Such a simple idea, not you designed authorized vendors and keep the signing keys secure forever.

While you’re at it, make sure the chip itself can’t be reverse engineered and run in a VM.

It’s been around with printer fingerprinting unique yellow dot patterns. I think the key is purchase dates that can be tied to locations and identities. But now you’re into big brother status.

What you need instead is a a public ephemeral bloom filter with plausible deniability built in.

We allow everything to sign, black box only overlays bloom filter bits. Have some longer lived biotokens around to extra harden it between manufacturers.

Now you’re in the real world and journalism. Camera equipment is disposable, so just rotate the key on unit build, load it in an fips wipe cipher to be extra sure.

Now you need that bloom central database with some “stewards” to be trusted hosts. No CA shenanigans anymore.

Picture output, steg encoded for authenticity by real lens IR laser verified. Can be traced if need be, but probably unnecessary.