Conventional methods exist to protect data stored in a memory arrangement of a microcomputer system, in particular to protect a program stored there against manipulation. Such methods are used, for example, to prevent an unauthorized manipulation of a control program stored in a control unit of a motor vehicle or of data stored there. The control program controls or regulates specific functions in the motor vehicle, for example, an internal combustion engine, an electronic stability program, an antilock braking system (ABS) or an electronic steering system (steer-by-wire). A manipulation of the control program may result in a defect of the controlled or regulated unit of the motor vehicle. For that reason, manipulation of the control program or of the data should be prevented if possible; at the least however, it should be possible to recognize the manipulation in retrospect so that the cause of a defect of a controlled or regulated unit may be determined or warranty claims may be correctly assigned with it.
Despite the danger of a manipulation of the control program or of the data by unauthorized persons, it may not make sense to completely prohibit access to the memory arrangement of the control unit. In order, for example, to be able to reprogram the control unit, authorized users may need to gain access to the memory arrangement. It may be necessary, for example, to store a new version of a control program or new parameters or limit values in the control unit from time to time in order, for example, to eliminate errors in the software or to take new legal requirements into account.
In automotive control units, a distinction may be made between series units and application units. Control units are normally delivered as series units after production. In series units, mechanisms are activated to check a manipulation of the data stored in the memory arrangement of the control unit. These mechanisms may recognize the manipulated data so that the data may be blocked. The mechanisms may be of a diverse configuration. Various conventional check mechanisms may exist. In certain situations, in particular during the development and testing phase of the control units, it may be necessary to deactivate the check mechanisms so that various data may be stored rapidly and easily in the memory arrangement. A control unit with deactivated check mechanisms is identified as an application unit.
To ensure complete test coverage of the data stored in the memory arrangement, the same data, in particular the same control program must be stored in the memory arrangement of the control unit in the series case and in the application case. For this reason, a control unit may be required to be switched from a series case to an application case without having to load other data into the memory arrangement. A switch from the application case back into the series case is not desirable and may even be impossible in order to prevent control units with control programs that have not been tested and approved by the manufacturer of the control units from being in circulation.
Conventional application units are characterized by an entry in a secret non-volatile memory area of the memory arrangement of the control unit. The secret memory area is located outside of the memory area of the memory arrangement to be programmed during a reprogramming of the control unit. Depending on whether the unit is a series unit or an application unit, the secret memory area is programmed with an appropriate entry immediately after the memory arrangement is programmed initially or is triggered by an appropriate method when the control unit is started up.
When the control unit is started up subsequently, then only the entry in the secret memory area is checked and a switch is made between a series case and an application case as a function of the entry, i.e., the check mechanisms are activated or deactivated. If no entry is present in the secret memory area, a series case is assumed and the check mechanisms are activated. Thus in conventional control units, it is possible to switch from a series case into an application case by writing an appropriate entry to the secret memory area.
It is, however, possible without great difficulty in the conventional control units to record the action of switching from a series case into an application case by writing to the secret memory area. Of particular interest is the entry which is stored in the secret memory area of an application unit. In the conventional methods for activating or deactivating data stored in a memory arrangement of a microcomputer system, the entry may be read from an application unit and used to switch additional control units into the application case with deactivated check mechanisms. Manipulated data may be stored in such manipulated application units and the manipulated data may then by executed or used.-It may not be possible to reliably protect the manipulated data against use.