[Edited to change the title and subtitle -- 2024-12-28]. Two children under a trenchcoat. Image from ChatGPT. My long-time collaborator Richard Barnes[1] used to say that "in security, trust is a four letter word", and yet the dominant experience of using any software-based system—which is, you know, pretty much anything electronic—is trusting the manufacturer. Not only is there no meaningful way to determine what software is running on a given device without trusting the device, even when you d...