In eFUSEs, you have only three PPK choices to store the hash value of the primary public key and up to two of those values can be revoked. If another revocation occurs, the device is no longer bootable. If a PPK is compromised, you can revoke the public key by setting the corresponding PPK revocation bit in eFUSEs.
To revoke the SPK, you program the corresponding eFUSE bit in the Revocation ID. There are 256-bits [0-255] in total, so you can revoke the SPK 255 times. The 0-bit of Revocation ID represents KEY 0, the 32nd bit of Revocation ID represents KEY 32, etc.