GM's newest E99 ECM in the C8 Corvettes involves multifactor authentication involving dealer employees & credentials and a Diffie-Hellman 2048-bit key exchange using an SHA-256 hash digest that is unique for each VIN PCM & TCM.
The Diffie-Hellman 2048/SHA-256 ECM/TCM is not a STATIC security implementation, it is currently unhackable by even the best in the aftermarket tuning world.
Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core years.
It would take 35 million CPU cores 1 year to crack a single key exchange, and the key exchange is unique for each VIN. Diffie-Hellman 2048
Forget about it, not going to happen.
Now then, a stand-alone aftermarket PCM that could partially bypass the rolling code encryption momentarily will cut off factory instrument cluster, HVAC, audio, BCM, power windows and eventually will obtain an authentication error which will alert On-Star Remote to shut down the car.
None of it will work because it has security dependencies on the factory ECM.
Every module that communicates with the PCM/TCM uses 2048-bit Diffie-Hellman key exchange with an SHA-256.
Successfully flash-tuning, reprogramming & otherwise altering the engine control unit to increase power output on the C8 will be next to impossible.
The anti-hacking encryption written into the electronic control module will block any attempt to read, write, and/or replace the standard ECU of the C8.
If the ECU detects such an effort, and that programming event fails, the Corvette C8 will enter a "recovery mode" that requires a reboot.
The C8 can be reprogrammed, but that is only with GM software, and only by an entity with the proper encryption keys - meaning a trip on a flatbed to the dealer and a sure fire way to completely void the entire warranty.