We trust the manufacturer to do a lot less. We don't trust the device to validate software, we don't trust it to persistently store keys, and we don't trust it to make wireless or wired connections with other devices. We just trust it to execute SeedSigner code.
Discussion
Piβs donβt have secure elements and since you canβt verify the quality of board, the chip and the cameras how do you prevent side channel attacks?
All side channel attacks I am aware of require running software that has been maliciously modified. So to avoid that, run our released code.
Even if you run fully verified and open-source software, side-channel attacks focus on how the software interacts with the hardware, particularly during sensitive operations like cryptographic computations.
You are vulnerable to
1. Hardware Backdoors
2. Timing Attacks
3. Power Analysis
4. Electromagnetic Emanations
Even with verified software, side-channel attacks can exploit weaknesses in pre-installed chips or the board itself. The software may perform securely from a logical perspective, but the physical properties of the hardware can leak information through side channels. To defend against these attacks, both the software and hardware need to be carefully designed with side-channel resistance in mind. Devices with secure hardware elements and robust physical defenses are more resistant to such attacks.
I'm just going to agree to disagree with you here. I strongly disagree with what youβre saying, but I just donβt have the time to refute every far fetched exotic attack scenario. Have a great afternoon.