Yes, that's correct, being able to download the code, hash it, and then compare it to the hash displayed real-time would be a first step towards enabling this.
To start, something is better than nothing. Long-term remote inbound two part authitacation combine with like measures for hardware via meta-programming would make bypassing this very, very hard for the average hacker.