Firmware Security Module: A Framework for Trusted Computing in Automotive Multiprocessors

New services such as autonomous driving, the connectivity of the traffic infrastructure and the tight coupling of user operated smart devices with the vehicle have significantly increased the demand for cryptographic protection in the automobile. To provide a secure environment for the calculation and verification of cryptographic material, automotive microcontrollers now frequently integrate Hardware Security Modules (HSM), special well-protected co-processors, which are protected against manipulation and external access. HSMs use special hardware accelerators to provide the required cryptographic services. While these accelerators provide good performance, they limit flexibility and updatability. In addition, as more services require cryptographic protection, the amount of key material that needs to be managed by the HSM also increases, turning the limited protected memory of the HSM into a bottleneck. This paper presents a framework that uses the safety mechanisms of a microcontroller to achieve both HSM-equivalent security through software solutions, while providing an equivalent level of functionality. Furthermore, the proposed framework provides crypto-agility, as the security stack can be updated if desired. In order to verify the functionality, the presented framework is implemented and evaluated on an Infineon AURIX TC399 and compared with the integrated HSM.