Functional Verification Testing
We verify that your implemented security actually meets regulations and OEM quality standards
This is not just a simple pass/fail check. Based on UNECE R155/R156, ISO/SAE 21434, EU CRA security requirements and OEM delivery quality standards — we verify in real embedded environments whether implemented security works as designed.
What is Functional Verification Testing?
Developing security functions is not the end. 'Does it work?' and 'Does it meet regulations?' are different questions. Even if Secure Boot turns on, you need to separately verify whether it satisfies the integrity protection level required by UNECE R155 and completes within the boot time set by the OEM.
Especially for Tier 1/2 suppliers delivering to OEMs, you must pass the OEM's security test cases to receive production approval. If you don't pass these criteria, delivery itself is impossible.
MobilWithUs's functional verification testing verifies against both regulatory requirements and OEM quality standards, based on years of production project experience. Verification results are provided with evidence materials that can be immediately used for regulatory audits and OEM delivery approvals.
Who Needs This
Teams that have developed security functions but need to confirm actual regulatory compliance
Functional conformity verification against regulatory requirements (R155/R156/ISO 21434) + result reports
Suppliers facing OEM delivery approval who need to pass security test cases
OEM specification-based test case application + evidence materials for delivery approval submission
Development teams wanting to proactively detect security vulnerabilities in source code
Static Analysis + CVE/OSS vulnerability scanning
Security managers who need documentation for regulatory audit preparation
Verification plan, test result reports, and evidence package provided
Functional Verification Testing | Dual Verification: Regulatory Requirements + OEM Quality Standards
Functional Conformance Testing
Functional Testing
Verify functional behavior against regulatory & OEM specs
Static Analysis
Static Analysis
Source code vulnerability & MISRA C violation detection
Vulnerability Scanning
Vulnerability Scanning
CVE·OSS·SBOM-based supply chain vulnerability analysis
Dual-standard verification: Regulatory + OEM Quality
Verification Plan
Target items, criteria & environment definition
Test Report + Evidence
Pass/Fail · Evidence for audit & delivery
Improvement Recommendations
Root cause analysis + re-verification via MobilEngineering
Two Verification Criteria
It's not enough for security functions to just work. You need to meet global security regulatory requirements and pass OEM delivery approval criteria to complete a production project.
| Category | Nature | Examples |
|---|---|---|
| Security Regulatory Requirements | Prerequisite for market entry. Must demonstrate compliance throughout the development lifecycle per ISO/SAE 21434 | UNECE R155/R156, ISO/SAE 21434, EU CRA, IEC 62443, KCMVP |
| OEM Quality Standards | Direct gateway to production delivery approval. Each OEM defines specific test cases and pass criteria | OEM Lastenheft, Security Test Cases, Quality Gates |
Verification Types
MobilWithUs provides the following verification types based on embedded security software development and production project experience. You can select or combine appropriate types according to your development stage.
| Verification Type | Description | Timing |
|---|---|---|
| Functional Conformity Verification (Functional Testing) | Confirming that security functions are implemented as defined in regulatory requirements and OEM specifications. Verifying operational conformity of Secure Boot, Secure Flash, UDS, SecOC, etc. | After development / Before production |
| Static Analysis (Static Analysis) | Analysis of security vulnerabilities, coding errors, and MISRA C rule violations at source code or binary level. Early defect detection before runtime | Early to mid development |
| Vulnerability Scanning (Vulnerability Scanning) | Analysis of known CVE vulnerabilities, open-source component (OSS) security issues, and SBOM-based supply chain vulnerabilities | During to after development |
Verification Items
| No. | Verification Item | Regulation / OEM Standard | Key Verification Details |
|---|---|---|---|
| 1 | HSM/HSE-linked Crypto Algorithms | KCMVP · ISO 21434 · CRA + OEM Crypto Spec | KCMVP-verified algorithm implementation conformity, OEM-specified algorithm/key length/performance criteria compliance, key management level verification |
| 2 | Secure Boot and Security Functions | UNECE R155 · ISO 21434 + OEM Boot Spec | Boot integrity verification system conformity, signature verification completion within OEM-specified boot time, Tamper Detection and Proactive Data Protection operation confirmation |
| 3 | Secure Flashing | UNECE R156 · ISO 24089 + OEM Update Spec | OEM update specification compliance, unauthorized firmware blocking, rollback prevention, FBL integration operation and OEM-specified signature format compatibility |
| 4 | UDS Diagnostic Protocol | UNECE R155 · ISO 14229 + OEM Diagnostic Spec | OEM Seed/Key algorithm compliance, session-based access control, OEM test tool-based access control operation, DTC transmission conformity |
| 5 | SecOC Access Control | UNECE R155 · ISO 21434 + OEM AUTOSAR Config | OEM AUTOSAR configuration-based SecOC parameter conformity, MAC verification and Freshness Value processing, CAN/CAN-FD and Ethernet environment operation |
| 6 | Other Customer-Requested Functions | Customer Spec / OEM Requirements | PQC algorithm operation, OEM-specific security functions, special environment security requirements, and custom verification |
Deliverables
All verification deliverables are provided in a format that can be used for regulatory audits and OEM delivery approval submissions.
| Deliverable | Details |
|---|---|
| Verification Plan | Definition of verification target items, applicable regulation/OEM standard criteria, test environment and methodology |
| Test Result Report | Pass/Fail results per item, regulatory and OEM quality standard compliance status, non-compliance analysis and improvement recommendations |
| Evidence Package | Evidence package including test execution logs, measurements, screenshots, etc. Can be used for regulatory audit and OEM delivery approval submissions |
| Improvement Recommendations | Root cause analysis of non-compliance items and specific improvement directions. Can be re-verified after corrections in coordination with MobilEngineering |
Service Format
| Category | Details |
|---|---|
| Target Environment | MobilSherpa+-equipped ECU, HSM/HSE-linked embedded systems, MobilCrypto+-applied environments |
| Test Method | Real-environment testing based on customer development boards or reference boards. OEM specification-based test case application |
| Application Stage | Applicable by stage from early development (static analysis/vulnerability scanning) to pre-production (functional conformity verification) |
