Note that the Raspberry Pi does not have a full TrustZone implementation to protect secure mode memory, etc. But it is a widely available device with good documentation and allows developers to experiment with and learn about the basics of TrustZone architecture.
OTP and e-fuses are also evil. Devices should never be forced to become e-waste over them being set "wrong". There should always be a factory reset option that clears everything.
Why would that require fuses? You store the firmware in flash, which can be updated to a newer version, restored to the original version or replaced entirely with third party firmware by the device's owner if the OEM fails to patch it, e.g. because they go out of business.
On Raspberry Pi for example, you can write the hash of your own public key to locations 47-54 of the OTP memory block:
https://www.raspberrypi.com/documentation/computers/raspberr...
Here's the QuickStart for the entire process: https://github.com/raspberrypi/usbboot/blob/master/secure-bo...
Note that the Raspberry Pi does not have a full TrustZone implementation to protect secure mode memory, etc. But it is a widely available device with good documentation and allows developers to experiment with and learn about the basics of TrustZone architecture.