F40 116i (2023) — KOMBI display whiteout caused by expired certificates (026080) — Need help with CBB renewal via E-Sys

  • Thread starter Thread starter art_n
  • Start date Start date
  • Tagged users Tagged users None
A

art_n

Watchlisted
Thread Owner
Joined
08.03.2026
Messages
1
Reaction score
0
Location
France
Hi everyone,

I have a BMW F40 116i with a fully digital instrument cluster that has become completely washed out — white screen, instruments unreadable. The critical clue: the display renders perfectly when connected in diagnostic mode, which rules out any hardware/backlight failure.

Root cause identified:
Fault code 026080 — Instrument panel: Certificates (type 1) not ready is permanently stored in the KOMBI. It cannot be cleared — it returns immediately after deletion. Based on research, the KOMBI runtime certificates have expired or become corrupted, which affects the display rendering pipeline in normal driving mode but not in diagnostic mode.

What I've already tried with ISTA+ 4.53.40 (standalone, ISTA-Patcher 2.3.5, ENET cable):
  • Full vehicle readout and identification — works fine
  • PSdZData 4.58 Full installed and recognized (S18A with 421 I-Stufen confirmed in PSdZ logs)
  • KOMBI reset via ECU Functions → Component triggering → Reset control unit — no effect
  • Cleared all fault memory — 026080 returns immediately
  • Software Update → "Download failed"
  • Control Unit Replacement → "Download failed"
  • Registry and config fully configured (Programming.Enabled=true, ExpertMode=true, ILeanActive=false, SWIData set)
  • Firewall/antivirus disabled during attempts

Conclusion from ISTA+ attempts:
Standalone ISTA+ with Patcher cannot perform the certificate security handshake required to fix 026080. The "Download failed" errors are consistent with the inability to reach the BMW security backend.

What I'm trying now — E-Sys CBB procedure:
I found a solved case where someone with the same 026080 issue used E-Sys to fix it:
1. Comfort Mode → Certificate Management → Offline → Start data check
2. In that case, simply running the data check restored the certificates to green/OK status
3. If that doesn't work, the full procedure involves generating a CBB request file, having it signed via the BMW backend, and writing the response back

I currently have E-Sys 3.30 but the SVT read returns empty — likely because 3.30 is too old for the F056/S18A platform. I'm installing E-Sys 22.06 + PSdZData 4.56 Lite to retry.

My questions:
1. Can anyone confirm that E-Sys 22.06 supports F056/S18A for Certificate Management?
2. Has anyone successfully restored certificates on a FAAR platform vehicle using just the "Start data check" function?
3. If the CBB request/response procedure is needed, is there anyone here who can sign CBB request files?
4. Are there alternative approaches to restore KOMBI certificates offline that I'm not aware of?

Thanks.
 
art_n said:
Hi everyone,

I have a BMW F40 116i with a fully digital instrument cluster that has become complete...
Click to expand...

This is a well-documented and thorough write-up — you've clearly done your homework. Let me address your questions point by point based on what's known about this scenario.

The Core Problem

Fault 026080 — "Certificates (type 1) not ready" — is indeed a certificate lifecycle issue. On FAAR/F056 platform vehicles, the KOMBI (and other ECUs) use runtime certificates (CBB — Certificate-Based Binding) that have a defined validity period. When they expire or become corrupted, the ECU enters a degraded state. The fact that diagnostic mode renders fine confirms the display hardware is intact — the rendering pipeline in normal mode depends on a valid security context that the expired certificates can no longer provide.

Your Questions

1. E-Sys 22.06 + F056/S18A support

Yes, E-Sys 3.30 is too old for FAAR — that's why your SVT read comes back empty. E-Sys 22.06 (sometimes referenced as 3.36.x internally) with a current PSdZData (4.56+) should properly identify the S18A I-level and read the SVT/SVT_SOLL from your F056 platform. Make sure you also have:

  • A compatible .prg launcher (the 22.06 launcher)
  • A valid token (light or full — for certificate management you'll likely need full token access)
  • PSdZData that actually contains your I-Stufe (4.56 Lite should cover S18A-421, but verify the cafd/swe coverage)

2. "Start data check" restoring certificates

This has been reported to work in some cases — specifically where the certificates are technically present but flagged as invalid due to a timing/synchronization issue rather than being truly expired or missing. What "Start data check" does is re-evaluate the certificate store against the ECU's current state. If the certificates themselves are still within their validity window but the status cache is stale or corrupted, the check can flip them back to green/OK.

However — if the certificates have genuinely expired (which on a 2023 vehicle would be unusual but not impossible if there was a failed update or time synchronization issue), the data check alone won't help. It will show the certificates as red/expired, and you'll need the full CBB renewal.

3. CBB request/response signing

This is the hard part. The full CBB procedure is:

  • E-Sys → Comfort Mode → Certificate Management → Generate CBB Request — this creates an XML request file
  • That request must be signed by the BMW PKI backend (the Security Gateway / KPC server)
  • The signed response is then written back via E-Sys

In a dealer environment, this happens transparently through ISTA/P with an active dealer connection to BMW's backend. Offline, you need someone with access to the signing infrastructure. I won't go into detail on sourcing that here, but this is a known bottleneck for independent/DIY work. Some specialized coding services do offer CBB signing — you may need to reach out to established BMW coding providers who handle security-related operations.

4. Alternative approaches

A few things to consider:

  • Check the KOMBI system time — if the ECU's internal clock has drifted or been reset (e.g., after a battery disconnect or failed update), the certificates may appear expired when they're actually still valid. Correcting the time via E-Sys or ISTA and then running the data check could resolve it.
  • ISTA+ with dealer online connection — if you can get access to a properly licensed ISTA+ instance with BMW backend connectivity (not standalone/patched), the "Software Update" or "Control Unit Replacement" flow would handle the CBB renewal automatically. This is the intended fix path.
  • Flash the KOMBI with a full SWE set — in some cases, a complete re-flash (not just reset) of the KOMBI via E-Sys TAL execution can trigger a certificate re-provisioning. But this also typically requires backend signing for the security SWEs.
  • Dealer visit for just the certificate operation — if all else fails, a dealer can resolve 026080 relatively quickly since it's a software/certificate operation, not a hardware replacement. It may be more cost-effective than the time spent on the DIY path.

Recommended Next Steps

  • Get E-Sys 22.06 running with PSdZData 4.56+ and confirm SVT reads correctly
  • Go to Comfort Mode → Certificate Management and check the actual certificate status — are they expired, missing, or just flagged invalid?
  • Try "Start data check" first — it's non-destructive and may resolve it if it's a status issue
  • If certificates show genuinely expired, you'll need the CBB signing path or a dealer connection

Post back what E-Sys 22.06 shows in the Certificate Management screen — that will tell us exactly which path you need to take.
 
Activity
So far there's no one here
Back