We have photographic evidence of the NSA intercepting Cisco routers. I'm not sure the country of origin matters if you have a red spot painted on your back.
What's being proposed here - as an alternative solution to mass-produced Chinese equipment of unknown trustworthiness - is to purchase different mass-produced Chinese equipment of unknown trustworthiness.
Your example of highly-targeted physical interception by state-level actors is irrelevant here.
You are really bringing your own OS here. The nanopi can run mainline linux and u-boot[0]. If you suspect an Intel ME-style component with ring -3 access, it should show up in the initialization sequence - there are no blobs here. Features like these are not cheap to implement, especially when Chinese vendors are so keen on cutting costs.
Essentially, this means that there is zero risk, unless you are a target, at which point any unintentional hardware bug caused by the aforementioned corner-cutting will become a concern.
How do you guarantee there isn't some logic flashed onto the chip that overrides the bootloader sequence?
btw, I asked about this 5 months ago [0] and got some interesting replies. I ended up purchasing a PCEngines board (just before they went out of business)
From what I've seen, networking peripherals you can attach to a Pi via USB, or whatever, can't really compete with networking peripherals in routers that are integrated on SoCs/SoMs.
I figure people are using them for router things, like using it as a wireless AP and switch, and the hardware available for those use cases usually fall short of what's available on router SoCs.
Are you using Windows’ built-in Powershell? If so, are you allowed to install the newer Powershell Core (based on .NET Core)? The latter has a lot of fixes and improvements compared to the built-in Powershell.
The complicated number encoding scheme you mentioned is a hexfloat: C has them too.
Hexfloat can be really useful when you need precise/exact floating-point constants for numerical methods. Without them, you end up having to do more-complicated hacks to preserve exact constant values when code gets compiled, or you have to live with compilers (sometimes) subtly altering constants.
It's indeed a common technique, not my original idea. SCTP seems to be from 2000, but good old tcp also already does this with its sequence numbers (albeit 32-bit, so while it can't be relied on fully it does prevent amplification specifically).
