It still needs to be kept updated too, and there would be massive attack surface simply for that. Simple update verification, full verified boot and downgrade protection with minimal state are important. The entire point is not having the attack surface of a general purpose OS.
Conversation
I think you're just misinterpreting that post and drawing the wrong conclusions. It's about a hardware attack, and a general purpose computer running Linux is far more vulnerable to the same kind of attacks. It ignores the passphrase feature and is unnecessarily dishonest too.
2
1
1) Aside from technical comparisons guys. The main drawback of the hype is in its real-world-usage. In the non-tech attack surface. While "shitty linux" computer is multipurpose tool, a low-value-target, the Trezor is a single purpose HVT. Your home address and payment..
1
2) ..details lead to your RL persona, giving the attacker answer on who, when, where, what and how. Once you are reasonably interesting, 5$ wrench technique can be applied by an attacker.
The "shitty linux" user is not visible, and remains happily shitty 🤔
1
It can be purchased with Bitcoin using a pseudonym and you aren't forced to send it to your home address.
It has a strong mitigation against attacks based on coercion via the passphrase feature. Every passphrase is valid and leads to a different key (i.e. different wallets).
2
I don't understand your proposed threat model anyway. You're suggesting that there will be a sophisticated targeted attack involving an attacker spying on you to the extent that they are aware of your purchase and target you. In that case, they would target a laptop too...
3
Single purpose tool (even technically advanced), with high potential of valuable intel can be targeted much more easily than the multipurpose, free, anonymous, linux tool. It simply makes more sense to attack one publicly known HVT vendor and its infrastructs.
1
Supply chain attacks on laptops with a complex list of trusted parts are far more likely and don't have less of a reward for the attacker. I'm not sure how buying a computer with Linux is supposed to be free or anonymous or how Linux is even relevant to your proposed attack.
2
1
I don't know what point you're trying to make. If you want to go back to the original topic, it was me responding to whonix.org/wiki/OpenPGP#G and pointing out that an 100% Free Software hardware option with a deniable passphrase feature and on-device key gen with recovery exists.
2
Trezor is fully open source and the hardware is very simple. If you really wanted, you could build your own and set up verified boot with your own signing keys, although I don't think that makes much sense beyond doing it for fun.
instructables.com/id/Making-My-O