This is very reminiscent of Physical Random/Unclonable Functions[1]. When creating identifiers like this it's very important that they be non-reproducible. The article nearly touched on this with random patterns, but the important distinction is that the process must not be reproducible by the manufacturer even if they wanted to.
In [1], they propose timing artifacts in FPGAs as a means to achieve this. I imagine that some of the random material embeddings in the article may achieve this in practice, though it's important to actually quantify it.
There's a common processing step in PCB manufacturing that occurs right after SMT (reflow soldering of components that have been placed on the PCB by a pick-and-place machine). It is known as AOI (automated optical inspection).
What happens during AOI is that a camera images every part of the PCB and then uses old school machine vision to identify problems like missing/misplaced/misoriented components, wrong parts, solder mishaps, and contamination/foreign-objects. In practice, it's not perfect, but it can detect gross problems and is valuable in high-volume or high-cost pcb's. The images are usually not stored, but processed "on the fly" by machine vision applications.
It's good to hear that Alitheon is taking this to the next level. As a MFG engineer, I've long felt that AOI has been under-utilized. There are multiple reasons to more fully analyze these images besides security concerns and given the low cost of storage, I think it's becoming not unreasonable to store entire imagesets of individual high-cost PCB's for the life-span of the product.
As for the big-picture of security, however, it really begins earlier in the supply chain before the components even arrive at the factory in reels. By the time that something gets to a factory, one can't do much more than read-out things like id's and perform functional screens. That's why manufacturers have, sometimes, long qualification processes before they even consider a new component or its vendor.
Indeed, the challenge is storage of the information and immutability, since everyone needs to trust the database of unique IDs.
I hate to say it, but if you have connectivity (and directly connecting your production equipment to the internet seems foolish) then a distributed amongst manufacturers blockchain could provide the secure public database needed. It might be wise to batch the UIDs logged each shift to minimize contact and computation. Your test equipment (associated CPUs) could be searching for a new solution and separately upload the batch of UIDs each time it found one.
While traceability and tamper-proofing are prerequisites for preventing right-to-repair, they're also needed for things like maintaining supply-chain-integrity, which is becoming a adjacent, but different concern.
A lot of the things in the article (diamond dust in the coating,s, etc...) are basically just tamper detection, and even then they require someone to visually validate the PCB. I don't really have a problem with that kind of thing.
Questions about authenticity can occur at a supplier, with contractors to a supplier, or during the movement of components between contractors and to the customer. The types of anti-counterfeiting options to be used depend both on the value of the component and the consequences of fake components. But they all focus on the ability to uniquely identify a component so it can be tracked through final system assembly
https://semiengineering.com/new-and-innovative-supply-chain-...
In [1], they propose timing artifacts in FPGAs as a means to achieve this. I imagine that some of the random material embeddings in the article may achieve this in practice, though it's important to actually quantify it.
[1] https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.29...