> It can until there's hard hardware chain-of-trust enforcement (like UEFI) with signed images.
And then hackers will graduate to side-channel attacks... it's a game of cat and mouse. The best bet, IMHO, is to make the cost of cracking exceed the value of what's being cracked.
With hardware root trust the side channel attacks look something like breaking into Apple's most secured facilities and ordering multiple senior employees around at gunpoint.
Hardware remote attestation means your local physical device is as accessible as a distant server. Dumping RAM does not work, tapping the bus does not work, writing your own firmware does not work. It is exactly like an ISP performing a machine-in-the-middle attack on a TLS connection; impossible unless without some way of obtaining the certificate private key.
And then hackers will graduate to side-channel attacks... it's a game of cat and mouse. The best bet, IMHO, is to make the cost of cracking exceed the value of what's being cracked.