There are some corner cases requiring physical access (you could physically replace the RO firmware, or fake the switch). I don't think it does full remote attestation validation of the local OS before talking to cloud services, although it does some other stuff. I should look into that more.
But really, what I want is the ability to put my own enterprise key in there, in a write-once area, and do exactly what Google does now.
There are some corner cases requiring physical access (you could physically replace the RO firmware, or fake the switch). I don't think it does full remote attestation validation of the local OS before talking to cloud services, although it does some other stuff. I should look into that more.
But really, what I want is the ability to put my own enterprise key in there, in a write-once area, and do exactly what Google does now.