Secure Boot Implementation for Hard Real-Time Powertrain System 2017-01-1656

Vehicle Security means protecting potential threats, unintended malfunction and illegal tuning. In addition, it has become a more important issue on an automotive system as it is directly connected to the driver and pedestrian's life. Automotive industry significantly needs to enhance security policies to prevent attacks from hackers. Nevertheless, in some systems, performance still has to be considered at first when security functions are implemented. Especially, in case of Engine Management System (EMS), fast engine synchronization for starting should be considered as the first priority.

This paper is intended to show an approach to design efficient secure boot implementation for EMS.

At the beginning of this paper, the concept of secure boot is explained and several use cases are introduced according to execution modes, such as the foreground and background secure boot modes. As a next step, engine starting process by EMS is explained. The Fuel injection and ignition process after engine synchronization are then explained. Some severe issues happened in engine restart by EMS reset during engine running are discussed in detail. In any case, Engine should be stable. Even in restart case. This paper is suggesting efficient secure boot implementation strategies which focus on stable engine restart and re-synchronization. These strategies include task allocation in operation system, task split based on multiple cores, and memory allocation.

This paper is a part of Hyundai Autron’s EMS project. The Infineon 32-bit, TriCore™ MCU, Aurix™ with embedded hardware security module (HSM) is used for timing measurement, with the concept of security refers to SHE+, Infineon security software package.