A single piece of hardware would take the image, then sign it. All of the chips for this would need to be integrated together as a secure element. The only way to get the image is from the hardware. Then it would be in the manufacturer's interest to keep the keys a secret. The keys could even be to a specific camera or batch of cameras. You then authenticate the images from the camera like your browser authenticates bytes from a web server. On X, the image gets posted, and then the browser can check the signature of the image against a key from the image sensor manufacturer. The browser displays "this image is authenticated by Sony" if they're the ones that made the image sensor.
Right. Sony holds the private keys; Sony* can make signed deepfakes. And nothing stops us from laundering authenticity by taking a picture of a picture.
* or, like Microsoft showed us, Sony insiders / intruders
