous multi
block requests (including NvM_CancelWriteAll).c()

128 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.5.3.0.1 Single block job end notification

[SWS_NvM_00467] d
Service Name NvM_SingleBlockCallbackFunction
Syntax Std_ReturnType NvM_SingleBlockCallbackFunction (
NvM_BlockRequestType BlockRequest,
NvM_RequestResultType JobResult
)
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) BlockRequest The request type (read, write, ... etc.) of the previous processed
block job
JobResult The request result of the previous processed block job.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: callback function has been processed successfully
any other: callback function has been processed unsuccessfully
Description Per block callback routine to notify the upper layer that an asynchronous single block request
has been finished.
Available via NvM_Externals.h

c(SRS_BSW_00457, SRS_BSW_00360, SRS_BSW_00333)

Note: The following requirements are related to the above mentioned callback SWS_
NVM_00176, SWS_NVM_00281, SWS_NvM_00113 and ECUC_NvM_00506.
Note: Please refer to NvMSingleBlockCallback in chapter 10. The Single block job end
notification might be called in interrupt context only if there is no callback configured in
NvM that belongs to a SW-C.

8.5.3.0.2 Multi block job end notification

[SWS_NvM_00468] d
Service Name NvM_MultiBlockCallbackFunction
Syntax Std_ReturnType NvM_MultiBlockCallbackFunction (
NvM_MultiBlockRequestType MultiBlockRequest,
NvM_RequestResultType JobResult
)
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) MultiBlockRequest The request type (read, write, ... etc.) of the previous processed
multi block job
JobResult The request result of the previous processed multi block job.
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: callback function has been processed successfully
any other: callback function has been processed unsuccessfully
5

129 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description Common callback routine to notify the upper layer that an asynchronous multi block request has
been finished.
Available via NvM_Externals.h

c(SRS_BSW_00457, SRS_BSW_00360, SRS_BSW_00333)

Note: The following requirements are related to the above mentioned callback SWS_
NVM_00179, SWS_NVM_00260 and ECUC_NvM_00500.
Note: Please refer to NvMMultiBlockCallback in chapter 10. The Multi block job end
notification might be called in interrupt context, depending on the calling function.

8.5.3.0.3 Callback function for block initialization

[SWS_NvM_00469] d
Service Name NvM_InitBlockCallbackFunction
Syntax Std_ReturnType NvM_InitBlockCallbackFunction (
NvM_InitBlockRequestType InitBlockRequest
)
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) InitBlockRequest The request type (read, restore, ... etc.) of the currently
processed block
Parameters (inout) None
Parameters (out) None
Return value Std_ReturnType E_OK: callback function has been processed successfully
any other: callback function has been processed unsuccessfully
Description Per block callback routine which shall be called by the NvM module when default data needs to
be restored in RAM, and a ROM block is not configured.
Available via NvM_Externals.h

c(SRS_BSW_00457, SRS_BSW_00360, SRS_BSW_00333)

Note: The following requirements are related to the above mentioned callback: SWS_
NVM_00085, SWS_NVM_00266, SWS_NvM_00817 and ECUC_NvM_00116.
[SWS_NvM_00369] dIf the Init block callback returns a value different than E_OK
then the request result shall be set to NVM_REQ_NOT_OK.
Note: The Init block callback is called either if a read request for a block failed in
retrieving the data from the non-volatile memory or if explicit default data recovery is
requested. Either way, if the Init block callback does not indicate E_OK,
the read/restore default operation has failed completely and the request result needs
to reflect this.c()

130 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Note: Please refer to NvMInitBlockCallback in chapter 10. The init block callback func-
tion might be called in interrupt context only if there is no callback configured in NvM
that belongs to a SW-C.
[SWS_NvM_00967] dIf the block is configured with CalcRamBlockCrc and if the return
value for NvMInitBlockCallback is E_OK then NvM shall synchronize the data with the
NvM mirror before calculating the CRC over it. (SRS_Mem_08538, SRS_LIBS_08533,
SRS_Mem_00016, SRS_Mem_00018)c()

8.5.3.0.4 Callback function for RAM to NvM copy

[SWS_NvM_00539] d
Service Name NvM_WriteRamBlockToNvm
Syntax Std_ReturnType NvM_WriteRamBlockToNvm (
void* NvMBuffer
)
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) None
Parameters (inout) None
Parameters (out) NvMBuffer the address of the buffer where the data shall be written to
Return value Std_ReturnType E_OK: callback function has been processed successfully
any other: callback function has been processed unsuccessfully
Description Block specific callback routine which shall be called in order to let the application copy data
from RAM block to NvM module’s mirror.
Available via NvM_Externals.h

c(SRS_BSW_00457)
[SWS_NvM_00541] dThe RAM to NvM copy callback shall be a function pointer.c()
Note: Please refer to NvMWriteRamBlockToNvCallback in chapter 10.

8.5.3.0.5 Callback function for NvM to RAM copy

[SWS_NvM_00540] d
Service Name NvM_ReadRamBlockFromNvm
Syntax Std_ReturnType NvM_ReadRamBlockFromNvm (
const void* NvMBuffer
)
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) NvMBuffer the address of the buffer where the data can be read from
Parameters (inout) None
Parameters (out) None
5

131 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Return value Std_ReturnType E_OK: callback function has been processed successfully
any other: callback function has been processed unsuccessfully
Description Block specific callback routine which shall be called in order to let the application copy data
from NvM module’s mirror to RAM block.
Available via NvM_Externals.h

c(SRS_LIBS_08533, SRS_BSW_00457)
[SWS_NvM_00542] dThe NvM to RAM copy callback shall be a function pointer.c()
Note: Please refer to NvMReadRamBlockFromNvCallback in chapter 10.

8.6 API Overview

Request Types Characteristics of Request Types

Type 1: - synchronous request
- NvM_SetDataIndex (...) - affects one RAM block
- NvM_GetDataIndex (...) - available for all SW-Cs
- NvM_SetBlockProtection (...)
- NvM_GetErrorStatus(...)
- NvM_SetRamBlockStatus(...)
Type 2: - asynchronous request (result via callback or polling)
- NvM_ReadBlock(...) - affects one NVRAM block
- NvM_WriteBlock(...) - handled by NVRAM manager task via request list
- NvM_RestoreBlockDefaults(...) - available for all SW-Cs
- NvM_EraseNvBlock(...)
- NvM_InvalidateNvBlock(...)
- NvM_CancelJobs(...)
- NvM_ReadPRAMBlock(...)
- NvM_WritePRAMBlock(...)
- NvM_RestorePRAMBlockDefaults(...)
Type 3: - asynchronous request (result via callback or polling)
- NvM_ReadAll(...) - affects all NVRAM blocks with permanent RAM data
- NvM_WriteAll(...)
- NvM_CancelWriteAll(...)
- NvM_ValidateAll(...)
Type 4: - synchronous request
- NvM_Init(...) - basic initialization
- success signaled to the task via command interface
inside the function itself

132 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7 Service Interfaces

This chapter is an addition to the specification of the NvM module. Whereas the other
parts of the specification define the behavior and the C-interfaces of the corresponding
basic software module, this chapter formally specifies the corresponding AUTOSAR
service in terms of the SWC template. The interfaces described here will be visible on
the VFB and are used to generate the RTE between application software and the NvM
module. [ref. to doc. [13], [14]]

8.7.1 Client-Server-Interfaces

8.7.1.1 NvM_Admin

[SWS_NvM_00737] d
Name NvMAdmin
Comment –
IsService true
Variation –
Possible Errors 0 E_OK Operation successful
1 E_NOT_OK Operation failed

Operation SetBlockProtection
Comment Service for setting/resetting the write protection for a NV block.
Mapped to API NvM_SetBlockProtection
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass3;

Parameters ProtectionEnabled
Type boolean
Direction IN
Comment –
Variation –
Possible Errors E_OK
E_NOT_OK

c()

8.7.1.2 NvM_Mirror

[SWS_NvM_00738] d

133 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Name NvMMirror
Comment –
IsService true
Variation –
Possible Errors 0 E_OK Operation successful
1 E_NOT_OK Operation failed

Operation ReadRamBlockFromNvM
Comment Block specific callback routine which shall be called in order to let the application copy data
from NvM module’s mirror to RAM block.
Mapped to API NvM_ReadRamBlockFromNvm
Variation –
Parameters SrcPtr
Type ConstVoidPtr
Direction IN
Comment The parameter "SrcPtr" shall be typed by an ImplementationDataType of
category DATA_REFERENCE with the pointer target void to pass an address
(pointer) to the RAM Block.
Variation –
Possible Errors E_OK
E_NOT_OK

Operation WriteRamBlockToNvM
Comment Block specific callback routine which shall be called in order to let the application copy data
from RAM block to NvM module’s mirror.
Mapped to API NvM_WriteRamBlockToNvm
Variation –
Parameters DstPtr
Type VoidPtr
Direction IN
Comment The parameter "DstPtr" shall be typed by an ImplementationDataType of
category DATA_REFERENCE with the pointer target void to pass an address
(pointer) to the RAM Block.
Variation –
Possible Errors E_OK
E_NOT_OK

c()

8.7.1.3 NvM_NotifyInitBlock

[SWS_NvM_00736] d
Name NvMNotifyInitBlock
Comment Callback that is called by the NvM module when default data needs to be restored to the RAM
image
IsService true
Variation –
5

134 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Possible Errors 0 E_OK RAM block content was updated
1 RTE_E_RAM_ RAM block content was not changed
UNCHANGED

Operation InitBlock
Comment This callback is called if the initialization of a block has completed.
Mapped to API –
Variation –
Parameters InitBlockRequest
Type NvM_InitBlockRequestType
Direction IN
Comment –
Variation –
Possible Errors –

c()

8.7.1.4 NvM_NotifyJobFinished

[SWS_NvM_00735] d
Name NvMNotifyJobFinished
Comment Callback that is called when a job has finished
IsService true
Variation –
Possible Errors 0 E_OK Operation successful

Operation JobFinished
Comment Callback that gets called if a job has finished
Mapped to API –
Variation –
BlockRequest
Parameters
Type NvM_BlockRequestType
Direction IN
Comment –
Variation –
JobResult
Type NvM_RequestResultType
Direction IN
Comment –
Variation –
Possible Errors E_OK

c()

135 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7.1.5 NvM_Service

[SWS_NvM_00734] d
Name NvMService
Comment –
IsService true
Variation –
Possible Errors 0 E_OK Operation successful
1 E_NOT_OK Operation failed

Operation EraseBlock
Comment Service to erase a NV block.
Mapped to API NvM_EraseNvBlock
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass3;

Possible Errors E_OK

E_NOT_OK

Operation GetDataIndex
Comment Service for getting the currently set DataIndex of a dataset NVRAM block
Mapped to API NvM_GetDataIndex
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
WHERE
isConfigClass2;

Parameters DataIndex
Type uint8
Direction OUT
Comment –
Variation –
Possible Errors E_OK
E_NOT_OK

Operation GetErrorStatus
Comment Service to read the block dependent error/status information.
Mapped to API NvM_GetErrorStatus
Variation –
Parameters RequestResult
Type NvM_RequestResultType
Direction OUT
Comment –
Variation –
5

136 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Possible Errors E_OK
E_NOT_OK

Operation InvalidateNvBlock
Comment Service to invalidate a NV block.
Mapped to API NvM_InvalidateNvBlock
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass3;

Possible Errors E_OK

E_NOT_OK

Operation ReadBlock
Comment Service to copy the data of the NV block to its corresponding RAM block.
Mapped to API NvM_ReadBlock
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass2 OR isConfigClass3;

Parameters DstPtr
Type VoidPtr
Direction IN
Comment The parameter "DstPtr" shall be typed by an ImplementationDataType of
category DATA_REFERENCE with the pointer target void to pass an address
(pointer) to the RAM Block.
Variation –
Possible Errors E_OK
E_NOT_OK

Operation ReadPRAMBlock
Comment –
Mapped to API –
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass2 OR isConfigClass3;

Possible Errors E_OK

E_NOT_OK

Operation RestoreBlockDefaults
Comment Service to restore the default data to its corresponding RAM block.
Mapped to API NvM_RestoreBlockDefaults
5

137 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass2 OR isConfigClass3;

Parameters DstPtr
Type VoidPtr
Direction IN
Comment The parameter "DstPtr" shall be typed by an ImplementationDataType of
category DATA_REFERENCE with the pointer target void to pass an address
(pointer) to the RAM Block.
Variation –
Possible Errors E_OK
E_NOT_OK

Operation RestorePRAMBlockDefaults
Comment –
Mapped to API –
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass2 OR isConfigClass3;

Possible Errors E_OK

E_NOT_OK

Operation SetDataIndex
Comment Service for setting the DataIndex of a dataset NVRAM block.
Mapped to API NvM_SetDataIndex
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
blockMgmTypes = ECV.subEltList("NvM/NvMBlockDescriptor/
NvMBlockManagementType");
isMgd(mgmtType) = mgmtType.value() == "NVM_BLOCK_DATASET";
datasetMgdCount = blockMgmTypes.filter(isMgd).count();
WHERE
(isConfigClass2 OR isConfigClass3) AND (datasetMgdCount GT 0);

Parameters DataIndex
Type uint8
Direction IN
Comment –
Variation –
Possible Errors E_OK
E_NOT_OK

138 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Operation SetRamBlockStatus
Comment Service for setting the RAM block status of an NVRAM block.
Mapped to API NvM_SetRamBlockStatus
Variation LET
nvmBlockUseSetRamBlockStatus = ECV.subEltList("NvM/
NvMBlockDescriptor/NvMBlockUseSetRamBlockStatus");
useSetRamBlockStatus(useApi) = useApi.value() == true;
useSetRamBlockStatusCount = nvmBlockUseSetRamBlockStatus.filter(
useSetRamBlockStatus).count();
WHERE
(useSetRamBlockStatusCount GT 0);

Parameters BlockChanged
Type boolean
Direction IN
Comment –
Variation –
Possible Errors E_OK
E_NOT_OK

Operation WriteBlock
Comment Service to copy the data of the RAM block to its corresponding NV block.
Mapped to API NvM_WriteBlock
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass2 OR isConfigClass3;

Parameters SrcPtr
Type ConstVoidPtr
Direction IN
Comment The parameter "SrcPtr" shall be typed by an ImplementationDataType of
category DATA_REFERENCE with the pointer target void to pass an address
(pointer) to the RAM Block.
Variation –
Possible Errors E_OK
E_NOT_OK

Operation WritePRAMBlock
Comment –
Mapped to API –
Variation FOR
configClass : ECV.subEltList("NvM/NvMCommon/NvMApiConfigClass");
LET
isConfigClass2 = configClass.value() == "NVM_API_CONFIG_CLASS_2";
isConfigClass3 = configClass.value() == "NVM_API_CONFIG_CLASS_3";
WHERE
isConfigClass2 OR isConfigClass3;

Possible Errors E_OK

E_NOT_OK

c()

139 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7.2 Implementation Data Types

Note: The header Rte_NvM_Type.h is only available in case there is a SwComponent

Type with ShortName or component type symbol ’NvM’ (see [SWS_Rte_07122]). This
SwComponent has to use the needed types (see [SWS_Rte_08802]). This means that
especially in systems where only NvBlockSwComponents are present, there needs to
be an additional, minimalistic SwComponentType named NvM referencing the required
data types by an IncludedDataTypeSet.

8.7.2.1 ImplementationDataType NvM_RequestResultType

[SWS_NvM_00470] d
Name NvM_RequestResultType
Kind Type
Derived from uint8
Range NVM_REQ_OK 0x00 The last asynchronous request
has been finished successfully.
This shall be the default value
after reset. This status shall have
the value 0.
NVM_REQ_NOT_OK 0x01 The last asynchronous read/write/
control request has been finished
unsuccessfully.
NVM_REQ_PENDING 0x02 An asynchronous read/write/
control request is currently
pending.
NVM_REQ_INTEGRITY_ 0x03 The result of the last
FAILED asynchronous request
NvM_ReadBlock or NvM_ReadAll
is a data integrity failure.
Note: In case of
NvM_ReadBlock
the content of the RAM block has
changed but has become invalid.
The application is responsible to
renew and validate the RAM block
content.
NVM_REQ_BLOCK_ 0x04 The referenced block was skipped
SKIPPED during execution of NvM_ReadAll
or NvM_WriteAll, e.g. Dataset
NVRAM blocks (NvM_ReadAll) or
NVRAM blocks without a
permanently configured RAM
block.
NVM_REQ_NV_ 0x05 The referenced NV block is
INVALIDATED invalidated.
5

140 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
NVM_REQ_CANCELED 0x06 The multi block request NvM_
WriteAll was canceled by calling
NvM_CancelWriteAll. Or Any
single block job request (NvM_
ReadBlock, NvM_WriteBlock, Nv
M_EraseNvBlock, NvM_Invalidate
NvBlock and NvM_RestoreBlock
Defaults) was canceled by calling
NvM_CancelJobs.
NVM_REQ_RESTORED_ 0x08 The referenced NV block had the
DEFAULTS default values copied to the RAM
image.
Description This is an asynchronous request result returned by the API service NvM_GetErrorStatus. The
availability of an asynchronous request result can be additionally signaled via a callback function.
Variation –
Available via Rte_NvM_Type.h

c()

8.7.2.2 ImplementationDataType NvM_BlockIdType

[SWS_NvM_00471] d
Name NvM_BlockIdType
Kind Type
Derived from uint16
Range 0..2ˆ(16- NvMDataset – –
SelectionBits)-1
Description Identification of a NVRAM block via a unique block identifier.
Reserved NVRAM block IDs: 0 -> to derive multi block request results via NvM_GetErrorStatus 1
-> redundant NVRAM block which holds the configuration ID
Variation –
Available via Rte_NvM_Type.h

c()

8.7.2.3 ImplementationDataType NvM_InitBlockRequestType

[SWS_NvM_91123] d
Name NvM_InitBlockRequestType
Kind Type
Derived from uint8
Range NVM_INIT_READ_BLOCK 0x00 NvM_ReadBlock/ NvM_Read
PRAMBlock is requested on the
block
5

141 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
NVM_INIT_RESTORE_ 0x01 NvM_RestoreBlockDefaults/ Nv
BLOCK_DEFAULTS M_RestorePRAMBlockDefaults is
requested on the block
NVM_INIT_READ_ALL_ 0x02 NvM_ReadAll is processing this
BLOCK block
NVM_INIT_FIRST_INIT_ 0x03 NvM_FirstInitAll is processing this
ALL block
Description Identifies the type of request performed on a block when signaled via the callback function
Variation –
Available via Rte_NvM_Type.h

c()

8.7.2.4 ImplementationDataType NvM_BlockRequestType

[SWS_NvM_91002] d
Name NvM_BlockRequestType
Kind Type
Derived from uint8
Range NVM_READ_BLOCK 0x00 NvM_ReadBlock/ NvM_Read
PRAMBlock was performed on
the block
NVM_WRITE_BLOCK 0x01 NvM_WriteBlock/ NvM_Write
PRAMBlock was performed on
the block
NVM_RESTORE_BLOCK_ 0x02 NvM_RestoreBlockDefaults/ Nv
DEFAULTS M_RestorePRAMBlockDefaults
was performed on the block
NVM_ERASE_NV_BLOCK 0x03 NvM_EraseNvBlock was
performed on the block
NVM_INVALIDATE_NV_ 0x04 NvM_InvalidateNvBlock was
BLOCK performed on the block
NVM_READ_ALL_BLOCK 0x05 NvM_ReadAll has finished
processing this block
Description Identifies the type of request performed on a block when signaled via the callback function
Variation –
Available via Rte_NvM_Type.h

c() Note: Calling the single block callback with NVM_READ_ALL_BLOCK can be used
to trigger an RTE Event that initializes a SW-C (see note below SWS_NvM_00281) as
opposed to calling the single block callback with NVM_READ_BLOCK which is used to
notify an already initialized SW-C of the result of a pending read block job. Therefore
separate literals/values are specified.

142 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7.3 Ports

8.7.3.1 NvM_PAdmin_{Block}

[SWS_NvM_00843] d
Name PAdmin_{Block}
Kind ProvidedPort Interface NvMAdmin
Description –
Port Defined Type NvM_BlockIdType
Argument Value(s)
Value FOR
nvBlockDescriptor : ECV.subEltList("NvM/
NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
BlockId = nvBlockDescriptor.subElt("
NvMNvramBlockIdentifier").value();

Variation FOR
nvBlockDescriptor : ECV.subEltList("NvM/NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
UsePort = nvBlockDescriptor.subElt("NvMBlockUsePort").value() == true;
WHERE
UsePort;

c()

8.7.3.2 NvM_PM_{Block}

[SWS_NvM_00844] d
Name PM_{Block}
Kind RequiredPort Interface NvMMirror
Description –
Variation FOR
nvBlockDescriptor : ECV.subEltList("NvM/NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
UsePort = nvBlockDescriptor.subElt("NvMBlockUsePort").value()
== true;
UsePortSyncMech = nvBlockDescriptor.subElt("NvMBlockUseSyncMechanism")
.value() == true;
WHERE
UsePort AND UsePortSyncMech;

c()

143 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7.3.3 NvM_PNIB_{Block}

[SWS_NvM_00845] d
Name PNIB_{Block}
Kind RequiredPort Interface NvMNotifyInitBlock
Description –
Variation FOR
nvBlockDescriptor : ECV.subEltList("NvM/NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
UsePort = nvBlockDescriptor.subElt("NvMBlockUsePort").
value() == true;
InitBlockCallbackDef = nvBlockDescriptor.subElt("
NvMInitBlockCallback").isDefined();
InitBlockCallbackFncDef = nvBlockDescriptor.subElt("
NvMInitBlockCallback/NvMInitBlockCallbackFnc").isDefined();
WHERE
UsePort AND InitBlockCallbackDef AND NOT InitBlockCallbackFncDef;

c()

8.7.3.4 NvM_PNJF_{Block}

[SWS_NvM_00846] d
Name PNJF_{Block}
Kind RequiredPort Interface NvMNotifyJobFinished
Description –
Variation FOR
nvBlockDescriptor : ECV.subEltList("NvM/NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
UsePort = nvBlockDescriptor.subElt("NvMBlockUsePort").
value() == true;
SingleBlockCallbackDef = nvBlockDescriptor.subElt("
NvMSingleBlockCallback").isDefined();
SingleBlockCallbackFncDef = nvBlockDescriptor.subElt("
NvMSingleBlockCallback/NvMSingleBlockCallbackFnc").isDefined();
WHERE
UsePort AND SingleBlockCallbackDef AND NOT SingleBlockCallbackFncDef;

c()

144 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

8.7.3.5 NvM_PS_{Block}

[SWS_NvM_00847] d
Name PS_{Block}
Kind ProvidedPort Interface NvMService
Description –
Port Defined Type NvM_BlockIdType
Argument Value(s)
Value FOR
nvBlockDescriptor : ECV.subEltList("NvM/
NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
BlockId = nvBlockDescriptor.subElt("
NvMNvramBlockIdentifier").value();

Variation FOR
nvBlockDescriptor : ECV.subEltList("NvM/NvMBlockDescriptor");
LET
Block = nvBlockDescriptor.shortname();
UsePort = nvBlockDescriptor.subElt("NvMBlockUsePort").value() == true;
WHERE
UsePort;

c()

145 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

9 Sequence diagrams

9.1 Synchronous calls

9.1.1 NvM_Init

Figure 9.1: UML sequence diagram NvM_Init

9.1.2 NvM_SetDataIndex

Figure 9.2: UML sequence diagram NvM_SetDataIndex

146 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

9.1.3 NvM_GetDataIndex

Figure 9.3: UML sequence diagram NvM_GetDataIndex

9.1.4 NvM_SetBlockProtection

Figure 9.4: UML sequence diagram NvM_SetBlockProtection

147 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

9.1.5 NvM_GetErrorStatus

Figure 9.5: UML sequence diagram NvM_GetErrorStatus

9.1.6 NvM_GetVersionInfo

Figure 9.6: UML sequence diagram NvM_GetVersionInfo

9.2 Asynchronous calls

The following sequence diagrams concentrate on the interaction between the NvM
module and SW-C’s or the BSW Mode Manager. For interaction regarding the Memory
Interface please ref. to [4] or [5].

9.2.1 Asynchronous call with polling

The following diagram shows the function NvM_WriteBlock as an example of a request

that is performed asynchronously. The sequence for all other asynchronous functions

148 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

is the same, only the processed number of blocks and the block types may vary. The
result of the asynchronous function is obtained by polling requests to the error/status
information.

Figure 9.7: UML sequence diagram for asynchronous call with polling

9.2.2 Asynchronous call with callback

The following diagram shows the function NvM_WriteBlock as an example of a request

that is performed asynchronously. The sequence for all other asynchronous functions
is the same, only the processed number of blocks and the block types may vary. The
result of the asynchronous function is obtained after an asynchronous notification (call-
back) by requesting the error/status information.

149 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 9.8: UML sequence diagram for asynchronous call with callback

9.2.3 Cancellation of a Multi Block Request

The following diagram shows the effect of a cancel operation applied to a running NvM_
WriteAll multi block request. The running NvM_WriteAll function completes the actual
NVRAM block and stops further writes.

150 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 9.9: UML sequence diagram for cancellation of asynchronous call

9.2.4 BswM Interraction

The following diagrams show the interractions between NvM and BswM in terms of
single block operation and multiblock operation.

151 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 9.10: NvM interraction with BswM in case of a single block operation

152 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 9.11: NvM interraction with BswM for a multiblock operation

153 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 9.12: NvM interraction with BswM in case of a WriteAll cancellation

154 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Figure 9.13: NvM interraction with BswM in case of a single block cancellation

155 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

10 Configuration specification
In general, this chapter defines configuration parameters and their clustering into con-
tainers. In order to support the specification Chapter 10.1 describes fundamentals.
It also specifies a template (table) you shall use for the parameter specification. We
intend to leave Chapter 10.1 in the specification to guarantee comprehension.
Chapter 10.2 specifies the structure (containers) and the parameters of the module
NvM.
Chapter 10.3 specifies published information of the module NvM.

10.1 How to read this chapter

For details refer to the chapter 10.1 “Introduction to configuration specification” in
SWS_BSWGeneral. [ref. to doc. [2]]

10.2 Containers and configuration parameters

The following chapters summarize all configuration parameters. The detailed meanings
of the parameters describe Chapter 7 and Chapter 8.

Figure 10.1: Containers and configuration parameters

156 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

10.2.1 NvM

SWS Item [ECUC_NvM_00539]

Module Name NvM
Description Configuration of the NvM (NvRam Manager) module.
Post-Build Variant Support false
Supported Config Variants VARIANT-LINK-TIME, VARIANT-PRE-COMPILE

Included Containers
Container Name
NvMBlockCiphering
NvMBlockDescriptor
NvMCommon
NvmDemEventParameterRefs
Multiplicity Scope / Dependency
0..65535 Container for a chiphering of the Block.
Tags: atp.Status=draft
1..65536 Container for a management structure to configure the
composition of a given NVRAM Block Management Type. Its
multiplicity describes the number of configured NVRAM blocks,
one block is required to be configured. The NVRAM block
descriptors are condensed in the NVRAM block descriptor table.
1 Container for common configuration options.
0..1 Container for the references to DemEventParameter elements
which shall be invoked using the API Dem_SetEventStatus in
case the corresponding error occurs. The EventId is taken from
the referenced DemEventParameter’s DemEventId symbolic
value. The standardized errors are provided in this container and
can be extended by vendor-specific error references.

10.2.2 NvMCommon

SWS Item [ECUC_NvM_00028]

Container Name NvMCommon
Parent Container NvM
Description Container for common configuration options.
Configuration Parameters

SWS Item [ECUC_NvM_00491]

Parameter Name NvMApiConfigClass
Parent Container NvMCommon
Description Preprocessor switch to enable some API calls which are related to NVM API
configuration classes.
Multiplicity 1
Type EcucEnumerationParamDef
Range NVM_API_CONFIG_CLASS_1 All API calls belonging to configuration class 1
are available.
NVM_API_CONFIG_CLASS_2 All API calls belonging to configuration class 2
are available.
NVM_API_CONFIG_CLASS_3 All API calls belonging to configuration class 3
are available.
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
5

157 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00550]

Parameter Name NvMBswMMultiBlockJobStatusInformation
Parent Container NvMCommon
Description This parameter specifies whether BswM is informed about the current status of the
multiblock job.
True: call BswM_NvM_CurrentJobMode if ReadAll and WriteAll are started, finished,
canceled False: do not inform BswM at all
Multiplicity 1
Type EcucBooleanParamDef
Default value true
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00492]

Parameter Name NvMCompiledConfigId
Parent Container NvMCommon
Description Configuration ID regarding the NV memory layout. This configuration ID shall be
published as e.g. a SW-C shall have the possibility to write it to NV memory.
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 65535
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00493]

Parameter Name NvMCrcNumOfBytes
Parent Container NvMCommon
Description If CRC is configured for at least one NVRAM block, this parameter defines the
maximum number of bytes which shall be processed within one cycle of job processing.
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 65535
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
5

158 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00572]

Parameter Name NvMCsmRetryCounter
Parent Container NvMCommon
Description This value specifies the number of CSM encryption/decryption job retry attempts.
CSM jobs for block reading and writing may fail (e.g. module busy, queue full, ...). To
not directly abort the read/write with an error status, the NvM will retry the CSM job for
the configured NvMCsmRetryCounter times.
Configuring 0 means: no retry behavior; job will be aborted directly.
Tags: atp.Status=draft
Multiplicity 0..1
Type EcucIntegerParamDef
Range 0 .. 255
Default value 0
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00494]

Parameter Name NvMDatasetSelectionBits
Parent Container NvMCommon
Description Defines the number of least significant bits which shall be used to address a certain
dataset of a NVRAM block within the interface to the memory hardware abstraction.
0..8: Number of bits which are used for dataset or redundant block addressing.
0: No dataset or redundant NVRAM blocks are configured at all, no selection bits
required.
1: In case of redundant NVRAM blocks are configured, but no dataset NVRAM blocks.
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 8
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: MemHwA, NVM_NVRAM_BLOCK_IDENTIFIER, NVM_BLOCK_
MANAGEMENT_TYPE

SWS Item [ECUC_NvM_00495]

Parameter Name NvMDevErrorDetect
Parent Container NvMCommon
Description Switches the development error detection and notification on or off.
• true: detection and notification is enabled.
• false: detection and notification is disabled.
Multiplicity 1
5

159 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00497]

Parameter Name NvMDynamicConfiguration
Parent Container NvMCommon
Description Preprocessor switch to enable the dynamic configuration management handling by the
NvM_ReadAll request.
true: Dynamic configuration management handling enabled. false: Dynamic
configuration management handling disabled.
This parameter affects all NvM processing related to Block with ID 1 and all processing
related to Resistant to Changed Software. If the Dynamic Configuration is disabled,
Block 1 cannot be used by NvM.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00498]

Parameter Name NvMJobPrioritization
Parent Container NvMCommon
Description Preprocessor switch to enable job prioritization handling
true: Job prioritization handling enabled. false: Job prioritization handling disabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00555]

Parameter Name NvMMainFunctionPeriod
Parent Container NvMCommon
Description The period between successive calls to the main function in seconds.
Multiplicity 1
Type EcucFloatParamDef
Range ]0 .. INF[
5

160 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00500]

Parameter Name NvMMultiBlockCallback
Parent Container NvMCommon
Description Entry address of the common callback routine which shall be invoked on termination of
each asynchronous multi block request
Multiplicity 0..1
Type EcucFunctionNameDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00501]

Parameter Name NvMPollingMode
Parent Container NvMCommon
Description Preprocessor switch to enable/disable the polling mode in the NVRAM Manager and at
the same time disable/enable the callback functions useable by lower layers
true: Polling mode enabled, callback function usage disabled. false: Polling mode
disabled, callback function usage enabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00518]

Parameter Name NvMRepeatMirrorOperations
Parent Container NvMCommon
Description Defines the number of retries to let the application copy data to or from the NvM
module’s mirror before postponing the current job.
Multiplicity 1
5

161 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Type EcucIntegerParamDef
Range 0 .. 7
Default value 0
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00502]

Parameter Name NvMSetRamBlockStatusApi
Parent Container NvMCommon
Description Preprocessor switch to enable the API NvM_SetRamBlockStatus.
true: API NvM_SetRamBlockStatus enabled. false: API NvM_SetRamBlockStatus
disabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00503]

Parameter Name NvMSizeImmediateJobQueue
Parent Container NvMCommon
Description Defines the number of queue entries for the immediate priority job queue. If NVM_
JOB_PRIORITIZATION is switched OFF this parameter shall be out of scope.
Multiplicity 0..1
Type EcucIntegerParamDef
Range 1 .. 65535
Default value –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: NVM_JOB_PRIORITIZATION

SWS Item [ECUC_NvM_00504]

Parameter Name NvMSizeStandardJobQueue
Parent Container NvMCommon
5

162 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description Defines the number of queue entries for the standard job queue.
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 65535
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00505]

Parameter Name NvMVersionInfoApi
Parent Container NvMCommon
Description Pre-processor switch to enable / disable the API to read out the modules version
information].
true: Version info API enabled. false: Version info API disabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00573]

Parameter Name NvMBufferAlignmentValue
Parent Container NvMCommon
Description Parameter determines the alignment of the start address that NvM buffers need to
have.
Value shall be inherited from EaBufferAlignmentValue or FeeBufferAlignmentValue.
Tags: atp.Status=draft
Multiplicity 1
Type Choice reference to [ EaGeneral, FeeGeneral ]
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00565]

Parameter Name NvMEcucPartitionRef
Parent Container NvMCommon
Description Maps the NvM to one or multiple ECUC partitions to make its C-APIs available in the
according partition.
Multiplicity 1..*
Type Reference to EcucPartition
5

163 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00566]

Parameter Name NvMMasterEcucPartitionRef
Parent Container NvMCommon
Description Maps the NvM master to zero or one ECUC partition to assign the master functionality
to a certain core. The ECUC partition referenced is a subset of the ECUC partitions
where the NvM is mapped to.
Multiplicity 0..1
Type Reference to EcucPartition
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

No Included Containers

[SWS_NvM_CONSTR_00974] dThe ECUC partition referenced by NvMMasterEcuc

PartitionRef shall be within the subset of the ECUC partitions referenced by NvMEcuc
PartitionRef.c()
[SWS_NvM_CONSTR_00975] dIf NvMEcucPartitionRef references one or more
ECUC partitions, NvMMasterEcucPartitionRef shall have a multiplicity of one and ref-
erence one of these ECUC partitions as well.c()

10.2.3 NvMBlockDescriptor

SWS Item [ECUC_NvM_00061]

Container Name NvMBlockDescriptor
Parent Container NvM
Description Container for a management structure to configure the composition of a given NVRAM
Block Management Type. Its multiplicity describes the number of configured NVRAM
blocks, one block is required to be configured. The NVRAM block descriptors are
condensed in the NVRAM block descriptor table.
Configuration Parameters

SWS Item [ECUC_NvM_00476]

Parameter Name NvMBlockCrcType
Parent Container NvMBlockDescriptor
Description Defines CRC data width for the NVRAM block. Default: NVM_CRC16, i.e. CRC16 will
be used if NVM_BLOCK_USE_CRC==true
Multiplicity 0..1
Type EcucEnumerationParamDef
5

164 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Range NVM_CRC16 (Default) CRC16 will be used if NVM_BLOCK_
USE_CRC==true.
NVM_CRC32 CRC32 is selected for this NVRAM block if NVM_
BLOCK_USE_CRC==true.
NVM_CRC8 CRC8 is selected for this NVRAM block if NVM_
BLOCK_USE_CRC==true.
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: NVM_BLOCK_USE_CRC, NVM_CALC_RAM_BLOCK_CRC

SWS Item [ECUC_NvM_00554]

Parameter Name NvMBlockHeaderInclude
Parent Container NvMBlockDescriptor
Description Defines the header file where the owner of the NVRAM block has the declarations of
the permanent RAM data block, ROM data block (if configured) and the callback
function prototype for each configured callback. If no permanent RAM block, ROM
block or callback functions are configured then this configuration parameter shall be
ignored.
Multiplicity 0..1
Type EcucStringParamDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00477]

Parameter Name NvMBlockJobPriority
Parent Container NvMBlockDescriptor
Description Defines the job priority for a NVRAM block (0 = Immediate priority).
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 255
Default value –
Post-Build Variant Value false
5

165 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00062]

Parameter Name NvMBlockManagementType
Parent Container NvMBlockDescriptor
Description Defines the block management type for the NVRAM block.[SWS_NvM_00137]
Multiplicity 1
Type EcucEnumerationParamDef
Range NVM_BLOCK_DATASET NVRAM block is configured to be of dataset type.
NVM_BLOCK_NATIVE NVRAM block is configured to be of native type.
NVM_BLOCK_REDUNDANT NVRAM block is configured to be of redundant
type.
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00557]

Parameter Name NvMBlockUseAutoValidation
Parent Container NvMBlockDescriptor
Description Defines whether the RAM Block shall be auto validated during shutdown phase.
true: if auto validation mechanism is used, false: otherwise
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00563]

Parameter Name NvMBlockUseCompression
Parent Container NvMBlockDescriptor
Description Defines whether the data is compressed before written. true: data compression
activated (takes more time to read and write) false: no compression
Tags: atp.Status=draft
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
5

166 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00036]

Parameter Name NvMBlockUseCrc
Parent Container NvMBlockDescriptor
Description Defines CRC usage for the NVRAM block, i.e. memory space for CRC is reserved in
RAM and NV memory.
true: CRC will be used for this NVRAM block. false: CRC will not be used for this
NVRAM block.
Note: Configuring CRC for a block with immediate priority is not recommended, since
the CRC calculation may extend over more than one NvM main function and this could
increase the time of writing the immediate data significantly, thus defeating the purpose
of immediate priority.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00556]

Parameter Name NvMBlockUseCRCCompMechanism
Parent Container NvMBlockDescriptor
Description Defines whether the CRC of the RAM Block shall be compared during a write job with
the CRC which was calculated during the last successful read or write job.
true: if compare mechanism is used, false: otherwise
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: False if NvMBlockUseCrc = False

SWS Item [ECUC_NvM_00559]

Parameter Name NvMBlockUsePort
Parent Container NvMBlockDescriptor
5

167 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description If this parameter is true it defines whether:
• the port with interface ’NvMMirror’ for synchronization mechanism callbacks
are generated if the parameter NvMBlockUseSyncMechanism is configured
TRUE;
• the port with interface ’NvMNotifyInitBlock’ for initialization block callback is
generated if NvMInitBlockCallback parameter is configured (independent of the
content);
• the port with interface ’NvMNotifyJobFinished’ for single block callback is
generated if NvMSingleBlockCallback parameter is configured (independent of
the content);
• the port with interface ’NvMAdmin’ for SetBlockProtection operation is
generated.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00552]

Parameter Name NvMBlockUseSetRamBlockStatus
Parent Container NvMBlockDescriptor
Description Defines if NvMSetRamBlockStatusApi shall be used for this block or not.
Note: If NvMSetRamBlockStatusApi is disabled this configuration parameter shall be
ignored.
true: calling of NvMSetRamBlockStatus for this RAM block shall set the status of the
RAM block.
false: calling of NvMSetRamBlockStatus for this RAM block shall be ignored.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00519]

Parameter Name NvMBlockUseSyncMechanism
Parent Container NvMBlockDescriptor
Description Defines whether an explicit synchronization mechanism with a RAM mirror and callback
routines for transferring data to and from NvM module’s RAM mirror is used for NV
block. true if synchronization mechanism is used, false otherwise.
Multiplicity 1
Type EcucBooleanParamDef
5

168 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00033]

Parameter Name NvMBlockWriteProt
Parent Container NvMBlockDescriptor
Description Defines an initial write protection of the NV block
true: Initial block write protection is enabled. false: Initial block write protection is
disabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00551]

Parameter Name NvMBswMBlockStatusInformation
Parent Container NvMBlockDescriptor
Description This parameter specifies whether BswM is informed about the current status of the
specified block.
True: Call BswM_NvM_CurrentBlockMode on changes False: Don’t inform BswM at all
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00119]

Parameter Name NvMCalcRamBlockCrc
Parent Container NvMBlockDescriptor
Description Defines CRC (re)calculation for the permanent RAM block or NVRAM blocks which are
configured to use explicit synchronization mechanism.
true: CRC will be (re)calculated for this permanent RAM block. false: CRC will not be
(re)calculated for this permanent RAM block.
Multiplicity 0..1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Multiplicity false
5

169 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: NVM_BLOCK_USE_CRC

SWS Item [ECUC_NvM_00533]

Parameter Name NvMMaxNumOfReadRetries
Parent Container NvMBlockDescriptor
Description Defines the maximum number of read retries.
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 7
Default value 0
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00499]

Parameter Name NvMMaxNumOfWriteRetries
Parent Container NvMBlockDescriptor
Description Defines the maximum number of write retries for a NVRAM block with
[ECUC_NvM_00061]. Regardless of configuration a consistency check (and maybe
write retries) are always forced for each block which is processed by the request NvM_
WriteAll and NvM_WriteBlock.
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 7
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00478]

Parameter Name NvMNvBlockBaseNumber
Parent Container NvMBlockDescriptor
5

170 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description Configuration parameter to perform the link between the NVM_NVRAM_BLOCK_
IDENTIFIER used by the SW-Cs and the FEE_BLOCK_NUMBER expected by the
memory abstraction modules. The parameter value equals the FEE_BLOCK_
NUMBER or EA_BLOCK_NUMBER shifted to the right by NvMDatasetSelectionBits
bits. (ref. to chapter 7.1.2.1).
Calculation Formula: value = TargetBlockReference.[Ea/Fee]BlockConfiguration.[Ea/
Fee]BlockNumber >> NvMDatasetSelectionBits
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 65534
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: FEE_BLOCK_NUMBER, EA_BLOCK_NUMBER

SWS Item [ECUC_NvM_00479]

Parameter Name NvMNvBlockLength
Parent Container NvMBlockDescriptor
Description Defines the NV block data length in bytes.
Note: The implementer can add the attribute ’withAuto’ to the parameter definition
which indicates that the length can be calculated by the generator automatically (e.g.
by using a parser that searches and analyzes the data structure corresponding to the
block). When ’withAuto’ is set to ’true’ for this parameter definition the ’isAutoValue’ can
be set to ’true’. If ’isAutoValue’ is set to ’true’ the actual value will not be considered
during ECU Configuration but will be (re-)calculated by the code generator and stored
in the value attribute afterwards.
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 65535
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00480]

Parameter Name NvMNvBlockNum
Parent Container NvMBlockDescriptor
Description Defines the number of multiple NV blocks in a contiguous area according to the given
block management type.
1-255 For NVRAM blocks to be configured of block management type NVM_BLOCK_
DATASET. The actual range is limited according to SWS_NvM_00444.
1 For NVRAM blocks to be configured of block management type NVM_BLOCK_
NATIVE
2 For NVRAM blocks to be configured of block management type NVM_BLOCK_
REDUNDANT
5

171 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 255
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: NVM_BLOCK_MANAGEMENT_TYPE

SWS Item [ECUC_NvM_00481]

Parameter Name NvMNvramBlockIdentifier
Parent Container NvMBlockDescriptor
Description Identification of a NVRAM block via a unique block identifier.
Implementation Type: NvM_BlockIdType.
min = 2 max = 2ˆ(16- NVM_DATASET_SELECTION_BITS)-1
Reserved NVRAM block IDs: 0 -> to derive multi block request results via NvM_Get
ErrorStatus 1 -> redundant NVRAM block which holds the configuration ID (generation
tool should check that this block is correctly configured from type,CRC and size point of
view)
Multiplicity 1
Type EcucIntegerParamDef (Symbolic Name generated for this parameter)
Range 2 .. 65535
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local
dependency: NVM_DATASET_SELECTION_BITS

SWS Item [ECUC_NvM_00035]

Parameter Name NvMNvramDeviceId
Parent Container NvMBlockDescriptor
Description Defines the NVRAM device ID where the NVRAM block is located.
Calculation Formula: value = TargetBlockReference.[Ea/Fee]DeviceIndex
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 1
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: EA_DEVICE_INDEX, FEE_DEVICE_INDEX

172 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

SWS Item [ECUC_NvM_00482]

Parameter Name NvMRamBlockDataAddress
Parent Container NvMBlockDescriptor
Description Defines the start address of the RAM block data.
If this is not configured, no permanent RAM data block is available for the selected
block management type.
Multiplicity 0..1
Type EcucStringParamDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00521]

Parameter Name NvMReadRamBlockFromNvCallback
Parent Container NvMBlockDescriptor
Description Entry address of a block specific callback routine which shall be called in order to let
the application copy data from the NvM module’s mirror to RAM block. Implementation
type: Std_ReturnType
E_OK: copy was successful E_NOT_OK: copy was not successful, callback routine to
be called again
Multiplicity 0..1
Type EcucFunctionNameDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00483]

Parameter Name NvMResistantToChangedSw
Parent Container NvMBlockDescriptor
5

173 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description Defines whether a NVRAM block shall be treated resistant to configuration changes or
not. If there is no default data available at configuration time then the application shall
be responsible for providing the default initialization data. In this case the application
has to use NvM_GetErrorStatus()to be able to distinguish between first initialization
and corrupted data.
true: NVRAM block is resistant to changed software. false: NVRAM block is not
resistant to changed software.
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00484]

Parameter Name NvMRomBlockDataAddress
Parent Container NvMBlockDescriptor
Description Defines the start address of the ROM block data.
If not configured, no ROM block is available for the selected block management type.
Multiplicity 0..1
Type EcucStringParamDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00485]

Parameter Name NvMRomBlockNum
Parent Container NvMBlockDescriptor
Description Defines the number of multiple ROM blocks in a contiguous area according to the given
block management type.
0-254 For NVRAM blocks to be configured of block management type NVM_BLOCK_
DATASET. The actual range is limited according to SWS_NvM_00444.
0-1 For NVRAM blocks to be configured of block management type NVM_BLOCK_
NATIVE
0-1 For NVRAM blocks to be configured of block management type NVM_BLOCK_
REDUNDANT
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 254
5

174 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: NVM_BLOCK_MANAGEMENT_TYPE, NVM_NV_BLOCK_NUM

SWS Item [ECUC_NvM_00558]

Parameter Name NvMSelectBlockForFirstInitAll
Parent Container NvMBlockDescriptor
Description Defines whether a block will be processed or not by NvM_FirstInitAll. A block can be
configured to be processed even if it doesn’t have permanent RAM and/or explicit
synchronization.
TRUE: block will be processed by NvM_FirstInitAll
FALSE: block will not be processed by NvM_FirstInitAll
Multiplicity 0..1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00117]

Parameter Name NvMSelectBlockForReadAll
Parent Container NvMBlockDescriptor
Description Defines whether a NVRAM block shall be processed during NvM_ReadAll or not. This
configuration parameter has only influence on those NVRAM blocks which are
configured to have a permanent RAM block or which are configured to use explicit
synchronization mechanism.
true: NVRAM block shall be processed by NvM_ReadAll false: NVRAM block shall not
be processed by NvM_ReadAll
Multiplicity 0..1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
5

175 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Scope / Dependency scope: local
dependency: NVM_RAM_BLOCK_DATA_ADDRESS

SWS Item [ECUC_NvM_00549]

Parameter Name NvMSelectBlockForWriteAll
Parent Container NvMBlockDescriptor
Description Defines whether a NVRAM block shall be processed during NvM_WriteAll or not. This
configuration parameter has only influence on those NVRAM blocks which are
configured to have a permanent RAM block or which are configured to use explicit
synchronization mechanism.
true: NVRAM block shall be processed by NvM_WriteAll false: NVRAM block shall not
be processed by NvM_WriteAll
Multiplicity 0..1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local
dependency: NVM_RAM_BLOCK_DATA_ADDRESS

SWS Item [ECUC_NvM_00532]

Parameter Name NvMStaticBlockIDCheck
Parent Container NvMBlockDescriptor
Description Defines if the Static Block ID check is enabled.
false: Static Block ID check is disabled. true: Static Block ID check is enabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00072]

Parameter Name NvMWriteBlockOnce
Parent Container NvMBlockDescriptor
Description Defines write protection after first write. The NVRAM manager sets the write protection
bit either after the NV block was written the first time or if the block was already written
and it is detected as valid and consistent during a read for it.
true: Defines write protection after first write is enabled.
false: Defines write protection after first write is disabled.
5

176 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Multiplicity 1
Type EcucBooleanParamDef
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00520]

Parameter Name NvMWriteRamBlockToNvCallback
Parent Container NvMBlockDescriptor
Description Entry address of a block specific callback routine which shall be called in order to let
the application copy data from RAM block to NvM module’s mirror. Implementation
type: Std_ReturnType
E_OK: copy was successful E_NOT_OK: copy was not successful, callback routine to
be called again
Multiplicity 0..1
Type EcucFunctionNameDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00534]

Parameter Name NvMWriteVerification
Parent Container NvMBlockDescriptor
Description Defines if Write Verification is enabled.
false: Write verification is disabled. true: Write Verification is enabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

177 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

SWS Item [ECUC_NvM_00538]

Parameter Name NvMWriteVerificationDataSize
Parent Container NvMBlockDescriptor
Description Defines the number of bytes to compare in each step when comparing the content of a
RAM Block and a block read back.
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 65535
Default value –
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00567]

Parameter Name NvMBlockCipheringRef
Parent Container NvMBlockDescriptor
Description Reference to ciphering container.
If configured, NvM encrypt the data before storage and decrypt the data after restoring.
If empty, the NvM stores and restore the original user data.
Tags: atp.Status=draft
Multiplicity 0..1
Type Reference to NvMBlockCiphering
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local
dependency: Key will be located in RAM if this configuration item is not present.

SWS Item [ECUC_NvM_00564]

Parameter Name NvMBlockEcucPartitionRef
Parent Container NvMBlockDescriptor
Description Maps the NV block to zero or one ECUC partition to limit the access to this NV block.
The ECUC partition referenced is within the subset of the ECUC partitions where the
NvM is mapped to.
Multiplicity 0..1
Type Reference to EcucPartition
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

178 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

Included Containers
Container Name
NvMInitBlockCallback
NvMSingleBlockCallback
NvMTargetBlockReference
Multiplicity Scope / Dependency
0..1 The presence of this container indicates, that a block specific
callback routine is called if no ROM data is available for
initialization of the NVRAM block. If the container is not present,
no callback routine is called for initialization of the NVRAM block
with default data.
In case the container has a NvMInitBlockCallbackFnc, the NvM
will call this function.
In case there is no NvMInitBlockCallbackFnc, the NvM will have
an port PNIB_{Block}.
0..1 The presence of this container indicates, that the block specific
callback routine which shall be invoked on termination of each
asynchronous single block request [SWS_NvM_00113] If the
container is not present, no callback routine is called..
In case the container has a NvMSingleBlockCallbackFnc, the Nv
M will call this function.
In case there is no NvMSingleBlockCallbackFnc, the NvM will
have an port PNJF_{Block}.
1 This parameter is just a container for the parameters for EA and
FEE

[SWS_NvM_CONSTR_00972] dThe ECUC partition referenced by NvMBlockEcuc

PartitionRef shall be within the subset of the ECUC partitions referenced by NvMEcuc
PartitionRef.c()
[SWS_NvM_CONSTR_00973] dIf NvMEcucPartitionRef references two or more
ECUC partitions, NvMBlockEcucPartitionRef shall have a multiplicity one and refer-
ence one of these ECUC partitions as well.c()

10.2.4 NvMInitBlockCallback

SWS Item [ECUC_NvM_00561]

Container Name NvMInitBlockCallback
Parent Container NvMBlockDescriptor
Description The presence of this container indicates, that a block specific callback routine is called
if no ROM data is available for initialization of the NVRAM block. If the container is not
present, no callback routine is called for initialization of the NVRAM block with default
data.
In case the container has a NvMInitBlockCallbackFnc, the NvM will call this function.
In case there is no NvMInitBlockCallbackFnc, the NvM will have an port PNIB_{Block}.
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Configuration Parameters

SWS Item [ECUC_NvM_00116]

Parameter Name NvMInitBlockCallbackFnc
Parent Container NvMInitBlockCallback
5

179 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description Entry address of a block specific callback routine which shall be called if no ROM data
is available for initialization of the NVRAM block.
If not configured, no specific callback routine shall be called for initialization of the
NVRAM block with default data.
Multiplicity 0..1
Type EcucFunctionNameDef
Default value –
Regular Expression –
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

No Included Containers

10.2.5 NvMSingleBlockCallback

SWS Item [ECUC_NvM_00562]

Container Name NvMSingleBlockCallback
Parent Container NvMBlockDescriptor
Description The presence of this container indicates, that the block specific callback routine which
shall be invoked on termination of each asynchronous single block request
[SWS_NvM_00113] If the container is not present, no callback routine is called..
In case the container has a NvMSingleBlockCallbackFnc, the NvM will call this function.
In case there is no NvMSingleBlockCallbackFnc, the NvM will have an port
PNJF_{Block}.
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Configuration Parameters

SWS Item [ECUC_NvM_00506]

Parameter Name NvMSingleBlockCallbackFnc
Parent Container NvMSingleBlockCallback
Description Entry address of the block specific callback routine which shall be invoked on
termination of each asynchronous single block request [SWS_NvM_00113].
Multiplicity 0..1
Type EcucFunctionNameDef
Default value –
Regular Expression –
5

180 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

No Included Containers

10.2.6 NvMTargetBlockReference

SWS Item [ECUC_NvM_00486]

Choice Container Name NvMTargetBlockReference
Parent Container NvMBlockDescriptor
Description This parameter is just a container for the parameters for EA and FEE

Container Choices
Container Name Multiplicity Scope / Dependency
NvMEaRef 0..1 EEPROM Abstraction
NvMFeeRef 0..1 Flash EEPROM Emulation

10.2.7 NvMEaRef

SWS Item [ECUC_NvM_00487]

Container Name NvMEaRef
Parent Container NvMTargetBlockReference
Description EEPROM Abstraction
Configuration Parameters

SWS Item [ECUC_NvM_00488]

Parameter Name NvMNameOfEaBlock
Parent Container NvMEaRef
Description reference to EaBlock
Multiplicity 1
Type Symbolic name reference to EaBlockConfiguration
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
5

181 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Scope / Dependency scope: local

No Included Containers

10.2.8 NvMFeeRef

SWS Item [ECUC_NvM_00489]

Container Name NvMFeeRef
Parent Container NvMTargetBlockReference
Description Flash EEPROM Emulation
Configuration Parameters

SWS Item [ECUC_NvM_00490]

Parameter Name NvMNameOfFeeBlock
Parent Container NvMFeeRef
Description reference to FeeBlock
Multiplicity 1
Type Symbolic name reference to FeeBlockConfiguration
Post-Build Variant Value false
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time X VARIANT-LINK-TIME
Post-build time –
Scope / Dependency scope: local

No Included Containers

10.2.9 NvmDemEventParameterRefs

SWS Item [ECUC_NvM_00541]

Container Name NvmDemEventParameterRefs
Parent Container NvM
Description Container for the references to DemEventParameter elements which shall be invoked
using the API Dem_SetEventStatus in case the corresponding error occurs. The Event
Id is taken from the referenced DemEventParameter’s DemEventId symbolic value.
The standardized errors are provided in this container and can be extended by
vendor-specific error references.
Configuration Parameters

SWS Item [ECUC_NvM_00553]

Parameter Name NVM_E_HARDWARE
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the hardware error
has occured.
5

182 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00542]

Parameter Name NVM_E_INTEGRITY_FAILED
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the error "API
request integrity failed" has occurred.
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00546]

Parameter Name NVM_E_LOSS_OF_REDUNDANCY
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the error "loss of
redundancy" has occurred.
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

183 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

SWS Item [ECUC_NvM_00543]

Parameter Name NVM_E_REQ_FAILED
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the error "API
request failed" has occurred.
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00545]

Parameter Name NVM_E_VERIFY_FAILED
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the error "Write
Verification failed" has occurred.
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00548]

Parameter Name NVM_E_WRITE_PROTECTED
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the error "write
attempt to NVRAM block with write protection" has occurred.
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
5

184 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00544]

Parameter Name NVM_E_WRONG_BLOCK_ID
Parent Container NvmDemEventParameterRefs
Description Reference to the DemEventParameter which shall be issued when the error "Static
Block ID check failed" has occurred.
Multiplicity 0..1
Type Symbolic name reference to DemEventParameter
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

No Included Containers

10.2.10 NvMBlockCiphering

SWS Item [ECUC_NvM_00568]

Container Name NvMBlockCiphering
Parent Container NvM
Description Container for a chiphering of the Block.
Tags: atp.Status=draft
Post-Build Variant Multiplicity false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Configuration Parameters

SWS Item [ECUC_NvM_00569]

Parameter Name NvMNvBlockNVRAMDataLength
Parent Container NvMBlockCiphering
5

185 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Description This value specified the block length in case ciphered data is stored in NV RAM - in that
case the plain data length may not match the ciphered data length.
This value needs be filled out, if the ciphering, encryption and decryption, of the data is
enabled for this block. It will be used instead of the NvMNvBlockLength to access the
NV RAM.
Hint: This value can be equal or bigger than ’NvMNvBlockLength’ depending on the
characteristics of the referenced CSM Job inside ’NvMNameOfEncryptionJob’ (e.g.
CSM job adds padding information).
Tags: atp.Status=draft
Multiplicity 1
Type EcucIntegerParamDef
Range 1 .. 65535
Default value 16
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: local

SWS Item [ECUC_NvM_00571]

Parameter Name NvMCsmDecryptionJobReference
Parent Container NvMBlockCiphering
Description This parameter references a CSM decrypt job used to decrypt ciphered data after
reading it from NV RAM.
Tags: atp.Status=draft
Multiplicity 1
Type Symbolic name reference to CsmJob
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

SWS Item [ECUC_NvM_00570]

Parameter Name NvMCsmEncryptionJobReference
Parent Container NvMBlockCiphering
Description This parameter references a CSM encrypt job used to encrypt plain data before writing
it to the NV RAM.
Tags: atp.Status=draft
Multiplicity 1
Type Symbolic name reference to CsmJob
Post-Build Variant Multiplicity false
Post-Build Variant Value false
Multiplicity Configuration Class Pre-compile time X All Variants
5

186 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

4
Link time –
Post-build time –
Value Configuration Class Pre-compile time X All Variants
Link time –
Post-build time –
Scope / Dependency scope: ECU

No Included Containers

[SWS_NvM_00030] dBy use of configuration techniques, each application shall be en-

abled to declare the memory requirements at configuration time. This information shall
be useable to assign memory areas and to generate the appropriate interfaces. Wrong
memory assignments and conflicts in requirements (sufficient memory not available)
shall be detected at configuration time.c()
[SWS_NvM_00034] dThe NVRAM memory layout configuration shall have a unique ID.
The NvM module shall have a configuration identifier that is a unique property of the
memory layout configuration. The ID can be either statically assigned to the configura-
tion or it can be calculated from the configuration properties. This should be supported
by a configuration tool. The ID should be changed if the block configuration changes,
i.e. if a block is added or removed, or if its size or type is changed. The ID shall be
stored together with the data and shall be used in addition to the data checksum to
determine the consistency of the NVRAM contents.c(SRS_Mem_00135)
[SWS_NvM_00073] dThe comparison between the stored configuration ID and the
compiled configuration ID shall be done as the first step within the function NvM_Read
All during startup.c()
[SWS_NvM_00688] dIn case of a detected configuration ID mismatch, the behavior of
the NvM module shall be defined by a configurable option.c()
[SWS_NvM_00052] dProvide information about used memory resources. The NvM
module configuration shall provide information on how many resources of RAM, ROM
and NVRAM are used. The configuration tool shall be responsible to provide detailed
information about all reserved resources. The format of this information shall be com-
monly used (e.g. MAP file format).c()

10.3 Published Information

For details refer to the chapter 10.3 “Published Information” in SWS_BSWGeneral.
[ref. to doc. [2]]

187 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager

 Specification of NVRAM Manager
AUTOSAR CP R22-11

A Not applicable requirements

[SWS_NvM_NA_00744] dThese requirements are not applicable to this specifica-
tion.c(SRS_BSW_00344, SRS_BSW_00404, SRS_BSW_00405, SRS_BSW_00170,
SRS_BSW_00398, SRS_BSW_00399, SRS_BSW_00400, SRS_BSW_00416, SRS_-
BSW_00168, SRS_BSW_00423, SRS_BSW_00426, SRS_BSW_00427, SRS_-
BSW_00432, SRS_BSW_00375, SRS_BSW_00422, SRS_BSW_00417, SRS_-
BSW_00336, SRS_BSW_00161, SRS_BSW_00162, SRS_BSW_00005, SRS_-
BSW_00415, SRS_BSW_00164, SRS_BSW_00325, SRS_BSW_00342, SRS_-
BSW_00343, SRS_BSW_00160, SRS_BSW_00007, SRS_BSW_00347, SRS_-
BSW_00307, SRS_BSW_00335, SRS_BSW_00314, SRS_BSW_00348, SRS_-
BSW_00353, SRS_BSW_00302, SRS_BSW_00328, SRS_BSW_00312, SRS_-
BSW_00006, SRS_BSW_00304, SRS_BSW_00378, SRS_BSW_00306, SRS_-
BSW_00308, SRS_BSW_00309, SRS_BSW_00330, SRS_BSW_00009, SRS_-
BSW_00010, SRS_BSW_00321, SRS_BSW_00341, SRS_BSW_00334)

188 of 188 Document ID 033: AUTOSAR_SWS_NVRAMManager