@joepie91 @ramonita
Blackthrow with tamper resistant full disk encryption would be quite interesting. Measured boot is likely "good enough" for this, but reliably updating PCRs before rebooting a remote system, eg. after a kernel update, is still somewhat of a problem.

Maybe instead of a regular Linux install behind the measured boot something like Qubes configured for remote admin over a TOR hidden service.