zlacker

>>danShu+(OP)
So imagine you have a separate slot in your desktop/laptop occupied by a secondary single board computer of sufficient power to run your banks website or other secure operations. Since you are going to use it to git push to import repos or move money you give two shits if it has much in the way of customization.

You hit a physical button and an internal kvm switches usb input and displayport out between primary and secondary machine. There is no shared clipboard or way for data to be intentionally be shared between machines and nothing to distinguish this setup from any other "secure" setup to disallow its use. It ticks the correct boxes to meet the described intent of the feature and unlike a secure environment one is obliged to use for everything would actually be more secure as you have no good reason to install a bunch of software or browse random websites on the slower secure environment.

>>michae+ig
You can also just use a Windows VM and forward the already-working TPM to it. With tools like Cassowary you can use Windows browsers through an app-only RDP connection, integrating the VM seamlessly. Hardware acceleration will be a bit more difficult, but for things like encoding or decoding video you can already forward virtual GPUs on most platforms if you get the configuration right.

I don't think you'll need to buy an SBC for this. A weekend of messing with virtual machines will be enough.