Trying to use a non-secure set-top-box SoC as the core of a "secure" device seems incredibly questionable to me. Even with an allegedly tamper-resistant enclosure, I'd still be very concerned about attacks like drilling into the case to access JTAG (which is accessible from the top of the Compute Module).
After realizing that this seems to primarily be intended for cryptocurrency applications, though... yeah, that seems about par for the course.
If, by "the actual board", you mean the HSM -- that hardly matters. If an attacker can seize control of the application processor over JTAG, they can command the HSM to do whatever they want.
The eight-pin footprint next to the FCC logo is the VideoCore JTAG connector. The connector isn't populated, but the signals are all there and usable (AFAIK).
This is actually one of the attack vectors I'm thinking about trying with the box when I get more time to hack at it.
The accelerometer and temperature sensors / settings could make it a little more difficult, since the heat sink is directly above the processor and one would need to get through it to gain access to the pins.
But it could be possible with some creative solutions. Probably not if all tamper protections are active though.
Serious question - do those pressure sensitive tamper switches really accomplish anything? For a dedicated attacker, I assume those are more trivially bypassed than the rest of the security.
Probably not. They can detect if the case is opened in the conventional way (by unscrewing the lid and removing it), but a well-prepared attacker has plenty of other options. Cutting a hole in the case might set off the accelerometer tamper sensor (if it's enabled), but melting a hole in a plastic part of the case probably wouldn't.
Melting a hole would likely raise the internal temperature enough to set off that alarm (again, only if enabled), but that might be the easiest way to physically enter the box—at least over the non-metal parts.
After realizing that this seems to primarily be intended for cryptocurrency applications, though... yeah, that seems about par for the course.