As someone who has (successfully) implemented this at multiple manufacturers, it is absolutely not as easy as "just signing it".
First off, almost all vehicles are running CANbuses right to the edge of their available bandwidth. Making the signature data fit is a vehicle-wide refactor unless you've designed for it from the beginning.
Secondly, many automotive MCUs don't have hardware crypto support or enough spare cycles for signing/verification. You have to design for that from the beginning.
Third, key distribution is hard. There are a lot of parties outside the OEM that need to flash firmware for various reasons during production. Do you give them all private keys or do you put up a public image signing service anyone can submit binaries to?
There's lots of other issues I could go on about like what the key rollover looks like, but I hope it's clear that retrofitting cryptography onto complicated systems that weren't designed for it is anything but straightforward.
I’m sure there are a lot of complexities, I think the general shape of the solution is the same. Another poster (perhaps you?) mentioned that luxury cars do sign CAN packets.
Anyways I’m not in this industry but work on SPIFFE and see similarities- you could have a centralized CA in the car that does attestation to remote workloads.
That can be a solution, but I usually push to simply scrap CAN everywhere possible and move to IP networking as mentioned by others in a sibling thread. That requires a ground-up system redesign, but it has a lot of benefits like not requiring a bunch of automotive programmers to implement a custom crypto architecture on constrained systems in C.
With CAN, you're pretty firmly in the land of tradeoffs because the safety-critical stuff you want to auth is also hard realtime and solutions that involve expensive coprocessors like HSMs are usually off the table for a number of reasons like cost, lack of vendors supplying high-integrity solutions, inability to do board spins, etc. Adding authentication also has the nasty problem of sometimes reducing your safety because it makes the channel less noise resistant, as demonstrated by Dariz et al [1]. Navigating these sorts of tradeoffs are why some manufacturers have gone with half-measures like only authenticating a small subset of messages.
First off, almost all vehicles are running CANbuses right to the edge of their available bandwidth. Making the signature data fit is a vehicle-wide refactor unless you've designed for it from the beginning.
Secondly, many automotive MCUs don't have hardware crypto support or enough spare cycles for signing/verification. You have to design for that from the beginning.
Third, key distribution is hard. There are a lot of parties outside the OEM that need to flash firmware for various reasons during production. Do you give them all private keys or do you put up a public image signing service anyone can submit binaries to?
There's lots of other issues I could go on about like what the key rollover looks like, but I hope it's clear that retrofitting cryptography onto complicated systems that weren't designed for it is anything but straightforward.