1) A CPU without obvious & network accessible backdoors that were sold to governments and who knows who else. 2) Using an OS with reproducible builds 3) Using verified boot
Seems like enough. But no one seems willing to talk straight on #1. Conversations that strategize on this topic seem purposefully derailed all over the web. I realize it would be extremely hard to reverse engineer a CPU to verifiably disable its black box OS running inside. But there are many approaches including non-stop pushing AMD to release their source / release verifiable disabling tool.
no subject
2) Using an OS with reproducible builds
3) Using verified boot
Seems like enough. But no one seems willing to talk straight on #1. Conversations that strategize on this topic seem purposefully derailed all over the web. I realize it would be extremely hard to reverse engineer a CPU to verifiably disable its black box OS running inside. But there are many approaches including non-stop pushing AMD to release their source / release verifiable disabling tool.