The light sensor must have a key built into the hardware at the factory, and that sensor must attest that it hasn't detected any tampering, that gets input into the final signature.

We must petition God to start signing photons, and the camera sensor must also incorporate the signature of every photon input to it, and verify each photon was signed by God's private key.

God isn't currently signing photons, but if he could be convinced to it would make this problem a lot easier so I'm sure he'll listen to reason soon.