Re: source code not enough - need to control the list of keys in the hardware
I can imagine this working with Chrome OS. The boot loader only loads a signed kernel. The kernel mounts the root partition and the first time each time each block is fetched, its signature is checked before passing it on to the file system layer. It is an effective way to test for a trusted image in the root partition without a big delay on boot. The source code has been available for years. The downside is the effort required to delete the vendor's keys and install your own so only your signed kernels and root file systems can boot may require hunting down an exploit in the supplies OS.
(Do not bother if the device has AMT - unless Intel suddenly document it sufficiently for you to audit it properly.)
Biting the hand that feeds IT
