Hector Martin

The chip yes (probably), the firmware not so much. For the most part all those certification processes just slow things down and make it harder for people to actually implement modern best practices (instead of outdated ones). Silicon moves a lot slower than software.

It's not (probably). There are multiple articles showing that it costs a few dollars and require a few minutes to dump a general purpose MCU. The solution is more to try to open Secure chips, rather than using broken ones...

You have also historically been able to dump some secure MCUs with the same equipment. The problem is that NDAs stop those chips from being more widely audited, so we don't *know* if they really are more secure. In theory they are, but we don't have enough evidence.

And yet nobody found ROCA. Even though that code stank. Audits are largely useless, because they often just verify that you do what you say you do, not that you're actually secure. "Yes, we have these mitigations (which stop one variant of an attack but not another)".

If they can't audit software properly I'm not going to assume they can audit hardware properly.

It sounds like a bad faith debate... Roca is concerning, but: - Even if CC are not perfect, they are just the best framework to ensure high level of security - CC labs are clearly better auditing security than any other org - Roca remains complex, took several years of research