For the mic cut-off? My understanding is that it outputs an electrical signal that's routed to the audio codec that literally prevents the audio from getting to system memory in the same way a physical switch would. It autonomously, at an electrical level, disconnects the mic without OS or software intervention. As it cannot be programmed again, you would have to crack open the laptop and modify the PCB to override it.

Oh, I understand now - you're right, OTP sensor data does protect against a real threat model I hadn't considered before:

* A remote attacker gains whatever privilege lets them get to the sensor SPI. * Without OTP calibration, the attacker could reprogram the sensor silently to report a different endstop, keeping the machine awake and the hard-cuts active. * With OTP calibration, this is closed.

So perhaps it is more security-related than I initially thought.

I was more considering the counterfeit part / supply chain / evil maid scenario, where the fact that Apple's sensors are OTP is meaningless (since a replacement sensor doesn't need to be, plus, you could just put a microcontroller pretending to be a sensor in there since there's no actual protection).

Thanks, you made me think again and figure it out!