Most of those are less "hardcoded" and more "fused into internal non-eraseable memory at manufacturing time".

Not that it changes much. It really should be illegal to enforce "secure boot" with no way for the device owner to opt out of it or enroll his own keys.