Secure update and audit of electronic control units

What is claimed is: 1. A vehicle comprising: a vehicle bus; and at least one vehicle electronic control unit (ECU) configured to: receive an ECU update package from a remote source; verify a first timestamp included with the ECU update package postdates a second timestamp stored onboard the vehicle in conjunction with a last-successful update of the ECU; obtain a unique vehicle identifier from the vehicle bus; obtain secure configuration data for the ECU included in a payload of the update package; derive a first hash value using at least the unique vehicle identifier and the secure configuration data; validate the update package based on comparison of the first hash value matching a second hash value included in the update package; and responsive to the first timestamp post-dating the second timestamp and validation of the update package, modify the ECU through use of the secure configuration data; wherein the ECU is further configured to store the second hash value responsive to successful modification of the ECU using the secure configuration data. 2. The vehicle of claim 1 , wherein the validation further includes the ECU being configured to validate a signature of the update package using a cryptographic algorithm referenced as part of the update package. 3. The vehicle of claim 1 , wherein the unique vehicle identifier is a vehicle identification number. 4. The vehicle of claim 1 , wherein the validation further includes the ECU being configured to compare a first electronic serial number of the ECU to a second electronic serial number included in the update package to confirm that the ECU is an intended ECU for installation, indicated by the second electronic serial number. 5. The vehicle of claim 1 , wherein the ECU is further configured to store the first timestamp responsive to successful modification of the ECU using the secure configuration data. 6. A method comprising: receiving an electronic (ECU) update package from a remote source at an ECU of a vehicle; obtaining, at the ECU, a unique vehicle identifier from a vehicle bus of the vehicle; obtaining, at the ECU, secure configuration data for the ECU included in a payload of the update package; deriving, via the ECU, a first hash value using at least the unique vehicle identifier and the secure configuration data; validating the update package based on comparison of the first hash value matching a second hash value included in the update package; and responsive to the validating of the update package resulting in a match, modifying the ECU using the secure configuration data; wherein the ECU is further configured to store the second hash value responsive to successful modification of the ECU using the secure configuration data. 7. The method of claim 6 , wherein the validating further includes validating a signature of the update package using a cryptographic algorithm referenced as part of the update package. 8. The method of claim 6 , wherein the unique vehicle identifier is a vehicle identification number. 9. The method of claim 6 , wherein the validating further includes comparing a first electronic serial number of the ECU to a second electronic serial number included in the update package to confirm that the ECU is an intended ECU for installation, indicated by the second electronic serial number. 10. The method of claim 6 , further comprising: verifying, using the ECU, a first timestamp included with the ECU update package postdates a second timestamp stored onboard the vehicle in conjunction with a last-successful update of the ECU; and wherein the modifying is further responsive to the verifying that the first timestamp postdates the second timestamp. 11. The method of claim 10 , wherein the ECU is further configured to store the first timestamp responsive to successful modification of the ECU using the secure configuration data. 12. A vehicle comprising: a vehicle bus; and at least one vehicle electronic control unit (ECU) configured to: receive an audit instruction and responsively: obtain a unique vehicle identifier from the vehicle bus; obtain secure configuration data for the ECU stored in conjunction with the ECU; derive a first hash value using at least the unique vehicle identifier and the secure configuration data; obtain a second hash value stored in conjunction with the ECU following a prior modification of the ECU to include the secure configuration data; validate the secure configuration data based on the first hash value matching the second hash value; and responsive to a validation error, notify a manufacturer of the vehicle of the error; wherein the ECU is further configured to store the second hash value responsive to successful modification of the ECU using the secure configuration data. 13. The vehicle of claim 12 , wherein the unique vehicle identifier is a vehicle identification number. 14. The vehicle of claim 12 , wherein the audit instruction is received based on a scheduled audit of the ECU. 15. The vehicle of claim 12 , wherein the audit instruction is received based on a remote instruction from the manufacturer. 16. The vehicle of claim 12 , wherein the audit instruction is received based on a random audit of the ECU. 17. The vehicle of claim 12 , wherein the notification includes the unique vehicle identifier. 18. The vehicle of claim 12 , wherein the ECU is further configured to disable at least partial functionality of the ECU responsive to the validation error.