Hello,
I need to protect my maps, but at the same time I like to give to a customer the ability to upload different files I prepared into the ECU.
In SCAL I'm looking at: CAL\Change user Access and CAL\Change Identity
But both functions aren't really clear to me, anybody can help me?
ECU Security
-
Andrearally
- Posts: 12
- Joined: Mon Jan 23, 2012 6:43 pm
- Location: Verona - ITALY
- Contact:
-
pat
- Syvecs Staff - Cleaner
- Posts: 356
- Joined: Fri May 23, 2008 10:23 am
- Location: Out there... somewhere
- Contact:
Re: ECU Security
Andrea,
There are different levels of protection available depending on your needs. There is both fine and coarse grain access control BUT if your ECU was not specifically ordered as something other than "GENERIC" then you will not be able to use the finer grain control; this is because the GENERIC root identity is distributed in the software from the website; if you are already god then noone can tell you what you can and cannot do. The only thing that you can do immediately is to password protect the ECU; this does not lock the user out completely, ie they can still upload other maps but it stops them from seeing your map data. NB: It MAY be necessary do downgrade and re-upgrade the ECU firmware to flush an existing password protected calibration from the non volatile memory, but this takes no more than 5 minutes and is a minor inconvenience.
For the future you should consider getting your own developer ID. We are looking at ways of changing this in the field, it is presently only possible at the factory, so for now you would need to request them that way. Once you have your own ID you will also get more IDENTITIES. That is to say you will have a root identity for your ID plus some more; when you do Calibration -> Change Identity this is what is being referred to. There may be an intermediate level of access like tech and low level only like the chap that collect datalogs at the trackside but should not be able to see or adjust the cal. There can be up to four identities per developer ID. So where you are presently asked "How would you like to access the device ?" and given the option of "GENERIC" that really means "With the developer ID of 'GENERIC' and with an identity of root". When you run your own developer ID you might seem "AMRACING", "AMRACING:SUPPORT", "AMRACING:USER" etc (can't be 100% certain here it is a looooong time ago since we were actively using developer IDs), I can check tomorrow and correct if necessary
Now who you give identities to is up to you. Obviously you would keep the root ID to yourself! But you may have a slightly lower level of access that you can supply to people you trust, people that can make changes. Then another level that can flash a map you provide but that cannot see the cal data. Also, it is important to point out that there are hard and soft locks available. A hard lock is based on a dongle. You *WILL* need one. You can then create a persistent softlock on your own PC using the dongle so you don't need to use it every time. You can also do the same for the other identities. When you change identity you can test that the restrictions you think you have set are actually working. Difference is you can choose to swap back to root, but, alas, other users cannot
You can install identities on your customers' laptops and use your dongle to create softlocks for them. That is not always practical though. To get round this you can email the identity and then remotely activate it. They install it, and generate a remote softlock; this will generate a code they read out or email to you, which you pop into your SCal with your dongle and it will generate a reply they can input... and hey presto they are enabled. Being a softlock it can limited or perpetual. So say you need to give someone a higher level of access but you don't want them to have it indefinitely.... email them the right identity and go through the remote softlock but set it to expire in a day or so.... it's all quite flexible.
The one major thorn in our side here, and the reason we do not "push" this feature, is that people often change mappers and without a means of changing the developer ID in the field it would be a nightmare. It is ONLY possible to access a non-GENERIC ECU if you have the right identity files and softlocks. If someone changes mapper then they may not be able to get those and whilst Syvecs can change the developer ID if the unit is returned (ie customer is never fully locked out) it would be much MUCH better to be able to change that in the field (wiping the map in the process).... so.... if you do decide this is an option for you, please do consider the consequences; we have enough to do without having to re-program ECU developer IDs all the time! (That's not meant to be a reflection on your mapping skills, just a reflection of what we see in reality in the UK, people do change, that's life and it isn't necessarily because you have done anything "wrong", it just happens.... in the UK.... maybe not where you are though ).
Hope this helps,
Pat.
There are different levels of protection available depending on your needs. There is both fine and coarse grain access control BUT if your ECU was not specifically ordered as something other than "GENERIC" then you will not be able to use the finer grain control; this is because the GENERIC root identity is distributed in the software from the website; if you are already god then noone can tell you what you can and cannot do. The only thing that you can do immediately is to password protect the ECU; this does not lock the user out completely, ie they can still upload other maps but it stops them from seeing your map data. NB: It MAY be necessary do downgrade and re-upgrade the ECU firmware to flush an existing password protected calibration from the non volatile memory, but this takes no more than 5 minutes and is a minor inconvenience.
For the future you should consider getting your own developer ID. We are looking at ways of changing this in the field, it is presently only possible at the factory, so for now you would need to request them that way. Once you have your own ID you will also get more IDENTITIES. That is to say you will have a root identity for your ID plus some more; when you do Calibration -> Change Identity this is what is being referred to. There may be an intermediate level of access like tech and low level only like the chap that collect datalogs at the trackside but should not be able to see or adjust the cal. There can be up to four identities per developer ID. So where you are presently asked "How would you like to access the device ?" and given the option of "GENERIC" that really means "With the developer ID of 'GENERIC' and with an identity of root". When you run your own developer ID you might seem "AMRACING", "AMRACING:SUPPORT", "AMRACING:USER" etc (can't be 100% certain here it is a looooong time ago since we were actively using developer IDs), I can check tomorrow and correct if necessary
Now who you give identities to is up to you. Obviously you would keep the root ID to yourself! But you may have a slightly lower level of access that you can supply to people you trust, people that can make changes. Then another level that can flash a map you provide but that cannot see the cal data. Also, it is important to point out that there are hard and soft locks available. A hard lock is based on a dongle. You *WILL* need one. You can then create a persistent softlock on your own PC using the dongle so you don't need to use it every time. You can also do the same for the other identities. When you change identity you can test that the restrictions you think you have set are actually working. Difference is you can choose to swap back to root, but, alas, other users cannot
You can install identities on your customers' laptops and use your dongle to create softlocks for them. That is not always practical though. To get round this you can email the identity and then remotely activate it. They install it, and generate a remote softlock; this will generate a code they read out or email to you, which you pop into your SCal with your dongle and it will generate a reply they can input... and hey presto they are enabled. Being a softlock it can limited or perpetual. So say you need to give someone a higher level of access but you don't want them to have it indefinitely.... email them the right identity and go through the remote softlock but set it to expire in a day or so.... it's all quite flexible.The one major thorn in our side here, and the reason we do not "push" this feature, is that people often change mappers and without a means of changing the developer ID in the field it would be a nightmare. It is ONLY possible to access a non-GENERIC ECU if you have the right identity files and softlocks. If someone changes mapper then they may not be able to get those and whilst Syvecs can change the developer ID if the unit is returned (ie customer is never fully locked out) it would be much MUCH better to be able to change that in the field (wiping the map in the process).... so.... if you do decide this is an option for you, please do consider the consequences; we have enough to do without having to re-program ECU developer IDs all the time! (That's not meant to be a reflection on your mapping skills, just a reflection of what we see in reality in the UK, people do change, that's life and it isn't necessarily because you have done anything "wrong", it just happens.... in the UK.... maybe not where you are though
).Hope this helps,
Pat.
-
Andrearally
- Posts: 12
- Joined: Mon Jan 23, 2012 6:43 pm
- Location: Verona - ITALY
- Contact:
Re: ECU Security
Thanks for the answer Pat.
I'm not really worried about mapper change, but I'm following some racing team I like to give them some abilty but not all.
Also because in some case we rebuild engines for them and we give mileage warranty.
In example now I've one team using different fuel in different race and I think is dangerus to allow them change fuel map with CAl Pot and I like to give them two different files.
But I don't want to allow them to change those files.
I'm not really worried about mapper change, but I'm following some racing team I like to give them some abilty but not all.
Also because in some case we rebuild engines for them and we give mileage warranty.
In example now I've one team using different fuel in different race and I think is dangerus to allow them change fuel map with CAl Pot and I like to give them two different files.
But I don't want to allow them to change those files.