> Hardware-based mechanisms and isolation are assumed trusted, properly functional and configured. Here is a non-exhaustive list of hardware-based security and isolation mechanisms: UEFI firmware, Secure Boot ...
Is firmware a "hardware-based mechanism" with comparable isolation claims to a TPM, MMU or IOMMU?
Is firmware a "hardware-based mechanism" with comparable isolation claims to a TPM, MMU or IOMMU?
See the talk "Firmware is the new Software", on attack/defense of UEFI firmware vs auditable open-source firmware like LinuxBoot, https://www.platformsecuritysummit.com/2018/speaker/hudson/