1. Field of the Invention
The invention relates to a method for operating an IT system having at least one first processing unit and one second processing unit which are connected to one another. The invention also relates to the IT system.
2. Related Art
A multiplicity or software programs are designed in such a manner that, in order to execute the software program, a respective program part of the software program must be executed by different computer units. This may be due to the fact that performance of a computing unit is not sufficient and/or special security functions are carried out by a computing unit which is specifically designed for this purpose, for example. The need for frequent software updates and the desire to provide sufficient protection for the software of the computer units also create a need for computer systems which allow secure and reliable software upgrading. The requirements imposed on protection against tampering with the software and on reliable software upgrading are particularly high, in particular, in control devices for a motor vehicle, for example in a digital tachograph.
WO 2011/051128 A1 discloses a method for operating a tachograph with an application controller and a security controller. The application controller is assigned a memory and the security controller is assigned a further memory. The security controller is provided with an encrypted program code with at least one assigned signature. The encrypted program code is decrypted using the security controller and is verified using the at least one signature. It is detected whether the decrypted program code is intended for the application controller and/or for the security controller. On the basis of the detection, the program in the memory and/or the further program in the further memory is/are at least partially replaced with the decrypted program code and, on the basis of a result of the verification, the at least partially replaced program and/or the at least partially replaced further program is/are released for execution.
WO 02/41147 A1 discloses a system for updating a multiplicity of distributed electronic devices with an updated operation code, the updated operation code comprising a first set of digital information sequences. Each of the electronic devices comprises a resident operation code with a second set of digital information sequences which are stored inside the electronic devices. The system comprises:                an update generator which compares an image of the first set of digital information sequences comprising the updated operation code with an image of the second set of digital data sequences comprising the resident operation code and identifies differences between the updated operation code and the resident operation code and then generates an update packet with an instruction set which defines how the updated operation code is generated using at least one part of the second set of digital data sequences of the resident operation code,        a distribution system which distributes the update packet to the electronic devices in such a manner that the update packet is received fey the electronic devices and is stored therein, and        a set of client modules which are each installed on each of the electronic devices and access the distribution system and receive the update packet, the instruction set of the update packet being executed by the client module in such a manner that the updated operation cede is generated using at least one part of the second set of digital data sequences of the resident operation code.        