This isn't a relevant concern for general purpose / experimental
hardware like bladerf, hackrf, or usrp hanging off a PC. They're
intended to be user programmable. If someone roots your box, they can
replace your FPGA image, usb, or microcontroller firmware ... but to
what end? The platform is already wide open.
If you're shipping a product, your regulatory agencies are going to
ask you some questions about what you've done to ensure that your
equipment only operates in its intended manner. I don't feel like
writing a big rant about trying to lock down a general purpose
machine. Instead, let me just point you at a whitepaper on secure
booting the Zynq. After that, you should read about how ChromeOS (or
other mobile platforms) do secure boot and ensure application
integrity.
I bet if you offered Ettus or Corgan a barrel of money they might be
interested in building a secure booted E310. Actually, if you offered
me a barrel of money, I'd be all over that project...
http://www.xilinx.com/support/documentation/white_papers/wp426-zynq-7000-secure-boot.pdf