Most IoT devices implement security and integrity using one time burnable registers (more importantly for keys). It's sad but yes, those devices are permanently bound to the vendor. There is no real alternative though, a TPM based approach makes it more complex and is another closed system.