[otabdeveloper4]

> highly secured and monitored privileged systems

So, ultimately "keys to the castle" aka a long password?

[cyberax]

It's a bit more complicated :) There are HSMs and code signing thrown into the mix. They went into total overengineering mode when designing it.

But ultimately, any realistic design will eventually have systems that have to be trusted. It's just a question of isolating them.