A microcomputer system of other systems may be in the form of a motor vehicle control unit. The control unit is used to control and/or regulate functions or units of the motor vehicle, for example an internal combustion engine, an antilock brake system (ABS), an electronic steering system (steer-by-wire), an electronic braking system (brake-by-wire) or an automatic air conditioning system. The control unit includes a memory system in the form of a rewritable memory, in particular a flash memory. Data is stored in the flash memory in the form of a control program or in the form of parameters and limit values.
A defect in the controlled or regulated unit of the motor vehicle may occur due to a manipulation of the control program. Therefore, manipulation of the control program or the data is to be prevented as much as possible, but the manipulation is at least to be detectable afterwards, so that the cause of a defect of a controlled or regulated unit may be ascertained so that warranty claims may be assigned properly.
In spite of the risk of manipulation of the control program or the data by unauthorized persons, it is not advisable to forbid access to the memory system of the control unit completely. In order for example to perform reprogramming of the control unit, an authorized user group must be able to access the memory system. Specifically, it may be necessary from time to time to store a new version of a control program or new parameters or limit values in the control unit in order for example to remove errors in the software or to take new legal requirements into account.
The control unit of other prior systems include a checking arrangement to check at least a part of the data stored in the flash memory for manipulation. Different methods may be used from other systems for checking data stored in a memory system for manipulation, all of which may be employed in link with the exemplary embodiment and/or exemplary method of the present invention. In German Published Patent Application No. 197 23 332 is discussed a code word that may be formed, for example a checksum, for at least part of the memory system, and this code word may be compared with a reference code word which is stored in the flash memory. If the code word is not the same as the reference code word, it is inferred that the data has been manipulated.
The control unit of other systems may also include an activatable and deactivatable blocking arrangement to prevent the execution of the control program or the use of the parameters or limit values, if a manipulation of the data is recognized in the course of the check. The processing of the data is only prevented if the blocking arrangement is activated. To activate or deactivate the blocking arrangement, in the case of the control unit of other prior systems the content of a read-only memory of the control unit is checked. The read-only memory is in the form of an EEPROM (Electronically Erasable Programmable Read Only Memory), for example. The control unit includes first actuating arrangement, which activate or deactivate the blocking arrangement as a function of the content of the read-only memory. When the blocking arrangement is activated, in the event of a manipulation of the data, the processing of the data may be blocked either immediately or at a later point in time, for example at the next running cycle.
By default, the control units of the other systems may be delivered as so-called series devices, including an activated blocking arrangement, so that processing of the control program is blocked if a manipulation of the control program stored in the flash memory or of the parameters or limit values stored there is ascertained. However in certain situations, in particular during the development and testing phase of a control unit or control program, it is necessary to deactivate blocking of the processing of the data, so that various bits of data may be stored in the memory system rapidly and easily. A control unit including deactivated blocking arrangement is referred to as an application device.
According to other systems, in series devices at least one default value is stored in a predefinable memory area of the read-only memory. In application devices at least one of the default values is overwritten by a predefinable test pattern. The programming of this memory area occurs following production, before delivery of the control unit. The first actuating arrangement for checking the content of this memory area are implemented in the data, i.e. in the control program which is stored in the flash memory of the control unit. While the control program is executing, the content of the read-only memory is checked. If only default values are stored in the predefinable memory area of the read-only memory, the control unit is a series device and the blocking arrangement is activated. Thus if the checking arrangement recognizes a manipulation of the data stored in the flash memory, processing of the data is prevented. If at least one predefinable test pattern is stored in the predefinable memory area of the read-only memory, the control unit is an application device and the blocking arrangement are deactivated. Thus processing of the data is not prevented even if the checking resources recognize a manipulation of the control program, the parameters or limit values.
The content of the predefinable memory area of the read-only memory is also referred to as a hardware identifier, since the content of this memory area may not simply be changed. The default values and test patterns stored in the predefinable memory area of the read-only memory must be matched to the hardware environment and to the data stored in the flash memory. In the control unit referred to in other prior systems, the danger nevertheless exists that unauthorized third parties may circumvent a blockage of the processing of manipulated data by manipulating the predefinable memory area of the read-only memory so that a series device is thereby identified as an application device.