Indeed they are. And it's somewhat discouraging seeing people argue over the best encryption algorithm instead of trying to hunt down Intel's rootkits, for example. Again, I can't claim anything; I am just reading and hearing things. They might be total crap and I might be an idiot for thinking they might be true. But they're still worth considering IMO.
It's not at all discouraging to argue over the best encryption, it's plenty healthy to keep the research going so weak/defeated methods get deprecated and only the strongest remain in use.
But you're right that endpoint security is the next monumental task and the challenges are not entirely unknown [1]. How do you suggest we proceed to achieve trustworthy hardware?
That's a very good question and a very tough one to answer. In my opinion we the humanity gave up the easy way to a secure and publicly audited hardware when Intel started growing. We lost the battle right there and then. To try and do the same they achieved in 10-15 years but be entirely transparent and auditable... seems impossible right now. :(
However, projects like Raspberry Pi are admirable and are efforts in the right direction (even though recently it has been questioned if it can be hacked the same way that Qualcomm-based Androids can). I recently heard about that 1000-core CPU as well. I wonder if that's entirely public? If it is, it might render the x86 / AMD64 model irrelevant so we shouldn't spend gigantic efforts in trying to catch up with 10-15 years of hard work from Intel.
So probably the general direction would be to make old and good hardware protocols famous by trying to "libre"-ify them and bring them up to speed to today's computational requirements (mind you, I still want to play my games on Ultra settings). Even if we start replacing things one by one, every iteration could decrease the attack sufrace. That'll force the malicious actors to take counter-measures; for example, I'd think trying to outlaw ARM (or economically attack its usage, which is the much more used way of doing things IMO) and only license Intel/AMD for certain applications would be a telling sign that somebody doesn't like what's happening.
I am not a hardware person (wish I was; I am not even electrical / electronical engineer!) but I am a privacy-conscious person, and quite paranoid too. I am sure there's a way but alas, I can't answer you in as constructive manner as I'd want to. I can only do a "boss speak" and be oblivious to the details. And at 36 with a well-built career I am beginning to doubt I'll ever try and become a hardcore hardware engineer in addition to my programming/sysadmin experience.
A little remark: Raspberry Pi is a nice market for Broadcom, Premier Farnell and other big players involved in making it. It also has proprietary chip that needs closed source software to work (while Intel provides a lot of open source code).
I guess their project has been really successful if “privacy-conscious” and “paranoid” persons consider it “admirable” based on nothing but the internet hype.
The answer is simple: there is no libre hardware if you want top performance, common architecture, don't have ability to order chips in hundreds of thousands or to make your own, etc.
The question is not whether some proprietary solution looks “free enough” if you squint your eyes more than the other proprietary solution. The question is whether people understand that chain of trust that ends in someone else's hands has its problems no matter how big that someone is, and bother to fix that vulnerability.