As part of my work for Continental/Bertrandt, I developed and maintained a specialized toolchain for securing firmware images for automotive control units. The focus was on the integrity and authenticity of the delivered software components.

The Challenge

In modern vehicles, firmware updates must be safely installed via various interfaces (OTA, workshop tester). It must be ensured that:

  1. The firmware comes from an authorized source (Authenticity).
  2. The firmware was not modified on the way to the control unit (Integrity).
  3. Sensitive code areas are protected against reverse engineering (Confidentiality).

The Solution: adas_rbin_tools

The core of the work was the development and maintenance of adas_rbin_tools, a Python-based suite for transforming and signing binary data.

1. elf2rbin: Structured Security

The tool transforms ELF files (Executable and Linkable Format) into the proprietary RBIN format.

2. rbins2muco: Multi-Component Images

For complex systems with multiple processor cores (Multi-Core), the MUCO format (Multi-Component) was used. rbins2muco allows aggregating multiple RBIN files into a consistent overall image including a global header and checksums.

3. Diversity of Input Formats

In addition to ELF files, other industry standards were also supported:

Result

The toolchain was firmly integrated into the CI/CD process (Jenkins). Automated validation scripts (validate.py) ensured that every generated image met the specifications before entering the release pipeline. This minimizes the risk of “bricks” (unusable hardware due to faulty firmware) and increases the security of the entire vehicle fleet.