The k of n split across multiple locations idea is interesting.
I agree that if you're paranoid about the NSA it probably doesn't make too much sense to have faith in the Intel PKI. When you say pretty decent performance for your HSM, do you mean less than 10 % for real world apps?
I'm currently assuming a threat model where an attacker doesn't have physical access however, and looking more into how to use hardware to bootstrap a minimal TCB that doesn't require OS or application rewrites but still gives good performance. Even if only for specific use cases.
ARM or possibly Atom in a box, so pretty decent performance. The pain of the HSM is the physical packaging, and my ultimate goal is to make that reusable and let users select their own components and do their own final assembly and certification.
I agree that if you're paranoid about the NSA it probably doesn't make too much sense to have faith in the Intel PKI. When you say pretty decent performance for your HSM, do you mean less than 10 % for real world apps?
I'm currently assuming a threat model where an attacker doesn't have physical access however, and looking more into how to use hardware to bootstrap a minimal TCB that doesn't require OS or application rewrites but still gives good performance. Even if only for specific use cases.