Comment by somerandomqaguy
15 hours ago
UN Regulation No. 155, and 156, and the Cyber Resilience Act (CRA) are requiring car manufacturers to implement cryptographic validation that allows only authorized software from the manufacturer to be run.
15 hours ago
UN Regulation No. 155, and 156, and the Cyber Resilience Act (CRA) are requiring car manufacturers to implement cryptographic validation that allows only authorized software from the manufacturer to be run.
What I meant more is that you need more and more specialized tools (according to the manufacturers). My previous ford needed a special (expensive!) bracket to keep the drivetrain in place if you want to do anything on the engine which makes home service less likely.
These regulations do not mean you need 25k in tooling, but that is what it has come to. And thus there is a blooming (mostly Chinese/Russian) aftermarket tooling business with sketchy software you want to run in a VM.
This is just signing, nothing cutting edge. Verification of signatures is a fairly old tech. What is the exact problem here? Is it that manufacturers do not publish the signed binaries or is it that you want to run something on your car compiled by you?
Authorized software means authorized for that car's VIN number. Basically it's the same issue with parts in Apple products that are serial number locked.
If for instance if you damaged a headlamp, and then went to an authorized BMW dealer, bought the correct brand new OEM BMW head lamp assembly from the parts department of an authorized BMW dealer, and followed the replacement procedure to the letter in the BMW service website... it won't work. The headlamp assembly is not authorized to talk to the rest of the car even though it's OEM, untampered, with stock firmware.
The headlamp has to be reprogrammed with the correct VIN number in order for the rest of the ECU's in that particular car to recognize it as authorized.
You're going to have to explain dragging the UN in here.