36 With large enough memory, a MICROSAR HSM can store a flexible number of keys, certificates or other content, with the amount limited purely by the hardware resources. To prevent compromised software from starting, more ECUs are checking the authenticity of the ECU application at startup time. The HSM firmware performs this task securely and efficiently to reduce the required startup time. It is even possible to perform this check concurrently with the system startup. The HSM handles the calculation of the message authentication code (MAC) for secured messages and this allows the recipient to check its authenticity. Calculating and verifying this code generates additional effort and increases the load on the host CPU. The HSM supports this calculation by hardwareaccelerated calculation of the MACs. The Transport Layer Security (TLS) protocol widely used on the internet is used to secure external communications. The HSM relieves the main processor of the time-consuming TLS connection setup and ensures content that requires protection, such as private keys, is separated from the rest of the system. In addition, the HSM can encrypt and decrypt the user data in a hardwareaccelerated manner. Rust language Automotive software is traditionally developed in C and C++ as these languages are most suitable for resource-constrained embedded systems, but they are highly prone to issues related to memory safety and data race conditions. An up and coming alternative is Rust. This is a programming language designed to overcome these limitations without the overhead of a runtime garbage-collection mechanism. In tests, the efficiency of Rust in terms of execution time and memory usage is comparable with C and C++. The built-in safety from memory leaks and race conditions offered by Rust makes it suitable for automotive software where functional safety and security are highly valued. Considering this, organisations such as AUTOSAR and SAE have formed groups to evaluate the usability of Rust in automotive middleware and system software. More modern software development tools include dependency management through crates, linter checks, formatting and documentation, among other things. The Rust compiler produces accurate warnings and errors, which help developers to fix issues quickly. Rust enforces memory safety at compile time. The Ownership Based Resource Management (OBRM) approach used by Rust for handling data ensures memory safety without compromising runtime efficiency. This approach ensures safe sharing of data among multiple execution threads without race conditions. The language also provides good mechanisms for interoperability with C and C++. The foreign function interface (FFI) provides built-in support for binding with external C code. While C++ bindings are not directly supported by FFI, a library called Cxx provides a safe mechanism for calling C++ code from Rust, and Rust code from C++. This makes it possible to implement new features in Rust in a project where the primary language of development is C or C++, or use existing C or C++ libraries in a Rust application. Rust inherently offers memory safety, thread safety and type safety, which is a prerequisite for developing functionally safe and secure software. A new generation of automotive development tools for Rust are now ISO 26262-compliant for vehicle developments. The Ferrocene Language Specification (FLS) is a qualified Rust tool chain for safety-critical systems for automotive, avionics, space and railway. AUTOSAR has also formed a subgroup within the Working Group for Functional Safety (WG-SAF) to investigate how Rust could be applied in the adaptive platform context. With the interoperability features available in Rust for C and C++, it is possible to develop some components of the project in Rust and then integrate these components with the rest of the C++ code. Cxx provides a safe mechanism for two-way binding between C++ code and Rust code. Although it is technically feasible to combine Rust and C++ components, it nevertheless poses certain challenges for maintenance and project management. The software architecture can become complex, and the development team will inevitably require both C++ and Rust developers. If existing C++ developers plan to learn and develop in Rust, this can have a significant learning curve. Rust matches C++ in terms of performance, and in some quarters much more, particularly when it comes to Tech focus | Cybersecurity March/April 2025 | E-Mobility Engineering The µ-velOSity RTOS architecture, where applications, middleware and drivers all run outside the kernel (Image courtesy of Green Hills Software)
RkJQdWJsaXNoZXIy MjI2Mzk4