[kube-system]

I doubt intel is doing that in this case, as we’re talking about a NIC and not a DRM enforcement mechanism.

...but even if they are, checking a firmware checksum only mitigates risk if you otherwise trust the hardware.

Counterfeit silicon could report back whatever your driver wants to hear. And even the presence of a a genuine intel chipset with genuine firmware doesn’t mean there isn’t a malicious component elsewhere on the board.

There’s tons of counterfeit silicon out there.

Most of them are just cheap approximations or copies of premium components with the motive to make a profit on their sale, but there’s not much preventing any of them from intentionally or unintentionally compromising their hardware.

The popularity of programmable silicon and the standardization of silicon package sizes make this super cheap and easy to do as well.