RiscV, TCP+crypto offload, hardware switchports with luajit or nf rules. Reactive UI with hardware rendering and compositing.
Hardware keystore with physical switch to generate and enroll keys, user/owner controlled secrets, one-time programmable as an option, hardwired SAK and OS personality switching key.
Real-time security isolation kernel, hardware-enforced containerization with MMU-protected GPU passthrough.
It will take a while to google-walk through all that, but thank you. Do you feel this is a comprehensive recipie to move to a (enterprise wide) computing platform where the attacker has the paying field tipped against them (it seems the other way round today)
I was thinking the same thing. What I was describing is about using the disadvantages of a platform like RiscV yo our advantage. Rather than running network stacks, compositing and other things on the main processor which will likely trail intel processors in performance for a time, we design the hardware to do what hardware does best.
Hardware keystore with physical switch to generate and enroll keys, user/owner controlled secrets, one-time programmable as an option, hardwired SAK and OS personality switching key.
Real-time security isolation kernel, hardware-enforced containerization with MMU-protected GPU passthrough.