[majia]

Hardware testing is much more than firmware checksum comparison. Once you have the blueprint, you can physically compare it against samples using various methods such as x-ray, acoustic and electric profiling to detect any differences. Furthermore, hardware is generally retained for a long time and can be checked with future anti-tampering technologies.

These measures does not offer perfect security. It simply makes the cost of hacking and chance of being caught very high, even for state actors. We could achieve fairly strong security at an affordable cost for most civilian uses. At least, tested Huawei hardware may be a good alternative to untested hardware from another vendor (which is probably manufactured in China too) at an inflated price.

Of course, if you are still concerned, why not take a course on microprocessor and build your own CPU? ;)

[yitosda]

It looks like you're moving the verification goalposts away from what is actually running on the hardware and simultaneously walking this back from government to civilian uses. These are completely different discussions (though I might add that governments rely heavily on the private sector, so some pressure there is expected).

Another completely different line of discussion is whether I personally am concerned at all (I'm not), and what I should do about it (nothing, but governments certainly should build their own CPU).

> We could achieve fairly strong security at an affordable cost

No. We cannot achieve strong security in a device that comes with software. You also cannot (at the time of this writing) prove that the actual hardware you personally are running is trustworthy without spending enough that the "affordable cost" becomes a moot point.

A wide swath of civilian uses can probably come out on top of the cost/benefit analysis just because their interests don't get in the way of governmental conflicts (or they can make enough money in the meantime). It's only from the perspective of a government that this conversation makes any sense at all.