Auto makers have long struggled with the recall issue. A significant portion of recalls are associated now with software updates to our rolling computers, aka cars. These increasingly complex systems of course require the same patches and updates any computing system needs. But in the case of cars, how do auto makers and dealers ensure that such software updates are secure – without requiring an owner to schedule a service appointment, then drive to the dealer and wait or leave their vehicle for a day or two?
Over-the-air (OTA) updates seems like a great solution, until one considers security. Such updates could easily be intercepted and corrupted, or they can be maliciously attacked. The Trusted Platform Module offers one security approach.
In a new blog post from TCG member American Megatrends, a recent example of an OTA and how the TPM works:
“…The physical hardware should incorporate a Trusted Platform Module or TPM. A TPM is a tiny chip that is used as a hardware Root of Trust. The TPM basically starts the chain of trusted things. The TPM performs this task using a method that can detect if something is or is not the way it’s supposed to be. For example, if performing a cold boot (starts when no power is connected), the TPM checks the boot firmware by measuring it. If the measurement is off, it does not allow it to start or execute. If correct, it allows the boot firmware to execute, until the the next measured item.
In my vehicle, a TPM is used to secure external communication, which is integrated into the infotainment system. It can be used to ensure a secure connection from my car to the correct servers and verify system integrity before an update is allowed to proceed.”
Read more about this example and how it worked here, https://ami.com/en/tech-blog/automobiles-using-hardware-root-of-trust-to-securely-provide-software-updates-over-the-air/.
More on the TPM can be found here: https://trustedcomputinggroup.org/work-groups/trusted-platform-module/
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.