[dTal]

Is there a problem with, say, printing the key on the device case, as is done with administrator passwords for consumer routers? Or, if you're worried about casual skimming, inside the case? Under a tamper seal if it makes you feel better? You're basically at the Chromebook security model by that point, which seems well-regarded around here.

It's pointless anyway trying to "secure" hardware against a sufficiently determined attacker with physical access. There's an argument to be made that physical access should equal software ownership, philosophically.

It's also worth noting that requiring all updates to be signed by the manufacturer does not protect you from malicious code, as manufacturer updates can also be malicious. Ultimately, the "owner" of the device should be at the top of the pyramid of trust.

[eridius]

Physical access should not equal ownership. Haven't you been paying attention at all to the Apple vs FBI case? Apple works very hard to keep devices secure even when they're in the possession of someone else. Obviously in this particular case a third-party firm was able to crack the iPhone (though without saying how), but you can bet Apple is doing everything they can to figure out how and fix it.