Is it possible to burn the eFuses holding the CPU key? If we were to burn all of them we would then know what the CPU key was without xell and if we had a decrypted nand couldn't we now use this key and write that nand to the console after getting the DVD key by other means? In theory we could uncripple a whole bunch of consoles or mismatched dvd/mobo (for offline play of course)

You want to protect efuses, and not burn them. With post-7371 consoles they're already burnt so no-go.

For the most part I would agree with you, but if you target only the fuses holding the CPU key you could (in theory) manually set your key to all F then alter a donor nand to work with this key? This would obviously only be for consoles where CPU key recovery is impossible.

There is more than likley checks to check that a CPU key is valid before allowing the system to boot to prevent this type of hack.

Also you run the risk of burning the wrong fuse lines and rather than compromising the system locking the console down even further.

What if burn part of them like 31 of 32?
And then try to guess last one? 256 NAND writes.
If last byte is already FF and FF...FF blocked in 1BL then console bricks.
Or new 2BL doesn't allow JTAG anyway?

You still will be burning blind and will end up having a brick for a console.

The CPU is locked down tight, its a fortress within a fortress.

Forget the fuses and instead look for holes in the hypervision as its the only logical way to get the right level of access to run unsigned code, but good luck with that..
Its also a fortress which to date has only had one small chink in the armor.

What if send command via pins on CPU to blow fuse and then somehow check use of R6T3 but do not allow voltage come through this resistor?

If voltage used only in case of fuse blow then we can determine fuse state without blowing it.
Of cause it's a long shot and may be totally stupid.

Prerequisites:
1. Can blow fuse through pins on CPU.
2. Voltage from R6T3 used only in case of blow of un-blown eFuse, but not in case of blow blown eFuse.

Honestly.. I am not sure if you can blow a fuse through the pains, but you still are blowing blind.

You wont know what fuse gets blown as you have no control over the process and could fry the CPU instead of blowing a fuse.

Seriously, this is newbie type questions and no suited for this forum.

Like I said the CPU is a fortress, the EFuse system is very very secure and its pointless attacking them as you will do more damage rather than find an exploit.

Fortress, huh? Reset glitch hack!

*Rolls eyes* Context FTW there.

Read the whole sentence I posted, here it is again

Simple answer no lolol.

Long answer Reset Glitch.

Time to find a leaking function in the hv lol