Notes from the software-defined vehicle
Engineering notes and executive perspectives on diagnostics, cyber-security and the software that now defines the vehicle — in Diadrom's own words.
Abstracting the HSM: portable security for the bootloader
As software-defined vehicles raise the cyber-security bar, the cryptography in a bootloader is increasingly offloaded to a Hardware Security Module. Putting a hardware abstraction layer between the two keeps the code portable, testable and fast to move between silicon vendors.
Read Regulation · ~3 minThe EU Data Act: the first domino of the software-defined vehicle
From January 2024, EU law obliges connected products to open up the data they generate. For carmakers that is not just a compliance task — it is the regulatory push that makes the software-defined vehicle inevitable, and an opening for whoever can turn vehicle data into services.
Read AI · ~3 minAutomotive AI is only as good as the data it learns from
Generative AI has largely run out of fresh human-written data to learn from. In the vehicle, the next edge is not a bigger model — it is real, contextual data from the car itself, which the software-defined vehicle and the EU Data Act are finally unlocking.
Read Strategy · ~3 minTaming the software-defined vehicle with diagnostics
The software-defined vehicle multiplies complexity faster than teams can test it. The way to tame that complexity is not more tools — it is diagnostics as the control plane: one source of truth, one communication framework, one aligned tool chain across the lifecycle.
Read Fundamentals · ~4 minOff-board vs on-board diagnostics: where the engineering lives
Every vehicle carries diagnostics on board, but the deep work — identifying ECUs, reading faults, coding and reprogramming them — happens off-board, in the tools and data that sit outside the vehicle. Here is how the two sides differ, and why the durable engineering lives on the off-board side.
Read Engineering · ~4 minUDS protocol (ISO 14229) explained: a guide to the services
Unified Diagnostic Services is the language almost every modern ECU speaks to the outside world. This is a working engineer's tour of ISO 14229: the request-response model, the sessions, the services you will actually use, and how it all rides over CAN and IP.
Read Engineering · ~4 minWhat is ODX? The ISO 22901 diagnostic data layer, and PDX
UDS lets a tester talk to an ECU, but it does not tell the tester what to say. ODX is the formal, vendor-independent description that closes that gap, and PDX is how it ships. Here is what that means in practice.
Read Engineering · ~4 minSOVD vs UDS: diagnostics for the software-defined vehicle
Service-Oriented Vehicle Diagnostics (SOVD) is the emerging API for diagnosing software-defined vehicles. Here is how it differs from classic UDS, why it is arriving now, and why the two will run side by side for years to come.
Read Security · ~4 minSecuring the diagnostic channel: ISO 21434, UN R155 and UDS 0x29
Type approval now turns on cyber-security, and the diagnostic channel is one of the most exposed surfaces a vehicle carries. This is what the regulations demand, and why the industry is moving from seed-key SecurityAccess to certificate-based authentication.
Read Engineering · ~3 minECU baseline, variant coding and configuration management
A modern vehicle platform carries thousands of software and configuration variants, each of which must be exactly right in every ECU that leaves the line. Holding one authoritative record of what belongs where is the difference between a controlled programme and a slow drift into the unknown.
Read Engineering · ~4 minDoIP and ISO 13400: diagnostics over IP explained
Diagnostics is moving off the CAN bus and onto automotive Ethernet. DoIP, standardised as ISO 13400, is how that happens — and the good news for engineers is that your UDS services come along for the ride, unchanged.
Read Defence · ~4 minThrough-life defence diagnostics for long-life systems
A fighter, a missile system or a fleet vehicle is expected to serve for thirty years or more. The commercial silicon, operating systems and test benches it depends on are not. Keeping a platform diagnosable across that gap is a readiness and sovereignty question, not a maintenance footnote.
Read Engineering · ~4 minAutomating UDS diagnostic verification in CI and on HIL
In a software-defined vehicle the code changes constantly, and any change can silently break a diagnostic. The only durable defence is to re-verify diagnostic behaviour automatically, on every build.
Read AI · ~3 minControlled AI for mission-critical diagnostics
Every technical organisation is being told to adopt AI. In vehicles, defence platforms and industrial systems the question isn't whether AI creates value — it's whether an AI recommendation can be trusted when it matters. That trust has to be built on a provable foundation.
Read Engineering · ~4 minECU flash programming over UDS: how reflashing actually works
Every ECU is reflashed many times in its life — on the production line, in the workshop, increasingly over the air. The UDS services involved fit on one page. What separates a demonstration from a production bootloader is everything that happens when the sequence goes wrong.
Read Engineering · ~6 minISO 24089: software update engineering, explained
Software updates got their own engineering standard in February 2023. ISO 24089 does not tell you which update platform to buy — it defines what an organisation must be able to do before it changes the software in a vehicle. Here is what the standard covers, and how it relates to UN R156.
Read Security · ~7 minUN R155 CSMS requirements and the diagnostic channel
A certified Cyber Security Management System is now a condition of vehicle type approval, and the diagnostic channel is one of the few attack surfaces the regulation names outright. Here is what UN R155 actually requires, where diagnostics appears in its threat catalogue, and what the assessment examines.
Read Defence · ~7 minISO 26262 vs MIL-STD-882E: same discipline, two worlds
Automotive engineers classify hazardous events into ASILs; defence programmes assign risk codes and route them to an acceptance authority. Both are answering the same question — how safe is safe enough, and how do you prove it? Here is where the two worlds genuinely differ, and what carries across.
Read Defence · ~7 minWhat H SystSäk 2022 asks of suppliers
H SystSäk 2022 shapes system safety in Swedish defence procurement. For a supplier it arrives as contract requirements: a plan, a chain of analyses, a living risk log and a formal statement before delivery. Here is the work in delivery order — and where automotive discipline carries.
Read White paperSoftware defines premium — the 7 Pillars
Diadrom's white paper on diagnostics across the lifecycle. Subscribe to download the full paper.
Get the paperWant to know where the capability gap sits on your platform?
The System Insight Audit turns the questions in these notes into a fixed-scope review: two weeks on site, a prioritised risk register and an executive debrief your leadership can act on.
Field insights – and our white paper as a thank-you
Brief and technical, once a quarter. When you subscribe we'll send our white paper Software defines premium — the 7 Pillars.