Method and apparatus for secure firmware download using diagnostic link connector (DLC) and OnStar system

摘要

A method for authenticating a piece of firmware to be downloaded to a controller. The method includes signing the firmware or a first part of the firmware with a first private key at a first trusted source and signing the firmware or a second part of the firmware with a second private key at a second trusted source. The method also includes validating the signed firmware or the first part of the firmware using a first public key at the controller and validating the firmware or the second part of the firmware using a second public key at the controller. The method further includes authenticating the firmware if the firmware or the first part of the firmware is validated by the first public key at the controller and the firmware or the second part of the firmware is validated by the second public key at the controller.

主权项

1. A method for authenticating a piece of firmware that is to be downloaded to a vehicle ECU, said method comprising:
separating the firmware into a first firmware part and a second firmware part; hashing the first firmware part using a hash function at a first trusted source; encrypting the hash of the first firmware part with a first source private key to create a signature at the first trusted source; hashing the second firmware part using a hash function at the first trusted source; sending the hashed second firmware part to a second trusted source; encrypting the hash of the second firmware part with a second source private key to create a signature at the second trusted source; sending the firmware and the signature of the first firmware part from the first trusted source to a downloading tool; requesting the firmware and the signature of the first firmware part from the downloading tool; requesting the signature of the second firmware part from the second trusted source; sending the signature of the second firmware part to the vehicle from the second trusted source; validating the signature of the first firmware part in the vehicle using a first source public key; validating the signature of the second firmware part in the vehicle using a second source public key; and authenticating the firmware in the ECU if both the first and second firmware parts are valid.