Root-of-trust measurement (RTM) isn't foolproof either.

https://www.usenix.org/system/files/conference/usenixsecurit...