[riking]

Take a look at the Google Titan chip slides for an idea of how to implement this: https://www.hotchips.org/hc30/1conf/1.14_Google_Titan_Google... Video: https://youtu.be/ve_64dbM4YI?t=3089

Specifially, slides 35-40. You burn a feature fuse to unlock manufacturing test features. The device is personalized with a serial number + told to generate private key + record stored in database. Then, the key is locked in by burning a second feature fuse that disables any future writing to those segments.