About the Customer:
Our customer is a software and technology company that builds the digital foundation for next-generation, software-defined vehicles, focusing on automotive operating systems, infotainment systems, ADAS, connectivity, and in-car user experience. Their platforms power next-generation connected vehicles, enabling secure over-the-air updates, and seamless digital services, and enhanced user experiences. To protect software integrity in cars already on the road, a robust solution was required for securely decrypting update containers within the infotainment ECU.
Business Challenges:
The client required a secure mechanism to decrypt encrypted update containers delivered to infotainment ECUs in the field. This was essential to ensure that update files could not be accessed or analysed by unauthorized parties and that only verified, authorized updates could be applied while keeping all sensitive key material protected within secure boundaries.
The decryption process itself was multi-layered, involving both asymmetric and symmetric cryptography, and demanded strict key confidentiality within the Trusted Zone.
Developing the solution presented several hurdles. Unit testing was difficult because Trusted Applications could not be executed directly outside the TEE. Debugging and logging were severely limited, slowing early development.
Additionally, creating an efficient test environment was critical, as real hardware was costly, scarce, and unsuitable for repeated trials.
Embitel’s Solution:
Drawing on its deep expertise in Trusted Application (TA) development, Embitel’s Germany team designed and implemented a secure TA that enabled controlled decryption of update containers within the Trusted Execution Environment (TEE).
- The TA was responsible for the management of cryptographic operations in a way that private keys never left the Trusted Zone. It securely decrypted the symmetric AES keys using pre-stored RSA keys and provided those to the update manager, which completed the decryption of the update payload for installation.
- To enable writing unit tests for the Trusted Application (TA) and executing them as a regular Linux application, we built a custom implementation of the TEE API that replicated the TEE environment outside the hardware.
- The testing process was further strengthened through continuous integration, where automated regression suites were executed within minutes of every code change.
Only after the virtualized and automated testing stages established confidence in stability did the team proceed with limited testing on real infotainment ECUs.
Embitel Impact:
The meticulous balance between virtualized environments and hardware validation helped the client enable secure, production-ready decryption of update containers while preserving scarce hardware resources through virtualized testing.
Additionally, the introduction of a custom CI pipeline and automated testing accelerated development, with hundreds of regression tests executed within minutes and over 98% functionality validated automatically. This minimized reliance on costly hardware, saved engineering effort, and improved overall efficiency
Overall, the solution delivered long-term value by being adaptable across multiple ECUs. Since secure update delivery is a common requirement across infotainment and other control units, the Trusted Application was designed with reusability in mind, allowing similar implementations.
Tools and Technologies:
- Vendor-defined Trusted Execution Environment on production hardware
- OP-TEE with QEMU for virtualized testing
- C for Trusted Application development
- Customer SDK and GlobalPlatform APIs for integration and standardization
- RSA and AES cryptographic algorithms for multi-step decryption
- Custom CI/CD pipeline for automated regression testing and validation
