The OEM could control it in hardware and a secure part of the chipset could validate the OS integrity and sign the relevant key (which is what Apple does with SIP on a managed MacOS installation).