I think I have to correct myself. It's not the fuses but the BCT (
http://switchbrew.org/index.php?title=BCT#bootloader0_info and
bct_signature) which is signed and creates the issue. The problem as understood is the same thou. Essentially, as said, the trust chain can not be broken and is provided by the bootloader before the TZ.
--------------------- MERGED ---------------------------
But wait, didn't failoverflow etc. tease that they had cold boot software ability? I think that is why we assumed that TZ would be cold boot able