ah right so they do this to avoid having a proper secure enclave, like a very focused secure storage capability related to what the efuses are logically related to. Makes sense, I guess i just assumed they would have a secure enclave like phones etc as consoles are one of the original 'trusted computing' devices that people buy and obviously to avoid piracy etc having it work properly is important but also hardware BOM is a consideration too.
I guess the secure enclave having storage introduces another attack too, wiping/corrupting/replacing that storage somehow, thus efuses, simpler and more straightforward.
Hmm, I have done some work in this field but obviously haven't seen all the board variations out there. The secure enclave (let's call it that because you did) will usually contain a master key that facilitates crypto operations on things in storage. This master key may be programmed using e-fuses. This is a one-time operation (and yes I have once accidentally written a key that I didn't want to write on a development board). You may only get secure storage and secure boot etc. once that is set up. So when the board already has e-fuses on the board it's not a big deal for the manufacturer (of the board) to include a couple or even a whole bunch extra for whatever the user (i.e. manufacturer of the device) has in mind. For example, you may be able to invalidate a master key and add a new one, up to n times.
I guess the secure enclave having storage introduces another attack too, wiping/corrupting/replacing that storage somehow, thus efuses, simpler and more straightforward.