There are believed to be methods for protecting data stored in a storage assembly of a microcomputer system in other systems, in particular for protecting a control program stored there against manipulation. Such a method is referred to in, for example, German Published Patent Application No. 197 23 332. Such methods are, for example, used to prevent unauthorized manipulation of a control program stored in a control device of a motor vehicle or data stored from this program. The control program controls or regulates specific functions in the motor vehicle, for example an internal combustion engine, a driving dynamics regulator, a stop control system (SCS) or an electronic steering system (steer-by-wire). A defect in the controlled or regulated unit of the motor vehicle may occur due to a manipulation of the control program. Therefore, manipulation of the control program or the data is to be prevented, but the manipulation is at least to be detectable afterwards, so that the cause of a defect of a controlled or regulated unit may be established or so that warranty claims may be assigned properly.
In spite of the risks of manipulation of the control program or the data by unauthorized persons, it may not be advisable to forbid access to the storage assembly of the control device completely. In order to, for example, perform reprogramming of the control device, an authorized user group is able to access the storage assembly. Specifically, it may be necessary from time to time to store a new version of a control program or new parameters or limiting values in the control device in order to, for example, remove errors in the software or to take new legal requirements into account.
In automotive control devices, a distinction may be made between serial equipment and application equipment. Control devices may be shipped as serial equipment after manufacturing. In serial equipment, checking mechanisms for checking for manipulation of data stored in a storage assembly of the control device are activated. Manipulated data may be detected by these mechanisms and such data may be blocked. The mechanisms may be entirely different. Various checking mechanisms are referred to in other prior systems.
In certain situations, in particular during the development and testing phase of control devices, it may be necessary to deactivate the checking mechanisms so that various data may be stored in the storage assembly rapidly and easily. A control device including deactivated checking mechanisms may be referred to as an application device.
To be able to ensure complete test coverage of data stored in the storage assembly, the same data, in particular the same control program, is stored in the storage assembly of the control device in both the series case and the application case. Therefore, a control device may be switched from a series case to an application case without having to load other data into the storage assembly. Switching from the application case back to the series case may not be desirable and may even be impossible in order to prevent control devices, whose control program has not been tested and approved by the manufacturer of the control device, from being in circulation.
According to other systems, the checking mechanisms for checking the storage assembly may be activated in powering up the control device. If manipulation of data stored in the storage assembly is detected, this data is blocked. To achieve complete test coverage of the data, the checking mechanisms check the entire storage area of the storage assembly, which may under some circumstances take a certain amount of time. However, the amount of time available for powering up the control device, including checking the storage assembly, is not unlimited. Finally, after turning an ignition key or pressing a starter button (beginning of powering up the control device), the engine of the vehicle should start as soon as possible (end of powering up the control device). This means that as the size of the storage assemblies used in control devices increases, it becomes progressively more difficult, if not impossible, to check the entire storage area within an acceptable period of time.