[Spooky23]

The author is not thinking about why these things are built and marketed as they are.

The use case for the smart card is different than a HSM with FIPS 140-2 level 3 or 4 validation. The whole point is to operate in a tested, known valid state while resisting tampering. The higher level devices are filled with epoxy and have other anti-tampering features.

A smartcard is most often a form of MFA. It can be used as an HSM of sorts, but offers limited benefit for that purpose.

[hlandau]

Yes, I know. I want those anti-tamper features, and I want to be able to take advantage of them to secure cryptographic policies designed and coded by myself or other people in the open source community. And of course I would be free to audit that code before making use of it.

And if you don't think a secure tamperproof general-purpose Turing-complete execution environment in a compact form factor with contactless induction-powered interface isn't an interesting opportunity for innovation, I really don't know what to say.