That is the problem, if it is physically disabled (by a bit which cannot be reseted without complete power-down) nobody can update the key to revoke anything.
If the bit can be reseted with a magic bit manipulation then only few people know how to do it, black-hat paid $250k a shot are part of those mens.
On a side note, I tried to verify the CRC32 of the FLASH at each boot in real mode (no interception possible), but it is completely unusefull: CRC32 changes at each boot, it seems something different (boot counter?) is stored each times the machine reboots.
Basically, we would need a publicly described "file-system format" of the FLASH (simple filename/address/length triplet without non-contigous files and without automatic file creation/growing management) - so that at least the bootloader can display a warning when something which should not change has changed...