[ggm]

I'd appreciate pointers to adversarial attack models on nitro. I find papers leveraging nitro to build higher order processing models, I think it looks good, but where's the work to certify it in something analogous to FIPS? Nitro+FIPS searches suggest its hand-off to a card, not innately in the s/w system itself so its the usual key leakage issue: the real key might not leak, but ability to operate the key may in some circumstances be as bad as leaking it: if a Nitro instance can be subverted, it can securely sign to the end of time for bad purpose.