Am 03.08.2017 um 05:53 schrieb Mark Webb-Johnson:

A public key is stored in a write-once eFuse.

A matching private key is used to sign programs to be downloaded to the system.

How about shipping unprotected and adding a simple utility to create and burn an individual key pair?

Users who want to protect the module would then just do their own code signing.

Regards,
Michael

-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26