EFFICIENT AND SECURE METHOD AND APPARATUS FOR FIRMWARE UPDATE
First Claim
Patent Images
1. A vehicle, comprising:
- an untrusted electronic control unit (ECU) comprising a receiver, a processor, and a memory, the receiver configured for receiving from a secure server a firmware update package including one or more firmware updates, and the memory of the untrusted ECU configured to store the firmware update package;
a secure ECU operatively coupled to the untrusted ECU, the secure ECU configured for authenticating the firmware update package; and
one or more target ECUs, each operatively coupled to the untrusted ECU and to the secure ECU, each respective target ECU comprising a bootloader configured for computing a checksum for a respective firmware update of the one or more firmware updates and signing the checksum with a unique key associated with the respective target ECU.
8 Assignments
0 Petitions
Accused Products
Abstract
This relates to a vehicle and, more particularly to, a vehicle configured to perform a secure firmware update. Some examples of the disclosure include receiving a firmware update package including updated firmware for one or more electronic control units (ECUs) of a vehicle. According to the disclosure, the firmware update package can be transmitted to and stored on an untrusted ECU and distributed to one or more target ECUs in a secure firmware update process monitored by a secure ECU.
-
Citations
17 Claims
-
1. A vehicle, comprising:
-
an untrusted electronic control unit (ECU) comprising a receiver, a processor, and a memory, the receiver configured for receiving from a secure server a firmware update package including one or more firmware updates, and the memory of the untrusted ECU configured to store the firmware update package; a secure ECU operatively coupled to the untrusted ECU, the secure ECU configured for authenticating the firmware update package; and one or more target ECUs, each operatively coupled to the untrusted ECU and to the secure ECU, each respective target ECU comprising a bootloader configured for computing a checksum for a respective firmware update of the one or more firmware updates and signing the checksum with a unique key associated with the respective target ECU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for updating firmware at a vehicle, the method comprising:
-
receiving, from a secure server, a firmware update package including one or more firmware updates; storing the firmware update package at a memory of an untrusted electronic control unit (ECU); authenticating, with a secure ECU, the firmware update package; in accordance with a determination that the firmware update package is authentic; transmitting one or more firmware updates included in the firmware update package to one or more respective target ECUs; computing, with a bootloader included in a target ECU of the one or more respective target ECUs, a checksum for a respective firmware update; and signing, with the bootloader, the checksum using a unique key associated with the target ECU. - View Dependent Claims (10, 11, 12, 13, 14, 16)
-
-
15. The method of claim 15, further comprising, at the secure ECU:
in accordance with a determination that the signature is not valid or the result is incorrect, transmitting one or more erase commands to the one or more target ECUs to erase a respective firmware update corresponding to the signed checksum.
-
17. A non-transitory computer-readable medium including instructions, which when executed by one or more processors, cause the one or more processors to perform a method for updating firmware at a vehicle, the method comprising:
-
receiving, from a secure server, a firmware update package including one or more firmware updates; storing the firmware update package at a memory of an untrusted electronic control unit (ECU); authenticating, with a secure ECU, the firmware update package; in accordance with a determination that the firmware update package is authentic; transmitting one or more firmware updates included in the firmware update package to one or more respective target ECUs; computing, with a bootloader included in a target ECU of the one or more respective target ECUs, a checksum for a respective firmware update; and signing, with the bootloader, the checksum using a unique key associated with the target ECU.
-
Specification