This is commonly used for microcontroller reverse-engineering and cracking - you can remove the "program read-protection" bit in some microcontrollers by exposing the fuse portion of the decapped die under UV light. That being said, in all instances of fuse manipulations I'm aware of, the chips are always decapped. I never heard of a non-destructive technique (asides from fault injection), so I'm not sure how practical is your proposal - though I won't be surprised if it exists. But make sure the chip doesn't depend on a critical bit to boot (e.g. external clock enable) before you try - indiscriminately erasing all the fuse bits can brick chips - you don't want that to happen.
Also, as a matter of fact, corrupted fuse bits are certainly responsible for some hardware failures in the field. If a fuse bit ever "gets loose", it can brick many chips since their boot configurations are no longer correct. Fuses are usually designed with a negligible failure rate in normal use, still, defective chips are occasionally made. Also, if you're going to use it in a high-temperature industry application or a radiative space environment, you definitely need to be careful.
I'd imagine you wouldn't necessarily need to decap the entire chip, just the small part of the die with the fuses. The Xbox 360 Kamikaze hack involved drilling into the package to hit one of the bond wires so coming up with a way to use a laser engraver or just a UV light source sounds plausible. As for erasing all fuse bits bricking the chip, aside from the headache of reverse engineering it surely those fuse bits are all wiped clean when the chip is manufactured. Wouldn't there be some method over a JTAG interface to set the relevant bits if you knew which ones were for some key and which were there for platform configuration values? It might not work in circuit but I'd kind of expect that to be programmed after packaging so surely it's brought out on some pin.
> aside from the headache of reverse engineering it surely those fuse bits are all wiped clean when the chip is manufactured. Wouldn't there be some method over a JTAG interface to set the relevant bits [...]
This is commonly used for microcontroller reverse-engineering and cracking - you can remove the "program read-protection" bit in some microcontrollers by exposing the fuse portion of the decapped die under UV light. That being said, in all instances of fuse manipulations I'm aware of, the chips are always decapped. I never heard of a non-destructive technique (asides from fault injection), so I'm not sure how practical is your proposal - though I won't be surprised if it exists. But make sure the chip doesn't depend on a critical bit to boot (e.g. external clock enable) before you try - indiscriminately erasing all the fuse bits can brick chips - you don't want that to happen.
Also, as a matter of fact, corrupted fuse bits are certainly responsible for some hardware failures in the field. If a fuse bit ever "gets loose", it can brick many chips since their boot configurations are no longer correct. Fuses are usually designed with a negligible failure rate in normal use, still, defective chips are occasionally made. Also, if you're going to use it in a high-temperature industry application or a radiative space environment, you definitely need to be careful.