[fc417fc802]

> not going to be able to formally prove the chip conforms to some (verilog?) model

Sure you can. Get together as a group. Purchase a large lot of chips. Select several at random. Shave them down layer by layer, imaging them with an SEM. You now have an extremely high level of confidence that all the chips in the lot are good.

Physical security aside, I share your concerns about the abusive corporate behavior that widespread deployment of such hardware might enable.

> Knowing you are talking to the chipset which signed the certificate request you asserted to before shipping is useful.

Can't an fTPM with a sealed secret already provide that assurance? Or at least the assurance that you actually care about - that the software you believe to be running actually is. At least assuming we stop getting somewhat regular exploits against the major CPU vendors.