Seems like Seedsigner could mitigate this using the rPi's secure boot feature, and maybe some sort of pin challenge that the user entered during initial configuration, but I'm not sure if that requires a network connection or not.

This issue seems relevant: https://github.com/SeedSigner/seedsigner/issues/390