I appreciate the quick response and it’s good to know that it’s on the horizon.
What I would think of doing is having a secure api on the Torizon server side from which Tezi could retrieve an/the execution string. That string would then be written to internal storage so that when the target boots for the first time it can retrieve and execute it. But the string would only work for that particular som flashed with one or more particular flash disks. Getting the string in the first place would be the trouble I guess.
Maybe the production worker would scan the barcode on each som (preferably the box of soms) into an app that contacts your servers. That, along with the uid of the flash disk being used (the flash disk would have to be plugged into the pc app rather than just copy+pasting the uid), which would be pre-authenticated.
Just some ideas. Happy Friday!