> This separate system can't be user-modifiable or field-updateable, because then malicious software could impersonate the user and disable the security chip.
I feel like I'm repeating myself after a decade or two, but this is a situation where the best answer is to a physical switch for read-only mode. (Software isn't always the answer!)
Sure, it might not protect you from a spy who sneaks into your house to physically flip it before installing undetectable deep-backdoors... but that basically never happens when compared to conventional malware and hacks over the internet.
Of course, this assumes the goal of the trusted-chip is indeed to protect the user and the community around their computer at large... as opposed to a deceptive campaign by large companies and copyright-holders to cripple your computer for their own ends.
I feel like I'm repeating myself after a decade or two, but this is a situation where the best answer is to a physical switch for read-only mode. (Software isn't always the answer!)
Sure, it might not protect you from a spy who sneaks into your house to physically flip it before installing undetectable deep-backdoors... but that basically never happens when compared to conventional malware and hacks over the internet.
Of course, this assumes the goal of the trusted-chip is indeed to protect the user and the community around their computer at large... as opposed to a deceptive campaign by large companies and copyright-holders to cripple your computer for their own ends.