Post-Update Validation

After a software update is delivered and installed, UNECE R156 expects manufacturers to perform post-update validation to confirm correct installation, functional integrity, safety compatibility, and absence of unintended regressions. Outcomes must be recorded and traceable per VIN and per software item.

Objectives

• Confirm update installed successfully and passes integrity/eligibility checks.
• Verify functional & safety behavior for affected features/ECUs.
• Detect regressions or side effects; trigger rollback or corrective action if needed.
• Capture telemetry & evidence linked to the campaign dossier.

Validation Levels (what to check)

• Installation checks: package signature, versions, anti-rollback counters, dependency status.
• ECU health: boot state, diagnostics/DTCs, performance budget, watchdog resets.
• Functional smoke tests: key feature paths affected by the update; happy-path + boundary cases.
• Safety coordination: interface with ISO 26262 activities where behavior or ASIL items are touched.
• System interactions: inter-ECU comms, timing, network load, and energy/power conditions.
• Security posture: re-verify critical controls relevant to the fix (R155 linkage).

Acceptance Criteria

Define clear, measurable criteria before rollout:

• Installation success rate ≥ target; zero unsigned/invalid installs.
• No new safety-relevant DTCs; performance within defined thresholds.
• Functional test pass rate ≥ target; no P0/P1 regressions.
• Telemetry KPIs within bounds (retry/abort rates, install duration, error codes).

Telemetry & Evidence

• Per-VIN record: timestamp, package IDs/hashes, signature verification result, final version.
• Outcome metrics: success/fail/partial, retry count, error codes, rollback flag.
• Health snapshot: DTC summary, key ECU health counters, post-install self-tests.
• Cohort dashboards: canary vs. expanded cohorts with dated screenshots/exports.

Rollback & Containment Decisions

• Use pre-defined pause/rollback thresholds (from campaign plan).
• Support transactional rollback (A/B slots or equivalent) with signed rollback packages.
• Document the trigger, scope, timestamps, and communications when rollback occurs.

Defect & Incident Handling

• Route failures to PSIRT for triage when security-relevant (R155 linkage).
• Create corrective follow-up packages with accelerated approvals if required.
• Feed lessons learned into SUMS, CSMS, and TARA updates.

Dealer & Service Validation

• Provide a checklist for service-tool paths (offline/USB/workshop updates).
• Require post-install scans and attach summary logs to the VIN record.
• Harden tools (authN/Z, logging); ensure versions match campaign prerequisites.

Special Cases

• Partial installs: define recovery path, retry policy, and max attempts.
• Dependencies: validate inter-ECU order and preconditions were respected.
• Market variants: confirm localization/legal features behave as intended.

Automation & Environments

• Automate smoke/acceptance suites on HIL/SIL rigs representative of target variants.
• Use golden baselines and capture toolchain versions for reproducibility.
• Archive artifacts (test scripts, results, logs) with stable IDs linked to the campaign.

Typical Outputs / Evidence

• Post-update validation plan & acceptance criteria (per campaign).
• Per-VIN validation records, DTC summaries, and health snapshots.
• Cohort dashboards and KPI exports (dated, versioned).
• Rollback/abort records with rationale and communications.
• Defect/incident tickets, root-cause analyses, and follow-up packages.
• Lessons-learned and CAPA items; updated procedures or training as needed.