OTA software update , does it work ?

[daveo4EV]

In the engineering models other manufactures use, it doesn't make much sense to take the risk of OTA code as the car was not designed to be a development model. They prefer the safer method and deliver the update to dealers and let the update be done by a tech.

let's not confuse a delivery method (OTA vs. USB-stick) with the security or relative quality of an update - if a given software update is not secure/stable/bug free via OTA - it's not secure/stable/bug-free via USB-Stick…

Porsche bricked 100's to low thousands of Taycan's attempting to update PCM 6.x to 6.x+1 with USB based dealer service techs applying the update…and the only recovery method to fix these bricked Taycan's was to replace key/expensive hardware modules - which were back ordered and hard to source given supply chain constraints - OTA is just a method of delivering software, it has nothing to do with quality/suitability - delivery of low quality software via OTA is no different than low quality software via USB stick…and I've had more problems with dealer applied software than I ever had with any of my Tesla's…

Tesla's software is at least as secure at Apple, Microsoft, Google in terms of integrity and delivery mechanism - vs. the auto-motive platforms that most auto makers are deploying…

I find your analysis confusing and mostly FUD - the 10+ year history of Tesla's software with now literally millions of vehicle's on the road large refutes the majority of your assertions - I also happen to know that Tesla deploys: code, signing, public-key-private-key, SSL and other industry standard security mechanisms that while not impossible to breach are based on technologies that if they are not secure, neither is anything else we're using…

I'm unaware of any large scale hacks available and easily deployable against Tesla, where as we can disable most/nearly-all other maker's vehicle's via numerous hacks via wireless FOB's or even going in through the wireless tire pressure monitor's…

I'd love any evidence or articles discussing major problems with Tesla's security or fall out from OTA updates…

 

[daveo4EV]

I think it’s important to note here that the software stack for the Macan EV (Android based) is new and completely different from the Taycan. There’s no doubt that Porsche is still working to get their software act together, but I’m not setting my expectations for the Macan based on what people experienced with the Taycan. I’m hoping this new stack will bring improvements, startup pains that people on this forum have experienced notwithstanding. YMMV

the Infotainment is based on Android (the PCM and such) the majority of the vehicle's operational code is still automotive legacy code (the ECU and related subsystems) are running a lot of software that has more in common with the ICE Macan that Porsche/Audi would like…

so while PCM and it's related "consumer" level software is running on top of android it should be easier/faster to update and probably can be done via OTA if Porsche wanted to. Also the core OS itself can be replaced with newer version of Android…

however there is still a large majority of the vehicle that has embedded software, but it's not running on Android - it's the same old code that's always been running and does not represent a major step forward.

One problem for VW/Audi/Porsche is their reliance on their highly optmized/legacy supply chain - the majority of components in the supply chain are also "little computers" with small bits of code to do things (steering controllers, ABS, brakes, HVAC controllers, water pumps, etc…) - these components are plug-play and the software is "invisible" to the car as a whole and just lives on the CAN-BUS…

there are several challenges when it comes to updating these types of components:

• not all of them even support flashing new software
• some can have new software, but it can't be done over the can BUS
• changing the software is a major quality-assurance effort
  • regulations also come in to play - can't change the brake system with out triggering a whole bunch of regional requirements for re-qualification with certification
• there are minor variations in components over time - so Macan "A" may not have the same "air shock" controller as Macan "B" - even if they are the same year model
  • the quality configuration/qualification matrix is a nightmare
• a very very big issue is that if Porsche is sourcing a shock absorber with software from say Bosch - VW/Audi/Porsche do not OWN the IP (intellectual property) rights to that software - they must get Bosch to update the software - VW/Audi/Porsche do not have the legal right to modify all the software that they are shipping in their vehicle's - as they only own the IP rights a fraction of the software that ships in a modern vehicle…
• there are more challenges, but the major's are listed above…

all the cost has been "wrung" out of this supply chain - margins are thin - these components have been "qualified" and change is not part of the "system" - change equals cost - change equals delay - change equal new qualification efforts - and these vendors don't have fleets of software engineers iterating on code that was locked/loaded/unchanged from 6 or more years ago…cracking open the code for shock-absorber is beyond the scope of "normal" planning/ordering/sourcing conversations - and the vendor in question while they may own the software involved may not have the engineering resources on staff to do the work…it's just sooooo complicated…and I'm oversimplifying it - I've spoken at length with multiple VW/Audi/Porsche engineers that _WANT_ to do this sort of thing and understand they _NEED_ to do this sort of thing, but once you leave the walls of a VW engineering building and need to reach "into" a supply chain component and update it's software - you hit a brick-steel-reinforced-65ft-thick-cost-optimization-blast-wall designed to _PREVENT_ change in the system for: cost management, integrity, qualification, metrics and predictability of component yield and delivery windows…

NOTE: if you take a tour during a Euro-delivery opportunity - you'll hear how Porsche's factory has just-in-time components - many many parts on your Macan EV arrived at the factory less than 3 hours before they were installed on your vehicle. The supply chain and trucking deliveries are equally tightly managed. During our tour we had a assembly line shut down - once it had gone on for more than 10 minutes our tour guide informed us if it went for another 10 minutes (20 minutes total) they would start delaying trucking of that days supplies schedule to be delivered later that day - if the line is shutdown for more than 6 hours some assembly lines else where that are "feeding" components into the Leipzig facility will also be shutdown to avoid making components that won't be needed with in the next 12-24 hours…change and software updates are no where to be found in this time of highly optimized logistical supply chain system…in fact it's alien to the process that the component would be changes _after_ it's installed on the vehicle - how would you track that? it's just not in their mind set…

all the vehicles that have comprehensive OTA updates (BYD, Tesla, Lucid, Rivian) have vertically integrated software stacks, and the vehicle manufacturer "owns" all the IP top to bottom - and all the components they are sourcing are spec'd from day one to accept and accept modifications of firmware…

this is perhaps why Rivian was able to port their entire stack onto a Q6 in 3 months vs. VW's own efforts which would've taken a decade or more…Rivian replaced _ALL_ the software top to bottom in the vehicle - replacing the OEM component software with Rivian own'd software - and then demonstrated an OTA update while the vehicle was being driven…VW doesn't own enough software to pull something like that off - which is why they have invested $5-8 billion in Rivian - they are essentially buying an automotive software stack because they dont' have time to develop one from scratch - and it took Rivian years to get there before they shipped their first vehicle

https://www.autoevolution.com/news/...-do-in-years-of-spending-billions-242729.html

when discussing OTA updates we need to be careful about what layers we're discussing…

replacing the PCM navigation is pretty easy - updating the ABS system to address performance problem may not be possible even if VW/Audi/Porsche wanted to with out replacing the entire physical module

the car being based on Andriod doesn't mean we can update the shock-absorber settings or behavior…but I'm pretty sure we can get new youTube application and Netflix in the future if VW/Audi/Porsche want to

so it's progress - but still a long ways off of what the pure EV guys are doing…

 

[ColdCase]

evidence?

to date Tesla at annual hack-a-thons has been dramatically more secure that competing automotive platforms…

Thats not saying much, is it?

 

[daveo4EV]

Thats not saying much, is it?

actually it says quite a bit - there are no significant known hacks against a Tesla - and they patch the one's that are known via OTA updates in less time than it takes Porsche to generate a press release that they might do OTA updates in 2028…

it actually says quite a bit also given the context that Porsche can no longer even ship their top selling product due to the ease with which it can be hacked - the gasoline Macan is such a rolling-sh*t-show of cyber-security that it can't meet European cybersecurity regulations - and they opted to no longer ship their top selling product vs. "fixing" the software…

https://www.motor1.com/news/706105/porsche-continuing-gas-macan-sales/

As previously reported

, the spokesperson also confirmed that internal-combustion Macan sales will end in Europe as a result of a new cybersecurity law coming into effect in July. Being one of the oldest products in Porsche's portfolio, the automaker would need to develop a new electrical architecture to make the internal-combustion Macan compliant.

throw all the stones you want at Tesla - I'll be right there with you - but there is very little leg to stand on regarding their software or OTA updates…the rest of the auto-industry is literally a joke and Tesla is considered as secure as iOS, newer versions of windows, linux and other world class OS"s in wide spread use…

Porches can't even ship the 2024 gasoline Macan anymore because it's software is soooo bad.

 

[ColdCase]

I'd love any evidence or articles discussing major problems with Tesla's security or fall out from OTA updates…

I guess some don't know what they don't know. I'll just ramble a bit...

There was an amateur group that took over a couple self driving Teslas a few years ago, I'll have to find that article and double check. There were a couple other brands with unexpected performance, the threat of which lead to security gateway bandaids which led to other undesirable side effects.

Just saying that for OTA to be solid one needs to design in for OTA from the ground up. Thats is hard to do with devices purchased from a variety of third parties and update outside of a maintenance facility was not considered. Then there is the real world cost effective reuse regardless consideration. All makes make models of radios have been bricked, way to common.These cars were bricked mostly because the card desighn was not solid enough, e.g. no recovery mechanisms, not so much the software that was trying to be updated.

Android auto is well known to be bloatware, it will not be suitable for OTA and will be susceptible to bricking until all devices involved (firmware, loaders, FPGA's... etc)

Currently, USB sticks are a poor way to distribute all but the most simple software or data base updates if your goal is to avoid bricking. But most of these updates involve firmware and on board and proprietary logic. Having one computer read the data and load another device's firmware is not all that reliable. GPS units have been updated remotely for decades mostly without issue as they were designed ground up for that.

Currently these updates need to be a mothership server to the dealer test set link and then directly to the device being updated via internal data bus. This process has been used for decades in the hodgepodge of computers, OSs, devices manufactures use in their vehicles. without much issue beyond a learning curve.

Tesla started with a clean slate more or less making updates easier, they had to. Others are burdened with stockholders and legacy and OTA is not cost beneficial yet.

Sure any brand can can make OTA updates effective, but it won't be cheap and there are bean counters watching.

 

[daveo4EV]

I guess some don't know what they don't know. I'll just ramble a bit...

There was an amateur group that took over a couple self driving Teslas a few years ago, I'll have to find that article and double check. There were a couple other brands with unexpected performance, the threat of which lead to security gateway bandaids which led to other undesirable side effects.

Just saying that for OTA to be solid one needs to design in for OTA from the ground up. Thats is hard to do with devices purchased from a variety of third parties and update outside of a maintenance facility was not considered. Then there is the real world cost effective reuse regardless consideration. All makes make models of radios have been bricked, way to common.These cars were bricked mostly because the card desighn was not solid enough, e.g. no recovery mechanisms, not so much the software that was trying to be updated.

Android auto is well known to be bloatware, it will not be suitable for OTA and will be susceptible to bricking until all devices involved (firmware, loaders, FPGA's... etc)

Currently, USB sticks are a poor way to distribute all but the most simple software or data base updates if your goal is to avoid bricking. But most of these updates involve firmware and on board and proprietary logic. Having one computer read the data and load another device's firmware is not all that reliable. GPS units have been updated remotely for decades mostly without issue as they were designed ground up for that.

Currently these updates need to be a mothership server to the dealer test set link and then directly to the device being updated via internal data bus. This process has been used for decades in the hodgepodge of computers, OSs, devices manufactures use in their vehicles. without much issue beyond a learning curve.

Tesla started with a clean slate more or less making updates easier, they had to. Others are burdened with stockholders and legacy and OTA is not cost beneficial yet.

Sure any brand can can make OTA updates effective, but it won't be cheap and there are bean counters watching.

i don’t believe the android in macan is android auto - it’s “pure” android - not says that is better or worse - just that this stuff is fluid and complex and hard to nail down - even vw isn’t on the same page across their engineering

google's OS offerings are broad

• ChromeOS
• Android OS
• Android auto (screen sharing like CarPlay)
• Android Automotive (an OS for embedded systems in the automotive space) - volvo/polestar are using this IIRC…welcome corrections.

I'm not sure exactly which OS in the Macan - and what google's plans are - and what vendors are going with which OS for what purpose…

I'm not saying one of these is better/worse/same as any other - but I'm pretty sure no one is referring to these OS's with any precision - and the word "Android" is in at least 3 google products each of which is very different - so one needs to be very very careful and precise if want to be factual with what is going on…

I believe Macan's "consumer" facing displays are based on Android OS (not Android Automotive) and I do not believe Android is running the ECU or embedded systems - so the "front-end" of the Macan is on a modern upto date OS (Android) - but the "back-end" (ECU, battery, EV motors etc…) is still software from more traditional automotive software sources…

I welcome factual correction with attribution…it would be very interesting to see a complete guide to the Macan's software stack and layers…fascinating actually.

 

[LivingTheDream]

the Infotainment is based on Android (the PCM and such) the majority of the vehicle's operational code is still automotive legacy code (the ECU and related subsystems) are running a lot of software that has more in common with the ICE Macan that Porsche/Audi would like…

so while PCM and it's related "consumer" level software is running on top of android it should be easier/faster to update and probably can be done via OTA if Porsche wanted to. Also the core OS itself can be replaced with newer version of Android…

however there is still a large majority of the vehicle that has embedded software, but it's not running on Android - it's the same old code that's always been running and does not represent a major step forward.

One problem for VW/Audi/Porsche is their reliance on their highly optmized/legacy supply chain - the majority of components in the supply chain are also "little computers" with small bits of code to do things (steering controllers, ABS, brakes, HVAC controllers, water pumps, etc…) - these components are plug-play and the software is "invisible" to the car as a whole and just lives on the CAN-BUS…

there are several challenges when it comes to updating these types of components:

• not all of them even support flashing new software
• some can have new software, but it can't be done over the can BUS
• changing the software is a major quality-assurance effort
  • regulations also come in to play - can't change the brake system with out triggering a whole bunch of regional requirements for re-qualification with certification
• there are minor variations in components over time - so Macan "A" may not have the same "air shock" controller as Macan "B" - even if they are the same year model
  • the quality configuration/qualification matrix is a nightmare
• a very very big issue is that if Porsche is sourcing a shock absorber with software from say Bosch - VW/Audi/Porsche do not OWN the IP (intellectual property) rights to that software - they must get Bosch to update the software - VW/Audi/Porsche do not have the legal right to modify all the software that they are shipping in their vehicle's - as they only own the IP rights a fraction of the software that ships in a modern vehicle…
• there are more challenges, but the major's are listed above…

all the cost has been "wrung" out of this supply chain - margins are thin - these components have been "qualified" and change is not part of the "system" - change equals cost - change equals delay - change equal new qualification efforts - and these vendors don't have fleets of software engineers iterating on code that was locked/loaded/unchanged from 6 or more years ago…cracking open the code for shock-absorber is beyond the scope of "normal" planning/ordering/sourcing conversations - and the vendor in question while they may own the software involved may not have the engineering resources on staff to do the work…it's just sooooo complicated…and I'm oversimplifying it - I've spoken at length with multiple VW/Audi/Porsche engineers that _WANT_ to do this sort of thing and understand they _NEED_ to do this sort of thing, but once you leave the walls of a VW engineering building and need to reach "into" a supply chain component and update it's software - you hit a brick-steel-reinforced-65ft-thick-cost-optimization-blast-wall designed to _PREVENT_ change in the system for: cost management, integrity, qualification, metrics and predictability of component yield and delivery windows…

NOTE: if you take a tour during a Euro-delivery opportunity - you'll hear how Porsche's factory has just-in-time components - many many parts on your Macan EV arrived at the factory less than 3 hours before they were installed on your vehicle. The supply chain and trucking deliveries are equally tightly managed. During our tour we had a assembly line shut down - once it had gone on for more than 10 minutes our tour guide informed us if it went for another 10 minutes (20 minutes total) they would start delaying trucking of that days supplies schedule to be delivered later that day - if the line is shutdown for more than 6 hours some assembly lines else where that are "feeding" components into the Leipzig facility will also be shutdown to avoid making components that won't be needed with in the next 12-24 hours…change and software updates are no where to be found in this time of highly optimized logistical supply chain system…in fact it's alien to the process that the component would be changes _after_ it's installed on the vehicle - how would you track that? it's just not in their mind set…

all the vehicles that have comprehensive OTA updates (BYD, Tesla, Lucid, Rivian) have vertically integrated software stacks, and the vehicle manufacturer "owns" all the IP top to bottom - and all the components they are sourcing are spec'd from day one to accept and accept modifications of firmware…

this is perhaps why Rivian was able to port their entire stack onto a Q6 in 3 months vs. VW's own efforts which would've taken a decade or more…Rivian replaced _ALL_ the software top to bottom in the vehicle - replacing the OEM component software with Rivian own'd software - and then demonstrated an OTA update while the vehicle was being driven…VW doesn't own enough software to pull something like that off - which is why they have invested $5-8 billion in Rivian - they are essentially buying an automotive software stack because they dont' have time to develop one from scratch - and it took Rivian years to get there before they shipped their first vehicle

https://www.autoevolution.com/news/...-do-in-years-of-spending-billions-242729.html

when discussing OTA updates we need to be careful about what layers we're discussing…

replacing the PCM navigation is pretty easy - updating the ABS system to address performance problem may not be possible even if VW/Audi/Porsche wanted to with out replacing the entire physical module

the car being based on Andriod doesn't mean we can update the shock-absorber settings or behavior…but I'm pretty sure we can get new youTube application and Netflix in the future if VW/Audi/Porsche want to

so it's progress - but still a long ways off of what the pure EV guys are doing…

Excellent and important distinction (i.e., PCM software stack vs. all software stacks in the vehicle)—thanks for making it as well as you did. Your knowledge and willingness to share it are a gift to the forum.

My hopes around better software tuning over time (including OTA updates) is definitely limited to the PCM. I don't much feel the need for the other software to be updated anyway. The magic, race-bred algorithms that Porsche is using to make steering as tight as a drum and suspension wonderfully compliant, yet highly communicative are why I'm spending $100k on a Macan instead of $50k on a Tesla (not to mention the benefits of having nothing to do with Mr. Musk). Being able to improve and add features to PCM (e.g., CarPlay 2.0 support) is where I'm hoping we'll see Porsche step up. If they do that well, I'm good. Fingers crossed.

 

[LivingTheDream]

i don’t believe the android in macan is android auto - it’s “pure” android - not says that is better or worse - just that this stuff is fluid and complex and hard to nail down - even vw isn’t on the same page across their engineering

google's OS offerings are broad

• ChromeOS
• Android OS
• Android auto (screen sharing like CarPlay)
• Android Automotive (an OS for embedded systems in the automotive space) - volvo/polestar are using this IIRC…welcome corrections.

I'm not sure exactly which OS in the Macan - and what google's plans are - and what vendors are going with which OS for what purpose…

I'm not saying one of these is better/worse/same as any other - but I'm pretty sure no one is referring to these OS's with any precision - and the word "Android" is in at least 3 google products each of which is very different - so one needs to be very very careful and precise if want to be factual with what is going on…

I believe Macan's "consumer" facing displays are based on Android OS (not Android Automotive) and I do not believe Android is running the ECU or embedded systems - so the "front-end" of the Macan is on a modern upto date OS (Android) - but the "back-end" (ECU, battery, EV motors etc…) is still software from more traditional automotive software sources…

I welcome factual correction with attribution…it would be very interesting to see a complete guide to the Macan's software stack and layers…fascinating actually.

My understanding is that the new PCM in the Macan is based on Android Automotive—that's what I was referring to in my post above. I've seen that reference made in several other articles. I don't think Android Automotive requires a vendor to adopt it as the sole stack for the entire vehicle, much as adopting CarPlay 2.0 does not. Sitting on top of that are both CarPlay and Android auto.

That said, I welcome someone to make these statements more definitively than either of us are currently doing. I'm with you—fascinating stuff.

 

[Awaz]

Talking about cars software, isn't it true some Chinese carmakers have become really good at it, quite quickly when they came on board much later?
No personal experience, but going by some reviews that seems to be the case.
VW has a stake in XPeng, and XPeng is one company that seems to have a good software and a solid FSD.
Let's hope this partnership brings some benefit; it won't be in these Macans but in future models, who knows

Sponsored