A machine (e.g., a fixed or mobile commercial machine, such as a construction machine, fixed engine system, marine-based machine, etc.) may include an electronic control unit (ECU). An ECU may control one or more subsystems of a machine. For example, one type of ECU is an engine control module (ECM), which may control operations of a machine's engine. For example, an ECM may control the quantity of fuel that is injected into each cylinder per engine cycle, ignition timing, variable valve timing, and operations of other engine components. Accordingly, the ECM controls or dictates the parameters by which the engine may operate. Similarly, other ECUs may control other subsystems of a machine, such as ECUs for controlling operation of a machine's transmission or anti-locking brake system. These ECU controls are implemented through software instructions.
The software instructions for an ECU may be updated throughout the operating life of a machine. Updates to ECU software instructions may be made for a variety of reasons. For example, an update may provide new functionality and/or modifications to a machine's ECU software in order to adapt it to different environmental conditions or performance expectations. However, when a machine's ECU is loaded with updated ECU code, machines typically do not provide security measures to determine whether the ECU code is authentic (e.g., that the ECU code is authorized by the manufacturer of the machine).
As a result of the foregoing, updating ECU code poses several possible uncertainties. For example, the source of the code is typically indeterminable and, accordingly, the machine cannot determine whether the updated ECU code is authorized. For example, the code may originate from an unauthorized party. As another example, an unauthorized party may have modified legitimate ECU code to include unauthorized modifications. In particular, the machine may not provide functionality for determining whether the updated ECU code contains any malware (e.g., a virus, worm, trojan horse, etc.) that may cause the ECU code to operate in an unpredictable or compromised manner.
Unauthorized and/or unauthorized modification to ECU code presents several problems and challenges. ECU code that originates from an unauthorized party or that has been modified by an unauthorized party might cause overuse of a machine component, such as the engine and, accordingly, early engine failure much sooner than expected if the machine operated within expected parameters. For example, a machine's engine may not last as long as expected and, as a result, a warranty may expire earlier than anticipated. Furthermore, machine warranties may be inadvertently voided by machine owners that load unauthorized ECU code or ECU code including unauthorized modifications. As another example, an engine may unexpectedly lose power or automated control systems may malfunction due to unauthorized and/or modified ECU code.
U.S. Pat. No. 7,013,458 B2 (the '458 patent) to Bloch et al. discloses a method and apparatus for associating metadata attributes with program elements. According to the '458 patent, source code contains syntactic elements that specify metadata attributes for program elements and the system incorporates the metadata attributes into object code for a program. However, the '458 patent does not disclose a method or system for securing ECU code. Furthermore, the '458 patent does not disclose a method or system for verifying, when ECU code is installed, whether the ECU code is authentic.
Disclosed embodiments are directed to overcoming one or more of the problems set forth above.