Originally Posted by
sn00py
This new segment signing technology they are using was patented (in 2014 if I recall?). Just Google "gm global technology operations llc" and you'll find your way to an index of their patents.
One thing that is interesting is this patent explicitly describes the ability to allow third parties to generate properly signed images without revealing the "root key". Their signature mechanism actually uses two keys, the per-segment signature block contains a header, the SHA256 hash, then a public RSA key. After that comes the signature block generated using the "root key", then the signature block using the first public key.
What this means is GM could give an external party a full RSA key, signed with their root key, and the external party could generate valid signatures. Or the external party could provide their own public key to GM, and they could keep the private part, well, private, meaning that GM could not sign images using the third party's key. It also means they can irrefutably identify the source of any calibration by examining the signature block used during flash.
In any event, they've clearly thought about the scenario where external parties could be enabled to generate signed images. The big question is whether they will, and if they do, under what constraints? And at what cost? Someone in thread posted by the OP commented that this is about GM's wanting to get control over who is allowed to modify GM's ECUs in the same way Apple has control over who gets to write apps that are used on their iOS devices, I think that's a good analogy.
So, perhaps aftermarket tuning will continue forward after all, but the premise under which it is done could be vastly different than it is today.
