People tend to trust hardware more that software. In fact, it is often
assumed that hardware cannot have its security compromised, so when
people say that a feature is "implemented in hardware" it often ends
any discussion about its security.
Why is this?
I think that the reasons for this are as follows.
- People think that hardware is simple.
- People think that software systems mix data and program into a complex soup,
while hardware has a well-defined architecture that can't be changed by
an attacker.
- People have intuitions about hardware. "If A is not plugged into B, then
A cannot tell its secrets to B."
- People think that software systems can get "infected" and remain in that
state for a long time. They assume that hardware is reset to its original
state when the power is cycled.