Interesting analysis on the hardware trust problem. The SAM approach is creative, but you're right about the supply-chain dependency.
One thought on ephemeral key storage: there's growing interest in hardware-enforced attestation (ARM TrustZone + remote attestation) that could let a device prove its key environment without full DIY secure element production. Still centralized, but moves the trust boundary slightly differently.
Appreciate the pointers to your pre-install code review process. Not trying to convince you centralized apps can fully solve this — just tracking the edge cases since your hardware focus surfaces things I hadn't considered.
Interesting analysis on the hardware trust problem. The SAM approach is creative, but you're right about the supply-chain dependency.
One thought on ephemeral key storage: there's growing interest in hardware-enforced attestation (ARM TrustZone + remote attestation) that could let a device prove its key environment without full DIY secure element production. Still centralized, but moves the trust boundary slightly differently.
Appreciate the pointers to your pre-install code review process. Not trying to convince you centralized apps can fully solve this — just tracking the edge cases since your hardware focus surfaces things I hadn't considered.