iramcdonald
commented
3 years ago Hi,
Aftermarket suppliers also manufacture new ECUs that add entirely new features to specific vehicle models that were never offered by the OEMs. Garages (including OEM dealers) regularly install aftermarket ECUs (such as radiators), when the OEM has stopped producing them. It's a fallacy that all aftermarket parts are deficient relative to OEM "official" parts. Older vehicles depend heavily on aftermarket parts.
And the newly strengthened Massachusetts Right-to-Repair law complicates both the distribution of ECU firmware updates and the attendant functional safety and cybersecurity issues.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Chair - SAE Trust Anchors and Authentication TF Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc http://sites.google.com/site/highnorthincmailto: blueroofmusic@gmail.com blueroofmusic@gmail.com(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434
On Mon, Dec 21, 2020 at 9:35 PM Lois Anne DeLong notifications@github.com wrote:
First introduced at our industry workshop in May, this issue opens discussion on the complicated topic of how the use of aftermarket equipment and services impacts security systems. Aftermarket companies refurbish and reuse equipment following end-of-life support from OEMs. This means introducing ECUs to a vehicle that the OEM has no control over. In addition, because aftermarket suppliers may not have access to the original design, they often reverse engineer the parts to figure out how it works. Such an approach perhaps keeps these suppliers from being able to glean all relevant design information about the ECU.
This is admittedly a broad topic. When introduced at the workshop, several specific points were raised that could each be broken into separate issues:
- How do we deal with aftermarket ECUs that do not have their own Primary? Can they leverage an OEMs Director repository?
- If an aftermarket ECU does have its own Primary, is each capable of controlling a mutually exclusive set of
- Could ownership of Director be delegated to a third party or owner?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/uptane/uptane-standard/issues/200, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE33UO4LTSUNSHKMSKGBHRDSWAAWJANCNFSM4VFAIRSA .
jhdalek55
First introduced at our industry workshop in May, this issue opens discussion on the complicated topic of how the use of aftermarket equipment and services impacts security systems. Aftermarket companies refurbish and reuse equipment following end-of-life support from OEMs. This means introducing ECUs to a vehicle that the OEM has no control over. In addition, because aftermarket suppliers may not have access to the original design, they often reverse engineer the parts to figure out how it works. Such an approach perhaps keeps these suppliers from being able to glean all relevant design information about the ECU.
This is admittedly a broad topic. When introduced at the workshop, several specific points were raised that could each be broken into separate issues:
I'm opening up this issue so we can begin a dialogue on these and other issues.