[cwalv]

> Which they can do anyway if they have root access to the CA.

Until you turn it off. If they exfiltrate the keys, it's more complicated.

This goes back to your comment:

> Creates a two-tier PKI... on the same device. This completely defeats the purpose so you can't revoke anything in case of key compromise

But the root key is just created; it doesn't stay on the device and can't be used to sign anything.

> What actual problem does this solve or realistic threat does this prevent?

The problem is exfiltrating the key without physical access. Whether or not that's "realistic" enough to matter isn't a question that can be answered generally.

> Hard to say if those extra 9's need an external RNG for extra entropy.

IMO it's not. In the author's words: Optional, but fire