[yitosda]

It looks like you're moving the verification goalposts away from what is actually running on the hardware and simultaneously walking this back from government to civilian uses. These are completely different discussions (though I might add that governments rely heavily on the private sector, so some pressure there is expected).

Another completely different line of discussion is whether I personally am concerned at all (I'm not), and what I should do about it (nothing, but governments certainly should build their own CPU).

> We could achieve fairly strong security at an affordable cost

No. We cannot achieve strong security in a device that comes with software. You also cannot (at the time of this writing) prove that the actual hardware you personally are running is trustworthy without spending enough that the "affordable cost" becomes a moot point.

A wide swath of civilian uses can probably come out on top of the cost/benefit analysis just because their interests don't get in the way of governmental conflicts (or they can make enough money in the meantime). It's only from the perspective of a government that this conversation makes any sense at all.