Method for securely updating control units

What is claimed is: 1. A method for securely updating a control unit, which includes a host that is configured to execute an update program and at least one application program, a memory, which contains programs and data, and a hardware security module (HSM) configured to block and to unblock a write access to the memory, the method comprising the following steps: starting the host and the HSM, wherein the control unit including the host, the memory, and the HSM, is situated in a vehicle; blocking, by the HSM, the write access to the memory; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; determining the request to the present, and based on the request being present, checking by the HSM, an authorization of the caller to carry out the update, the authorization of the caller being confirmed by a confirmation unit including a computer processor, wherein the confirmation unit is external to the vehicle, wherein the caller identifies itself to the confirmation unit, the HSM checking the authorization using a challenge-response authentication, the HSM issuing a challenge, and the confirmation unit confirming the authorization to the HSM by responding to the issued challenge with a response; and establishing during the check of the authorization that the caller is authorized, and unblocking, by the HSM, the write access to the memory and re-writing at least a portion of the memory by the update program. 2. The method as recited in claim 1 , further comprising, after the starting of the update program, executing at least one of the at least one application program by the host when no request is present. 3. The method as recited in claim 1 , where, when it is established during the check of the authorization that the caller is authorized, blocking, by the HSM, the write access to the memory after the rewriting and subsequently executing at least one of the at least one application program by the host. 4. The method as recited in claim 1 , further comprising: requesting and checking a password before unblocking the write access to the memory. 5. The method as recited in claim 1 , further comprising: stopping the host and/or sending or outputting an error message, when it is established that the caller is not authorized. 6. The method as recited in claim 1 , wherein the caller identifies itself to the confirmation unit using a hardware token. 7. The method as recited in claim 1 , wherein the caller identifies itself to the confirmation unit using a smart card with the aid of a digital certificate stored on the smart card. 8. The method as recited in claim 1 , wherein the confirmation unit includes a server or a distributed system. 9. The method as recited in claim 1 , wherein the confirmation unit includes a distributed system in the form of a Public Key Infrastructure or a blockchain. 10. The method as recited in claim 1 , wherein the confirmation unit stores code words or cryptographic keys which are used in the authorization check. 11. The method as recited in claim 1 , wherein the HSM forwards the challenge to the host, and the host communicates the challenge to the confirmation unit via a communication interface of the host. 12. A processing unit including a computer configured for securely updating a control unit, which includes a host that is configured to execute an update program and at least one application program, a memory, which contains programs and data, and a hardware security module (HSM) configured to block and to unblock a write access to the memory, the processing unit configured to: start the host and the HSM, wherein the control unit including the host, the memory, and the HSM, is situated in a vehicle; block, by the HSM, the write access to the memory; start the update program; determine by the update program whether a request of a caller to carry out an update is present; determine the request to be present, and based on the request being present, check by the HSM of an authorization of the caller to carry out the update, the authorization of the caller being confirmed by a confirmation unit including a computer processor, wherein the confirmation unit is external to the vehicle, wherein the caller identifies itself to the confirmation unit, the HSM checking the authorization using a challenge-response authentication, the HSM issuing a challenge, and the confirmation unit confirming the authorization to the HSM by responding to the issued challenge with a response; and based on establishing during the check of the authorization that the caller is authorized, unblock, by the HSM, the write access to the memory and re-writing at least a portion of the memory by the update program. 13. A non-transitory machine-readable memory medium on which is stored a computer program for securely updating a control unit, which includes a host that is configured to execute an update program and at least one application program, a memory, which contains programs and data, and a hardware security module (HSM) configured to block and to unblock a write access to the memory, the computer program, when executed by a computer processor, causing the computer processor to perform the following steps: starting the host and the HSM, wherein the control unit including the host, the memory, and the HSM, is situated in a vehicle; blocking, by the HSM, the write access to the memory; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; determining the request to be present, and based on the request being present, checking by the HSM, an authorization of the caller to carry out the update, the authorization of the caller being confirmed by a confirmation unit including a computer processor, wherein the confirmation unit is external to the vehicle, wherein the caller identifies itself to the confirmation unit, the HSM checking the authorization using a challenge-response authentication, the HSM issuing a challenge, and the confirmation unit confirming the authorization to the HSM by responding to the issued challenge with a response; and based on establishing during the check of the authorization that the caller is authorized, unblocking, by the HSM, the write access to the memory and re-writing at least a portion of the memory by the update program.