Getting an ECU into a Volvo Cars platform — securely

The car is becoming a computer on wheels — updated across its whole life like any other software product. That makes one capability non-negotiable: proving that every software package reaching an ECU is authentic and complete, and that only trusted software ever runs. Regulators have codified it (UNECE R156), and the bar keeps rising as more updates happen over the air, away from any workshop. It is the same secure-software discipline that mission-critical defence systems demand — the automotive rigour Diadrom has built since 1999, and now carries into defence as well.

Nippon Seiki builds head-up displays; BCS AIS builds wireless phone chargers. Two very different ECUs — but each only earns its place in a modern vehicle platform if it can be updated the way the car maker requires: securely, verifiably, for years. For both suppliers, meeting Volvo Cars' software-update procedures is the gate to integration.

Volvo Cars specifies exactly how software must be delivered to, and updated on, the ECUs in its platforms. A supplier's ECU has to comply, or it simply cannot be integrated — software download would not work as required, and the delivery for integration would not be possible. And the hard part is not moving bytes: it is guaranteeing, in the field and at production scale, that every software package is authentic and complete and that nothing untrusted can ever run — all on constrained embedded hardware.

Diadrom delivered a software-update capability with robust software download at its core, and built the security around it: the authenticity and completeness of every software package, enforced through a hardware root of trust (a Hardware Secure Module) for cryptography, together with secure boot and SecurityAccess. The work spanned embedded development, test and verification of deliveries, and the setup of ASPICE requirements-traceability processes, so every requirement could be traced to its implementation. It is offered as both engineering services and a licensed product, supporting UDS over CAN, CAN FD, LIN, GMSL and DoIP across a range of target MCUs, tailored to each customer. Diadrom has worked on the product since 2016.

The capability turns “can this ECU be updated the way the car maker demands?” from a blocker into a solved problem — and the record backs it up. Since 2016, not a single unit has been bricked by Diadrom's software. That reliability is no accident: it rests on disciplined verification — around 550 test cases, run across roughly 30 releases, adding up to some 16,000 test executions in a single project. Nippon Seiki and BCS AIS integrate their ECUs into Volvo Cars platforms with software download that works as specified and security that holds at production scale — without each supplier rebuilding secure-update and bootloader expertise from scratch. Diadrom has sustained and evolved the product since 2016 as requirements and protocols have grown.

The direction is clear: more software over the air, more updates happening away from the workshop, and more security requirements layered on top — everything has to keep working, all the time, with no service bay in reach. Diadrom's hard-won lessons for anyone facing the same challenge: keep a traceable process from the very start, so the details never fall between the cracks — and test a lot, and often. The zero-bricked record is what that discipline buys you.