OUR story

01

Task

Our client was involved in thedevelopment of modern infotainment platforms that supported secure over-the-airupdates and digital services. The task was to design a Trusted Applicationcapable of handling the decryption of encrypted update containers in the ECU, ensuring that cryptographic operations and sensitive key material remainedfully confined within the Trusted Zone.

The solution needed to combine asymmetric and symmetric cryptography, integrate seamlessly with the customer’s update manager, and provide a scalable framework that could be reused across multiple ECU platforms—all while complying with strict automotive cybersecurity standards.

02

Challenge

The decryption process was multi-layered and demanded absolute confidentiality of key material, which introduced unique challenges. Trusted Applications could not be executed directly outside the TEE, making debugging and logging extremely limited. This slow edearly-stage development and created significant barriers to rapid iteration.

At the same time, access to production hardware was limited, expensive, and unsuitable for repeated trials. Without a virtualized test setup, the team risked wasting critical hardware resources and extending development timelines. The challenge was to create a secure, efficient, and testable development environment without compromising on production-grade reliability.

03

Solution

Leveraging our expertise in Trusted Application development (TA), our team in Germany designed a TA that securely managed the decryption process inside the Trusted Execution Environment (TEE). The TA was responsible for managing cryptographic operations so that private keys never left the Trusted Zone. It decrypted symmetric AES keys using pre-stored RSA keys and provided them securely to the update manager, whichthen completed installation of the update payload.

To overcome the limitations of TEE testing, the team developed a custom TEE API implementation that allowed TA code to run as a standard Linux application. This enabled efficient unit testing and debugging outside the TEE. Additionally, a custom CI/CD pipeline with automated regression suites was integrated, allowing hundreds of tests tobe executed within minutes of every code change. Only after extensive virtualized testing had established confidence in stability did the team proceed to limited validation on real infotainment ECUs.

04

Successes

The meticulous balance between virtualized environments and hardware validation enabled secure, production-ready decryption of update containers while preserving scarce hardware resources. Automated regression testing executed hundreds of tests within minutes, validating over 98% offunctionality automatically and accelerating development

The Trusted Application also deliveredlong-term value by being adaptable across multiple ECUs, addressing secure update delivery needs beyond infotainment. Designed with reusability and compliance in mind, the solution provided lasting benefits in line with ISO/SAE21434 and UNECE WP.29 mandates.