Re: Downgrade attack?
Whitepines, that is a good point. People always assume the attack will happen once the machine goes live but tinkering with it before it's delivered would be a powerful attack. We recently had questions about the security of Supermicro machines because they are Chinese. This then changed into someone adding tiny chips to the motherboard. That whole business seemed odd but it did expose the idea that the machines could have been altered on route to the customer.
I think proper physical security of the packaging would help but then the route in would be a customs inspection. Just boot the machines to a a USB stick and insert the firmware changes.
I'm not sure how reliable that would be as a compromise since most people grab the latest firmware before installing the OS. I'm not sure if microcode stays in the CPU or is loaded at boot time. It's obviously the sort of thing very security conscious people would know to check and ordinary computer builders would never think of.