FCA Secure Gateway Module
Chrysler’s Secure Gateway Module came out this year. You may have heard about it but for those who don’t know it will change some things as far as aftermarket diagnostics is concerned. The following is a comprehensive write up on the SGW. It contains some opinion in addition to information from Chrysler factory training as well as service info pulled from my friend Shane Steele’s 2018 Ram 1500. It is important to note that I am making assumptions that, because of how new these systems are, most of the information I am going to share will apply to all current Chrysler models.
Let’s start by talking about what the Security Gateway Module (SGW) is and what its purpose is. The SGW was implemented in some models in the 2018 model year and all models 2019 going forward. The SGW in short is a module whose function is simply to keep the communication networks secure. The SGW protects the vehicle networks from being exploited by creating a firewall between two portions of the network with the most vulnerability. These are the telematics/radio units and the DLC.
So how does the SGW work? It separates the vehicle network into private and public sectors. The public sector includes the telematics unit and the DLC. Everything else on the network is considered private. Access to the private sector of the network is limited without authentication. As of now, authentication is limited to Chrysler licensed devices. We will get into this later.
As for the physical structure of the network, the DLC on the 2018 Ram connects directly to the SGW via a Diagnostic CAN C and a Diagnostic CAN IHS bus. The term diagnostic is used to describe the bus from the SGW to the DLC only. The SGW is also connected to the CAN C and CAN IHS busses but in the case of the 2018 Ram, is not directly connected to the LIN bus. It is connected directly to the radio via both a CAN C and IHS bus. Although the SGW wiring diagram may make it look like the SGW functions a central gateway it is important to note that it is not used to communicate signals amongst modules on the private side of the network. It serves as a frame gateway and does not provide signal gateway functionality. The SGW does not contain any drivers and does not directly operate or control any vehicle components but rather allows only authenticated messages on to the private networks.
The SGW authentication process takes place in the Chrysler servers. As of now there are two tools that will allow authentication through wiTECH 2.0. The Micropod II and a J2534 device. I got some help from Joey at AE Tools to help explain the advantages/disadvantages of these two options: When using a J2534 device the wiTECH subscription is registered to the software, essentially locking it to the computer. With the Micropod II the wiTECH subscription is locked to the tool allowing it to be used on any computer, tablet, or even cellphone as long as a connection to the internet is available. When working with the Micropod II, the vehicle communicates through the Micropod II directly with the Chrysler servers via WiFi. The browser of said laptop/tablet/cellphone logs into wiTECH to access vehicle communication. The J2534 device will work with the drivers and the downloaded software and port them to the wiTECH cloud instead of using an internet browser. Because of this an internet connection must be available at all times including during test drives. Many dealerships are equpiied with WiFi hotspots for this purpose however, most smartphones now have WiFi hotspot capabilities. Using a Micropod II, the WiFi must be registered on the pod as well as the laptop whereas when using J2534 device which communicates via USB, the WiFi must be registered to the computer only. This can make the pod less desirable for use when test driving. It is important to note that the J2534 wiTECH software only offers coverage from MY 2010 forward. The Micropod II coverage goes back to 2004 on CAN vehicles and covers all models 2009 forward. Chrysler is also using MEGA CAN which is only supported by J2534-3 devices. While a J2534-2 device will work with wiTECH it may have limited functionality on some of the MEGA CAN vehicles. MEGA CAN is used on everything 2018 up but can also be found in the Renegade and Fiat 500 going back to 2015 as well as the Compass, Alfa Romeo Giulia, and Fiat Spyder in 2017.
Unauthorized devices will be allowed read-only or, what Chrysler calls, passive access to the private network. Passive means the ability to read codes, and data but does not include the ability to clear DTCs perform, actuator tests, special functions, ECU configuration, flashing, or module resets. At least on the private side of the network.
As a mobile tech I have already had a few calls for code clearing and I foresee that demand growing until the aftermarket comes up with a solution. I spent some time last weekend working with Shane Steele’s 2018 Dodge Ram which is equipped with a SGW. I had the Micropod II along with, the Snap-On Verus, Autel 908, and the Gscan all with the latest updates hoping to see what they all could do assuming it would be code and data reading only. What I was hoping to get a better understanding of between the aftermarket tools vs. the OEM tool was what was considered passive vs. active. On the surface it would seems like without authentication, any command requested by the scan tool would simply be ignored however I would have not been surprised if an aftermarket scan tool was able to pull the VIN which it would have had to request as well as which data it could request to read. I had many of questions and was excited to see what I could learn only to find that none of these aftermarket tools even had any coverage listed for a 2018 Ram or Dodge truck. I tried but could not communicate under previous model years either. I did not think to try the generic side of the tool but from everything I have read my assumption is that the generic OBD modes do not work on these models because of the network structure. I will follow up on this in the future and I think this will make a great discussion topic for another post.
FCA opened up access to aftermarket companies this November. Snap-On and G-scan are working towards a solution but there will likely be some challenges getting a tool to work with the FCA servers and integrating a solution to meet the need for constant WiFi. I myself am curious to see if this will look like a normal scan tool operation or use the aftermarket tool as a pass through with the J2534 interface. I have always said that many of the aftermarket tools are much more user friendly and often offer much better data display and recording features than the OEM tools. I have been overall impressed with the wiTECH software except the data graphing and record functions and would prefer this function on many of the aftermarket interfaces.
If you’re on the AESwave email list than you have probably seen the 12+8 adapter Autel will be releasing. It is not yet available and, in the email, they mention connecting to a 2018 Dodge Ram. Our tool was running version 5.6.00 and did not have the 2018 Ram listed but either way I would anticipate it being available soon. This cable essentially goes in place of the SGW. It will require removal of the unit which as far as I can tell is located either under the driver’s side of the dash or behind the infotainment unit across all models. (the torque spec for the SGW bolts is 44 in-lbs. in case you were wondering) While removing the infotainment unit may not be ideal, because the SGW does not serve any function beyond securing the network it would seem like this should be a viable solution and would provide full network capability. Furthermore, this solution may be useful in diagnosing faults with the SGW as faults in the SGW may mimic faults in other modules. It is also notable that “no communication with SGW” codes do not exist.
There is already talk in the industry about how the SGW is just another tactic to cut the aftermarket out of service. I think it is important to talk about the security vulnerabilities, how Chrysler has addressed them, and how we may see other manufacturers jump on board with similar systems going forward.
Robby Schrimsher shared a you tube video with me in another thread that details how two hackers were able to use the radio in a 2014 Cherokee to take control of many vehicle features including the steering and braking. The video goes into detail about how the hackers studied potential weaknesses in the system and were able to manipulate them even going so far as to talk about the potential to target specific VINs and control them remotely using the cell networks, without ever needing to make physical contact with the vehicle. This made big news back in 2015 and in my opinion ultimately played a role in the development and implementation of the SGW.
In addition to telematics units, the SGW also isolates the DLC which is what we, in aftermarket repair, are concerned about. Consider how many cheap Chinese dongles I am sure many of you have removed from your customers vehicles in order to connect your scan tool. I would say at least 25% of the vehicles I see daily have a dongle from either an insurance company, a DLC-to-cellphone code reading device, or fleet/mileage tracker. All of these units work wirelessly and many of them transfer data directly through wireless or Wifi networks. It stands to reason that if hackers can hack a factory Chrysler radio/telematics unit, that getting into one of these networks would be less of a challenge. Furthermore, as I learned in the above-mentioned video, the hackers were faced with challenges getting messages from the radio on to the CAN network whereas hacking an aftermarket dongle would give us direct access to the CAN network… at least in a vehicle without an SGW. Hopefully I have painted a picture of why this type of technology is necessary and likely to become standard with other vehicle manufacturers.
I am told that other manufacturers like Ford, Nissan, and Subaru are following suit and that they may even be rolling them out in … models. I don’t necessarily think this will make the aftermarket scan tools obsolete, but I do see many changes on the horizon. Maybe the aftermarket tools are able to integrate with the OEM systems which would likely give them OEM capabilities like flashing which would come just in time for OTA programming. At the same time, I could see this driving the cost of the aftermarket tools sky high. Either way, changes are coming. I would love to hear everyone else’s thoughts and predictions.
Excellent write up Mike, thanks for taking the time to do this. I can see the by-pass cable being popular with these vehicles as it connects to the busses after the SGW and wouldn't require an internet connection. Much better for road testing. Also once you're past the SGW you should be able to reflash modules. Although since the files have to come from the FCA server they may still block access for models with an SGW module. I would also like to see if you can access generic OBDII with an aftermarket scan tool. GM and Ford are also using gateway modules between the DLC and the on-board networks. This is going to change how we do some diagnostics on these vehicles. Something as simple as checking network resistance or shorts to power or ground require access to the network after the gateway. Martin Smith posted some information on the GM serial gateway and mentioned that someone could find themselves down a rabbit hole diagnosing a network issue on one of these vehicles if they didn't consult service information to learn how these systems are different from what we have been seeing for many years. Also there is speculation that the next step in securing the networks will be the addition of some sort of security code as part of the message. Only secure messages will be accepted by the receiving modules. Whatever the next step is we'll have to deal with it and work with it. And we will just like we always have. Ah the fun of being a tech.
Thank you. If I had to guess I don't think module flashing will be done bypassing the SGW. Autel's solution of bypassing the SGW allows them to work around gaining security access through the FCA servers which they would need access to anyway in order to do any programming. If in the future aftermarket scan tools end up coming up with a format that allows them to gain authentication from the Chrysler servers there would be no need to bypass the SGW. I am curious to see if that would also be accompanied with the ability to perform programming via aftermarket scan tools.
I agree that whatever comes next we will have to deal with it. It seems like were going to be in for a wild ride the next few years!
Thank you for the info. I was quite surprised to learn they had implemented J-2534 wiTECH functionality. The last I heard they were still violating the "rules" on that, :-)
Out here, where the typical customer is 15-20 years behind "new", I always wonder what these cars will look like by the time they are seen by us. I imagine all the SGW will have been thrown away with a permanent tuner bypass installed. All the "flash" files will have been available through Autel or on eBay for ten years by then.
The money you guys working on new-but-non-warranty have to spend is ludicrous, and then it is all irrelevant in ten years, but that's what a constant cash flow is for (I guess). I enjoy reading about it for sure!
Yea I think they are slowly getting on the J2532 bus so to speak but the catch is still the cost of registering the devices and then getting them to work with each other. I don't have every single OEM tool on the market but from what I do have I think FCA is far ahead of the curve. I know many of the others use Bosch software and hardware so I am wondering if they will eventually transition to something similar to the FCA system.
You bring up a very good point about the future of used cars. I know that many of the "Global" modules found on newer GMs cannot be swapped from a used vehicle with a different VIN. What does that mean when that module is discontinued? I think EEPROM work might be the ticket there and is one thing I would like to learn in the future.
An interesting point to add to your permanent tuner bypass... we recently acquired six 3.6 engines (06 Impala..ish) for our engine class. I was tasked with getting them ready to run so the students could tear them down, rebuld them and start them. I knew we would need PCM,s keys, transponders, and either a TCM or PNP switch/bypass just off of the top of my head. After doing a little research I had added a fuse block and BCM and if I remember correctly a cluster. All just to make an engine run. And I wouldn't have been surprised if I got all of that and missed something that still wouldn't start. I did some research and found that there is no commercially available bypass for the security but there were a few guys who were confident they could write it out of the software. I think an SGW bypass might be incredibly more complicated than that but I could be wrong.
Mike said " I think EEPROM work might be the ticket there and is one thing I would like to learn in the future. "
Yes! There are a couple guys who have written about that stuff over on iATN. Recently one showed how he wiped/virginized a Global A module so it could be used in another vehicle. Looks easy when HE does it....LOL
They're out there risking bricking modules while guys like me are waiting till they have it figured out to learn it.
This slow shift towards an industry wide culture of training and education will hopefully be led by those guys as they charge us all boku bucks to learn from them!
It seems to me, that if a couple of guys screwing around in their home garage can do it, then the AM scan tools can't be far behind. Hook-up Autel, press the "make virgin" button, then use GM SPS to program like new. Or if that's too Sci-Fi to work, then Launch will sell a wand that just zaps the ee-prom (or whatever) into submission.
The Doctor Who sonic screwdriver would work. (TV nerd reference)
Let's be realistic... they would never let it be that easy for us...
FYI Tanner. The Cardaq Plus 3 is not on the list in the FCA website but it does work and , more importantly, FCA will approve it when you resister.
That is interesting that the M is on there before the Plus 3. I wonder if there is a difference between approved devices and devices that can be registered. What I mean by that is that maybe they will allow you to register an Autel J box but not support it because it is not approved. I will have to follow up on that.
Is this really a solution though? If hackers can get into anything these days, and they do. Then, in my opinion, this only truly affects the aftermarket and shops without witech the most. Won't they come up with a bypass? I'm no programmer, but I am concerned about manufacturers not letting the average Indy shop do something as simple as bidirectional control. I heard that recently one has to input a pin number that changes every twenty seconds in order to do something to a vehicle, and that pin code is only given to those with certain credentials. Why not do that instead? Or create a pass thru dongle that allows access with a similar expiring pin that's only given to those with automotive licenses or credentials? Obviously I'm rambling but i can't help but think that if they were truly only concerned with hackers, they would've thought of alternatives in which it didn't cut off people who are simply trying to do their jobs. Imho
Mario Autel has a by pass cable. It just isn’t available yet. Also if you connect to the networks after the SGW you can access them. This isolated the DLC but really wouldn’t stop someone who has access to the vehicle from hacking into the networks. Just makes it difficult to access. Also the tuners already have work arounds for loading their custom programs. At least one sells a by pass cable for i think 50 dollars. So much for secure networks.
It is easy to see some manufacturers would rather have no one else work on the products they produce, or in simpler terms, have a monopoly on where the owners can bring the vehicle for service / repairs. We DO have the ability to explain to our customers the "lock-out" the manufacturers imposed and we DO have the ability to make recommendations of brands which do not impose the restrictions that some have chosen to impose. The consumers should be aware of how this has evolved, and let them make an educated buying decision in the future.
First let me say that I am so far from being a hacker I can barely log into my own computer at times. From what I have read there were some serious vulnerabilities on Chrysler vehicles that were addressed with the SGW. If I had to guess the SGW makes it impossible or at least reasonably impossible to hack without modifying the vehicle. That's the point that I think really matters to the OEMs. I don't think they will be bothered by Autel's or any other companies workaround.
Maybe they're could have been a better solution but I personally think there are other factors driving this. Obviously keeping consumers safe is paramount. This is a little more opinion than fact but I'll share my two cents. You may notice that data is becoming a reoccurring topic in the automotive industry lately. Manufacturers already have access to a ton of data on vehicles. In addition to data I think it's pretty well known that for quite some time GM has been able to disable and track a vehicle through OnStar in the instance that a GMAC loan was in default. Things like this would lead me to believe that the OEMs probably have the ability to do much more when it comes to controls along these lines. I don't think they are trying to take over the world by kamikazeing their vehicles into the other OEMs headquarters but I do think they want to protect their ability to have access to those controls/data. Otherwise a Cadillac owner will not be able to remote start his Sedan from the office via his cellphone or a parent wont be able to set speed limits or track their child's vehicle. From a data standpoint, every time a vehicle is plugged into the FCA server via a scan tool (if not wirelessly through telematics units) FCA can access and log any data that might be used for quality control or identifying common failures, or maybe even learning the driving habits of their drivers to use for marketing strategies... who knows.
One thing I do know is that if that control and data is not secure there is no doubt the government will swoop in and control it. The manufacturers don't want that any more than we want the government certifying our technicians. Which brings me to my next point. I don't personally think the aftermarket has their S#!t together enough for FCA to come up with a way to verify the credentials of a technician. We have the LSID certification but FCA only requires that for security related functions. In order to get through the network as a non dealer you don't need any real credentials. In fact if you already have a JBox you only need to purchase a license which Is only $50 for 3 days with the JBox. Consider that FCA is making nothing off of the JBox, and considering the costs of software (if an aftermarket tool sold 3 day subscriptions you would expect to pay much more than $50 for them) I feel like they are sticking their hands out to the aftermarket techs as much as can reasonably be expected and way more than many other manufacturers.
That is pretty cool and seems like an easy process. Thank for sharing.
You wrote: "I did not think to try the generic side of the tool but from everything I have read my assumption is that the generic OBD modes do not work on these models because of the network structure."
I can tell you the OBD communication is possible and required but maybe I am misunderstanding what you meant. I just checked some data and I can confirm that very vehicle (2018 RAM) can communicate on multiple OBD generic modes. What is it that you read?
There has been talk among the OEs about whether or not to monitor the security gateway modules and to turn on the MIL if they failed. At least one OE says yes and had a couple ideas on how to monitor it. One of those was to communicate to the ECM (similar to pinging the module) and if it didn't communicate, set a DTC and turn on the MIL. This means if you jumped around the module, as suggested, it would turn on the MIL. Did you happen to power down the module and see if it turned on the MIL? It's a question I have been wondering about since I first heard these were coming out.
I have an 18 ram and I have an Edge product on it so I can view live data. It gives me more than generic data. I can view vgt pos, Egts, egr position, trans temp, tells me when I'm in regen, etc. Not sure if they figured out a way to bypass but it works...
Edge like a tuner?
Viewing data through the scan tool is allowed but essentially, bi-directional functions like clearing codes are not. The issue that I had with the aftermarket tools was moreso because they didn't even list the 18 RAM in the vehicle specific menu.
That being said a $40 scanner from Autozone should still be able to read data and codes just not clear them.
From the tuner company, yes. Mine has the ability to be "unlocked" and then it can tune the truck. I do not have that function. Not interested in deleting. I only wished to view data as I tow a camper frequently. I'll try and see if my snap on scanner is able to id the truck tomorrow in generic and enhanced. May be too new still. We have a witech at work so I've only used it. Mine is updated to the latest so we'll see...
It shouldn't be able to rewrite any software without a bypass cable but I wouldn't be surprised if they had one.
I would be curious if you can auto ID the truck. I was surprised my Snap On didn't.
So I was not able to auto ID the truck. The software only goes to 2017. I was able to ID it as a 17 manually and I was able to view all live data in any module. I was not able to do any bidirectional control though. The Ethos tech( at 18.4) would act like it would work but there was no actual function happening. This was in the ecm, heated seat, hvac. Actuating the blower motor, fan clutch, heated seats did not work. I did not try every function in every module. I was able to read codes, but I could not clear them. I induced a code in the ecm to see. It did not work. It would also not clear a stored bcm code. My edge "tuner" would also not clear codes. It would read them.
Now I was also able to view data in generic mode. I was able to view mode6 data. I was able to view codes AND clear then in generic mode.
That is interesting. Everything I read said that it would be impossible to clear codes in generic mode. Next one I get my hands on I'm looking forward to trying. I guess that means at least ECM codes can be cleared.
I looked and the Verus I was using was running 18.2. I guess I thought it was fully updated.
Thanks for checking it out!
"my assumption is that some of the generic modes do not work on these models" Thanks for catching that.
You mean you have hooked up a scan tool and pulled data on the generic side? Did all of the typical generic modes work except clearing codes? Often I will try to access mode 6 on a non SGW equipped vehicle and have issues. I have no idea if that's on the tool side or vehicle side.
The MIL as in a check engine light on modern vehicles is really only emissions related. How many times have you found a U code in a PCM that had no MIL? That is because they are non critical and non emissions related faults. U codes are really only used to assist in diagnostics rather than advise a driver of a concern. Manufacturers want to keep as many lights off as possible (remember Ford misfires). In fact in the case of Chrysler, a new vehicle that sets a code in a non-critical system can and will in some instances notify the dealership service department without notifying the driver.
In the instance of the SGW, it is necessary to allow communication from the telematics unit to the rest of the network. We did not bypass the SGW on Shane's truck but I can tell you with certainty that it would set codes. A few quick examples would be the safety systems that need to communicate with the radio that would have stored codes in them because of the loss of communication. If an ADAS system can't communicate with the radio in order to sound a tone than a code will set and a "service parking assist" or message related to whatever system is affected will likely be displayed.
Maybe what you are asking is in reference to the statement that codes for no communication with the SGW do not exist? This is because as the network is designed, there is no purpose for protocols to be written to set a no comm code with the SGW. If the SGW had no communication how would you be able to retrieve that code? And why would you need to?
I see plenty of U codes commanding the MIL on as well as B and C DTCs. The most recent was a B DTC in a Neon for HVAC heater fan speed. I am specifically wanting to verify what I already know, these firewall modules can command the MIL when they fail or are bypassed resulting in a failed emission test in areas that require an OBD test.
As far as generic modes, they can’t block those so if anyone can confirm that, I would love to know about it. I just reviewed the latest J… and do not see any reference that allows them to block any legislated SAE mode including $04. Maybe DTC clear via current UDS mode $14, that I have not looked into. There is a service mode on UDS that is in discussion about blocking but that is for future regulations and even then, $14 will not be blocked as currently being discussed. That could change, of course.
As far as mode $06, what issues are you having? I generally have no problem with that.
The SGW on the vehicle you are showing can set multiple communication DTCs, so, yes, they do set U DTCs but I did not see that those commanded the MIL On this vehicle.
I don't think we are on the same page.
If the SGW were to fail in such a way that you could not communicate with it the vehicle would fail an emissions test in the same way it would if you attempted the test with any other no comm vehicle.
That does not mean that the PCM will be taken off of the network or that the emissions testing results could not be accessed by tapping into a star connector for example. It only means that without a properly functioning SGW that information would not be available at the DLC.
I do understand what you are thinking about them not being allowed to block a generic mode. I can't say that I have tried to clear codes using the generic side of a scan tool but I did do exhaustive research via Chrysler factory training modules and service information. I would encourage you to do the same.
Lastly, there are no "no communication with SGW" codes. It would be impossible for a code to set withing the SGW that states no communication with SGW. Just the same it would be impossible for a no communication with PCM to be set in a PCM. Am I making sense?
That being said it is also impossible for a "no communication with SGW" code to set in any module, on an FCA vehicle, including the SGW. The reasoning behind this is that if the SGW is no comm there would be no way to retrieve that code from any module.
Yeh, definitely not on the same page. That happens too much on the internet. If you ever wander out to Colorado, stop by and we will get it hammered out.
Nice topic, good stuff, thanks for taking the time To write this up.
Randy is correct, Services $01-$0A are required, although Service $04 is not quite as well defined in the regulation as I thought. There is no actual requirement to allow clearing of emission-related data until the 2016 regulation, which requires scan-tool clearing starting in MY 2019. Therefore, Maybe then some wiggle room on the "blocking" aspect. Previous versions of the reg only have a "nebulous" reference to required clearing via Service $04 under the "reprogramming VIN" section.
… version does provide clearer guidance on the $04 but I read it as clarifications on how, when and what. If you read CARB staff initial statement of reason for the 2016 version (g) (4.10) was added to clarify both for safety issues and what items were to be reset but not that it was now required. In other words, it was always required, just not called out specifically. The phase in to 2019 MY was for the safety issue of clearing while engine running.
For reasons I can't share on here, mode $04 restrictions will cause major concerns if it were to be restricted.
Randy - just so we don't leave any loose ends for these folks, as I mentioned in my email, section (g)(4.10.2) specifically requires emission-related data to be cleared by use of a scan tool (generic or enhanced), also by removal of power to the module. CARB's intent was always to require code clear via scan tool, but never specifically stated it until now. The … phase-in covers this section only. The safety-related "alternative code clear method" is applicable now with Executive Officer approval (4.10.3&4).
(4.10.2) For 30 percent of 2019, 60 percent of 2020, and 100 percent of 2021 and subsequent model year vehicles, the emission-related diagnostic information shall be erased as a result of a command by any scan tool (generic or enhanced) and may be erased if the power to the on-board computer is disconnected....
At a minimum, the emission-related diagnostic information shall be erased as a result of a command by a scan tool while in the key on, engine off position.
That's the safety request made by some manufactures and is included in the 4.0.2 section. From the ISOR; "To avoid these potential safety issues, manufacturers inhibit clearing of this information unless the vehicle is off or not in the propulsion system active state (i.e., in the “key on, engine off” position)." Section 4.10.3 and 4 are for when that method won't work.
But the rest of the section matters and is what the phase in relates to.
Further, except as provided for in sections (g)(4.4.6)(D), (g)(4.8.2), and (g)(4.10.4), if any of the emission-related diagnostic information is erased as a result of a command by a scan tool, all emission-related diagnostic information shall be erased from all control units that reported supported readiness for a readiness bit other than the comprehensive component readiness bit. For these control units, the OBD II system may not erase a subset of the emission-related diagnostic information in response to a scan tool command (e.g., in such cases, the OBD II system may not erase only one of three stored fault codes or only information from one control unit without erasing information from the other control unit(s)).
What that last part was trying to address was selective code clear or reprogram event that could evade an IM program. I have seen this multiple times on current vehicles where an enhanced scan tool, presumably using a $14 mode, clears a DTC from a module but then leaves the module with the major monitors unchanged. Without driving the vehicle, it now passes the IM test. The phase in was to allow those manufactures that did this time to stop.
To me, this is how I read the section 4.10.2. The change from prior 1968.2 regulations did not specifically require major monitors to set to incomplete if the DTC was in another module.
Sounds like CARB closed the loophole in the system. Clear codes, clear readiness.