Disclosed are implementation for revoking and updating a compromised root-of-trust (ROT), including a method comprising determining whether a current validation value, representative of an expected value resulting from application of a validation function to a current certificate, is to be replaced, with the current validation value being stored in a write-restricted non-volatile memory unit of the device. The method also comprises determining at boot time whether a physical presence indicator, configured to be non-actuatable from non-proximate locations, is set to a value indicating that an actuation mechanism (for actuating the physical presence indicator so as to cause content change for the write-restricted memory), has established physical presence with the device, and providing a new validation value in response to determining that the current validation value is to be replaced and that the physical presence indicator indicates that physical presence has been established.