A stand-out problem with trust in Broadcom SOCs like RasPi is the massive binary bootloader. If there's a sploit it need not be hardware based, because there's plenty of room in there for a whole hypervisor arrangement, methinks. On 17 April 2015 08:02:47 GMT+01:00, "Lodewijk andré de la porte" wrote: 2015-04-15 18:05 GMT+09:00 Cathal (Phone) <[1]cathalgarvey@cathalgarvey.me>: The SOC in a raspi is probably no worse than the rest, This is what I'm most concerned about! I think the Intel platform is too big to not be exploited (more or less) on the hardware level. I have a very little better feeling about AMD but I don't think it's based on much. The idea that ARM processors are much much smaller and therefore easier to audit makes them less attractive exploit targets. That, and that they've only recently come into use, are build by smaller companies, etc. When you build a SOC around it, well, that's kind of asking for trouble! The best avoidance method I've come up with so far is taking two units, (bitbanging) I2C (or whatever) over the IO pins to do "networking" from one to the other, connect one to the Internet and the other exclusively over those IO pins. That way, whatever exploit is present is VERY unlikely to be triggered. It's... still not 100% of course.. If the exploit is on the relevant IO pins, well, it just might be trigger-able by manipulating the network traffic. Maybe write high every so many bits just to meddle? It's closer then anything else, anyway. As for less paranoid exploits, you have to tell us the threat model! (the cell shield will very likely be remote exploitable, but only by the really bad goodies) -- Sent from my Android device with K-9 Mail. Please excuse my brevity. References 1. mailto:cathalgarvey@cathalgarvey.me