S12: Hardware-Rooted Trust

TEE. Failed to extract secrets from SGX, TDX, and SEV-SNP. The 'trust the silicon' contract narrowed. Some workloads are still safe. Most need the attestation assumptions re-examined. Hardware-rooted trust has moved from research to production, and the four boundaries between TPM and SVID are each a footgun.

Attestation is a first-class platform API. TPM to UEFI to OS to SPIRE to workload. Measured boot, PCR chains, per-workload trust-level policy. This series walks the full hardware trust stack, bottom to top.