Yeah, super expensive for sure. But in principle possible - I'm sure there are smarter ways to do it. I could also see some users willing to pay ~$1K or more. A big company committed to high-security, open source firmware for their routers, for example, could benefit a lot by being able to demonstrate to their customers that they use a given (ideally highly readable for auditing purposes) source code and that the updates they receive really use that source. I don't think there's a means to enable that sort of cryptographic verification currently without every interested end user rebuilding the source.