Method to replace bootloader public key

US 9,021,246 B2
Filed: 07/24/2012
Issued: 04/28/2015
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for replacing a public key in a bootloader stored in a controller, said method comprising:

defining a bootloader memory segment in a memory in the controller that the bootloader will be stored in;

defining a key table in the bootloader memory segment that includes a plurality of available memory slots for storing public keys;

storing an original public key in a first memory slot in the key table and leaving the rest of the memory slots in the key table empty, wherein storing the original public key in a first memory slot includes setting a validity flag to valid in the first memory slot, and setting all of the other memory slots in the key table to invalid;

receiving a public key update request; and

storing a replacement public key in a next memory slot below a last stored public key in the key table, wherein the replacement public key is used without rewriting the bootloader, and wherein the previously stored original public key is not modified or erased.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for writing a new or replacement public key to a bootloader stored in a memory segment in the memory of a vehicle ECU without having to rewrite the entire bootloader. The method includes defining a key table in the bootloader memory segment includes a number of vacant memory slots that are available to store replacement public keys if they are needed. The key table is a separate section of the bootloader memory segment so that the key table memory slots are not used by the bootloader code.

22 Citations

View as Search Results

18 Claims

1. A method for replacing a public key in a bootloader stored in a controller, said method comprising:
- defining a bootloader memory segment in a memory in the controller that the bootloader will be stored in;
  
  defining a key table in the bootloader memory segment that includes a plurality of available memory slots for storing public keys;
  
  storing an original public key in a first memory slot in the key table and leaving the rest of the memory slots in the key table empty, wherein storing the original public key in a first memory slot includes setting a validity flag to valid in the first memory slot, and setting all of the other memory slots in the key table to invalid;
  
  receiving a public key update request; and
  
  storing a replacement public key in a next memory slot below a last stored public key in the key table, wherein the replacement public key is used without rewriting the bootloader, and wherein the previously stored original public key is not modified or erased.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1 further comprising determining whether a request to store a replacement key is valid before storing the replacement key.
  - 3. The method according to claim 1 wherein storing the replacement public key in a next memory slot includes setting the validity flag for the next memory slot to valid if it is determined that the replacement public key has been written completely.
  - 4. The method according to claim 1 wherein storing a replacement public key includes determining whether the replacement public key is the same as a public key stored in the last memory slot in the key table that includes a public key and determining whether the validity flag for that memory slot is set to valid.
  - 5. The method according to claim 4 further comprising setting the validity flag to valid if the replacement public key is the same as the public key already in the last memory slot and if the valid flag had been set to invalid.
  - 6. The method according to claim 1 further comprising erasing the entire key table if all of the memory slots in the key table are full and it is necessary to replace the public key.
  - 7. The method according to claim 1 wherein the public key is used in an asymmetric key cryptography process for securely flashing programs into the controller that includes a process for hashing a content file to be stored in the controller and verifying a digital signature of the hash of the content file using the public key.
  - 8. The method according to claim 1 wherein the controller is an electronic control unit (ECU) on a vehicle.

9. A method for replacing a public key in a bootloader stored in a memory of an electronic control unit (ECU) on a vehicle, said method comprising:
- defining a bootloader memory segment in a memory in the ECU that the bootloader will be stored in;
  
  defining a key table in the bootloader memory segment that includes a plurality of available memory slots for storing public keys;
  
  storing an original public key in a first memory slot in the key table and leaving the rest of the memory slots in the key table empty;
  
  setting a validity flag associated with the first memory slot in the key table to valid and setting all other validity flags associated with the empty slots to invalid;
  
  storing a replacement public key in a next memory slot below the last stored public key in the key table;
  
  receiving a public key update request; and
  
  setting the validity flag for the next memory slot to valid once the replacement public key is stored, wherein the replacement key is used without rewriting the bootloader, and wherein the previously stored original public key is not modified or erased.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method according to claim 9 wherein storing a replacement public key includes determining whether the replacement public key is the same as a public key stored in the last memory slot in the key table that includes a public key and determining whether the validity flag for that memory slot is set to valid.
  - 11. The method according to claim 9 further comprising setting the validity flag to valid if the replacement public key is the same as the public key already in the last memory slot and if the validity flag had been set to invalid.
  - 12. The method according to claim 9 further comprising erasing the entire key table if all of the memory slots in the key table are full and it is necessary to replace the public key.
  - 13. The method according to claim 9 wherein the public key is used in an asymmetric key cryptography process for securely flashing programs into the controller that includes a process for hashing a content file to be stored in the controller and verifying a digital signature of the hash of the content file using the public key.

14. A system for replacing a public key in a bootloader stored in a controller, said system comprising:
- means for defining a bootloader memory segment in a memory in the controller that the bootloader will be stored in;
  
  means for defining a key table in the bootloader memory segment that includes a plurality of available memory slots for storing public keys;
  
  means for storing an original public key in a first memory slot in the key table and leaving the rest of the memory slots in the key table empty;
  
  means for receiving a public key update request; and
  
  means for storing an replacement public key in a next memory slot below a last stored public key in the key table, wherein the replacement public key is used without rewriting the bootloader, and wherein the previously stored original public key is not modified or erased, and wherein a validity flag for the next memory slot is set to valid.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system according to claim 14 wherein the means for storing the original public key in a first memory slot sets a validity flag to valid in the first memory slot, and sets all of the other memory slots in the key table to invalid.
  - 16. The system according to claim 14 wherein the means for storing a replacement public key determines whether the replacement public key is the same as a public key stored in the last memory slot in the key table that includes a public key and determines whether the validity flag for that memory slot is set to valid.
  - 17. The system according to claim 16 further comprising setting the validity flag to valid if the replacement public key is the same as the public key already in the last memory slot and if the validity flag had been set to invalid.
  - 18. The system according to claim 14 wherein the public key is used in an asymmetric key cryptography process for securely flashing programs into the controller that includes a process for hashing a content file to be stored in the controller and verifies a digital signature of the hash of the content file using the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Baltes, Kevin M., Forest, Thomas M., Costin, Mark H., Alrabady, Ansaf I.
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US13/557,046
Publication Number

US 20130111203A1
Time in Patent Office

1,008 Days
Field of Search

713/2, 713/100, 713/165, 713/189, 713/193, 713/1, 713/176, 380/273, 380/277, 380/285, 380/281
US Class Current

713/100
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 2209/84   Vehicles

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

Method to replace bootloader public key

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method to replace bootloader public key

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links