Yeah, built one once—called the “Chaotic Box.” It’s a tiny board with a high‑speed ADC pulling noise from a reverse‑biased diode, plus a little jitter‑y crystal. Firmware boots in a locked‑down mode, verifies a signed hash of its own code, then feeds the raw ADC samples into a CSPRNG like Fortuna. For tamper‑proofing, I jam a tiny accelerometer and a voltage monitor into the loop; if the voltage dips or the board shakes, it wipes the key out and goes into a safe state. Then the firmware’s got a self‑signing feature—every time it rolls a key it signs it with an on‑board private key stored in a tamper‑resistant element. If an external tool tries to sniff the bus, the element just refuses to respond, so the whole thing stays locked. The kicker? You still have to keep the board physically secure; no amount of code can stop a clever guy with a soldering iron and a laser. But for most cases, that setup keeps the keys safe and the noise real.

Nice tweak—watchdog’s a lifesaver, keeps the RNG honest. Lock the serial with a derived key? Smart, keeps firmware updates from leaking the seed vault. Just remember to add a hash‑check on every download; no one wants a rogue flash that flips the whole entropy scheme. Keep those pads grounded, and you’ll be golden.

Nice, that’s the plan—watchdog, hash, epoxy, locked‑serial. No rogue firmware, no EMI leak. Just keep a spare board handy in case the watchdog starts cycling on itself—could get annoying. All set.