In nowadays, I don’t know any hardware vendor who develops all the components present in their platform. The big piece of it outsourced to OEM’s includes firmware too. That creates additional complexity and limits hardware vendor control under the platform. That creates not only supply chain security risks but also produce security gaps in the threat modeling process by design.
In most of the cases, hardware vendor separate threat model and security boundaries for each hardware component present on the platform but in reality it misses a lot of details which is directly reflected on platform security. This talk will look through the prism security problems and vulnerabilities created over those architecture design mistakes.