Comment by steveklabnik

Not at Oxide anymore, but

> and their backdoors

One thing about Oxide's product is that it significantly eliminates a lot of these sorts of vectors. Pretty much every part of the rack that can be is open source, for example. That BMC from other vendors that have a full OS running inside, where you have no clue what it's doing? You can go look at what does that job over here: https://github.com/oxidecomputer/hubris

The root of trust means that you know that nothing has been tampered with, and that attestation is threaded up through into the host OS, which pretty much nobody else that I know of is doing.

I don't know what the current thinking is around this issue all of the events you're talking about happened after I left. But the stance was always that it's your hardware, you own it, and you should know what's running on it. That's also why there's no continual licensing fees, you're buying this, not renting it.