You may have heard about Chrysler’s Secure Gateway Module (SGW) but in case you haven’t, it is going to change some things as far as aftermarket diagnostics is concerned. I put together a comprehensive write up on the SGW to help technicians understand how it works, why it is necessary, and how to prepare for service on SGW equipped vehicles. It contains some opinion in addition to information from Chrysler factory training as well as service info pulled from TechAuthority.
What is the SGW?
|Want more? Enjoy a free subscription to Motor Age magazine to get the latest news in service repair. Click here to start your subscription today.|
Let’s start by talking about what the Security Gateway Module is and its purpose. The SGW was implemented in some models in the 2018 model year and all models 2019 going forward. The SGW in short is a module whose function is to keep the communication networks secure. The SGW protects the vehicle networks from being exploited by creating a firewall between two portions of the network with the most vulnerability. These are the telematics/radio unit and the DLC.
So how does the SGW work? It separates the vehicle network into private and public sectors. The public sector includes the telematics unit and the DLC. Everything else on the network is considered private. Access to the private sector of the network is limited without authentication. As of now, authentication is limited to Chrysler licensed devices. I'll get into this in a moment.
|(Image courtesy of FCA) The SWG is not a gateway in the sense that you are used to. It's more like a fence, blocking most of the modules from public access.|
As for the physical structure of the network, the DLC connects directly to the SGW via a Diagnostic CAN C and a Diagnostic CAN IHS bus. The term diagnostic is used to describe the bus from the SGW to the DLC only. The SGW is also connected to the CAN C and CAN IHS busses on the private side of the network but is often not directly connected to the LIN bus. It is connected directly to the radio via a CAN IHS and sometimes an additional CAN C bus. These are also on the public side of the network. This is important to a diagnostician because although they are not identified as separate networks on the wiring diagram, the signals on the public networks may not mirror the private side of the network. The SGW wiring diagram may make it look like the SGW functions as a central gateway but it is important to note that it is not used to communicate signals among modules on the private side of the network. It serves as a frame gateway and does not provide signal gateway functionality. The SGW does not contain any drivers and does not directly operate or control any vehicle components but rather allows only authenticated messages on to the private networks.
What is authentication?
The SGW authentication process takes place in the Chrysler servers. As of now, there are two tools that will allow authentication through wiTECH 2.0. The Micropod II and a J2534 device. I asked Joey Hendrich at AE Tools to help explain the advantages/disadvantages of these two options.
When using a J2534 device, the wiTECH subscription is registered to the software, essentially locking it to the computer. With the Micropod II, the wiTECH subscription is locked to the tool allowing it to be used on any computer, tablet, or even cellphone as long as a connection to the internet is available.
When working with the Micropod II, the vehicle communicates through the Micropod II directly with the Chrysler servers via WiFi. The browser of said laptop/tablet/cellphone logs into wiTECH to access vehicle communication. Given the path the data is traveling, you would think wiTECH would operate slowly and data would not refresh as quick but it is surprisingly as fast if not faster than most other tools on the market.
The operation through a J2534 device is a little different. A J2534 device works with drivers and downloaded software which is ported to the wiTECH cloud instead of using an internet browser.