You could use the DS3232M, it comes in a SO8 SMD-package. I have a clock running with that a DS3232M for nearly two years now and the time-deviation is less than 1 second compared to a similar clock that updates itself via NTP, so that should be accurate enough. But the conditions are good, so in my case there are no large temperatur-differences since they are in a room with always about 20°C.
But I think it’s pretty hard to protect such a warranty-keeping-system against manipulation. E.g. what happens when the battery is removed or empty (intentionally, accidentally or by mistake so the RTC is reset when the device is powered off)? I think, I’d just store the first power-on-date on the EEPROM (and if it has been powered on before, so the MCU knows, if it has to set the date) and increase the number of power-ons also on the EEPROM. In that case it wouldn’t be tragic if the time has been reset or the RTC is not accurate (so you could use a cheaper one).
The G30 (the underlaying F401) has an 96bit-unique-ID (I don’t know if it can be used with NETFM or TinyCLR) that could be used to identify the device if someone scraped away your serialnumber. Or you could maybe use something like an Microchip 24AA025E64 EEPROM for identification (an extra-chip would maybe be easier to read, if the device is not functional anymore).
When I think about it, it’s kind of exiting, what things could be used to safely identify a device and its parameters if there are people, that want to unidentify it …