Messing with the media doesn't make sense. (Score 1)

This seems like the sort of problem that can be addressed with a conventional AAA approach: Authentication - Verify the user is who she says she is. Authorization - Verify the user is authorized to boot/write the device. Accounting - Log when files are written by the user. All these tasks should happen completely independant of the media. Media serialization/identification could be made part of this scheme, but only the truely paranoid would ever need require it.