I am trying to understand how Tivoization worked; but the Internet is filled with discussions about the legal aspect of the matter, rather than technical details of how it was implemented.
My understanding is that the hardware would refuse to load binaries that were not digitally signed with the private key of the manufacturer. I am assuming that the public key had to be hardcoded or stored somewhere.
Why was it not possible to circumvent tivoization by simply overwriting the public key? What kind of storage mechanism guarantees that it would not get overwritten?
If it was hardcoded, then it is a simple matter of finding the offset in a raw binary file and overwriting that data with another key.
It could have been stored in a security module (like a smart card), but to the best of my knowledge those will dearly protect private keys (storing them in a way that does not allow them to be retrieved), whereas public keys are regarded as "just data" and can be easily extracted and modified (if you have the required permissions).