The software running on electronic devices is regularly up-dated, these days. A vehicle consists of many such devices, but is operated in a completely different manner than consumer devices. Update operations are safety critical in the automotive domain. Thus, they demand for a very well secured process. The authors propose an on-board security architecture which facilitates such update processes by combining hardware and software modules. In this paper, they present a protocol to show how this security architecture is employed in order to achieve secure firmware updates for automotive control units.