On Thu, Feb 11, 2016 at 8:20 PM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Sean Lynch <seanl@literati.org> writes:

>I'm not talking about raw size or complexity here; obviously having lots of
>features and support for lots of devices means high complexity, but it doesn't
>require that all that complexity run with full system privileges.

XKCD is, as usual, most apropos here:

https://www.xkcd.com/1200/

A huge amount of embedded stuff doesn't even have a kernel mode, because its
irrelevant (or, if the hardware does actually support two different modes,
everything is run in the highest-priv'd mode).  Either the system is
robust/secure/reliable or it isn't, whether there's a kernel/user split is
irrelevant.

Obviously on a device with no MMU or supervisor mode everything running on it is your trusted computing base.

Security is not binary.