We're at something like 116 now and they keep coming up with funny terms for it.

secure enclaves, secure virtualization, trusted execution environment, trusted platform, confidential computing, protected execution, LaGrande, protected launch, hardware attestation, ..

It was, back when I took my intro to security class. And that was back in the day when we talked about domestic and export versions of RSA.

> I thought not trusting clients was already security 101?

Of course it is. Always has been.

The security field is riddled with complete nonsense. Much of it even couched in terms of "best practices". It's the perfect field for people with zero specific knowledge or experience to be trusted with management or engineering - since it doesn't matter until it did matter, at which point a mild non-apology is usually sufficient.

sorry we only can install a literal rootkit on your device to detect tampering

I am still surprised by how often this is a problem

It is, but most software doesn't include security.