Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, by a first root of trust (C-ROT) of a first chiplet of a plurality of chiplets from a second C-RoT of a second chiplet, a second certificate along with security state information and debug information for the second chiplet; authenticating a security state and a debug state of the second chiplet based on the security state information and the debug information; authenticating the second certificate; and establishing a security boundary with the second chiplet.

Abstract: Embodiments of this application provide a security protection method in an in-vehicle system and a device, relate to the field of internet of vehicles technologies, to deploy a first security protection module on an electronic control unit, deploy a second security protection module on a domain controller, and deploy a third security protection module on a gateway based on security level requirements of the gateway, the domain controller, and the electronic control unit, so that the gateway, the domain controller, and the electronic control unit have different security levels. A security level of the first security protection module is a first security level, a security level of the second security protection module is a second security level, and a security level of the third security protection module is a third security level.

Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, at a first chiplet root of trust (C-ROT) of a first chiplet of a plurality of chiplets, a request for a cryptographic key; generating, by the first C-ROT, the cryptographic key; wrapping, by the first C-ROT, the cryptographic key using a wrapping key to generate a wrapped cryptographic key; outputting, by the first C-ROT, the wrapped cryptographic key; receiving the wrapped cryptographic key at a second C-ROT of a second chiplet of the plurality of chiplets; unwrapping, by the second C-ROT, the wrapped cryptographic key using the wrapping key; and performing, by the second C-ROT, an operation based on the cryptographic key.

Abstract: Systems and techniques are provided for establishing a connection. For instance, a process may include receiving, by a first root of trust (C-ROT) of a first chiplet of a plurality of chiplets from a second C-RoT of a second chiplet, a second certificate along with security state information and debug information for the second chiplet; authenticating a security state and a debug state of the second chiplet based on the security state information and the debug information; authenticating the second certificate; and establishing a security boundary with the second chiplet.

Abstract: A method and an apparatus for processing a vehicle upgrade package. In the method, a first terminal receives a first data block from a server, where the first data block is used for upgrading the vehicle. The first terminal obtains a second data block from a second terminal, where the second data block is used for upgrading the vehicle. The second data block is sent by the server to the second terminal, and the first terminal obtains the vehicle upgrade package based on the first data block and the second data block. The terminals no longer need to obtain the complete vehicle upgrade package from an OTA server. Therefore, the load of the OTA server can be reduced.

Abstract: A method and an apparatus for processing a vehicle upgrade package. In the method, a first terminal receives a first data block from a server, where the first data block is used for upgrading the vehicle. The first terminal obtains a second data block from a second terminal, where the second data block is used for upgrading the vehicle. The second data block is sent by the server to the second terminal, and the first terminal obtains the vehicle upgrade package based on the first data block and the second data block. The terminals no longer need to obtain the complete vehicle upgrade package from an OTA server. Therefore, the load of the OTA server can be reduced.

Abstract: Embodiments of this application provide a security protection method in an in-vehicle system and a device, relate to the field of internet of vehicles technologies, to deploy a first security protection module on an electronic control unit, deploy a second security protection module on a domain controller, and deploy a third security protection module on a gateway based on security level requirements of the gateway, the domain controller, and the electronic control unit, so that the gateway, the domain controller, and the electronic control unit have different security levels. A security level of the first security protection module is a first security level, a security level of the second security protection module is a second security level, and a security level of the third security protection module is a third security level.

Abstract: An authentication server may obtain information about a plurality of nodes or information about a replacement node in an in-vehicle system, and perform authentication on the nodes based on the information about the nodes or perform authentication on the replacement node based on the information about the replacement node. After the authentication succeeds, the authentication server may further send an identifier of a subnode of a node, key information of the subnode of the node, an identifier of a parent node of the node, and key information of the parent node of the node to the node in the in-vehicle system. Therefore, when the in-vehicle system is started, the node performs authentication on another node in the in-vehicle system.

Abstract: An integrated chip and a data processing method are provided, to improve system security and service processing efficiency of a system. The integrated chip includes: an application processor, configured to write first data into an off-chip memory in a normal secure mode by using a storage controller, where an address of the first data in the off-chip memory is a first address; a security processor, configured to send a first read instruction to the storage controller in an enhanced secure mode, where the first read instruction is used to request to read the first data at the first address; and the storage controller, configured to control the security processor to read the first data from the off-chip memory.