Success Stories

Automotive software company

Trusted Application for Secure OTP Memory Access

Cybersecurity
For a leading automotive software company developing modern driving technologies, Diconium designed and implemented a Trusted Application that enabled controlled access to One-Time Programmable (OTP). The solution provided secure storage for ECU identifiers and ensured anti-rollback protection, critical for safeguarding the platform against unauthorized software downgrades and vulnerabilities.

OUR story

01

Task

The client’s infotainment system integrated a central SoC with OTP memory, available only from the Trusted Zone. The primary task was to create a secure and reliable mechanism to leverage this OTP memory for two essential purposes:

1. Storing the unique ECU identifier (FAZIT ID) and

2. Enabling anti-rollback protection.

The solution had to address the hardware limitations of OTP memory. It was essential to guarantee safe read and write operations. At the same time, the integrity of version management had to be preserved. All of this needed to be achieved without risking irreversible damage to the ECU. Additionally, it demanded adaptability for integration into the customer’s infotainment SDK while aligning with strict automotive cybersecurity mandates.

02

Challenge

 

Delivering such solution for OTP memory posed significant implementation limitations. Its highly hardware-specific nature made reuse across platforms complex. Further, any incorrect write could permanently damage the ECU, making testing extremely risky. With limited access to production hardware and each test consuming OTP space irreversibly, the risk of rendering ECUs unusable was high.

The challenge was to design a solution that can:

  • Securely control OTP access,

  • Enable robust validation, and

  • Allow exhaustive testing cycles

This was supposed to be implemented without wasting valuable production hardware all while maintaining compliance with automotive security standards and performance constraints.

03

Solution

 

With years of experience and expertise in Trusted Application development our team devised a lightweight Trusted Application that mediated all OTP access within the TEE. This ensured only authorized and validated operations could be executed, preventing both unauthorized access and accidental overwrites.

To overcome hardware risks, OP-TEE with QEMU was used to emulate the target environment, allowing extensive virtualized testing and debugging. Automated test suites were integrated into the workflow to validate every code change for stability and consistency. Only after achieving high confidence through virtualization did the team conduct limited validations on actual ECUs, minimizing waste and safeguarding production hardware.

04

Successes

The project successfully delivered a production-ready Trusted Application that became part of the customer’s infotainment platform SDK. It provided secure storage of immutable ECU identifiers and robust anti-rollback protection, directly strengthening platform integrity. Despite its compact scope, the solution addressed critical security requirements and protected against common attack scenarios targeting software rollback and unauthorized hardware manipulation.

maline_Trusted_Application_for_Secure_OTP_Memory_Access_--ar_16_cc619b60-8c0d-4f8c-b3a9-4b0b66d5a517

About our client

Client: Global Tier-1 automotivesupplier

Industry: Automotive

Business Area: Infotainment Platforms

Technology: Kinibi TEE on production hardware, OP-TEE with QEMU, C/C++, GlobalPlatform APIs

Sovereign Side Banner 3 maline_Trusted_Application_for_Secure_OTP_Memory_Access_--ar_16_cc619b60-8c0d-4f8c-b3a9-4b0b66d5a517

READY TO UPDATE YOUR BUSINESS?

Let's talk!

Axel Wetten

senior business development manager

Axel+Wetten

More success stories

Learn how we have empowered our customers and get to know our solutions

Trusted+Application+for+Secure+OTP+Memory+Access

Trusted Application for Secure OTP Memory Access

For a leading automotive software company developing modern driving technologies, Diconium designed and implemented a Trusted Application that enabled controlled access to One-Time Programmable (OTP).

Read our story
Trusted+Application+Development+for+Secure+Update+Containers+in+Infotainment+ECUs

Trusted Application Development for Secure Update Containers in Infotainment ECUs

For a leading global automotive supplier, Diconium Germany developed a Trusted Application to enable controlled decryption of update containers within the Trusted Execution Environment (TEE).

Read our story
MuleSoft-Powered+Integration%3A+seamless+connectivity

MuleSoft-Powered Integration: seamless connectivity

A major American automotive brand partnered with Diconium to create a future-proof integration backbone with MuleSoft. By seamlessly connecting modern cloud applications with legacy systems, we unified critical processes across finance, procurement, CRM, and contract management.

Read our story
Increased+Business+value+through+app+optimization

Increased Business value through app optimization

For a leading automotive manufacturer, Diconium developed innovative end-to-end solutions to increase the business value of a subscription-based service.

Read our story
Automotive+infotainment+with+trusted+applications

Automotive infotainment with trusted applications

For a leading automotive software division, Diconium cybersecurity team designed and implemented a secure IDS logging solution to protect sensitive data within their in-vehicle infotainment (IVI) environment.

Read our story
PKI+solution+for+ECU+security

PKI solution for ECU security

For a leading automotive OEM, Diconium developed a secure and scalable PKI-as-a-service solution that helped them manage access to restricted features in Electronic Control Units (ECUs).

Read our story