Revoking EH_STATE
As this is the default state for devices delivered from manufacturing, a mechanism is provided to allow devices to be switched to the RoT Secure state (ROT_STATE).
This is a one time operation. Once the state has been revoked it cannot be re-enabled, because the act of revoking it corrupts the EH signature in NVM, which physically cannot be undone. The device remains in ROT_STATE.