I wonder where are they going to manufacture it, and what control and visibility will they have into their supply chains, both upstream and downstream?
Absent some very serious issue with the crypto implementation, that would be my greatest concern -- how easy would it be for a state-level actor to introduce some sort of backdoor or other vulnerability (even a subtle one, e.g. modification to EM radiation pattern) to either all or just a select subset of devices, either into components "upstream" in the supply chain, in manufacturing itself, or downstream in transit to the retailer/customer.
This is a good point and generally a hard issue to solve completely.
Right now, we plan to do the programming ourselves to at least verify that goes okay. Since we are bootstrapping, we are outsourcing the PCB-A, but hopefully since this is pretty expensive threat for an adversary to invest in, I don't think it would be an issue unless we show to have a large market. By then, we can move more supply chain in house :)
It's worse than that, I think. Part of the security is that each key has to be unique, as I understand it. So to compromise security, all they have to do is make duplicate keys...
Absent some very serious issue with the crypto implementation, that would be my greatest concern -- how easy would it be for a state-level actor to introduce some sort of backdoor or other vulnerability (even a subtle one, e.g. modification to EM radiation pattern) to either all or just a select subset of devices, either into components "upstream" in the supply chain, in manufacturing itself, or downstream in transit to the retailer/customer.