Designing secure Internet-of-Things
"It's aimed at people designing internet-connected gadgets and gizmos who want to make sure malicious code doesn't end up compromising devices"
How about running the core OS on read-only memory and the apps on a VM running on top? The core OS can't be altered without visiting the device and plugging in a dongle. As has already been demonstrated the trusted execution path can be compromised.