I appreciate your technical rigor, but I think you're missing the forest for the trees. Let me walk through why your "seeds not keys" framing, while technically accurate in a narrow sense, fundamentally mischaracterizes what this leak and the unpatchable exploits enable, and I'll cite the actual talk transcript to back this up.
1.
Early boot compromise gives access to all the keys

You keep saying "you have seeds, not keys" and "you need eFuse values." But the talk explicitly states:
"Running code in or after the boot ROM gives access to all the keys. It gives control over everything that runs afterwards."

This is the core point you're missing. Your framing only applies to off-device, offline decryption attempts . Yes, if someone is trying to decrypt firmware dumps on their PC without device access, they'd need the derived keys. But that's not the scenario that matters here.

With early code execution, you observe the keys as they are derived and used before they're wiped from memory. The talk confirms this is exactly what happens.
2. eFuses are accessible with a successful glitch, not a permanent barrier

You've repeatedly framed eFuses as an insurmountable gate: "you need fuses, you don't have fuses, therefore you can't decrypt."

The talk says otherwise:
"If we manage to do the glitch, then this is for free because we can access fuses, we can access keys, and we're good."

That's a direct quote.
eFuses become readable with early enough code execution. They're not some permanently hidden value that blocks all progress. They're part of what you gain access to when you compromise the early boot chain.
3. The bootloader IS decrypted by ROM. My framing was architecturally correct

You criticized me for saying the bootloader "can be decrypted." The talk confirms the architecture:
"It loads, decrypts and verifies the offchip bootloader."

And again:
"the ROM loads the offchip boot loader from SPI flash. It does decryption and sik checks."

The offchip boot loader is encrypted and is decrypted by ROM using derived keys. That's the architecture. Whether you personally can perform that decryption offline without device access is a separate question from whether the decryption happens and whether it can be observed/exploited.
4. The "juicy key" exists…it just gets wiped

You're right that you can't just dump keys from a running system and expect to have everything.

The talk explains why:
"the key the one that decrypts the offchip boot loader it gets overwritten with a different key before the control flow is transferred to the offchip boot loader."
But this actually supports my point: the key exists, it's used, and it's only unavailable because it gets wiped before later stages run. The solution isn't "give up, you need fuses", it's "get code execution earlier, before the wipe."

The talk continues:
"we have the ROM so we can reverse the key derivation algorithm and really the only missing part is fuses. If we manage to do the glitch, then this is for free because we can access fuses, we can access keys, and we're good."
5. This IS unpatchable

The talk confirms:
"This is not really patchable if you glitch you know ROM stuff or compromise there."

ROM code and data are etched in silicon. Sony cannot update them. That's what "unpatchable, hardware-level compromise" means. It doesn't mean "instant jailbreak today"—it means the fundamental trust anchor cannot be changed, and any exploit targeting it is permanent.
6. Where you're technically correct (but missing the point)
Yes, if someone wants to decrypt PS5 firmware offline on their PC without any device access, they would need the per-console derived keys, which require fuse values they don't have.

Yes, RSA signature verification remains a barrier to replacing boot stages with custom code (you can decrypt and analyze, but you can't sign).

Yes, this isn't "instant jailbreak."

But none of that contradicts what I've been saying. The leak provides:
The ROM code
(algorithm visibility)
Seed/constant
inputs (reduces unknowns in key derivation)
A path where early
compromise yields both fuses and derived keys

Your narrow "seeds not keys" framing treats this as a dead end. The talk, from people who actually did this work, treats it as "the only missing part is fuses" and "if we glitch, this is for free."
Summary
You Said: "You have seeds, not keys" → but the Keys exist at runtime; early execution can capture them before wipe
You said: "You need eFuses, you don't have them" → but the eFuses become accessible with early glitch and "this is for free"
You said: "You can't decrypt the bootloader"** → but the ROM decrypts the bootloader; that's the architecture
You said: "eFuses are the master pins" → but the eFuses are readable, not a permanent barrier
I'm not claiming this is one-click jailbreak. I'm claiming this is foundational research progress that materially advances the path to full compromise. The talk validates that framing explicitly.
*********************************************************
This is a response to this comment by SocraticBliss on Reddit: https://www.reddit.com/r/ps5homebrew/comments/1q1hfvn/comment/ny5qshv/?force-legacy-sct=1