Comment by jsolson

In my world, we won't let a system boot with production credentials unless the IOMMU is enabled.

This is enforced by a greatly enriched TPM (and it's willingness to unwrap credentials). We have trust several layers of firmware and OS software, but the same mechanism allows us to ensure that known-bad versions of those aren't part of the stack that booted.

If I wanted secure games (and the market would tolerate it), I'd push for enforcement of something similar in the consumer space.