Architecture Cockpit

Executive Takeaway

The architecture cockpit presents a working system/security allocation for the Electric Clutch Actuator ECU. It is strong enough for proposal review and planning, but not final baseline approval because customer decisions remain open for diagnostics, update, PKI, secure communication, TARA, and responsibility ownership.

Confirmed items are tied to Markdown-derived requirements.
Inferred allocations remain explicitly marked by confidence and open-decision fields.
Customer confirmation is required before shared security responsibilities become committed scope.

1. System Snapshot

System NameElectric Clutch Actuator (ECA) Control ECU - TRATON GW AMT Gearbox PlatformWorking

Vehicle ContextTRATON GW Automated Manual Transmission (AMT) Gearbox PlatformConfirmed

System TypeSafety-related drivetrain actuator ECU with integrated power-electronics actuation, carrying an automotive cybersecurity engineering scope (ISO/SAE 21434-style concept and TARA input).Inferred

Requirement Count1076Confirmed

Feature Count18Confirmed

Interface Count10Confirmed

Security Capability Count13Confirmed

P1 Decision Count10Open

Traceability GateWARN - Customer Clarification NeededWARN

Customer ReadinessReady for customer clarification workshopWorkshop

OCR StatusfalseConfirmed

PDF Downstream AnalysisfalseConfirmed

2. Product Identity

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Item	Value	Confidence	Evidence
Working system name	Electric Clutch Actuator (ECA) Control ECU - TRATON GW AMT Gearbox Platform	Medium	system_identity.md
Vehicle platform context	TRATON GW Automated Manual Transmission (AMT) Gearbox Platform	High	3299216_1.md page 3-4
Main controlled function	CAN/PWM-commanded clutch engagement and disengagement	High	system_identity.md
ECU involvement	ECA ECU application, boot/update and security services	High	architecture_overview.md
Cybersecurity scope	Diagnostics, update, key/certificate, secure communication and evidence lifecycle	Medium	security_concept_overview.md

3. One-Screen Architecture

Architecture Cockpit Overview

flowchart LR subgraph Vehicle["Vehicle / drivetrain domain"] Drivetrain["GW AMT drivetrain"] Network["Vehicle network (CAN / PWM)"] end subgraph ECA["ECA ECU domain"] App["Clutch actuation application"] Sec["Security services"] Boot["Bootloader / update logic"] end subgraph Diagnostic["Diagnostic / service domain"] Tester["Diagnostic tester"] end subgraph OEM["OEM backend / security operations domain"] Backend["Update and evidence backend"] PKI["Key and certificate provisioning"] SecOps["Security operations"] end subgraph Supplier["Supplier engineering domain"] Engineering["Supplier ALM / CI / evidence"] end Drivetrain --> Network Network <-->|commands, status, freshness| App Tester -->|authenticated UDS| Sec Backend -->|signed software / IVD| Boot PKI -->|trust material| Sec Boot --> App Sec --> App App -->|events| SecOps Engineering -->|software and evidence| Backend

Mermaid source

flowchart LR
  subgraph Vehicle["Vehicle / drivetrain domain"]
    Drivetrain["GW AMT drivetrain"]
    Network["Vehicle network (CAN / PWM)"]
  end
  subgraph ECA["ECA ECU domain"]
    App["Clutch actuation application"]
    Sec["Security services"]
    Boot["Bootloader / update logic"]
  end
  subgraph Diagnostic["Diagnostic / service domain"]
    Tester["Diagnostic tester"]
  end
  subgraph OEM["OEM backend / security operations domain"]
    Backend["Update and evidence backend"]
    PKI["Key and certificate provisioning"]
    SecOps["Security operations"]
  end
  subgraph Supplier["Supplier engineering domain"]
    Engineering["Supplier ALM / CI / evidence"]
  end
  Drivetrain --> Network
  Network <-->|commands, status, freshness| App
  Tester -->|authenticated UDS| Sec
  Backend -->|signed software / IVD| Boot
  PKI -->|trust material| Sec
  Boot --> App
  Sec --> App
  App -->|events| SecOps
  Engineering -->|software and evidence| Backend

Vehicle Domain

GW AMT drivetrain, CAN/PWM command path, actuator status and faults.

ECA ECU Domain

Application software, boot/update logic, diagnostics and security services.

Diagnostic Domain

UDS tester, authenticated service sessions, programming and audit path.

OEM Backend Domain

Update, PKI, security operations, approval and residual-risk workflow.

Supplier Engineering Domain

ALM, CI/test, software release, traceability and evidence package.

4. Main System Capabilities

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Capability	Purpose	Main Interfaces	Security Relevance	Status
Clutch Actuation Control	Core actuator control	Vehicle Network Interface (CAN)	Safety-relevant command/status handling	Confirmed
Vehicle Integration and CAN Communication	Vehicle command/status exchange	Vehicle Network Interface (CAN), PWM wake-up	Message authenticity/freshness allocation	Confirmed
Secure Diagnostics and Role-Based Access	Controlled service and engineering access	Diagnostic Tester Interface	Privileged access control	Inferred
Secure Software Update and Flash	Maintain trusted ECU software	Update / Flash Interface, Diagnostic Tester Interface	Software authenticity and integrity	Inferred
Key and Certificate Handling	Trust-material lifecycle	PKI / Provisioning Interface	Root of trust for diagnostics, update and secure communication	Inferred
Secure Data Transfer / Communication Boundary	Protected security-relevant data exchange	Vehicle Network Interface, Secure Data Transfer Interface	Authenticity, integrity and freshness	Inferred
Security Logging and Event Handling	Security evidence and response input	Logging / Event Reporting Interface	Auditability and incident support	Inferred
Cybersecurity Lifecycle and Evidence	Approval-ready security case	Supplier Evidence, OEM Approval Interface	Traceable residual-risk argument	Confirmed

5. Interfaces and Trust Boundaries

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Interface	Connected Parties	Data / Control Flow	Trust Boundary	Protection Needed	Status
Vehicle Network Interface (CAN)	Transmission control / vehicle ECUs -> ECA application software	CAN demand, PWM wake-up, actuator status and DTCs	Vehicle network to ECU	Signal validation, freshness, authenticity where allocated	Requires Confirmation
Diagnostic Tester Interface	Service / engineering tester -> ECA diagnostic server	UDS requests, Auth 0x29, sessions and programming	External service tool to ECU	Authentication, authorization, lockout, rate limiting and audit	Requires Confirmation
Software Update / Flash Interface	Programming tool or update backend -> Bootloader / update logic	Signed packages, IVD data and programming results	Offboard update source to ECU	Signature validation, integrity checks, rollback control and logging	Requires Confirmation
Key and Certificate Provisioning Interface	PKI / provisioning authority -> ECA security services	Keys, certificates and trust anchors	Trust authority to ECU	Protected storage, certificate validation and lifecycle control	Requires Confirmation
Secure Data Transfer Interface	Vehicle network peers -> ECA security/application services	SecOC/SDT protected messages, counters and MACs	ECU-to-ECU data boundary	Freshness, replay protection, MAC verification and discard rules	Requires Confirmation
Security Logging / Event Reporting Interface	ECA ECU -> Backend / security operations	Security events, diagnostic attempts and update results	ECU to offboard operations	Event integrity, retention, access control and privacy treatment	Requires Confirmation
Supplier Development / Evidence Interface	Supplier ALM / CI / test environment -> Evidence repository and release process	Requirements, tests, builds, traceability and release artifacts	Engineering environment to evidence baseline	Access control, artifact integrity and audit trail	Requires Confirmation
OEM Approval / Evidence Interface	Supplier security engineering -> TRATON / OEM review board	Cybersecurity concept, V&V evidence, risks and decisions	Supplier to OEM governance boundary	Controlled evidence handoff and decision logging	Requires Confirmation

6. Security Capability Map

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Security Capability	Protects	Applied To	Evidence Strength	Open Decision
Secure Diagnostics and RBAC	Diagnostic access state and privileged services	Diagnostic Tester Interface / Diagnostic Server	Strong	Confirm final role model and service list
Secure Software Update	ECU software and firmware authenticity	Bootloader / Update Logic	Strong	Confirm signing chain, rollback and campaign ownership
Data Authenticity and Integrity Verification	Security-relevant vehicle data	Vehicle Network / Secure Data Transfer Interface	Moderate	Confirm protected signal allocation
Key and Certificate Handling	Keys, certificates and trust anchors	Security Services / Hardware Platform / PKI	Strong	Confirm HSM capability and PKI ownership
Communication Boundary Control	Vehicle and offboard interface boundaries	External Interfaces / Security Services	Moderate	Confirm exact boundaries and failure policy
Security Logging	Security event evidence	Logging / Event Reporting Interface	Moderate	Confirm event set and reporting channel
Vulnerability and Incident Handling	Field security posture	Security Operations / Compliance Process	Strong	Confirm reporting channels and responsibilities
Cybersecurity Evidence and DIA	Approval and residual-risk case	Engineering Toolchain / OEM Approval Interface	Strong	Confirm DIA split and authority

7. Requirement Evidence Coverage

Total Requirements1076Markdown-derived baseline

Security Requirements109Cybersecurity category

Architecture Drivers1109Architecture mapping rows

Interface-Related Requirements47Interface category

Assumptions1Tracked, not confirmed

Clarifications64Customer decision queue

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Coverage Item	Count	Interpretation
Total Requirements	1076	Markdown-derived baseline
Security Requirements	109	Cybersecurity category
Architecture Drivers	1109	Architecture mapping rows
Interface-Related Requirements	47	Interface category
Assumptions	1	Tracked, not confirmed
Clarifications	64	Customer decision queue

7.1 Supplier System Requirement Coverage

Customer Requirements1076total

Active Requirements966in baseline

Derived Supplier System Requirements74many-to-many

Customer Requirements Mapped to SSRs947derivable mapped

Unmapped Active Requirements0derivable gap

Blocked by Clarification6open

Derivation Coverage %100.0%of derivable

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Coverage Item	Count	Interpretation
Customer Requirements	1076	total
Active Requirements	966	in baseline
Derived Supplier System Requirements	74	many-to-many
Customer Requirements Mapped to SSRs	947	derivable mapped
Unmapped Active Requirements	0	derivable gap
Blocked by Clarification	6	open
Derivation Coverage %	100.0%	of derivable

8. Open Decisions

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

Decision	Priority	Question	Area	Owner
CQ-BOUNDARY-01	P1	Confirm the customer decision needed to baseline this requirement item: Note: The vehicle manufacturer and...	System boundary / item definition	Joint
CQ-BOUNDARY-04	P1	Confirm the customer decision needed to baseline this requirement item: Message contents to be agreed with...	System boundary / item definition	Joint
CQ-BOUNDARY-06	P1	Confirm the customer decision needed to baseline this requirement item: Internally stored parameters may be...	System boundary / item definition	Joint
CQ-BOUNDARY-16	P1	Confirm whether this software-update/bootloader item is binding for the ECA ECU baseline or informative gui...	System boundary / item definition	Joint
CQ-BOUNDARY-19	P1	Confirm whether this software-update/bootloader item is binding for the ECA ECU baseline or informative gui...	System boundary / item definition	Joint
CQ-BOUNDARY-23	P1	Confirm whether this software-update/bootloader item is binding for the ECA ECU baseline or informative gui...	System boundary / item definition	Joint
CQ-BOUNDARY-24	P1	Confirm the customer decision needed to baseline this requirement item: 4 Terms, definitions and abbreviati...	System boundary / item definition	Joint
CQ-BOUNDARY-28	P1	Confirm whether this software-update/bootloader item is binding for the ECA ECU baseline or informative gui...	System boundary / item definition	Joint
CQ-BOUNDARY-31	P1	Confirm the customer decision needed to baseline this requirement item: Internal Page 52 (90) Byte Descript...	System boundary / item definition	Joint
CQ-BOUNDARY-38	P1	Confirm the customer decision needed to baseline this requirement item: 3.2 DSC ASN.1 definition DSC_BASE_R...	System boundary / item definition	Joint

9. Review Navigation

Review Board Summary System Overview Architecture Security Architecture Traceability Dashboard Customer Workshop

Architecture cockpit evidence markdown

1. System Snapshot

Metric	Value	Status
System Name	Electric Clutch Actuator (ECA) Control ECU - TRATON GW AMT Gearbox Platform	Working interpretation
Vehicle Context	TRATON GW Automated Manual Transmission (AMT) Gearbox Platform	Confirmed function context
System Type	Safety-related drivetrain actuator ECU with integrated power-electronics actuation, carrying an automotive cybersecurity engineering scope (ISO/SAE 21434-style concept and TARA input).	Inferred security scope
Requirement Count	1076	Markdown-derived
Feature Count	18	Generated from requirement clusters
Interface Count	10	Generated from interface model
Security Capability Count	13	Generated from security model
P1 Decision Count	10	Open customer decisions
Traceability Gate	WARN - Customer Clarification Needed	Do not force PASS while decisions are open
Customer Readiness	Ready for customer clarification workshop	Workshop-ready
OCR Status	false	Must remain false
PDF Downstream Analysis	false	Markdown-derived only

2. Product Identity

Item	Value	Confidence	Evidence
Working system name	Electric Clutch Actuator (ECA) Control ECU - TRATON GW AMT Gearbox Platform	Medium	system_identity.md; function wording in cleaned Markdown
Vehicle platform context	TRATON GW Automated Manual Transmission (AMT) Gearbox Platform	High	3299216_1.md page 3-4 and system_identity.md
Main controlled function	CAN/PWM-commanded clutch engagement and disengagement	High	REQ_SEC_0036; REQ-AUTO-00064; REQ-AUTO-00065; REQ-AUTO-00066; REQ-AUTO-00068; REQ-AUTO-00071; REQ-AUTO-00078; REQ-AUTO-00079 (showing 8 of 108)
ECU involvement	ECA has its own embedded ECU/control scope	High	REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011 (showing 8 of 209)
Cybersecurity scope	Diagnostics, update/flash, key/certificate, secure communication, evidence and residual-risk workflow	Medium	REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011 (showing 8 of 109)

3. One-Screen Architecture

Diagram source: architecture/architecture_cockpit_overview.mmd.

Conclusion: the review baseline is an ECA ECU security architecture with vehicle, diagnostic, OEM/backend and supplier engineering boundaries kept explicit.

4. Main System Capabilities

Capability	Purpose	Main Interfaces	Security Relevance	Status
Clutch Actuation Control	Core actuator control	Vehicle Network Interface (CAN)	Safety-relevant command/status handling	Confirmed
Vehicle Integration and CAN Communication	Vehicle command/status exchange	Vehicle Network Interface (CAN), PWM wake-up	Message authenticity/freshness allocation	Confirmed
Secure Diagnostics and Role-Based Access	Controlled service and engineering access	Diagnostic Tester Interface	Privileged access control	Inferred
Secure Software Update and Flash	Maintain trusted ECU software	Update / Flash Interface, Diagnostic Tester Interface	Software authenticity and integrity	Inferred
Key and Certificate Handling	Trust-material lifecycle	PKI / Provisioning Interface	Root of trust for diagnostics, update and secure communication	Inferred
Secure Data Transfer / Communication Boundary	Protected security-relevant data exchange	Vehicle Network Interface, Secure Data Transfer Interface	Authenticity, integrity and freshness	Inferred
Security Logging and Event Handling	Security evidence and response input	Logging / Event Reporting Interface	Auditability and incident support	Inferred
Cybersecurity Lifecycle and Evidence	Approval-ready security case	Supplier Evidence, OEM Approval Interface	Traceable residual-risk argument	Confirmed

5. Interfaces and Trust Boundaries

Interface	Connected Parties	Data / Control Flow	Trust Boundary	Protection Needed	Status
Vehicle Network Interface (CAN)	Transmission control / vehicle ECUs -> ECA application software	CAN demand, PWM wake-up, actuator status and DTCs	Vehicle network to ECU	Signal validation, freshness, authenticity where allocated	Requires Confirmation
Diagnostic Tester Interface	Service / engineering tester -> ECA diagnostic server	UDS requests, Auth 0x29, sessions and programming	External service tool to ECU	Authentication, authorization, lockout, rate limiting and audit	Requires Confirmation
Software Update / Flash Interface	Programming tool or update backend -> Bootloader / update logic	Signed packages, IVD data and programming results	Offboard update source to ECU	Signature validation, integrity checks, rollback control and logging	Requires Confirmation
Key and Certificate Provisioning Interface	PKI / provisioning authority -> ECA security services	Keys, certificates and trust anchors	Trust authority to ECU	Protected storage, certificate validation and lifecycle control	Requires Confirmation
Secure Data Transfer Interface	Vehicle network peers -> ECA security/application services	SecOC/SDT protected messages, counters and MACs	ECU-to-ECU data boundary	Freshness, replay protection, MAC verification and discard rules	Requires Confirmation
Security Logging / Event Reporting Interface	ECA ECU -> Backend / security operations	Security events, diagnostic attempts and update results	ECU to offboard operations	Event integrity, retention, access control and privacy treatment	Requires Confirmation
Supplier Development / Evidence Interface	Supplier ALM / CI / test environment -> Evidence repository and release process	Requirements, tests, builds, traceability and release artifacts	Engineering environment to evidence baseline	Access control, artifact integrity and audit trail	Requires Confirmation
OEM Approval / Evidence Interface	Supplier security engineering -> TRATON / OEM review board	Cybersecurity concept, V&V evidence, risks and decisions	Supplier to OEM governance boundary	Controlled evidence handoff and decision logging	Requires Confirmation

6. Security Capability Map

Security Capability	Protects	Applied To	Evidence Strength	Open Decision
Secure Diagnostics and RBAC	Diagnostic access state and privileged services	Diagnostic Tester Interface / Diagnostic Server	Strong	Confirm final role model and service list
Secure Software Update	ECU software and firmware authenticity	Bootloader / Update Logic	Strong	Confirm signing chain, rollback and campaign ownership
Data Authenticity and Integrity Verification	Security-relevant vehicle data	Vehicle Network / Secure Data Transfer Interface	Moderate	Confirm protected signal allocation
Key and Certificate Handling	Keys, certificates and trust anchors	Security Services / Hardware Platform / PKI	Strong	Confirm HSM capability and PKI ownership
Communication Boundary Control	Vehicle and offboard interface boundaries	External Interfaces / Security Services	Moderate	Confirm exact boundaries and failure policy
Security Logging	Security event evidence	Logging / Event Reporting Interface	Moderate	Confirm event set and reporting channel
Vulnerability and Incident Handling	Field security posture	Security Operations / Compliance Process	Strong	Confirm reporting channels and responsibilities
Cybersecurity Evidence and DIA	Approval and residual-risk case	Engineering Toolchain / OEM Approval Interface	Strong	Confirm DIA split and authority

7. Requirement Evidence Coverage

Coverage Item	Count	Interpretation
Total Requirements	1076	Markdown-derived extracted baseline
Security Requirements	109	Security-relevant requirement class
Architecture Drivers	1109	Mapped architecture rows
Interface-Related Requirements	47	Interface category
Assumptions	25	Tracked, not treated as confirmed
Clarifications	64	Customer-decision queue

8. Open Decisions

Decision	Priority	Area	Impact	Owner
CQ-BOUNDARY-01	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-04	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-06	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-16	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-19	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-23	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-24	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-28	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-31	P1	System boundary / item definition	Blocks architecture baseline	Joint
CQ-BOUNDARY-38	P1	System boundary / item definition	Blocks architecture baseline	Joint

View	Use
Architecture Cockpit	Board-level architecture/security summary
System Overview	Concise product and security definition
High-Level Architecture	Component and flow diagrams
Security Architecture Map	Security controls, assets and attack surfaces
Traceability Dashboard	Coverage and gap summary
Review Board Summary	Management review one-screen summary