Older models didn't incorporate code signing. A bunch of legislation recently has supported the argument by automakers that software features are IP and thus not covered under any "right to repair" laws in the same way that, say, a transmission or a differential can be rebuilt or modified by an owner or 3rd party.The gap tool has been able to modify CCF’s on other models so I wouldn’t be surprised if they do in the future.
Embedded root of trust and traceability are essential in a Defense in Depth strategy to mitigate security risks.
TL;DR: Security-on-Chip for automotive software is coming (already here for many vehicles and systems). Not only is it to protect against someone hacking your car while you're driving it and making you run into a bridge abutment at 120mph, but it's also to prevent you from activating OEM features you didn't pay for.
...And to allow automakers to let you just rent them for a while.