I don't think that segmenting CAN wiring is a good solution to this problem. The Powertrain CAN will always be accessible externally for some definition of "externally" (on older GM cars it ran across the bottom of the car to reach the transmission, for example), and even a separate "immobilizer" CAN would probably be accessible somewhere.
The solution, as implemented by many automakers already, is just to authenticate immobilizer messages. It works, and there's not a great excuse for not doing this in 2023.
The solution, as implemented by many automakers already, is just to authenticate immobilizer messages. It works, and there's not a great excuse for not doing this in 2023.